Malware traffic analysis 2025(12) 2024(54) 2023(100) 2022(90) 2021(87) 2020(148) 2019(148) 2018(277)
2025-12-23 -- MacSync Stealer infection
2025-12-22 -- StealC from files impersonating cracked versions of popular software
2025-12-17 -- Mirai activity (Linux traffic)
2025-12-11 -- Kongtuke ClickFix activity using finger command
2025-12-11 -- SmartApeSG ClickFix activity using finger command
2025-11-23 -- Ten days of scans and probes and web traffic hitting my web server
2025-11-19 -- XWorm infection from email attachment
2025-11-10 -- Ten days of scans and probes and web traffic hitting my web server
2025-10-08 -- Infection from Kongtuke campaign's ClickFix page
2025-10-06 -- Japanese phishing emails
2025-10-01 -- Possible Rhadamanthys disguised as cracked version of popular software
2025-09-24 -- Lumma Stealer infection with follow-up malware (possible Ghostsocks/Go Backdoor)
2025-09-07 -- Seven days of scans and probes and web traffic hitting my web server
2025-09-05 -- XLoader (Formbook) infection
2025-09-03 -- Kongtuke CAPTCHA page --> ClickFix script --> Lumma Stealer
2025-08-20 -- SmartApeSG CAPTCHA page --> ClickFix script --> NetSupport RAT --> StealCv2
2025-08-15 -- Lumma Stealer infection with SectopRAT
2025-08-13 -- Lumma Stealer infection
2025-08-12 -- Ten days of scans and probes and web traffic hitting my web server
2025-08-11 -- Quick post: XLoader (Formbook) infection
2025-08-02 -- Ten days of scans and probes and web traffic hitting my web server
2025-07-23 -- Ten days of scans and probes and web traffic hitting my web server
2025-07-15 -- Lumma Stealer infection with SecTop RAT
2025-07-08 -- Koi Loader/Koi Stealer infection
2025-07-02 -- Lumma Stealer infection with follow-up Rsockstun malware
2025-06-26 -- Lumma Stealer infection with follow-up malware
2025-06-21 -- Koi Loader/Koi Stealer infection
2025-06-20 -- Malware disgused as cracked version of popular software
2025-06-18 -- SmartApeSG --> ClickFix lure --> NetSupport RAT --> StealC v2
2025-06-10 -- Ten days of scans and probes and web traffic hitting my web server
2025-05-31 -- Ten days of scans and probes and web traffic hitting my web server
2025-05-27 -- VIP Recovery infection from email attachment
2025-05-22 -- StealC v2 infection
2025-05-12 -- PureLogs infection from email attachment
2025-05-06 -- Raspberry Robin activity
2025-04-13 -- Twelve days of scans and probes and web traffic hitting my web server
2025-04-04 -- KongTuke activity
2025-03-26 -- SmartApeSG traffic for fake browser update leads to NetSupport RAT and StealC
2025-03-10 -- Remcos RAT infection
2025-03-03 -- Three days of scans and probes and web traffic hitting my web server
2025-02-18 -- SmartApeSG script for fake browser update leads to NetSupport RAT and StealC
2025-02-13 -- Quick post: ClickFix style infection for Lumma Stealer
2025-02-10 -- StrelaStealer infection
2025-02-07 -- Three days of scans and probes and web traffic hitting my web server
2025-01-31 -- Two pcaps of AgentTesla-style data exfil, one using FTP and one using SMTP
2025-01-30 -- XLoader infection
2025-01-28 -- Malware infection from web inject activity
2025-01-23 -- Fake installer leads to Koi Loader/Koi Stealer
2025-01-21 -- Quick post for Koi Loader/Koi Stealer activity
2025-01-13 -- KongTuke campaign leads to infection abusing BOINC platform
2025-01-09 -- CVE-2017-0199 XLS --> HTA --> VBS --> steganography --> DBatLoader/GuLoader style malware
2025-01-04 -- Four days of scans and probes and web traffic hitting my web server