Date Author Title

KB 949104

2012-06-25Guy BruneauIssues with Windows Update Agent

KB

2023-06-22/a>Brad DuncanQakbot (Qbot) activity, obama271 distribution tag
2023-04-12/a>Brad DuncanRecent IcedID (Bokbot) activity
2023-02-28/a>Brad DuncanBB17 distribution Qakbot (Qbot) activity
2023-02-24/a>Brad DuncanURL files and WebDAV used for IcedID (Bokbot) infection
2022-12-02/a>Brad Duncanobama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-11-02/a>Brad DuncanWho put the "Dark" in DarkVNC?
2022-08-24/a>Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-12/a>Brad DuncanMonster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27/a>Brad DuncanIcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-06-30/a>Brad DuncanCase Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-09/a>Brad DuncanTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-04-20/a>Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-25/a>Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-16/a>Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2021-12-16/a>Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-02/a>Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-11-04/a>Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-09-23/a>Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-23/a>Jan KoprivaQakbot in a response to Full Disclosure post
2021-02-17/a>Brad DuncanMalspam pushing Trickbot gtag rob13
2021-01-26/a>Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>Brad DuncanQakbot activity resumes after holiday break
2020-12-09/a>Brad DuncanRecent Qakbot (Qbot) activity
2020-11-03/a>Brad DuncanEmotet -> Qakbot -> more Emotet
2020-10-14/a>Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-19/a>Xavier MertensExample of Word Document Delivering Qakbot
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-01/a>Brad DuncanQakbot malspam sent from an infected Windows host
2020-03-18/a>Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-01-28/a>Brad DuncanEmotet epoch 1 infection with Trickbot gtag mor84
2019-12-24/a>Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-11/a>Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-09-18/a>Brad DuncanEmotet malspam is back
2019-09-03/a>Johannes Ullrich[Guest Diary] Tricky LNK points to TrickBot
2019-03-13/a>Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware
2019-03-06/a>Brad DuncanMalspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-01-16/a>Brad DuncanEmotet infections and follow-up malware
2018-12-18/a>Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-14/a>Brad DuncanDay in the life of a researcher: Finding a wave of Trickbot malspam
2018-09-26/a>Brad DuncanOne Emotet infection leads to three follow-up malware infections
2018-05-09/a>Xavier MertensNice Phishing Sample Delivering Trickbot
2017-08-15/a>Brad DuncanMalspam pushing Trickbot banking Trojan
2012-09-21/a>Guy BruneauIE Cumulative Updates MS12-063 - KB2744842
2012-06-25/a>Guy BruneauIssues with Windows Update Agent
2012-02-24/a>Guy BruneauBlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565
2011-08-11/a>Guy BruneauBlackBerry Enterprise Server Critical Update
2011-07-14/a>Guy BruneauBlackberry Server Security Update - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27258
2011-04-28/a>Guy BruneauVMware ESXi 4.1 Security and Firmware Updates
2011-04-21/a>Guy BruneauSilverlight Update Available
2011-01-13/a>Rob VandenBrinkBlackberry BES Server Updates for PDF Vulnerabilities
2010-12-15/a>Manuel Humberto Santander PelaezVulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-08-14/a>Tony CarothersFreedom of Information
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-12-23/a>Marcus SachsBlackberry Outage
2009-12-01/a>Chris CarboniVulnerabilities in the PDF distiller of the BlackBerry Attachment Service
2009-11-05/a>Swa FrantzenRIM fixes random code execution vulnerability
2009-05-29/a>Lorna HutchesonBlackberry Server Vulnerability
2009-05-27/a>donald smithWebDAV write-up
2008-07-15/a>Maarten Van HorenbeeckBlackBerry PDF parsing vulnerability
2006-09-15/a>Swa FrantzenMSIE DirectAnimation ActiveX 0-day update

949104

2012-06-25/a>Guy BruneauIssues with Windows Update Agent