Malware Traffic -
Úvod
TRAFFIC ANALYSIS EXERCISES
TECHNICAL POSTS - 2020 2019
2018
2017
2016
2015
2014
2013
Source :
malware-traffic-analysis
2021-07-21 -- TA551 (Shathak) BazarLoader with Cobalt Strike
2021-07-15 -- TA551 (Shathak) Trickbot gtag zev1 with Cobalt Strike
2021-06-30 -- TA551 (Shathak) pushes Trickbot with DarkVNC and Cobalt Strike
2021-06-18 -- TA551 (Shathak) English-template Word docs push Gozi/ISFB/Ursnif
2021-06-16 -- Quick post: BazarCall campaign pushes BazarLoader
2021-06-15 -- Quick post: Hancitor with Ficker Stealer and Cobalt Strike
2021-06-04 -- Quick post: Qakbot (Qbot) with Cobalt Strike and spambot activity
2021-06-03 -- Quick post: BazarCall website to BazarLoader infection with Cobalt Strike
2021-06-02 -- TA551 (Shathak) Word docs push IcedID (Bokbot)
2021-06-01 -- Hancitor infection with Cobalt Strike and netping tool activity
2021-05-27 -- IcedID (Bokbot) from Stolen Images Evidence.zip
2021-05-26 -- Pcap only: Trickbot infection with Cobalt Strike
2021-05-24 -- Quick post: Hancitor infection with Ficker Stealer and Cobalt Strike
2021-05-24 -- TA551 (Shathak) Word docs push IcedID (Bokbot)
2021-05-20 -- Hancitor with Ficker Stealer, Cobalt Strike, & netping tool
2021-05-18 -- Quick post: Qakbot (Qbot) infection with Cobalt Strike
2021-05-14 -- Email attachment from 10 days prior still pushing Urnsif (Gozi/ISFB)
2021-05-13 -- Hancitor infection with Ficker Stealer and Cobalt Strike
2021-04-29 -- TA551 (Shathak) pusshes IcedID (Bokbot)
2021-04-28 -- TA551 (Shathak) pushes Ursnif (Gozi/ISFB)
2021-04-23 -- IcedID (Bokbot) infection from zipped JS file
2021-04-16 -- BazaLoader (BazarLoader) activity
2021-04-16 -- TA551 (Shathak) German-template Word docs push Ursnif (Gozi/ISFB)
2021-04-15 -- BazaLoader (BazarLoader) activity
2021-04-14 -- BazaLoader (BazarLoader) activity
2021-04-12 -- IcedID (Bokbot) infection from zipped JS file
2021-04-12 -- Guildma (Astaroth) from Brazil-based malspam
2021-04-09 -- IcedID (Bokbot) infection from zipped JS file
2021-04-07 -- Quick post: BazaCall activity
2021-04-06 & 07 -- Data dump: Hancitor activity
2021-04-01 -- Quick post: IcedID (Bokbot) activity
2021-03-25 -- Medical reminder service trial malspam pushes BazaLoader (BazarLoader)
2021-03-19 -- IcedID (Bokbot) infection
2021-03-18 -- Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)
2021-03-17 -- TA551 (Shathak) Italian template Word docss push Ursnif (Gozi/ISFB)
2021-03-12 -- Quick post: IcedID malware/artifacts
2021-03-12 -- TA551 (Shathak) Italian template Word docss push Ursnif/Gozi/ISFB
2021-03-02 -- Pcap and malware for ISC diary (Qakbot with Cobalt Strike)
2021-02-25 -- TA551 (Shathak) back to pushing IcedID (Bokbot)
2021-02-24 -- Qakbot (Qbot) infection with spambot traffic
2021-02-22 -- IcedID (Bokbot) from same type of URL that normally delivers Qakbot
2021-02-19 -- Mensagem "Pascholotto" empurra malware
2021-02-01 thru 2021-02-18 -- Quick post: 46 malicious emails
2021-02-17 -- Pcap and malware for ISC diary (Trickbot gtag rob13)
2021-02-12 -- Qakbot (Qbot) infection with Cobalt Strike
2021-02-09 -- Quick post: Hancitor infection with Cobalt Strike
2021-02-09 -- Files for an ISC diary (phishing email)
2021-02-05 -- Spelevo EK sends Sharik/SmokeLoader
2021-02-04 -- Rig EK sends possible BuerLoader
2021-02-01 -- Files for an ISC diary (SystemBC with Cobalt Strike)
2021-01-27 -- 14 examples of malspam/phishing emails
2021-01-26 -- Pcap and malware for an ISC diary (TA551 Qakbot)
2021-01-12 thru 2021-01-14 -- Six items of malspam received by my admin email
2021-01-13 -- Emotet epoch 2 infection with Trickbot gtag mor13
2021-01-12 -- Emotet epoch 3 infection with Trickbot gtag mor12 and spambot traffic