Click here to download all references as Bib-File.
2023-11-01 ⋅ SANS ISC ⋅ Malware Dropped Through a ZPAQ Archive |
2023-04-12 ⋅ SANS ISC ⋅ Recent IcedID (Bokbot) activity IcedID |
2023-01-18 ⋅ SANS ISC ⋅ Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware Aurora Stealer |
2022-12-18 ⋅ SANS ISC ⋅ Infostealer Malware with Double Extension Agent Tesla |
2022-08-19 ⋅ SANS ISC ⋅ Brazil malspam pushes Astaroth (Guildma) malware Astaroth |
2022-08-12 ⋅ SANS ISC ⋅ Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
2022-07-27 ⋅ SANS ISC ⋅ IcedID (Bokbot) with Dark VNC and Cobalt Strike DarkVNC IcedID |
2022-07-07 ⋅ SANS ISC ⋅ Emotet infection with Cobalt Strike Cobalt Strike Emotet |
2022-06-17 ⋅ SANS ISC ⋅ Malspam pushes Matanbuchus malware, leads to Cobalt Strike Cobalt Strike Matanbuchus |
2022-06-16 ⋅ SANS ISC ⋅ Houdini is Back Delivered Through a JavaScript Dropper Houdini |
2022-06-13 ⋅ SANS ISC ⋅ Translating Saitama's DNS tunneling messages Saitama Backdoor |
2022-05-20 ⋅ SANS ISC ⋅ A 'Zip Bomb' to Bypass Security Controls & Sandboxes BitRAT |
2022-05-11 ⋅ SANS ISC ⋅ TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee |
2022-04-25 ⋅ SANS ISC ⋅ Simple PDF Linking to Malicious Content |
2022-04-20 ⋅ SANS ISC ⋅ 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic QakBot |
2022-04-06 ⋅ SANS ISC ⋅ Windows MetaStealer Malware |
2022-03-31 ⋅ SANS ISC ⋅ Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
2022-03-25 ⋅ SANS ISC ⋅ XLSB Files: Because Binary is Stealthier Than XML QakBot |
2022-03-16 ⋅ SANS ISC ⋅ Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
2022-02-18 ⋅ SANS ISC ⋅ Remcos RAT Delivered Through Double Compressed Archive Remcos |