KB 949104 |
| 2012-06-25 | Guy Bruneau | Issues with Windows Update Agent |
KB |
| 2023-06-22/a> | Brad Duncan | Qakbot (Qbot) activity, obama271 distribution tag |
| 2023-04-12/a> | Brad Duncan | Recent IcedID (Bokbot) activity |
| 2023-02-28/a> | Brad Duncan | BB17 distribution Qakbot (Qbot) activity |
| 2023-02-24/a> | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
| 2022-12-02/a> | Brad Duncan | obama224 distribution Qakbot tries .vhd (virtual hard disk) images |
| 2022-11-02/a> | Brad Duncan | Who put the "Dark" in DarkVNC? |
| 2022-08-24/a> | Brad Duncan | Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC |
| 2022-08-12/a> | Brad Duncan | Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike |
| 2022-07-27/a> | Brad Duncan | IcedID (Bokbot) with Dark VNC and Cobalt Strike |
| 2022-06-30/a> | Brad Duncan | Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended |
| 2022-06-09/a> | Brad Duncan | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) |
| 2022-04-20/a> | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
| 2022-03-25/a> | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
| 2022-03-16/a> | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
| 2021-12-16/a> | Brad Duncan | How the "Contact Forms" campaign tricks people |
| 2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-11-04/a> | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-09-23/a> | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
| 2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-23/a> | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-02-17/a> | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
| 2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
| 2020-12-09/a> | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-11-03/a> | Brad Duncan | Emotet -> Qakbot -> more Emotet |
| 2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-19/a> | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-07-15/a> | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
| 2020-05-20/a> | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
| 2020-04-01/a> | Brad Duncan | Qakbot malspam sent from an infected Windows host |
| 2020-03-18/a> | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2020-01-28/a> | Brad Duncan | Emotet epoch 1 infection with Trickbot gtag mor84 |
| 2019-12-24/a> | Brad Duncan | Malspam with links to Word docs pushes IcedID (Bokbot) |
| 2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-09-18/a> | Brad Duncan | Emotet malspam is back |
| 2019-09-03/a> | Johannes Ullrich | [Guest Diary] Tricky LNK points to TrickBot |
| 2019-03-13/a> | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
| 2019-03-06/a> | Brad Duncan | Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot |
| 2019-01-16/a> | Brad Duncan | Emotet infections and follow-up malware |
| 2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-11-14/a> | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
| 2018-09-26/a> | Brad Duncan | One Emotet infection leads to three follow-up malware infections |
| 2018-05-09/a> | Xavier Mertens | Nice Phishing Sample Delivering Trickbot |
| 2017-08-15/a> | Brad Duncan | Malspam pushing Trickbot banking Trojan |
| 2012-09-21/a> | Guy Bruneau | IE Cumulative Updates MS12-063 - KB2744842 |
| 2012-06-25/a> | Guy Bruneau | Issues with Windows Update Agent |
| 2012-02-24/a> | Guy Bruneau | BlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565 |
| 2011-08-11/a> | Guy Bruneau | BlackBerry Enterprise Server Critical Update |
| 2011-07-14/a> | Guy Bruneau | Blackberry Server Security Update - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27258 |
| 2011-04-28/a> | Guy Bruneau | VMware ESXi 4.1 Security and Firmware Updates |
| 2011-04-21/a> | Guy Bruneau | Silverlight Update Available |
| 2011-01-13/a> | Rob VandenBrink | Blackberry BES Server Updates for PDF Vulnerabilities |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | Vulnerability in the PDF distiller of the BlackBerry Attachment Service |
| 2010-08-14/a> | Tony Carothers | Freedom of Information |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2009-12-23/a> | Marcus Sachs | Blackberry Outage |
| 2009-12-01/a> | Chris Carboni | Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service |
| 2009-11-05/a> | Swa Frantzen | RIM fixes random code execution vulnerability |
| 2009-05-29/a> | Lorna Hutcheson | Blackberry Server Vulnerability |
| 2009-05-27/a> | donald smith | WebDAV write-up |
| 2008-07-15/a> | Maarten Van Horenbeeck | BlackBerry PDF parsing vulnerability |
| 2006-09-15/a> | Swa Frantzen | MSIE DirectAnimation ActiveX 0-day update |
949104 |
| 2012-06-25/a> | Guy Bruneau | Issues with Windows Update Agent |
