Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

COBALT STRIKE

2021-09-15Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-11Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-09Brad DuncanHancitor tries XLL as initial malware file
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-03Brad DuncanExcel spreadsheets push SystemBC malware
2019-11-20Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike

COBALT

2021-11-07/a>Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25/a>Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-15/a>Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-11/a>Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-09/a>Brad DuncanHancitor tries XLL as initial malware file
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-05-30/a>Didier StevensVideo: Cobalt Strike & DNS - Part 1
2021-03-15/a>Didier StevensFinding Metasploit & Cobalt Strike URLs
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-14/a>Didier StevensVideo: tshark & Malware Analysis
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-01-13/a>Brad DuncanHancitor activity resumes after a hoilday break
2020-11-23/a>Didier StevensQuick Tip: Cobalt Strike Beacon Analysis
2019-11-20/a>Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike

STRIKE

2021-11-07/a>Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25/a>Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-15/a>Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-11/a>Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-09/a>Brad DuncanHancitor tries XLL as initial malware file
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-05-30/a>Didier StevensVideo: Cobalt Strike & DNS - Part 1
2021-03-15/a>Didier StevensFinding Metasploit & Cobalt Strike URLs
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-14/a>Didier StevensVideo: tshark & Malware Analysis
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-01-13/a>Brad DuncanHancitor activity resumes after a hoilday break
2020-11-23/a>Didier StevensQuick Tip: Cobalt Strike Beacon Analysis
2019-11-20/a>Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike