Malware-Traffic-Analysis.net



近期历史最近 100 条记录

2024-11-15	2024-11-14 - Raspberry Robin infection using WebDAV server	
2024-10-24	2024-10-23 - Redline Stealer infection	
2024-10-24	2024-10-17 - Two days of server scans and probes and web traffic	
2024-10-08	2024-10-07 - Data dump (Formbook, possible Astaroth/Guildma, Redline Stealer, unidentified malware)	
2024-10-04	2024-10-03 - SmartLoader to Lumma Stealer	
2024-10-04	2024-10-01 - Ukrainian language malspam pushes RMS-based malware	
2024-09-22	2024-09-19 - File downloader to Lumma Stealer	
2024-09-18	2024-09-17 - Snake KeyLogger (VIP Recovery) infection, FTP exfil	
2024-09-18	2024-09-16 - Snake KeyLogger (VIP Recovery) infection, SMTP exfil	
2024-09-14	2024-09-12 - Approximately 11 days of server scans and probes	
2024-09-12	2024-09-11 - Data dump: Remcos RAT and XLoader (Formbook)	
2024-09-09	2024-09-04 - Traffic Analysis Exercise: Big Fish in a Little Pond	
2024-08-30	2024-08-30 - Approximately 11 days of server scans and probes	
2024-08-30	2024-08-29 - Phishing email and traffic to fake webmail login page	
2024-08-27	2024-08-26 - GuLoader for Remcos RAT	
2024-08-16	2024-08-15 - Traffic analysis exercise: WarmCookie	
2024-08-13	2024-08-12 - XLoader/Formbook infection	
2024-08-11	2024-08-08 - 16 days of server scans and probes	
2024-07-30	2024-07-23 - Eight days of server scans and probes	
2024-07-30	2024-07-30 - Traffic analysis exercise: You dirty rat!	
2024-06-28	2024-06-25 - Latrodectus infection with BackConnect and Keyhole VNC	
2024-06-25	2024-06-24 - ClickFix popup leads to Lumma Stealer	
2024-06-19	2024-06-17 - Google ad --> fake unclaimed funds site --> Matanbuchus with Danabot	
2024-06-19	2024-06-12 - KoiLoader/KoiStealer infection	
2024-06-13	2024-06-11 - Traffic example of a CVE-2024-4577 probe	
2024-06-11	2024-06-10 - Malspam pushing OriginLogger (AgentTesla)	
2024-06-08	2024-06-08: Three days of server scans and probes	
2024-05-16	2024-05-14: DarkGate activity	
2024-05-11	2024-05-09: GootLoader activity	
2024-04-19	2024-04-18: Word macro --> SSLoad --> Cobalt Strike	
2024-04-18	2024-04-17: TA578 pushes SSLoad malware	
2024-04-16	2024-04-15: Contact Forms campaign leads to SSLoad malware	
2024-04-11	2024-04-09: Data dump from Latrodectus malware infection	
2024-04-11	2024-04-05: Data dump from Astaroth (Guildma) malware infection	
2024-04-05	2024-04-04: Koi Loader/Stealer activity	
2024-03-27	2024-03-26: Google ad leads to Matanbuchus infection with Danabot	
2023-08-11	2023-08-09 - .msix file --> IcedID (Bokbot) --> BackConnect and Keyhole VNC	
2023-08-05	2023-08-03 - Google ad --> TurboTax site --> DanaBot	
2023-08-02	2023-08-01 - Bandook infection	
2023-07-26	2023-07-25 - IcedID (Bokbot) from wave of malspam on 2023-07-24	
2023-07-15	2023-07-13 - IcedID (Bokbot) from malspam	
2023-07-15	2023-07-12 - Gozi/ISFB infection with Cobalt Strike	
2023-07-12	2023-07-11 - Files for an ISC diary (Loader activity for Formbook)	
2023-07-12	30 days of Formbook: Full List	
2023-07-08	2023-07-04 thru 2023-07-07 - AgentTesla to my honeypot email accounts	
2023-07-08	2023-07-04 - 30 days of Formbook: Day309, Tuesday 2023-07-04 - Formbook "MF6W"	
2023-07-04	2023-07-03 - 30 days of Formbook: Day 29, Monday 2023-07-03 - GuLoader Formbook "AU22"	
2023-07-04	2023-07-02 - 30 days of Formbook: Day 28, Sunday 2023-07-02 - "SY18"	
2023-07-04	2023-07-01 - 30 days of Formbook: Day 27, Saturday 2023-07-01 - "NES8"	
2023-07-01	2023-06-30 - 30 days of Formbook: Day 26, Friday 2023-06-30 - "S28Y"	
2023-06-30	2023-06-29 - 30 days of Formbook: Day 25, Thursday 2023-06-29 - "CS94"	
2023-06-30	2023-06-28 - IcedID (Bokbot) activity	
2023-06-29	2023-06-26 - Files for an ISC diary (Loader-style infection for Remcos RAT)	
2023-06-29	2023-06-28 - 30 days of Formbook: Day 24, Wednesday 2023-06-28 - "RX63"	
2023-06-28	2023-06-27 - 30 days of Formbook: Day 23, Tuesday 2023-06-27 - "FGH2"	
2023-06-27	2023-06-26 - 30 days of Formbook: Day 22, Monday 2023-06-26 - "G0E8"	
2023-06-27	2023-06-25 - 30 days of Formbook: Day 21, Sunday 2023-06-25 - "CX01"	
2023-06-27	2023-06-24 - 30 days of Formbook: Day 20, Saturday 2023-06-24 - version 3.8 "AK"	
2023-06-27	2023-06-23 - 30 days of Formbook: Day 19, Friday 2023-06-23 - "P1A4"	
2023-06-23	2023-06-22 - 30 days of Formbook: Day 18, Thursday 2023-06-22 - "K2L0"	
2023-06-23	Files for an ISC diary (obama271 Qakbot)	
2023-06-23	2023-06-21 - 30 days of Formbook: Day 17, Wednesday 2023-06-21 - ModiLoader for XLoader "NVP4"	
2023-06-21	2023-06-20 - 30 days of Formbook: Day 16, Tuesday 2023-06-20 - "F1W6"	
2023-06-20	2023-06-19 - 30 days of Formbook: Day 15, Monday 2023-06-19 - "CE18"	
2023-06-20	2023-06-18 - 30 days of Formbook: Day 14, Sunday 2023-06-18 - "JY05"	
2023-06-20	2023-06-17 - 30 days of Formbook: Day 13, Saturday 2023-06-17 - "MR04"	
2023-06-17	2023-06-16 - 30 days of Formbook: Day 12, Friday 2023-06-16 - "TFGP" (ISC diary)	
2023-06-16	2023-06-15 - 30 days of Formbook: Day 11, Thursday 2023-06-15 - "GA94"	
2023-06-15	2023-06-14 - 30 days of Formbook: Day 10, Wednesday 2023-06-14 - "J0C7"	
2023-06-14	2023-06-13 - 30 days of Formbook: Day 9, Tuesday 2023-06-13 - XLoader "MD8S"	
2023-06-13	2023-06-10 - 30 days of Formbook: Day 6, Saturday 2023-06-10 - "SN84"	
2023-06-13	2023-06-11 - 30 days of Formbook: Day 7, Sunday 2023-06-11 - GuLoader Formbook "XCHU"	
2023-06-13	2023-06-12 - 30 days of Formbook: Day 8, Monday 2023-06-12 - "EE2Q"	
2023-06-10	2023-06-09 - 30 days of Formbook: Day 5, Friday 2023-06-09 - GuLoader Formbook "V16R"	
2023-06-09	2023-06-08 - 30 days of Formbook: Day 4, Thursday 2023-06-08 - "T30K"	
2023-06-08	2023-06-07 - 30 days of Formbook: Day 3, Wednesday 2023-06-07 - "AE30"	
2023-06-07	2023-06-06 - 30 days of Formbook: Day 2, Tuesday 2023-06-06 - "CG62"	
2023-06-06	2023-06-05 - 30 days of Formbook: Day 1, Monday 2023-06-05 - "HE2A"	
2023-05-30	2023-05-29 - Pcap and malware for ISC Diary (ModiLoader/Remcos RAT)	
2023-05-27	2023-05-24 - Bye bye Pikabot... We're back to Qak! (obama264 Qakbot infection)	
2023-05-24	2023-05-23 - Pikabot infection with Cobalt Strike	
2023-05-24	2023-05-22 - Pikabot infection with Cobalt Strike	
2023-05-19	2023-05-17 - Knock knock... Guess who? It's Pikabot!	
2023-05-19	2023-05-10 - obama262 Qakbot (Qbot) infection with Cobalt Strike and Dark Cat VNC	
2023-05-19	2023-05-10 - IcedID (Bokbot) infection with Cobalt Strike and Keyhole VNC	
2023-05-05	2023-05-02 - Quick post: obama259 Qakbot (Qbot) infection with Dark Cat VNC	
2023-04-22	2023-04-19 - Quick post: Qakbot (Qbot) activity, distribution tags BB24 and obama254	
2023-04-15	2023-04-14 - Quick post: IcedID (Bokbot) activity	
2023-04-15	2023-04-13 - Metastealer infection	
2023-04-13	2023-04-12 - Quick Post: Qakbot (Qbot), distribution tag obama251	
2023-04-04	2023-04-03 - IoC update: Qakbot (Qbot) TCP port 65400 traffic changes IP address	
2023-04-01	2023-03-31 - Qakbot (Qbot), obama247 distribution tag	
2023-03-28	2023-03-24 - IcedID (Bokbot) with BackConnect traffic and Cobalt Strike	
2023-03-24	2023-03-22 - Emotet Epoch 4 activity	
2023-03-21	2023-03-17 - Emotet Epoch 5 activity	
2023-03-21	2023-03-16 - Epoch 5 activity: Emotet now also using OneNote files	
2023-03-10	2023-03-08 - IcedID (Bokbot) infection with BackConnect and VNC traffic	
2023-03-10	2023-03-06 - Gozi (ISFB/Ursnif) activity targeting Italy	
2023-03-08	2023-03-07 - Emotet infection with spambot traffic	
2023-03-03	2023-03-02 - Rig EK --> malware loader --> Redline Stealer	