Click here to download all references as Bib-File.
| 2023-01-18 ⋅ SANS ISC ⋅ Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware Aurora Stealer |
| 2022-12-18 ⋅ SANS ISC ⋅ Infostealer Malware with Double Extension Agent Tesla |
| 2022-08-19 ⋅ SANS ISC ⋅ Brazil malspam pushes Astaroth (Guildma) malware Astaroth |
| 2022-08-12 ⋅ SANS ISC ⋅ Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
| 2022-07-27 ⋅ SANS ISC ⋅ IcedID (Bokbot) with Dark VNC and Cobalt Strike DarkVNC IcedID |
| 2022-07-07 ⋅ SANS ISC ⋅ Emotet infection with Cobalt Strike Cobalt Strike Emotet |
| 2022-06-17 ⋅ SANS ISC ⋅ Malspam pushes Matanbuchus malware, leads to Cobalt Strike Cobalt Strike Matanbuchus |
| 2022-06-16 ⋅ SANS ISC ⋅ Houdini is Back Delivered Through a JavaScript Dropper Houdini |
| 2022-06-13 ⋅ SANS ISC ⋅ Translating Saitama's DNS tunneling messages Saitama Backdoor |
| 2022-05-20 ⋅ SANS ISC ⋅ A 'Zip Bomb' to Bypass Security Controls & Sandboxes BitRAT |
| 2022-05-11 ⋅ SANS ISC ⋅ TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee |
| 2022-04-25 ⋅ SANS ISC ⋅ Simple PDF Linking to Malicious Content |
| 2022-04-20 ⋅ SANS ISC ⋅ 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic QakBot |
| 2022-04-06 ⋅ SANS ISC ⋅ Windows MetaStealer Malware |
| 2022-03-31 ⋅ SANS ISC ⋅ Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
| 2022-03-25 ⋅ SANS ISC ⋅ XLSB Files: Because Binary is Stealthier Than XML QakBot |
| 2022-03-16 ⋅ SANS ISC ⋅ Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
| 2022-02-18 ⋅ SANS ISC ⋅ Remcos RAT Delivered Through Double Compressed Archive Remcos |
| 2022-02-11 ⋅ blog.rootshell.be ⋅ [SANS ISC] CinaRAT Delivered Through HTML ID Attributes Quasar RAT |
| 2022-01-25 ⋅ SANS ISC ⋅ Emotet Stops Using 0.0.0.0 in Spambot Traffic Emotet |