Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2024-05-27	Jan Kopriva	Files with TXZ extension used as malspam attachments
2024-01-12	Xavier Mertens	One File, Two Payloads
2023-11-18	Xavier Mertens	Quasar RAT Delivered Through Updated SharpLoader
2023-07-12	Brad Duncan	Loader activity for Formbook "QM18"
2023-06-29	Brad Duncan	GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-24	Guy Bruneau	Email Spam with Attachment Modiloader
2023-06-17	Brad Duncan	Formbook from Possible ModiLoader (DBatLoader)
2023-05-30	Brad Duncan	Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2022-11-04	Xavier Mertens	Remcos Downloader with Unicode Obfuscation
2022-11-02	Brad Duncan	Who put the "Dark" in DarkVNC?
2022-09-18	Tom Webb	Preventing ISO Malware
2022-02-11	Xavier Mertens	CinaRAT Delivered Through HTML ID Attributes
2021-11-19	Xavier Mertens	Downloader Disguised as Excel Add-In (XLL)
2021-11-04	Brad Duncan	October 2021 Forensic Contest: Answers and Analysis
2021-09-08	Brad Duncan	"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-08-11	Brad Duncan	TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-05-18	Xavier Mertens	From RunDLL32 to JavaScript then PowerShell
2021-02-24	Brad Duncan	Malspam pushes GuLoader for Remcos RAT
2020-10-22	Jan Kopriva	BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-06-10	Brad Duncan	Job application-themed malspam pushes ZLoader
2020-05-24	Didier Stevens	Zloader Maldoc Analysis With xlm-deobfuscator
2020-04-08	Brad Duncan	German malspam pushes ZLoader malware
2019-12-05	Jan Kopriva	E-mail from Agent Tesla
2019-07-02	Xavier Mertens	Malicious Script With Multiple Payloads
2017-02-10	Brad Duncan	Hancitor/Pony malspam