SANS Internet Storm Center, InfoCON: green

From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Posted on June 16, 2026 by SANS Internet Storm Center, InfoCON: green

Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs):

Continue reading From a VHDX File to a Remcos RAT, (Tue, Jun 16th)→

Author Archives: SANS Internet Storm Center, InfoCON: green

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)

ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)

The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)

The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)

ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)

From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)

Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)

ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)

ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)