Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
RIG EK
2015-04-01	Brad Duncan	Rig Exploit Kit Changes Traffic Patterns
RIG
2021-01-15/a>	Brad Duncan	Throwback Friday: An Example of Rig Exploit Kit
2020-12-14/a>	Johannes Ullrich	SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
2019-12-26/a>	Xavier Mertens	Bypassing UAC to Install a Cryptominer
2019-08-14/a>	Brad Duncan	Recent example of MedusaHTTP malware
2019-06-25/a>	Brad Duncan	Rig Exploit Kit sends Pitou.B Trojan
2019-06-17/a>	Brad Duncan	An infection from Rig exploit kit
2017-02-09/a>	Brad Duncan	CryptoShield Ransomware from Rig EK
2015-07-28/a>	Rick Wanner	Android Stagefright multimedia viewer prone to remote exploitation
2015-04-01/a>	Brad Duncan	Rig Exploit Kit Changes Traffic Patterns
2012-05-25/a>	Guy Bruneau	Google Publish Transparency Report
2011-07-09/a>	Tony Carothers	Copyright Alert System - What say you?
2009-03-10/a>	Swa Frantzen	Browser plug-ins, transparent proxies and same origin policies
EK
2023-02-12/a>	Jesse La Grew	PCAP Data Analysis with Zeek
2022-08-14/a>	Johannes Ullrich	Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-02-03/a>	Johannes Ullrich	Keeping Track of Your Attack Surface for Cheap
2021-04-10/a>	Guy Bruneau	Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-01-15/a>	Brad Duncan	Throwback Friday: An Example of Rig Exploit Kit
2020-11-16/a>	Jan Kopriva	Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore
2019-11-10/a>	Jan Kopriva	Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
2019-11-05/a>	Rick Wanner	Bluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-08-14/a>	Brad Duncan	Recent example of MedusaHTTP malware
2019-08-05/a>	Rick Wanner	Scanning for Bluekeep vulnerable RDP instances
2019-05-22/a>	Johannes Ullrich	An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2017-02-09/a>	Brad Duncan	CryptoShield Ransomware from Rig EK
2016-08-31/a>	Deborah Hale	Angler Exploit Kits Reported
2016-04-21/a>	Daniel Wesemann	Decoding Pseudo-Darkleech (#1)
2016-04-21/a>	Daniel Wesemann	Decoding Pseudo-Darkleech (Part #2)
2015-07-27/a>	Daniel Wesemann	Angler's best friends
2015-05-03/a>	Russ McRee	VolDiff, for memory image differential analysis
2015-04-02/a>	Brad Duncan	Angler Exploit Kit - Recent Traffic Patterns
2015-04-01/a>	Brad Duncan	Rig Exploit Kit Changes Traffic Patterns
2014-03-07/a>	Tom Webb	Linux Memory Dump with Rekall
2014-03-02/a>	Stephen Hall	Sunday Reading
2009-10-02/a>	Stephen Hall	New SysInternal fun for the weekend

RIG EK

RIG

EK