Malware traffic analysis 2025() 2024(54) 2023(100) 2022(90) 2021(87) 2020(148) 2019(148) 2018(277)
2024-12-18 -- 2024-12-18: One week of server scans and probes and web traffic
2024-12-17 -- 2024-12-17: SmartApeSG injected script leads to NetSupport RAT
2024-12-04 -- 2024-12-04: AgentTesla variant using FTP
2024-11-24 -- 2024-11-24: "Redtail" bash script for Linux malware
2024-11-14 -- 2024-11-14: Raspberry Robin infection using WebDAV server
2024-10-23 -- 2024-10-23: Redline Stealer infection
2024-10-17 -- 2024-10-17: Two days of server scans and probes and web traffic
2024-10-07 -- 2024-10-07: Data Dump (Formbook, possible Astaroth/Guildma, Redline Stealer, unidentified malware)
2024-10-03 -- 2024-10-03 - SmartLoader to Lumma Stealer
2024-10-01 -- 2024-10-01 - Ukrainian language malspam pushes RMS-based malware
2024-09-19 -- 2024-09-19 - File downloader to Lumma Stealer
2024-09-17 -- 2024-09-17 - Snake KeyLogger (VIP Recovery), FTP exfil
2024-09-16 -- 2024-09-16 - Snake KeyLogger (VIP Recovery), SMTP exfil
2024-09-12 -- 2024-09-12 - Approximately 11 days of server scans and probes
2024-09-11 -- 2024-09-11 - Data Dump: Remcos RAT and XLoader (Formbook)
2024-08-30 -- 2024-08-30 - Approximately 11 days of server scans and probes
2024-08-29 -- 2024-08-29 - Phishing email and traffic to fake webmail login page
2024-08-26 -- 2024-08-26 - GuLoader for Remcos RAT
2024-08-12 -- 2024-08-12 - XLoader/Formbook infection
2024-08-08 -- 2024-08-08 - Sixteen days of server scans and probes
2024-07-23 -- 2024-07-23 - Eight days of server scans and probes
2024-06-25 -- 2024-06-25 - Latrodectus infection with BackConnect and Keyhole VNC
2024-06-24 -- 2024-06-24 - ClickFix popup leads to Lumma Stealer
2024-06-17 -- 2024-06-17 - Google ad --> fake unclaimed funds site --> Matanbuchus with Danabot
2024-06-12 -- 2024-06-11 - KoiLoader/KoiStealer infection
2024-06-11 -- 2024-06-11 - Traffic example of a CVE-2024-4577 probe
2024-06-10 -- 2024-06-10 - Malspam pushing OriginLogger (AgentTesla)
2024-06-08 -- 2024-06-08 - Three days of server scans and probes
2024-05-14 -- 2024-05-14 - DarkGate activity
2024-05-09 -- 2024-05-09 - GootLoader activity
2024-04-18 -- 2024-04-18 - Word macro --> SSLoad --> Cobalt Strike
2024-04-17 -- 2024-04-17 - TA578 pushes SSLoad malware
2024-04-15 -- 2024-04-15 - Contact Forms campaign pushing SSLoad malware
2024-04-09 -- 2024-04-09 - Data dump from Latrodectus infection
2024-04-05 -- 2024-04-05 - Data dump from Astaroth (Guildma) malware infection
2024-04-04 -- 2024-04-04 - Koi Loader/Stealer activity
2024-03-26 -- 2024-03-26 - Google ad leads to Matanbuchus infection with Danabot
2024-03-19 -- 2024-03-19 - DarkGate infection
2024-03-14 -- 2024-03-14 - AsyncRAT and XWorm infection
2024-03-13 -- 2024-03-13 - GootLoader activity
2024-03-07 -- 2024-03-07 - Latrodectus infection leads to Lumma Stealer
2024-03-06 -- 2024-03-06 - Pikabot infection leads to Meduza Stealer
2024-02-23 -- 2024-02-09, 02-22 and 02-23 - Data dump: Latrodectus from Contact Forms campaign
2024-02-21 -- 2024-02-21 - Parrot TDS --> SocGholish --> Async RAT
2024-02-14 -- 2024-02-14 - Danabot infection from Italian malspam
2024-02-08 -- 2024-02-08 - Pikabot infection
2024-01-30 -- 2024-01-30 - DarkGate activity
2024-01-25 -- 2024-01-25 - DarkGate activity
2024-01-23 -- 2024-01-23 - UltraVNC infection
2024-01-19 -- 2024-01-19 - GootLoader infection
2024-01-17 -- 2024-01-17 - Malspam pushes WikiLoader
2024-01-12 -- 2024-01-12 - Malspam distributing StealC malware