Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
KB 949104
2012-06-25
Guy Bruneau
Issues with Windows Update Agent
KB
2023-06-22/a>
Brad Duncan
Qakbot (Qbot) activity, obama271 distribution tag
2023-04-12/a>
Brad Duncan
Recent IcedID (Bokbot) activity
2023-02-28/a>
Brad Duncan
BB17 distribution Qakbot (Qbot) activity
2023-02-24/a>
Brad Duncan
URL files and WebDAV used for IcedID (Bokbot) infection
2022-12-02/a>
Brad Duncan
obama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-11-02/a>
Brad Duncan
Who put the "Dark" in DarkVNC?
2022-08-24/a>
Brad Duncan
Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12/a>
Brad Duncan
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27/a>
Brad Duncan
IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-06-30/a>
Brad Duncan
Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-09/a>
Brad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-04-20/a>
Brad Duncan
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-25/a>
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-03-16/a>
Brad Duncan
Qakbot infection with Cobalt Strike and VNC activity
2021-12-16/a>
Brad Duncan
How the "Contact Forms" campaign tricks people
2021-12-02/a>
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-04/a>
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-09-23/a>
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-30/a>
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-03-03/a>
Brad Duncan
Qakbot infection with Cobalt Strike
2021-02-23/a>
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-17/a>
Brad Duncan
Malspam pushing Trickbot gtag rob13
2021-01-26/a>
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>
Brad Duncan
Qakbot activity resumes after holiday break
2020-12-09/a>
Brad Duncan
Recent Qakbot (Qbot) activity
2020-11-03/a>
Brad Duncan
Emotet -> Qakbot -> more Emotet
2020-10-14/a>
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-19/a>
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-07-15/a>
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-05-20/a>
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-01/a>
Brad Duncan
Qakbot malspam sent from an infected Windows host
2020-03-18/a>
Brad Duncan
Trickbot gtag red5 distributed as a DLL file
2020-01-28/a>
Brad Duncan
Emotet epoch 1 infection with Trickbot gtag mor84
2019-12-24/a>
Brad Duncan
Malspam with links to Word docs pushes IcedID (Bokbot)
2019-12-11/a>
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-09-18/a>
Brad Duncan
Emotet malspam is back
2019-09-03/a>
Johannes Ullrich
[Guest Diary] Tricky LNK points to TrickBot
2019-03-13/a>
Brad Duncan
Malspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06/a>
Brad Duncan
Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-01-16/a>
Brad Duncan
Emotet infections and follow-up malware
2018-12-18/a>
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-14/a>
Brad Duncan
Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-09-26/a>
Brad Duncan
One Emotet infection leads to three follow-up malware infections
2018-05-09/a>
Xavier Mertens
Nice Phishing Sample Delivering Trickbot
2017-08-15/a>
Brad Duncan
Malspam pushing Trickbot banking Trojan
2012-09-21/a>
Guy Bruneau
IE Cumulative Updates MS12-063 - KB2744842
2012-06-25/a>
Guy Bruneau
Issues with Windows Update Agent
2012-02-24/a>
Guy Bruneau
BlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565
2011-08-11/a>
Guy Bruneau
BlackBerry Enterprise Server Critical Update
2011-07-14/a>
Guy Bruneau
Blackberry Server Security Update - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27258
2011-04-28/a>
Guy Bruneau
VMware ESXi 4.1 Security and Firmware Updates
2011-04-21/a>
Guy Bruneau
Silverlight Update Available
2011-01-13/a>
Rob VandenBrink
Blackberry BES Server Updates for PDF Vulnerabilities
2010-12-15/a>
Manuel Humberto Santander Pelaez
Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-08-14/a>
Tony Carothers
Freedom of Information
2010-03-10/a>
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-12-23/a>
Marcus Sachs
Blackberry Outage
2009-12-01/a>
Chris Carboni
Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service
2009-11-05/a>
Swa Frantzen
RIM fixes random code execution vulnerability
2009-05-29/a>
Lorna Hutcheson
Blackberry Server Vulnerability
2009-05-27/a>
donald smith
WebDAV write-up
2008-07-15/a>
Maarten Van Horenbeeck
BlackBerry PDF parsing vulnerability
2006-09-15/a>
Swa Frantzen
MSIE DirectAnimation ActiveX 0-day update
949104
2012-06-25/a>
Guy Bruneau
Issues with Windows Update Agent
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Subscribe to the Internet Storm Center
YouTube Channel