Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Diaries by Keyword Diaries by Keyword

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

SPAM HABITAT FOR HUMANITY

2010-06-02Rob VandenBrinkSPAM pretending to be from Habitat for Humanity

SPAM

2020-01-22/a>Brad DuncanGerman language malspam pushes Ursnif
2020-01-16/a>Jan KoprivaPicks of 2019 malware - the large, the small and the one full of null bytes
2019-12-18/a>Brad DuncanEmotet infection with spambot activity
2019-12-11/a>Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-12-03/a>Brad DuncanUrsnif infection with Dridex
2019-11-20/a>Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-13/a>Brad DuncanAn example of malspam pushing Lokibot malware, November 2019
2019-11-09/a>Guy BruneauFake Netflix Update Request by Text
2019-11-06/a>Brad DuncanMore malspam pushing Formbook
2019-10-02/a>Brad DuncanA recent example of Emotet malspam
2019-10-01/a>Johannes UllrichA Quick Look at Some Current Comment Spam
2019-09-25/a>Brad DuncanMalspam pushing Quasar RAT
2019-09-18/a>Brad DuncanEmotet malspam is back
2019-06-18/a>Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-04-07/a>Guy BruneauFake Office 365 Payment Information Update
2019-03-21/a>Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-13/a>Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06/a>Brad DuncanMalspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-02-20/a>Brad DuncanMore Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-06/a>Brad DuncanHancitor malspam and infection traffic from Tuesday 2019-02-05
2019-01-24/a>Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2019-01-10/a>Brad DuncanHeartbreaking Emails: "Love You" Malspam
2018-12-18/a>Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-05/a>Brad DuncanCampaign evolution: Hancitor changes its Word macros
2018-12-04/a>Brad DuncanMalspam pushing Lokibot malware
2018-11-29/a>Brad DuncanRussian language malspam pushing Shade (Troldesh) ransomware
2018-11-15/a>Brad DuncanEmotet infection with IcedID banking Trojan
2018-11-14/a>Brad DuncanDay in the life of a researcher: Finding a wave of Trickbot malspam
2018-10-31/a>Brad DuncanMore malspam using password-protected Word docs
2018-10-30/a>Brad DuncanCampaign evolution: Hancitor malspam starts pushing Ursnif this week
2018-10-05/a>Jim ClausingA strange spam
2018-09-26/a>Brad DuncanOne Emotet infection leads to three follow-up malware infections
2018-08-15/a>Brad DuncanMore malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-08-02/a>Brad DuncanDHL-themed malspam reveals embedded malware in animated gif
2018-07-27/a>Brad DuncanMalspam with password-protected Word docs pushes Hermes ransomware
2018-07-24/a>Brad DuncanRecent Emotet activity
2018-06-18/a>Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2018-06-13/a>Xavier MertensA Bunch of Compromized Wordpress Sites
2018-02-01/a>Xavier MertensAdaptive Phishing Kit
2017-12-18/a>Didier StevensPhish or scam? - Part 2
2017-12-17/a>Didier StevensPhish or scam? - Part 1
2017-11-30/a>Brad DuncanMore Malspam pushing Emotet malware
2017-10-19/a>Brad DuncanHSBC-themed malspam uses ISO attachments to push Loki Bot malware
2017-10-17/a>Brad DuncanHancitor malspam uses DDE attack
2017-09-18/a>Xavier MertensGetting some intelligence from malspam
2017-09-01/a>Brad DuncanMalspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-08-14/a>Didier StevensSometimes it's just SPAM
2017-07-26/a>Brad DuncanMalspam pushing Emotet malware
2017-07-14/a>Brad DuncanNemucodAES and the malspam that distributes it
2017-06-28/a>Brad DuncanCatching up with Blank Slate: a malspam campaign still going strong
2017-05-24/a>Brad DuncanJaff ransomware gets a makeover
2017-04-11/a>Brad DuncanDridex malspam seen on Monday 2017-04-10
2017-03-28/a>Xavier MertensLogical & Physical Security Correlation
2017-02-10/a>Brad DuncanHancitor/Pony malspam
2016-10-25/a>Xavier MertensAnother Day, Another Spam...
2016-10-19/a>Xavier MertensSpam Delivered via .ICS Files
2016-06-20/a>Xavier MertensOngoing Spam Campaign Related to Swift
2016-05-12/a>Xavier MertensAnother Day, Another Wave of Phishing Emails
2015-12-06/a>Mark HofmanMalware SPAM a new run has started.
2015-09-01/a>Daniel WesemannGift card from Marriott?
2015-06-22/a>Johannes UllrichSMTP Brute Forcing
2015-04-09/a>Brad DuncanAn example of the malicious emails sometimes sent to the ISC handler addresses
2015-03-23/a>Rick WannerInteresting Home Depot Spam
2015-01-31/a>Guy BruneauBeware of Phishing and Spam Super Bowl Fans!
2014-09-17/a>Daniel WesemannYour online background check is now public!
2014-08-05/a>Johannes UllrichLegal Threat Spam: Sometimes it Gets Personal
2014-06-17/a>Rob VandenBrinkCanada's Anti-Spam Legislation (CASL) 2014
2014-06-08/a>Guy Bruneauefax Spam Containing Malware
2014-04-05/a>Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2014-03-22/a>Guy BruneauHow the Compromise of a User Account Lead to a Spam Incident
2014-02-21/a>Johannes UllrichUPS Malware Spam Using Fake SPF Headers
2014-01-24/a>Johannes UllrichHow to send mass e-mail the right way
2013-12-24/a>Daniel WesemannMr Jones wants you to appear in court!
2013-10-17/a>Adrien de BeaupreNew spamming technique - onmicrosoft.com
2013-09-30/a>Adrien de BeaupreTwitter DM spam/malware
2013-09-03/a>Rob VandenBrinkIs "Reputation Backscatter" a Thing?
2013-07-18/a>Chris MohanBlog Spam - annoying junk or a source of intelligence?
2013-03-28/a>John BambenekWhere Were You During the Great DDoS Cybergeddon of 2013?
2013-03-26/a>Daniel WesemannHow your Webhosting Account is Getting Abused
2013-03-18/a>Kevin ShorttSpamhaus DDOS
2013-02-08/a>Kevin ShorttIs it Spam or Is it Malware?
2012-12-06/a>Daniel WesemannRich Quick Make Money!
2012-10-10/a>Kevin ShorttFacebook Scam Spam
2012-09-09/a>Guy BruneauPhishing/Spam Pretending to be from BBB
2012-08-22/a>Adrien de BeauprePhishing/spam via SMS
2012-03-21/a>Johannes UllrichVirus Bulletin Spam Filter Test
2012-02-17/a>Mark HofmanIntersting Facebook SPAM
2011-11-28/a>Rob VandenBrinkIt's Cyber Monday - Click Here!
2011-11-16/a>Adrien de BeaupreGET BACK TO ME ASAP
2011-10-20/a>Johannes UllrichEvil Printers Sending Mail
2011-08-31/a>Johannes UllrichPhishing e-mail to custom e-mail addresses
2011-06-30/a>Guy BruneauSymantec Report - Spam Surge against Social Networks
2011-06-27/a>Kevin ShorttPhishy Spam
2011-06-08/a>Johannes UllrichSpam from compromised Hotmail accounts
2011-03-29/a>Daniel WesemannRequesting deletion of "free" email and chat accounts
2011-01-11/a>Kevin ShorttSpam Cannons on Holiday
2010-12-03/a>Mark HofmanT'is the season to be SPAMMY, trallalalaa la la la laaa
2010-11-22/a>Lenny ZeltserAdobe Acrobat Spam Going Strong - More to Come?
2010-09-18/a>Rick WannerI'm fine, thanks!
2010-08-29/a>Swa FrantzenAbandoned free email accounts
2010-07-15/a>Deborah HaleBe on the Alert
2010-07-03/a>Deborah HaleDelivery Status Failure Notice That Packed A Wallop
2010-06-21/a>Adrien de BeaupreGoDaddy Scam/Phish/Spam
2010-06-10/a>Deborah HaleAnother Morning of Fun
2010-06-02/a>Rob VandenBrinkSPAM pretending to be from Habitat for Humanity
2010-04-22/a>Deborah HaleDon't Be Fooled by Twitter Spam in Your Inbox
2010-04-13/a>Johannes UllrichMore Legal Threat Malware E-Mail
2010-03-17/a>Deborah HaleSpam was killing us! Here is what we did to help!
2010-03-15/a>Adrien de BeaupreSpamassassin Milter Plugin Remote Root Attack
2010-02-03/a>Johannes UllrichAnatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/
2009-12-02/a>Rob VandenBrinkSPAM and Malware taking advantage of H1N1 concerns
2009-11-03/a>Andre LudwigSURBL now posting abuse statistics for TLD's
2009-10-12/a>Mark HofmanSome interesting SSL SPAM
2009-10-08/a>Johannes UllrichCyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-07/a>Joel EslerSpam rate increase is seen
2009-09-10/a>Johannes UllrichHealthcare Spam
2009-07-28/a>Adrien de BeaupreTwitter spam/phish
2009-06-25/a>Mark HofmanMichael J & Farrah F death SPAM
2009-06-20/a>Scott FendleySituational Awareness: Spam Crisis and China
2009-04-06/a>Adrien de BeaupreAbuse addresses
2009-01-25/a>Rick WannerTwam?? Twammers?
2009-01-16/a>G. N. White...and all that SPAM - Evolution of Spam Bots in 2009
2008-09-09/a>Swa FrantzenThe complaint that's an attack
2008-08-13/a>Adrien de BeaupreCNN switched to MSNBC
2008-08-10/a>Stephen HallFake IE 7 update spam doing the rounds
2008-08-06/a>Bojan ZdrnjaWhen spammers use your own e-mails
2008-08-05/a>Daniel WesemannThe news update you never asked for
2008-05-02/a>Adrien de BeaupreHi, remember me?...
2008-04-22/a>donald smithSpam to your calendar via Google agenda?
2008-03-26/a>Raul SilesORDB.org blacklisting all IP addresses
2006-10-08/a>Swa FrantzenSpam Backscatter

HABITAT

2010-06-02/a>Rob VandenBrinkSPAM pretending to be from Habitat for Humanity

FOR

2019-11-06/a>Brad DuncanMore malspam pushing Formbook
2019-10-25/a>Rob VandenBrinkMore on DNS Archeology (with PowerShell)
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-10/a>Rob VandenBrinkDumping File Contents in Hex (in PowerShell)
2019-07-05/a>Didier StevensA "Stream O" Maldoc
2019-07-01/a>Didier StevensMaldoc: Payloads in User Forms
2018-08-23/a>Xavier MertensSimple Phishing Through formcrafts.com
2018-01-26/a>Xavier MertensInvestigating Microsoft BITS Activity
2018-01-09/a>Jim ClausingAre you watching for brute force attacks on IPv6?
2017-10-03/a>Brad DuncanMalspam pushing Formbook info stealer
2017-10-02/a>Xavier MertensInvestigating Security Incidents with Passive DNS
2017-09-28/a>Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-09-24/a>Jim ClausingForensic use of mount --bind
2017-09-19/a>Jim ClausingNew tool: mac-robber.py
2017-08-07/a>Xavier MertensIncrease of phpMyAdmin scans
2017-07-09/a>Russ McReeAdversary hunting with SOF-ELK
2017-04-26/a>Johannes UllrichIf there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-01-12/a>Mark BaggettSystem Resource Utilization Monitor
2016-10-31/a>Russ McReeSEC505 DFIR capture script: snapshot.ps1
2016-08-11/a>Pasquale StirparoLooking for the insider: Forensic Artifacts on iOS Messaging App
2016-06-01/a>Xavier MertensDocker Containers Logging
2016-05-22/a>Pasquale StirparoThe strange case of WinZip MRU Registry key
2016-03-28/a>Xavier MertensImproving Bash Forensics Capabilities
2016-03-11/a>Jim ClausingForensicating Docker, Part 1
2016-02-18/a>Xavier MertensHunting for Executable Code in Windows Environments
2016-01-21/a>Jim ClausingScanning for Fortinet ssh backdoor
2016-01-06/a>Russ McReetoolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-06-23/a>Kevin ShorttXOR DDOS Mitigation and Analysis
2015-06-22/a>Johannes UllrichSMTP Brute Forcing
2015-04-24/a>Basil Alawi S.TaherFileless Malware
2015-04-17/a>Didier StevensMemory Forensics Of Network Devices
2015-03-18/a>Daniel WesemannNew SANS memory forensics poster
2015-02-03/a>Johannes UllrichAnother Network Forensic Tool for the Toolbox - Dshell
2014-09-07/a>Johannes UllrichOdd Persistent Password Bruteforcing
2014-08-29/a>Johannes UllrichFalse Positive or Not? Difficult to Analyze Javascript
2014-08-10/a>Basil Alawi S.TaherIncident Response with Triage-ir
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-23/a>Johannes UllrichNew Feature: "Live" SSH Brute Force Logs and New Kippo Client
2014-07-22/a>Daniel Wesemann WordPress brute force attack via wp.getUsersBlogs
2014-06-22/a>Russ McReeOfficeMalScanner helps identify the source of a compromise
2014-06-03/a>Basil Alawi S.TaherAn Introduction to RSA Netwitness Investigator
2014-05-27/a>Kevin ShorttAvast forums hacked
2014-05-18/a>Russ McReesed and awk will always rock
2014-03-11/a>Basil Alawi S.TaherIntroduction to Memory Analysis with Mandiant Redline
2014-03-07/a>Tom WebbLinux Memory Dump with Rekall
2014-02-09/a>Basil Alawi S.TaherMandiant Highlighter 2
2014-01-10/a>Basil Alawi S.TaherWindows Autorun-3
2013-12-12/a>Basil Alawi S.TaherAcquiring Memory Images with Dumpit
2013-12-02/a>Richard PorterReports of higher than normal SSH Attacks
2013-11-21/a>Mark Baggett"In the end it is all PEEKS and POKES."
2013-11-20/a>Mark BaggettSearching live memory on a running machine with winpmem
2013-11-19/a>Mark BaggettWinpmem - Mild mannered memory aquisition tool??
2013-10-02/a>John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-08-26/a>Alex StanfordStop, Drop and File Carve
2013-08-14/a>Johannes UllrichImaging LUKS Encrypted Drives
2013-07-31/a>Johannes UllrichPOP3 Server Brute Forcing Attempts Using Polycom Credentials
2013-07-21/a>Guy BruneauUbuntu Forums Security Breach
2013-07-20/a>Manuel Humberto Santander PelaezDo you have rogue Internet gateways in your network? Check it with nmap
2013-07-12/a>Rob VandenBrinkHmm - where did I save those files?
2013-06-23/a>Kevin ListonIs SSH no more secure than telnet?
2013-05-23/a>Adrien de BeaupreMoVP II
2013-04-25/a>Adam SwangerSANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2012-12-16/a>Tony CarothersSSH Brute Force on Non-Standard Ports
2012-11-02/a>Daniel WesemannThe shortcomings of anti-virus software
2012-10-11/a>Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-01-03/a>Rick WannerAnalysis of the Stratfor Password List
2011-12-25/a>Deborah HaleAnother Company Falls Victim
2011-12-04/a>Guy BruneauSSH Password Brute Forcing may be on the Rise
2011-11-06/a>Tom ListonNew, odd SSH brute force behavior
2011-09-29/a>Daniel WesemannThe SSD dilemma
2011-08-05/a>Johannes UllrichForensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-08-02/a>Mark HofmanSSH Brute Force attacks
2011-07-31/a>Daniel WesemannAnatomy of a Unix breach
2011-07-17/a>Mark HofmanSSH Brute Force
2011-03-09/a>Chris MohanPossible Issue with Forefront Update KB2508823
2011-03-01/a>Daniel WesemannAV software and "sharing samples"
2011-02-19/a>Guy BruneauSnort Data Acquisition Library
2011-02-05/a>Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-29/a>Mark HofmanSourceforge attack
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2010-11-17/a>Guy BruneauReference on Open Source Digital Forensics
2010-11-12/a>Guy BruneauHoneynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-10-22/a>Manuel Humberto Santander PelaezIntypedia project
2010-09-07/a>Bojan ZdrnjaSSH password authentication insight and analysis by DRG
2010-08-25/a>Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-13/a>Jim ClausingForensic challenge results
2010-06-18/a>Adrien de BeaupreDistributed SSH Brute Force Attempts on the rise again
2010-06-18/a>Tom ListonIMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-15/a>Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-04/a>Rick WannerNew Honeynet Project Forensic Challenge
2010-06-02/a>Rob VandenBrinkSPAM pretending to be from Habitat for Humanity
2010-05-22/a>Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21/a>Rick Wanner2010 Digital Forensics and Incident Response Summit
2010-05-04/a>Rick WannerSIFT review in the ISSA Toolsmith
2010-04-30/a>Kevin ListonThe Importance of Small Files
2010-04-21/a>Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-11/a>Marcus SachsNetwork and process forensics toolset
2010-03-28/a>Rick WannerHoneynet Project: 2010 Forensic Challenge #3
2010-03-27/a>Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-26/a>Daniel WesemannSIFT2.0 SANS Investigative Forensics Toolkit released
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-01-23/a>Lorna HutchesonThe necessary evils: Policies, Processes and Procedures
2010-01-19/a>Jim ClausingForensic challenges
2010-01-01/a>G. N. WhiteDealing With Unwanted SSH Bruteforcing
2009-12-14/a>Adrien de BeaupreAnti-forensics, COFEE vs. DECAF
2009-11-30/a>Bojan ZdrnjaDistributed Wordpress admin account cracking
2009-11-29/a>Patrick Nolan A Cloudy Weekend
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-10-04/a>Guy BruneauSamba Security Information Disclosure and DoS
2009-08-18/a>Daniel WesemannForensics: Mounting partitions from full-disk 'dd' images
2009-08-13/a>Jim ClausingNew and updated cheat sheets
2009-07-17/a>John BambenekCross-Platform, Cross-Browser DoS Vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-02/a>Daniel WesemannGetting the EXE out of the RTF
2009-04-17/a>Daniel WesemannGuess what? SSH again!
2009-03-30/a>Daniel WesemannWatch your Internet routers!
2009-03-02/a>Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2009-02-02/a>Stephen HallHow do you audit your production code?
2009-01-30/a>Mark HofmanRequest for info - Scan and webmail
2009-01-02/a>Rick WannerTools on my Christmas list.
2008-12-16/a>donald smithMicrosoft announces an out of band patch for IE zero day
2008-11-17/a>Marcus SachsNew Tool: NetWitness Investigator
2008-10-02/a>Kyle HaugsnessLow, slow, distributed SSH username brute forcing
2008-09-11/a>David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-08-17/a>Kevin ListonVolatility 1.3 Released
2008-08-15/a>Jim ClausingOMFW 2008 reflections
2008-06-09/a>Scott FendleySo Where Are Those OpenSSH Key-based Attacks?
2008-05-12/a>Scott FendleyBrute-force SSH Attacks on the Rise
2008-04-07/a>John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2007-01-03/a>Toby KohlenbergVLC Media Player udp URL handler Format String Vulnerability

HUMANITY

2010-06-02/a>Rob VandenBrinkSPAM pretending to be from Habitat for Humanity