Malware traffic analysis 2024(0) 2023(100) 2022(90) 2021(87) 2020(148) 2019(148) 2018(277)
2021-12-23 -- Astaroth/Guildma infection from Brazil malspam
2021-12-20 -- Pcap from web server with log4j attempts & lot of other probing/scanning
2021-12-16 -- Hancitor infection with Cobalt Strike
2021-12-14 -- Pcap from web server with log4j attempts & lot of other probing/scanning
2021-12-13 -- Files for an ISC diary (Contact Forms campaign)
2021-12-10 -- TA551 (Shathak) IcedID (Bokbot) with Cobalt Strike and DarkVNC
2021-12-07 -- obama141 malspam pushes both Qakbot and Matanbuchus
2021-12-03 -- Contact Forms campaign BazarLoader with Cobalt Strike
2021-11-30 -- Emotet epoch 4 uses appinstaller for infection
2021-11-29 -- Emotet epoch 5 infection from email sent on Friday 2021-11-26
2021-11-24 -- "Gigi" campaign pushes BazarLoader, leads to IcedID
2021-11-22 -- Contact Forms campaign --> BazarLoader --> Cobalt Strike
2021-11-18 -- Emotet epoch 4 activity (emails/malware/pcap)
2021-11-15 -- Matanbuchus --> Qakbot obama128b --> Cobalt Strike
2021-11-15 -- Emotet malspam and malware samples for ISC diary
2021-11-05 -- TA551 (Shathak) BazarLoader with Cobalt Strike and DarkVNC
2021-11-04 -- TR distribution Qakbot (Qbot) with Cobalt Strike
2021-11-03 -- TA551 (Shathak) BazarLoader with Cobalt Strike
2021-10-29 -- Files for my talk at the 2021 Texas Cyber Summit
2021-10-20 -- Files for an ISC diary (Stolen Images Evidence --> Sliver)
2021-10-20 -- TA551 (Shathak) pushes Sliver-based malware
2021-10-14 -- "Stolen Images Evidence" campaign pushes BazarLoader
2021-10-13 -- Malspam-based Dridex activity
2021-10-12 -- "Stolen Images Evidence" campaign pushes IcedID (Bokbot)
2021-10-07 -- Qakbot (Qbot) obama111 with Cobalt Strike
2021-10-06 -- "Stolen Images Evidence" campaign pushes Gozi/ISFB/Ursnif
2021-10-05 -- MirrorBlast/Kixtart infection
2021-10-04 -- MirrorBlast/Kixtart, ReflectiveGnome, and FlawedGrace infection
2021-10-01 -- TR Qakbot (Qbot) infection with spambot activity
2021-09-29 -- Hancitor with Cobalt Strike
2021-09-24 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
2021-09-23 -- Gozi/IFSB/Ursnif with Raccoon Stealer
2021-09-23 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
2021-09-22 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
2021-09-21 -- Squirrelwaffle Loader with Cobalt Strike
2021-09-21 -- Brazil currĂculo (resume) themed malspam
2021-09-20 -- Qakbot (Qbot) returns after 2 month absence
2021-09-20 -- TA551 (Shathak) pushes BazarLoader
2021-09-20 -- Squirrelwaffle Loader with Cobalt Strike
2021-09-17 -- Squirrelwaffle Loader with Cobalt Strike
2021-09-14 -- Pcap and malware for an ISC diary (Hancitor with Cobalt Strike)
2021-09-03 -- GuLoader for possible Remcos RAT
2021-09-02 -- Hancitor with Cobalt Strike
2021-09-01 -- TA551 (Shathak) BazarLoader to Trickbot gtag zev4
2021-08-31 -- Astaroth/Guildma from Brazil malspam
2021-08-30 -- Pcap and malware for an ISC diary (STRRAT)
2021-08-30 -- Quick post: TA551 (Shathak) BazarLoader
2021-08-12 -- Stolen Images Evidence.zip -> BazarLoader -> Cobalt Strike
2021-08-10 -- Pcap & malware for ISC diary (TA551 -> BazarLoader -> Cobalt Strike)
2021-08-05 -- AZORult distributed through malspam
2021-07-21 -- TA551 (Shathak) BazarLoader with Cobalt Strike
2021-07-15 -- TA551 (Shathak) Trickbot gtag zev1 with Cobalt Strike
2021-07-12 -- Trickbot gtag rob106
2021-07-02 -- Astaroth/Guildma from Brazil malspam
2021-06-30 -- TA551 (Shathak) pushes Trickbot with DarkVNC and Cobalt Strike
2021-06-21 -- BazarCall campaign pushes BazarLoader
2021-06-18 -- TA551 (Shathak) English-template Word docs push Gozi/ISFB/Ursnif
2021-06-17 -- Hancitor with Cobalt Strike
2021-06-16 -- Quick post: BazarCall campaign pushes BazarLoader
2021-06-15 -- Quick post: Hancitor with Ficker Stealer and Cobalt Strike
2021-06-04 -- Quick post: Qakbot (Qbot) with Cobalt Strike and spambot activity
2021-06-03 -- Quick post: BazarCall website to BazarLoader infection with Cobalt Strike
2021-06-02 -- TA551 (Shathak) Word docs push IcedID (Bokbot)
2021-06-01 -- Hancitor infection with Cobalt Strike and netping tool activity
2021-05-27 -- IcedID (Bokbot) from Stolen Images Evidence.zip
2021-05-26 -- Pcap only: Trickbot infection with Cobalt Strike
2021-05-24 -- Quick post: Hancitor infection with Ficker Stealer and Cobalt Strike
2021-05-24 -- TA551 (Shathak) Word docs push IcedID (Bokbot)
2021-05-21 -- Qakbot (Qbot) infection with Cobalt Strike
2021-05-20 -- Hancitor with Ficker Stealer, Cobalt Strike, & netping tool
2021-05-18 -- Quick post: Qakbot (Qbot) infection with Cobalt Strike
2021-05-14 -- Email attachment from 10 days prior still pushing Urnsif (Gozi/ISFB)
2021-05-13 -- Hancitor infection with Ficker Stealer and Cobalt Strike
2021-04-29 -- TA551 (Shathak) pushes IcedID (Bokbot)
2021-04-28 -- TA551 (Shathak) pushes Ursnif (Gozi/ISFB)
2021-04-23 -- IcedID (Bokbot) infection from zipped JS file
2021-04-16 -- BazaLoader (BazarLoader) activity
2021-04-16 -- TA551 (Shathak) German-template Word docs push Ursnif (Gozi/ISFB)
2021-04-15 -- BazaLoader (BazarLoader) activity
2021-04-14 -- BazaLoader (BazarLoader) activity
2021-04-12 -- IcedID (Bokbot) infection from zipped JS file
2021-04-12 -- Guildma (Astaroth) from Brazil-based malspam
2021-04-09 -- IcedID (Bokbot) infection from zipped JS file
2021-04-07 -- Quick post: BazaCall activity
2021-04-06 & 07 -- Data dump: Hancitor activity
2021-04-01 -- Quick post: IcedID (Bokbot) activity
2021-03-25 -- Medical reminder service trial malspam pushes BazaLoader (BazarLoader)
2021-03-19 -- IcedID (Bokbot) infection
2021-03-18 -- Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)
2021-03-17 -- TA551 (Shathak) Italian template Word docss push Ursnif (Gozi/ISFB)
2021-03-12 -- Quick post: IcedID malware/artifacts
2021-03-12 -- TA551 (Shathak) Italian template Word docss push Ursnif (Gozi/ISFB)
2021-03-11 -- IcedID (Bokbot) from Excel spreadsheet macro
2021-03-08 -- Spelevo EK pushes ZLoader
2021-03-02 -- Pcap and malware for ISC diary (Qakbot with Cobalt Strike)
2021-02-25 -- TA551 (Shathak) back to pushing IcedID (Bokbot)
2021-02-24 -- Qakbot (Qbot) infection with spambot traffic
2021-02-22 -- IcedID (Bokbot) from same type of URL that normally delivers Qakbot
2021-02-19 -- Mensagem "Pascholotto" empurra malware
2021-02-01 thru 2021-02-18 -- Quick post: 46 malicious emails
2021-02-17 -- Pcap and malware for ISC diary (Trickbot gtag rob13)
2021-02-12 -- Qakbot (Qbot) infection with Cobalt Strike
2021-02-09 -- Quick post: Hancitor infection with Cobalt Strike
2021-02-09 -- Files for an ISC diary (phishing email)
2021-02-05 -- Spelevo EK sends Sharik/SmokeLoader
2021-02-04 -- Rig EK sends possible BuerLoader
2021-02-02 -- Hancitor infection with Ficker Stealer, Cobalt Strike, & NetSupport RAT
2021-02-01 -- Files for an ISC diary (SystemBC with Cobalt Strike)
2021-01-27 -- 14 examples of malspam/phishing emails
2021-01-26 -- Pcap and malware for an ISC diary (TA551 Qakbot)
2021-01-22 -- Emotet epoch 1 activity
2021-01-19 -- Pcap and malware for an ISC diary (Qakbot)
2021-01-15 -- Emotet infection from Epoch 1 botnet
2021-01-12 thru 2021-01-14 -- Six items of malspam received by my admin email
2021-01-14 -- Pcap and malware for an ISC diary (Rig EK)
2021-01-13 -- Emotet epoch 2 infection with Trickbot gtag mor13
2021-01-12 -- Emotet epoch 3 infection with Trickbot gtag mor12 and spambot traffic
2021-01-12 -- Pcap and malware for an ISC diary (Hancitor)
2021-01-06 -- Remcos RAT infection
2021-01-05 -- PurpleFox EK pushes NuggetPhantom malware
2021-01-04 -- Emotet epoch 2 infection with Trickbot gtag mor9