Date Author Title
2024-12-15Johannes UllrichExploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164)
2024-10-15Johannes UllrichAngular-base64-update Demo Script Exploited (CVE-2024-42640)
2024-06-06Xavier MertensMalicious Python Script with a "Best Before" Date
2024-05-27Jan KoprivaFiles with TXZ extension used as malspam attachments
2024-01-12Xavier MertensOne File, Two Payloads
2023-12-15Xavier MertensCSharp Payload Phoning to a CobaltStrike Server
2023-11-18Xavier MertensQuasar RAT Delivered Through Updated SharpLoader
2023-07-12Brad DuncanLoader activity for Formbook "QM18"
2023-06-29Brad DuncanGuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-24Guy BruneauEmail Spam with Attachment Modiloader
2023-06-17Brad DuncanFormbook from Possible ModiLoader (DBatLoader)
2023-05-30Brad DuncanMalspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-03-11Xavier MertensOverview of a Mirai Payload Generator
2022-11-04Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-11-02Brad DuncanWho put the "Dark" in DarkVNC?
2022-09-25Didier StevensDownloading Samples From Takendown Domains
2022-09-18Tom WebbPreventing ISO Malware
2022-05-25Rob VandenBrinkUsing NMAP to Assess Hosts in Load Balanced Clusters
2022-05-23Johannes UllrichAttacker Scanning for jQuery-File-Upload
2022-03-24Xavier MertensMalware Delivered Through Free Sharing Tool
2022-02-11Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2021-11-19Xavier MertensDownloader Disguised as Excel Add-In (XLL)
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-09-08Brad Duncan"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
2021-08-11Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-29Xavier MertensMalicious Content Delivered Through archive.org
2021-05-18Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-02-24Brad DuncanMalspam pushes GuLoader for Remcos RAT
2020-10-22Jan KoprivaBazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-05-24Didier StevensZloader Maldoc Analysis With xlm-deobfuscator
2020-04-10Xavier MertensPowerShell Sample Extracting Payload From SSL
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2019-12-05Jan KoprivaE-mail from Agent Tesla
2019-11-08Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-07-05Didier StevensA "Stream O" Maldoc
2019-07-02Xavier MertensMalicious Script With Multiple Payloads
2019-07-01Didier StevensMaldoc: Payloads in User Forms
2018-11-18Guy BruneauMultipurpose PCAP Analysis Tool
2018-11-05Johannes UllrichStruts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-03-12Xavier MertensPayload delivery via SMB
2018-01-26Xavier MertensInvestigating Microsoft BITS Activity
2017-02-10Brad DuncanHancitor/Pony malspam
2014-02-05Johannes UllrichTo Merrillville or Sochi: How Dangerous is it to travel?
2010-03-24Johannes Ullrich".sys" Directories Delivering Driveby Downloads
2009-12-28Johannes Ullrich8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-03-17Johannes UllrichIdentifying applications using UDP payload
2008-07-11Jim ClausingHandling the load