Malware traffic analysis 2024(0) 2023(100) 2022(90) 2021(87) 2020(148) 2019(148) 2018(277)
2022-12-29 -- Google ad --> fake Adobe Reader page --> malware
2022-12-28 -- Link from USPS-themed email pushes NetSupport RAT
2022-12-21 -- Files for an ISC diary (malicious Google ads)
2022-12-20 -- IcedID (Bokbot) infection with Cobalt Strike
2022-12-14 -- Pcap and malware for an ISC diary (IcedID)
2022-12-09 -- HTML smuggling leads to Qakbot, distribution/botnet tag: azd
2022-12-07 -- Bumblebee infection with Cobalt Strike
2022-12-01 -- Files for an ISC diary (obama224 Qakbot)
2022-11-28 -- BB08 Qakbot (Qbot) infection with CobaltStrike and VNC traffic
2022-11-21 and 11-22 -- AgentTesla and RemcosRAT from malspam
2022-11-17 -- Bumblebee malware infection
2022-11-14 -- obama221 Qakbot (Qbot) infection with Cobalt Strike and VNC traffic
2022-11-11 -- IcedID (Bokbot) infection with VNC traffic
2022-11-07 -- Emotet (epoch4) infection with IcedID (Bokbot) and Bumblebee malware
2022-11-03 -- Emotet infection with IcedID (Bokbot)
2022-10-31 -- IcedID (Bokbot) infection with DarkVNC & Cobalt Strike
2022-10-17 -- IcedID (Bokbot) infection with Cobalt Strike
2022-10-14 -- bb02 Qakbot (Qbot) infection
2022-10-11 thru 10-12 -- Icedid (Bokbot) --> Cobalt Strike
2022-10-10 -- Qakbot (Qbot) infection with Cobalt Strike
2022-10-06 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
2022-10-04 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
2022-10-01 thru 10-03 -- 3 days of traffic from scans/probes hitting a web server
2022-09-16 thru 09-30 -- 15 days of traffic from scans/probes hitting a web server
2022-09-29 -- Qakbot (Qbot) infection with Cobalt Strike
2022-09-23 -- IcedID (Bokbot) infection with Cobalt Strike
2022-09-21 -- Astaroth (Guildma) infection from Brazil malspam
2022-09-03 thru 09-15 -- 13 days of traffic from scans/probes hitting a web server
2022-08-31 -- IcedID (Bokbot) with Cobalt Strike
2022-08-30 -- Follow-up traffic from Bumblebee infection
2022-08-19 -- Files for an ISC diary (Astaroth/Guildma)
2022-08-18 -- IcedID (Bokbot) infection
2022-08-10 -- Three Cobalt Strikes from one IcedID (Bokbot) infection
2022-08-08 -- IcedID (Bokbot) with Cobalt Strike
2022-08-03 -- IcedID (Bokbot) with Cobalt Strike
2022-07-27 -- IcedID (Bokbot) activity: two infection runs
2022-07-26 -- File for an ISC diary (IcedID with DarkVNC & Cobalt Strike)
2022-07-25 -- IcedID (Bokbot) infection with Cobalt Strike
2022-07-21 -- IcedID (Bokbot) infection with DarkVNC and Cobalt Strike
2022-07-07 -- Files for an ISC diary (Emotet with Cobalt Strike)
2022-07-06 -- TA578 Contact Forms --> IcedID (Bokbot) --> DarkVNC & Cobalt Strike
2022-07-05 -- Quick post: Emotet
2022-06-28 -- TA578 IcedID (Bokbot) with DarkVNC and Cobalt Strike
2022-06-27 -- obama194 Qakbot with DarkVNC and Cobalt Strike
2022-06-21 -- "aa" distributio Qakbot with DarkVNC and Cobalt Strike
2022-06-17 -- Matanbuchus with Cobalt Strike
2022-06-16 -- Files for an ISC diary (Matanbuchus with Cobalt Strike)
2022-06-14 -- TA578 thread-hijacked email --> Bumblebee --> Cobalt Strike
2022-06-13 -- TA578 thread-hijacked emails push Bumblebee or IcedID
2022-06-09 -- TA578 Contact Forms campaign Bumblebee infection with Cobalt Strike
2022-06-07 -- obama186 distribution Qakbot with DarkVNC and spambot activity
2022-06-07 -- Emotet E5 infection with Cobalt Strike and spambot activity
2022-05-23 -- IcedID infection with DarkVNC traffic
2022-05-18 -- ISC diary: EXOTIC LILY --> Bumblebee --> Cobalt Strike
2022-05-18 -- TA578 thread-hijacked emails and ISO example for Bumblebee
2022-05-10 -- TA578 Contact Forms campaign --> IcedID (Bokbot) --> Cobalt Strike
2022-05-03 -- Contact Forms campaign --> Bumblebee --> Cobalt Strike
2022-04-25 -- Emotet epoch4 activity (LNK files)
2022-04-20 -- Emotet epoch4 activity
2022-04-19 -- Infection from Brazil malspam
2022-04-19 -- Files for an ISC Diary (Qakbot with DarkVNC)
2022-04-14 -- aa distribution Qakbot with Cobalt Strike
2022-04-06 -- Files for an ISC diary (MetaStealer)
2022-04-04 -- Emotet epoch5 infection with spambot traffic
2022-03-29 -- Emotet epoch4 infection with Cobalt Strike
2022-03-24 -- Emotet epoch4 infection with Cobalt Strike
2022-03-21 -- Hancitor infection with Cobalt Strike & Mars Stealer
2022-03-21 -- Infection from Brazil malspam
2022-03-16 -- Pcap and malware for an ISC diary (Qakbot)
2022-03-14 -- Emotet epoch4 and epoch5 activity
2022-03-03 -- Emotet epoch4 infection with Cobalt Strike
2022-03-03 -- Brazil-targeted malware infection from email
2022-03-01 -- Emotet epoch4 infection with Cobalt Strike and spambot traffic
2022-02-16 -- Files for an ISC diary (Astaroth/Guildma)
2022-02-10 -- Emotet epoch 5 infection with Cobalt Strike
2022-02-08 -- Files for an ISC diary (Emotet with Cobalt Strike)
2022-02-07 -- BazarLoader infection with Cobalt Strike
2022-02-04 -- BazarLoader infection with Cobalt Strike
2022-02-01 -- Hancitor (Chanitor/MAN1/Moskalvzapoe/TA511) infection with Cobalt Strike
2022-01-27 -- Customized Atera installer --> ZLoader --> Raccoon Stealer
2022-01-27 -- Contact Forms Campaign IcedID (Bokbot) with Cobalt Strike
2022-01-20 -- Emotet epoch4 and epoch5 infections
2022-01-17 -- Astaroth (Guildma) activity
2022-01-12 -- IcedID (Bokbot) with Cobalt Strike and DarkVNC
2022-01-06 -- TA551 (Shathak) pushes IcedID (Bokbot)
2022-01-05 -- TA551 (Shathak) pushes IcedID (Bokbot) with Cobalt Strike
2022-01-04 -- Recmos RAT infection from Excel file with macros
2022-01-03 -- Pcap from web server with log4j attempts & lots of other probing/scanning