2024-04-19 |
2024-04-18: Word macro --> SSLoad --> Cobalt Strike |
|
|
2024-04-18 |
2024-04-17: TA578 pushes SSLoad malware |
|
|
2024-04-16 |
2024-04-15: Contact Forms campaign leads to SSLoad malware |
|
|
2024-04-11 |
2024-04-09: Data dump from Latrodectus malware infection |
|
|
2024-04-11 |
2024-04-05: Data dump from Astaroth (Guildma) malware infection |
|
|
2024-04-05 |
2024-04-04: Koi Loader/Stealer activity |
|
|
2024-03-27 |
2024-03-26: Google ad leads to Matanbuchus infection with Danabot |
|
|
2023-08-11 |
2023-08-09 - .msix file --> IcedID (Bokbot) --> BackConnect and Keyhole VNC |
|
|
2023-08-05 |
2023-08-03 - Google ad --> TurboTax site --> DanaBot |
|
|
2023-08-02 |
2023-08-01 - Bandook infection |
|
|
2023-07-26 |
2023-07-25 - IcedID (Bokbot) from wave of malspam on 2023-07-24 |
|
|
2023-07-15 |
2023-07-13 - IcedID (Bokbot) from malspam |
|
|
2023-07-15 |
2023-07-12 - Gozi/ISFB infection with Cobalt Strike |
|
|
2023-07-12 |
2023-07-11 - Files for an ISC diary (Loader activity for Formbook) |
|
|
2023-07-12 |
30 days of Formbook: Full List |
|
|
2023-07-08 |
2023-07-04 thru 2023-07-07 - AgentTesla to my honeypot email accounts |
|
|
2023-07-08 |
2023-07-04 - 30 days of Formbook: Day309, Tuesday 2023-07-04 - Formbook "MF6W" |
|
|
2023-07-04 |
2023-07-03 - 30 days of Formbook: Day 29, Monday 2023-07-03 - GuLoader Formbook "AU22" |
|
|
2023-07-04 |
2023-07-02 - 30 days of Formbook: Day 28, Sunday 2023-07-02 - "SY18" |
|
|
2023-07-04 |
2023-07-01 - 30 days of Formbook: Day 27, Saturday 2023-07-01 - "NES8" |
|
|
2023-07-01 |
2023-06-30 - 30 days of Formbook: Day 26, Friday 2023-06-30 - "S28Y" |
|
|
2023-06-30 |
2023-06-29 - 30 days of Formbook: Day 25, Thursday 2023-06-29 - "CS94" |
|
|
2023-06-30 |
2023-06-28 - IcedID (Bokbot) activity |
|
|
2023-06-29 |
2023-06-26 - Files for an ISC diary (Loader-style infection for Remcos RAT) |
|
|
2023-06-29 |
2023-06-28 - 30 days of Formbook: Day 24, Wednesday 2023-06-28 - "RX63" |
|
|
2023-06-28 |
2023-06-27 - 30 days of Formbook: Day 23, Tuesday 2023-06-27 - "FGH2" |
|
|
2023-06-27 |
2023-06-26 - 30 days of Formbook: Day 22, Monday 2023-06-26 - "G0E8" |
|
|
2023-06-27 |
2023-06-25 - 30 days of Formbook: Day 21, Sunday 2023-06-25 - "CX01" |
|
|
2023-06-27 |
2023-06-24 - 30 days of Formbook: Day 20, Saturday 2023-06-24 - version 3.8 "AK" |
|
|
2023-06-27 |
2023-06-23 - 30 days of Formbook: Day 19, Friday 2023-06-23 - "P1A4" |
|
|
2023-06-23 |
2023-06-22 - 30 days of Formbook: Day 18, Thursday 2023-06-22 - "K2L0" |
|
|
2023-06-23 |
Files for an ISC diary (obama271 Qakbot) |
|
|
2023-06-23 |
2023-06-21 - 30 days of Formbook: Day 17, Wednesday 2023-06-21 - ModiLoader for XLoader "NVP4" |
|
|
2023-06-21 |
2023-06-20 - 30 days of Formbook: Day 16, Tuesday 2023-06-20 - "F1W6" |
|
|
2023-06-20 |
2023-06-19 - 30 days of Formbook: Day 15, Monday 2023-06-19 - "CE18" |
|
|
2023-06-20 |
2023-06-18 - 30 days of Formbook: Day 14, Sunday 2023-06-18 - "JY05" |
|
|
2023-06-20 |
2023-06-17 - 30 days of Formbook: Day 13, Saturday 2023-06-17 - "MR04" |
|
|
2023-06-17 |
2023-06-16 - 30 days of Formbook: Day 12, Friday 2023-06-16 - "TFGP" (ISC diary) |
|
|
2023-06-16 |
2023-06-15 - 30 days of Formbook: Day 11, Thursday 2023-06-15 - "GA94" |
|
|
2023-06-15 |
2023-06-14 - 30 days of Formbook: Day 10, Wednesday 2023-06-14 - "J0C7" |
|
|
2023-06-14 |
2023-06-13 - 30 days of Formbook: Day 9, Tuesday 2023-06-13 - XLoader "MD8S" |
|
|
2023-06-13 |
2023-06-10 - 30 days of Formbook: Day 6, Saturday 2023-06-10 - "SN84" |
|
|
2023-06-13 |
2023-06-11 - 30 days of Formbook: Day 7, Sunday 2023-06-11 - GuLoader Formbook "XCHU" |
|
|
2023-06-13 |
2023-06-12 - 30 days of Formbook: Day 8, Monday 2023-06-12 - "EE2Q" |
|
|
2023-06-10 |
2023-06-09 - 30 days of Formbook: Day 5, Friday 2023-06-09 - GuLoader Formbook "V16R" |
|
|
2023-06-09 |
2023-06-08 - 30 days of Formbook: Day 4, Thursday 2023-06-08 - "T30K" |
|
|
2023-06-08 |
2023-06-07 - 30 days of Formbook: Day 3, Wednesday 2023-06-07 - "AE30" |
|
|
2023-06-07 |
2023-06-06 - 30 days of Formbook: Day 2, Tuesday 2023-06-06 - "CG62" |
|
|
2023-06-06 |
2023-06-05 - 30 days of Formbook: Day 1, Monday 2023-06-05 - "HE2A" |
|
|
2023-05-30 |
2023-05-29 - Pcap and malware for ISC Diary (ModiLoader/Remcos RAT) |
|
|
2023-05-27 |
2023-05-24 - Bye bye Pikabot... We're back to Qak! (obama264 Qakbot infection) |
|
|
2023-05-24 |
2023-05-23 - Pikabot infection with Cobalt Strike |
|
|
2023-05-24 |
2023-05-22 - Pikabot infection with Cobalt Strike |
|
|
2023-05-19 |
2023-05-17 - Knock knock... Guess who? It's Pikabot! |
|
|
2023-05-19 |
2023-05-10 - obama262 Qakbot (Qbot) infection with Cobalt Strike and Dark Cat VNC |
|
|
2023-05-19 |
2023-05-10 - IcedID (Bokbot) infection with Cobalt Strike and Keyhole VNC |
|
|
2023-05-05 |
2023-05-02 - Quick post: obama259 Qakbot (Qbot) infection with Dark Cat VNC |
|
|
2023-04-22 |
2023-04-19 - Quick post: Qakbot (Qbot) activity, distribution tags BB24 and obama254 |
|
|
2023-04-15 |
2023-04-14 - Quick post: IcedID (Bokbot) activity |
|
|
2023-04-15 |
2023-04-13 - Metastealer infection |
|
|
2023-04-13 |
2023-04-12 - Quick Post: Qakbot (Qbot), distribution tag obama251 |
|
|
2023-04-04 |
2023-04-03 - IoC update: Qakbot (Qbot) TCP port 65400 traffic changes IP address |
|
|
2023-04-01 |
2023-03-31 - Qakbot (Qbot), obama247 distribution tag |
|
|
2023-03-28 |
2023-03-24 - IcedID (Bokbot) with BackConnect traffic and Cobalt Strike |
|
|
2023-03-24 |
2023-03-22 - Emotet Epoch 4 activity |
|
|
2023-03-21 |
2023-03-17 - Emotet Epoch 5 activity |
|
|
2023-03-21 |
2023-03-16 - Epoch 5 activity: Emotet now also using OneNote files |
|
|
2023-03-10 |
2023-03-08 - IcedID (Bokbot) infection with BackConnect and VNC traffic |
|
|
2023-03-10 |
2023-03-06 - Gozi (ISFB/Ursnif) activity targeting Italy |
|
|
2023-03-08 |
2023-03-07 - Emotet infection with spambot traffic |
|
|
2023-03-03 |
2023-03-02 - Rig EK --> malware loader --> Redline Stealer |
|
|
2023-03-03 |
2023-02-27 - Files for ISC Diary: BB17 Qakbot |
|
|
2023-02-24 |
2023-02-23 - Files for ISC Diary: URL files and WebDAV used for IcedID (Bokbot) |
|
|
2023-02-14 |
2023-02-13 - IcedID (Bokbot) from fake Microsoft Teams page |
|
|
2023-02-09 |
2023-02-07 - OneNote file pushes unidentified malware |
|
|
2023-02-04 |
2023-02-03 - DEV-0569: Google ad --> FakeBat Loader --> Redline Stealer and Gozi/ISFB |
|
|
2023-02-01 |
2023-01-31 - BB12 Qakbot (Qbot) with Cobalt Strike and VNC traffic |
|
|
2023-01-24 |
2023-01-23 - Google ad --> Fake AnyDesk page --> possible TA505 activity |
|
|
2023-01-19 |
2023-01-16 - IcedID (Bokbot) with Backconnect and VNC and Cobalt Strike |
|
|
2023-01-19 |
2023-01-18 - Google ad --> Fake Libre Office page --> IcedID (Bokbot) --> Cobalt Strike |
|
|
2023-01-18 |
2023-01-16 - Google ad --> Fake 7-Zip page --> Malicious .msi file |
|
|
2023-01-18 |
2023-01-12 - IcedID (Bokbot) infection with Cobalt Strike |
|
|
2023-01-13 |
2023-01-05 - Infection from AgentTesla variant, possibly OriginLogger |
|
|
2023-01-06 |
2023-01-03 and 01-04 - Astaroth (Guildma) malware infections |
|
|
2023-01-06 |
2023-01-02 - Bringing in the new year |
|
|
2023-01-04 |
2023-01-03 - Google ad --> fake Notepad++ page --> Rhadamanthys Stealer |
|
|
2022-12-29 |
2022-12-28 - Link from USPS-themed malspam pushes NetSupport RAT |
|
|
2022-12-23 |
2022-12-21 - Files for an ISC diary (malicious Google ads) |
|
|
2022-12-23 |
2022-12-20 - IcedID (Bokbot) infection with Cobalt Strike |
|
|
2022-12-15 |
2022-12-14 - Pcap and malware for an ISC diary (IcedID) |
|
|
2022-12-10 |
2022-12-09 - HTML smuggling leads to Qakbot (Qbot), distribution/botnet tag: azd |
|
|
2022-12-08 |
2022-12-07 - Bumblebee infection with Cobalt Strike |
|
|
2022-12-02 |
2022-12-01 - Files for an ISC diary (obama224 Qakbot) |
|
|
2022-11-29 |
2022-11-28 - BB08 Qakbot (Qbot) infection with Cobalt Strike and VNC traffic |
|
|
2022-11-29 |
2022-11-21 and 11-22 - AgentTesla and Remcos RAT from malspam |
|
|
2022-11-22 |
2022-11-11 - IcedID (Bokbot) infection with VNC traffic |
|
|
2022-11-19 |
2022-11-14 - obama221 Qakbot (Qbot) infection with Cobalt Strike and VNC traffic |
|
|
2022-11-19 |
2022-11-03 - Emoet infection with IcedID (Bokbot) |
|
|
2022-11-19 |
2022-11-17 - Bumblebee infection |
|
|
2022-11-19 |
2022-11-07 - Emotet (epoch 4) infection with IcedID (Bokbot) and Bumblebee malware |
|
|