TECHNICAL POSTS - 2020 Úvod  TRAFFIC ANALYSIS EXERCISES  TECHNICAL POSTS -  2020  2019  2018  2017  2016  2015  2014  2013

Source : malware-traffic-analysis

• 2020-12-29 -- Quick post: Emotet infection with Trickbot and spambot traffic

  2020-12-28 -- Quick post: Emotet activity resumes after Christmas break

  2020-12-24 -- Dridex infection example

  2020-12-23 -- Quick post: Qakbot infection with spambot activity

  2020-12-23 -- Quick post: recent Emotet activity

  2020-12-15 -- Qakbot (Qbot) infection with Cobalt Strike (Beacon)

  2020-12-14 -- Quick post: Hancitor infection with Cobalt Strike and Ficker Stealer

  2020-12-11 -- Quick post: TA551 (Shathak) pushes IcedID

  2020-12-08 -- Files for an ISC diary (recent Qakbot activity)

  2020-12-07 -- Qakbot (Qbot) infection with Cobalt Strike (Beacon) and spambot activity

  2020-12-03 -- TA551 (Shathak) Word docs with Italian template send Ursnif with Pushdo

  2020-11-24 -- TA551 (Shathak) Word docs with English template push IcedID

  2020-11-23 -- Quick post - Hancitor infection with Cobalt Strike

  2020-11-20 -- TA551 (Shathak) Word docs with Japanese template push IcedID

  2020-11-12 -- Dridex activity

  2020-11-09 -- Trickbot from malspam (gtag rob2 and gtag tar2

  2020-11-06 -- Possible Agent Tesla (AgentTesla)

  2020-11-04 -- Quick post: Recent Hancitor activity

  2020-10-20 -- Hancitor infection with something and Cobalt Strike

  2020-10-16 -- TA551 (shathak) Word docs push IcedID

  2020-10-12 -- Excel spreadsheet macro pushes Lokibot

  2020-10-08 -- Password-protected XLS files push ZLoader (Silent Night)

  2020-10-06 -- TA551 (shathak) Word docs push IcedID

  2020-09-30 -- Emotet infection with Trickbot

  2020-09-24 -- Fedex-themed malspam with links for Dridex

  2020-09-16 -- Qakbot (Qbot) infection

  2020-09-11 -- ZLoader (Silent Night) infection from myResume.xls

  2020-09-10 -- Pcap only: TA551 (shathak) sends IcedID

  2020-09-08 -- Trickbot gtag ono72

  2020-09-03 -- Pcap only: Emotet epoch 1 infection with Trickbot gtag mor119

  2020-09-02 -- Quick post: 2 days of Emotet infections with Trickbot

      2020-08-10 -- Emotet infection with Qakbot

      2020-08-07 -- Quick post: 3 examples of Emotet infection traffic

      2020-08-03 -- Qakbot (Qbot) spx147

• 2020-07-21 -- Emotet infection with Qakbot (Qbot)

• 2020-07-20 -- Data dump: Emotet with Trickbot

• 2020-07-20 -- Word docs with macros for IcedID (Bokbot)

• 2020-07-17 -- Quick post: Emotet infection

• 2020-07-16 -- Hancitor infection with info stealer

• 2020-07-14 -- Pcap and malware for an ISC diary (IcedID)

• 2020-07-13 -- Dridex infection

• 2020-07-13 -- Hancitor infection with Ursnif

• 2020-07-10 -- Trickbot gtag chil65 infection

• 2020-07-09 -- Quick post: Ursnif (Gozi/IFSB) from Italian Word docs

• 2020-07-09 -- Pcap and malware for an ISC diary (Formbook)

• 2020-07-07 -- Quick post: Ursnif (Gozi/IFSB) with IcedID from English Word docs

• 2020-07-01 -- Valak (soft_sig: mas38) infection with IcedID (Bokbot)

• 2020-06-30 -- Valak (soft_sig: mas37) infection with IcedID (Bokbot)

• 2020-06-26 -- Valak (soft_sig: mad36) infection with IcedID (Bokbot)

• 2020-06-25 -- Resume-themed malspam pushing ZLoader

• 2020-06-25 -- Still seeing Trickbot from BLM malspam dated 2020-06-23

• 2020-06-24 -- Quick post: Valak (soft_sig: mad35) infection with IcedID (Bokbot)

• 2020-06-22 -- Quick post: Dridex infection

• 2020-06-18 -- Qakbot (Qbot) spx143 infection

• 2020-06-18 -- Password-protected XLS files push ZLoader

• 2020-06-17 -- Qakbot (Qbot) spx142 infection

• 2020-06-16 -- Qakbot (Qbot) spx141 infection

• 2020-06-16 -- Trickbot gtag ono47 infection

• 2020-06-15 -- Lokibot infection

• 2020-06-12 -- Qakbot (Qbot) spx139 infection with ZLoader

• 2020-06-10 -- Ursnif (Gozi/IFSB) infection with Ursnif variant

• 2020-06-10 -- Quick post: Trickbot gtag gi6 infection in AD environment

• 2020-06-09 -- Quick post: Valak infection with IcedID (Bokbot)

• 2020-06-09 -- Pcap and malware for ISC diary (ZLoader)

• 2020-06-08 -- Quick post: IcedID (Bokbot)

• 2020-06-08 -- Quick post: Qakbot (Qbot) spx135

• 2020-06-03 -- Valak (soft_sig: mad29) infection with IcedID (Bokbot)

• 2020-06-03 -- Malspam pushing Dridex

• 2020-05-29 -- Quick post: Qakbot (Qbot) spx129 malspam - 82 examples

• 2020-05-27 -- Malspam --> Password-protected zip --> Word doc --> Valak --> IcedID

• 2020-05-27 -- COVID19-themed Word doc pushes IcedID (Bokbot)

• 2020-05-26 -- German malspam with password-protected zip files pushes Valak

• 2020-05-19 -- Pcap and malware for ISC diary (IcedID)

• 2020-05-15 -- Quick post: 105 examples of German malspam pushing Qakbot spx120

• 2020-05-14 -- Quick post: FedEx-themed Dridex malspam and infection

• 2020-05-14 -- Quick post: Qakbot (Qbot) spx119 malspam and infection

• 2020-05-12 -- Pcap and malware from an ISC diary

• 2020-05-11 -- Dridex infection from link-based malspam

• 2020-05-07 -- Quick post: Valak infection with IcedID (Bokbot)

• 2020-05-07 -- Some recent Qakbot (Qbot) stuff

• 2020-05-05 -- 4 examples of phishing emails with fake login pages

• 2020-05-01 -- XLS macro --> Loader EXE --> IcedID (Bokbot)

• 2020-04-30 -- Password-protected zip files from German malspam push Dridex

• 2020-04-29 -- Dridex from link-based malspam

• 2020-04-28 -- Quick post: Dridex malspam and infection

• 2020-04-27 -- Quick post: Dridex malspam and infection

• 2020-04-24 -- Quick post: unusual HTTP traffic from Qakbot-infected host

• 2020-04-23 -- Qakbot (Qbot) spx103 - the "/docs_[3 characters]/" wave

• 2020-04-22 -- Qakbot (Qbot) spx102 - the "/pump/" wave

• 2020-04-21 -- Quick post: Word macro --> Fastloader pushing Trickbot & AnyDesk

• 2020-04-21 -- Qakbot (Qbot) spx101 - the "/evolving/" wave

• 2020-04-20 -- Quick post: Trickbot gtag ono38 infection

• 2020-04-20 -- Qakbot (Qbot) spx100 - the "/vary/" wave

• 2020-04-17 -- Qakbot (Qbot) spx99

• 2020-04-16 -- Qakbot (Qbot) spx98

• 2020-04-15 -- Hancitor malspam and infection traffic

• 2020-04-14 -- Two infections for GuLoader with NetWire RAT

• 2020-04-13 -- Quick post: Pcaps for two Trickbot infections

• 2020-04-13 -- Quick post: Qakbot (Qbot) spx95 infection

• 2020-04-08 -- Qakbot (Qbot) zip file info

• 2020-04-07 -- Pcap and malware for an ISC Diary (ZLoader)

• 2020-04-03 -- German and English malspam pushing ZLoader

• 2020-04-02 -- VBS-based malware infection

• 2020-03-31 -- material for an ISC diary (Qakbot malspam)

• 2020-03-31 -- Ursnif (Gozi/IFSB) infection

• 2020-03-30 -- Invoice-themed malspam pushes Kpot info stealer

• 2020-03-27 -- price_request_9830.doc pushes IcedID (Bokbot)

• 2020-03-26 -- information_03_26.doc pushes ZLoader

• 2020-03-25 -- Quick post: two pcaps with GuLoader & NetWire RAT infection traffic

• 2020-03-23 -- info_03_23.doc pushes malware (Valak, maybe?)

• 2020-03-23 -- Polish malspam with XLS attachment pushes Ursnif (Gozi/IFSB/Dreambot)

• 2020-03-20 -- IcedID from info_03_20.doc

• 2020-03-19 -- English malspam pushes Ursnif (Gozi/IFSB)

• 2020-03-18 -- German malspam pushes Ursnif (Gozi/IFSB)

• 2020-03-17 -- Pcap and malware for an ISC diary (Trickbot as a DLL)

• 2020-03-16 -- Quick post: malspam known for Ursnif switches to IcedID

• 2020-03-16 -- More Hancitor malspam using Covid-19/coronavirus theme

• 2020-03-13 -- Quick post: Qakbot infection

• 2020-03-12 -- Word doc macro causes a malware infection

• 2020-03-11 -- Pcap and malware for an ISC diary (Hancitor)

• 2020-03-10 -- German malspam with password-protected zip files pushing Ursnif

• 2020-03-09 -- Quick post: Fastloader --> Trickbot gtag wmd44

• 2020-03-03 -- IcedID (Bokbot) infection

• 2020-03-03 -- German malspam pushes Ursnif

• 2020-03-02 -- Quick post: 4 examples of Magnitude EK

• 2020-02-25 -- Trickbot gtag red4 distributed as DLL file

  2020-02-24 -- Ursnif infection from Italian XLS spreadsheet with macros

  2020-02-19 -- Trickbot gtag wecan23 infection

  2020-02-11 -- Pcap and malware for an ISC diary (Ursnif)

  2020-02-07 -- Quick post: Emotet epoch 2 infection with Trickbot gtag mor93

• 2020-02-06 -- Quick post: Pcap of Emotet infection with Trickbot

• 2020-02-04 -- Pcap and malware for an ISC diary (SocGholish)

• 2020-01-29 -- Qbot (Qakbot) infection

  2020-01-27 -- Pcap and malware for an ISC diary (Emotet with Trickbot)

• 2020-01-24 -- Italian malpsam pushes Ursnif

• 2020-01-23 -- German malpsam pushes Ursnif

• 2020-01-22 -- Quick post: Hancitor infection with Ursnif

• 2020-01-21 -- Hancitor infection with Cobalt Strike

• 2020-01-21 -- Pcap and malware for an ISC diary (Ursnif)

• 2020-01-17 -- Quick post: Emotet epoch 2 infection with Trickbot gtag mor78

• 2020-01-16 -- Lokibot malspam and infection traffic

• 2020-01-15 -- Quick post: malspam pushing RevengeRAT

• 2020-01-14 -- Quick post: Emotet epoch 2 infection with Trickbot gtag mor75

• 2020-01-10 -- Quick post: IcedID (Bokbot) infection

• 2020-01-06 -- Remcos RAT infection

• 2020-01-05 -- PurpleFox EK pushes NuggetPhantom malware

• 2020-01-04 -- Emotet epoch 2 infection with Trickbot gtag mor9