A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting sample of Agent Tesla, which was hidden in the code of a legitimate historical anti-malware tool…

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting BAT file from 2020, which turned out to be a downloader for the Mass Logger infostealer.

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a multi-stage downloader for Agent Tesla.

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a macro-based dropper sent to the Internet Storm Center by one of our readers.

A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at analyzing a malicious LNK file which leads us to a sample of Trickbot.

Couple of days ago, I found a pretty usual-looking phishing e-mail in one of the quarantine folders of my inbox. It was addressed to me and to 19 other security specialists and incident response teams and contained a text (in German - see bellow), informing us that the author saw a job offer to which she was responding with an application document attached to the e-mail. The attachment appeared to be an encrypted DOC file and the password (“123123”) was mentioned in the body of the message.