Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2021-09-01Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-03Brad DuncanExcel spreadsheets push SystemBC malware
2021-01-26Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20Brad DuncanQakbot activity resumes after holiday break
2021-01-13Brad DuncanHancitor activity resumes after a hoilday break
2020-12-09Brad DuncanRecent Qakbot (Qbot) activity
2020-10-26Didier StevensExcel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-07Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-10Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-06-01Didier StevensXLMMacroDeobfuscator: An Update
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-03-29Didier StevensObfuscated Excel 4 Macros
2020-03-09Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2019-06-18Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-03-17Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Didier StevensMaldoc: Excel 4.0 Macros