Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

COBALT STRIKE

2022-06-30Brad DuncanCase Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-17Brad DuncanMalspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-05-19Brad DuncanBumblebee Malware from TransferXL URLs
2022-03-16Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2022-02-09Brad DuncanExample of Cobalt Strike from Emotet infection
2021-12-16Brad DuncanHow the "Contact Forms" campaign tricks people
2021-09-15Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-11Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-09Brad DuncanHancitor tries XLL as initial malware file
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-03Brad DuncanExcel spreadsheets push SystemBC malware
2019-11-20Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike

COBALT

2022-06-30/a>Brad DuncanCase Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-17/a>Brad DuncanMalspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-05-19/a>Brad DuncanBumblebee Malware from TransferXL URLs
2022-03-16/a>Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2022-02-09/a>Brad DuncanExample of Cobalt Strike from Emotet infection
2022-01-09/a>Didier StevensExtracting Cobalt Strike Beacons from MSBuild Scripts
2021-12-16/a>Brad DuncanHow the "Contact Forms" campaign tricks people
2021-11-07/a>Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25/a>Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-15/a>Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-11/a>Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-09/a>Brad DuncanHancitor tries XLL as initial malware file
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-05-30/a>Didier StevensVideo: Cobalt Strike & DNS - Part 1
2021-03-15/a>Didier StevensFinding Metasploit & Cobalt Strike URLs
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-14/a>Didier StevensVideo: tshark & Malware Analysis
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-01-13/a>Brad DuncanHancitor activity resumes after a hoilday break
2020-11-23/a>Didier StevensQuick Tip: Cobalt Strike Beacon Analysis
2019-11-20/a>Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike

STRIKE

2022-06-30/a>Brad DuncanCase Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-17/a>Brad DuncanMalspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-05-19/a>Brad DuncanBumblebee Malware from TransferXL URLs
2022-03-16/a>Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2022-02-09/a>Brad DuncanExample of Cobalt Strike from Emotet infection
2022-01-09/a>Didier StevensExtracting Cobalt Strike Beacons from MSBuild Scripts
2021-12-16/a>Brad DuncanHow the "Contact Forms" campaign tricks people
2021-11-07/a>Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25/a>Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-15/a>Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-11/a>Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-09/a>Brad DuncanHancitor tries XLL as initial malware file
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-05-30/a>Didier StevensVideo: Cobalt Strike & DNS - Part 1
2021-03-15/a>Didier StevensFinding Metasploit & Cobalt Strike URLs
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-14/a>Didier StevensVideo: tshark & Malware Analysis
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-01-13/a>Brad DuncanHancitor activity resumes after a hoilday break
2020-11-23/a>Didier StevensQuick Tip: Cobalt Strike Beacon Analysis
2019-11-20/a>Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike