Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Guy Bruneau

Threat Level: green

Date	Author	Title
KB 949104
2012-06-25	Guy Bruneau	Issues with Windows Update Agent
KB
2023-02-28/a>	Brad Duncan	BB17 distribution Qakbot (Qbot) activity
2023-02-24/a>	Brad Duncan	URL files and WebDAV used for IcedID (Bokbot) infection
2022-12-02/a>	Brad Duncan	obama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-11-02/a>	Brad Duncan	Who put the "Dark" in DarkVNC?
2022-08-24/a>	Brad Duncan	Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12/a>	Brad Duncan	Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27/a>	Brad Duncan	IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-06-30/a>	Brad Duncan	Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-09/a>	Brad Duncan	TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-04-20/a>	Brad Duncan	"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-25/a>	Xavier Mertens	XLSB Files: Because Binary is Stealthier Than XML
2022-03-16/a>	Brad Duncan	Qakbot infection with Cobalt Strike and VNC activity
2021-12-16/a>	Brad Duncan	How the "Contact Forms" campaign tricks people
2021-12-02/a>	Brad Duncan	TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-04/a>	Brad Duncan	October 2021 Forensic Contest: Answers and Analysis
2021-09-23/a>	Xavier Mertens	Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-30/a>	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
2021-03-03/a>	Brad Duncan	Qakbot infection with Cobalt Strike
2021-02-23/a>	Jan Kopriva	Qakbot in a response to Full Disclosure post
2021-02-17/a>	Brad Duncan	Malspam pushing Trickbot gtag rob13
2021-01-26/a>	Brad Duncan	TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>	Brad Duncan	Qakbot activity resumes after holiday break
2020-12-09/a>	Brad Duncan	Recent Qakbot (Qbot) activity
2020-11-03/a>	Brad Duncan	Emotet -> Qakbot -> more Emotet
2020-10-14/a>	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-19/a>	Xavier Mertens	Example of Word Document Delivering Qakbot
2020-07-15/a>	Brad Duncan	Word docs with macros for IcedID (Bokbot)
2020-05-20/a>	Brad Duncan	Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-01/a>	Brad Duncan	Qakbot malspam sent from an infected Windows host
2020-03-18/a>	Brad Duncan	Trickbot gtag red5 distributed as a DLL file
2020-01-28/a>	Brad Duncan	Emotet epoch 1 infection with Trickbot gtag mor84
2019-12-24/a>	Brad Duncan	Malspam with links to Word docs pushes IcedID (Bokbot)
2019-12-11/a>	Brad Duncan	German language malspam pushes yet another wave of Trickbot
2019-09-18/a>	Brad Duncan	Emotet malspam is back
2019-09-03/a>	Johannes Ullrich	[Guest Diary] Tricky LNK points to TrickBot
2019-03-13/a>	Brad Duncan	Malspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06/a>	Brad Duncan	Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-01-16/a>	Brad Duncan	Emotet infections and follow-up malware
2018-12-18/a>	Brad Duncan	Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-14/a>	Brad Duncan	Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-09-26/a>	Brad Duncan	One Emotet infection leads to three follow-up malware infections
2018-05-09/a>	Xavier Mertens	Nice Phishing Sample Delivering Trickbot
2017-08-15/a>	Brad Duncan	Malspam pushing Trickbot banking Trojan
2012-09-21/a>	Guy Bruneau	IE Cumulative Updates MS12-063 - KB2744842
2012-06-25/a>	Guy Bruneau	Issues with Windows Update Agent
2012-02-24/a>	Guy Bruneau	BlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565
2011-08-11/a>	Guy Bruneau	BlackBerry Enterprise Server Critical Update
2011-07-14/a>	Guy Bruneau	Blackberry Server Security Update - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27258
2011-04-28/a>	Guy Bruneau	VMware ESXi 4.1 Security and Firmware Updates
2011-04-21/a>	Guy Bruneau	Silverlight Update Available
2011-01-13/a>	Rob VandenBrink	Blackberry BES Server Updates for PDF Vulnerabilities
2010-12-15/a>	Manuel Humberto Santander Pelaez	Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-08-14/a>	Tony Carothers	Freedom of Information
2010-03-10/a>	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-12-23/a>	Marcus Sachs	Blackberry Outage
2009-12-01/a>	Chris Carboni	Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service
2009-11-05/a>	Swa Frantzen	RIM fixes random code execution vulnerability
2009-05-29/a>	Lorna Hutcheson	Blackberry Server Vulnerability
2009-05-27/a>	donald smith	WebDAV write-up
2008-07-15/a>	Maarten Van Horenbeeck	BlackBerry PDF parsing vulnerability
2006-09-15/a>	Swa Frantzen	MSIE DirectAnimation ActiveX 0-day update
949104
2012-06-25/a>	Guy Bruneau	Issues with Windows Update Agent

KB 949104

KB

949104