[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024]

• 2019 -- Pcaps for SharkFest 2019 US (SF19US) Sessions: Analyzing Windows Malware Traffic With Wireshark
• 2019 -- Training Material for 2019 Pcap Analysis Workshop

• 2019-12-27 -- Qakbot (Qbot) infection
• 2019-12-26 -- Data dump: IcedID infection with Trickbot
• 2019-12-23 -- Rig EK sends malware payload I cannot identify
• 2019-12-23 -- Data dump: two Gozi/ISFB (Ursnif) infections
• 2019-12-23 -- Pcap and malare for an ISC diary (IcedID)
• 2019-12-20 -- Emotet epoch 2 infection with Trickbot gtag mor70
• 2019-12-19 -- Ursnif infection with IcedID (Bokbot) and Valak
• 2019-12-16 -- Pcap and malware for an ISC diary (Emotet with spambot)
• 2019-12-16 -- Data dump: Emotet epoch 3 infection with Trickbot gtag mor66
• 2019-12-11 -- Spelevo EK sends PsiXBot
• 2019-12-11 -- Ursnif infection with Dridex
• 2019-12-10 -- Pcap and malware for an ISC diary (Trickbot gtag mango21)
• 2019-12-10 -- Data dump: Hancitor infection with Gozi/ISFB (Ursnif) and Cobalt Strike
• 2019-12-09 -- Emotet epoch 2 with Trickbot gtag mor61
• 2019-12-09 -- Hancitor infection traffic, malware, and some indicators
• 2019-12-06 -- Emotet epoch 3 with Trickbot gtag mor60
• 2019-12-05 -- Hancitor infection traffic, malware, and some indicators
• 2019-12-02 -- Pcap and malware for an ISC diary (Ursnif infection with Dridex)

• 2019-11-27 -- Emotet epoch 3 infected Windows client as spambot
• 2019-11-27 -- Dridex infection from malspam
• 2019-11-25 -- Data dump: Spelevo EK sends Qakbot
• 2019-11-25 -- Ursnif infection with Dridex
• 2019-11-25 -- Emotet epoch 3 infection with Trickbot gtag mor51
• 2019-11-22 -- Pcap only: Emotet epoch 2 with Trickbot gtag mor50
• 2019-11-21 -- Data dump: Emotet epoch 3 with Trickbot gtag mor49 & spambot traffic
• 2019-11-19 -- Pcap and malware for an ISC diary (Hancitor infection)
• 2019-11-15 -- Pcap only: Emotet epoch 3 infection with Trickbot gtag mor45
• 2019-11-13 -- Data dump: Emotet epoch 1 infection with Trickbot gtag mor43
• 2019-11-13 -- Data dump: IcedID infection with Anubis VNC and Trickot in an AD environment
• 2019-11-11 -- Data dump: Emotet epoch 1 infection with Trickbot gtag mor41
• 2019-11-08 -- Data dump: Emotet epoch 2 infection with Trickbot gtag mor40
• 2019-11-08 -- Data dump: Word doc --> Gozi/ISFB (Ursnif) --> Trickbot gtag lleo8
• 2019-11-07 -- Data dump: German Word doc --> Gozi/ISFB (Ursnif)
• 2019-11-06 -- Italian Word doc --> Gozi/ISFB (Ursnif) --> Dridex --> infected host acts as proxy

• 2019-10-31 -- Data dump: IcedID infection with Trickbot
• 2019-10-30 -- Data dump: Three days of Gozi/ISFB (Urnsif) infections with Dridex
• 2019-10-25 -- Data dump: Gozi/ISFB (Urnsif) --> IcedID (Bokbot) --> Trickbot (gtag: tin188)
• 2019-10-25 -- Data dump: Emotet infection with Trickbot (gtag: mor31)
• 2019-10-24 -- Data dump: Emotet infection with Trickbot (gtag: mor30)
• 2019-10-22 -- Data dump: Emotet infection with Trickbot (gtag: mor28)
• 2019-10-21 -- Data dump: Emotet infection with Trickbot (gtag: mor27) and spambot activity
• 2019-10-21 -- Data dump: Gozi/ISFB (Urnsif) infection with IcedID (Bokbot)
• 2019-10-17 -- Data dump: Gozi/ISFB (Urnsif) infection traffic from Italian malspam
• 2019-10-15 -- Malspam pushing Shade (Troldesh) ransomware
• 2019-10-09 -- Data dump: Gozi/ISFB (Urnsif) infection with Trickbot (gtag: leo20)
• 2019-10-09 -- DocuSign-themed Hancitor malspam and infection traffic
• 2019-10-03 -- Data dump: Classic-style Hancitor malspam
• 2019-10-02 -- Data dump: Emotet infection with Trickbot (gtag: mor14)
• 2019-10-01 -- Data dump: Emotet infection with Trickbot (gtag: mor13)

• 2019-09-30 -- Data dump: Hancitor-style Amadey
• 2019-09-26 -- Data dump: two Gozi/ISFB (Urnsif) infections
• 2019-09-25 -- Data dump: Emotet infection with Trickbot in AD environment
• 2019-09-25 -- Data dump: Trickbot infection, gtag ono19
• 2019-09-24 -- Pcap and malware for an ISC diary (Quasar RAT)
• 2019-09-19 -- Data dump: Gozi/ISFB (Urnsif), Emotet, and Formbook infections
• 2019-09-18 -- Data dump: Emotet infection with Trickbot (gtag: mor3)
• 2019-09-17 -- Pcap and malware for an ISC diary (Emotet + Trickbot)
• 2019-09-16 -- Data dump: Gozi/ISFB (Urnsif) infection with IcedID and Trickbot (gtag: leo16)
• 2019-09-16 -- Data dump: Emotet infection with Trickbot (gtag: mor1)
• 2019-09-13 -- WSHRAT infection from malspam
• 2019-09-06 -- Qakbot infection from malspam
• 2019-09-05 -- Word doc macro causes Gozi/ISFB (Urnsif) with Trickbot, or it causes Vidar
• 2019-09-04 -- Data dump: Gozi/ISFB (Urnsif) doc sends Vidar
• 2019-09-04 -- Data dump: Gozi/ISFB (Urnsif) infection with Trickbot
• 2019-09-03 -- Pcap and malware for an ISC diary (Remcos RAT)

• 2019-08-31 -- Data dump: Ursnif+Vidar with Trickbot
• 2019-08-27 -- Data dump: Gozi/ISFB (Urnsif) infection with Trickbot
• 2019-08-26 -- Data dump: SocGholish campaign pushes NetSupport RAT
• 2019-08-23 -- Data dump: Gozi/ISFB (Ursnif) infection, Rig EK infection, Netwire RAT infection)
• 2019-08-21 -- Gozi/ISFB (Urnsif) infection with Trickbot
• 2019-08-14 -- Pcap and malware for an ISC diary about MedusaHTTP
• 2019-08-12 -- Data dump: IcedID infection with Trickbot
• 2019-08-02 -- Data dump: two examples of Rig EK
• 2019-08-02 -- Quick post: Lord EK sends Eris Ransomware
• 2019-08-01 -- Newly-discovered Lord Exploit Kit

• 2019-07-29 -- Gozi/ISFB (Urnsif) infection with Pushdo
• 2019-07-25 -- Hancitor-style Amadey malspam pushes Pony & Cobalt Strike
• 2019-07-22 -- Hancitor switches to Amadey, still pushing Pony/Ursnif/Cobalt Strike
• 2019-07-15 -- Quick post: Recent MyDoom activity
• 2019-07-12 -- Dridex activity
• 2019-07-09 -- Malspam with password-protected Word doc pushes Dridex
• 2019-07-08 -- Quick post: Rig EK sends Amadey
• 2019-07-08 -- Quick post: Gozi/ISFB (Urnsif) infection with Dridex and Powershell Empire
• 2019-07-05 -- Quick post: Gozi/ISFB (Urnsif) infection with Trickbot and IcedID
• 2019-07-03 -- Quick post: Hancitor infection with Cobalt Strike
• 2019-07-02 -- Quick post: Hancitor infection with Cobalt Strike
• 2019-07-02 -- Quick post: Trickbot Infection with CookiesDll64 module
• 2019-07-01 -- Quick post: Hancitor malspam
• 2019-07-01 -- Quick post: Rig EK sends AZORult

• 2019-06-28 -- Quick post: Fake updates campaign sends Chthonic banking Trojan
• 2019-06-25 -- Quick post: Rig EK sends Pitou.B
• 2019-06-24 -- Pcap and malware for an ISC diary (Rig EK sends Pitou.B)
• 2019-06-17 -- Pcap and malware for an ISC diary (Dridex)
• 2019-06-17 -- Pcap and malware for an ISC diary (Rig EK)
• 2019-06-12 -- Quick post: infection from malware on 80.85.155[.]70

• 2019-05-23 -- Quick post: malspam pushes Lokibot
• 2019-05-22 -- Rig EK from unknown campaign pushes Gandcrab ransomware
• 2019-05-20 -- Malspam pushes Formbook
• 2019-05-10 -- Quick post: Infection from malspam attachment
• 2019-05-03 -- Quick post: Gozi/ISFB (Urnsif) infections with Dridex or Nymaim
• 2019-05-01 -- Quick post: Emotet with Trickbot infection
• 2019-05-01 -- Malspam with password-protected Word doc pushes IcedID

• 2019-04-29 -- Quick post: Emotet with Trickbot infection traffic
• 2019-04-27 -- Quick post: Trickbot infection traffic
• 2019-04-24 -- Brazil malspam pushing Banload
• 2019-04-08 -- Quick post: Emotet infection with Qakbot
• 2019-04-05 -- Quick post: Fake Updates campaign pushes Chthonic banking Trojan
• 2019-04-03 -- Quick post: Hookads campaign Rig EK sends AZORult
• 2019-04-02 -- DocuSign-themed malspam --> Hancitor --> (Gozi/ISFB) Ursnif

• 2019-03-29 -- Quick post: malspam using password-protected word docs pushes Dridex
• 2019-03-20 -- Another example of Spelevo EK
• 2019-03-16 -- Spelevo EK examples
• 2019-03-15 -- Malspam pushes Lokibot
• 2019-03-15 -- Quick post: Change in patterns for Emotet post-infection traffic
• 2019-03-14 -- Quick post: Password-protected Word docs push IcedID (Bokbot)
• 2019-03-13 -- Quick post: Emotet infection with Trickbot
• 2019-03-11 -- Files for an ISC diary (Emotet + Qakbot)
• 2019-03-08 -- Data dump: Emotet malspam and infection traffic
• 2019-03-06 -- Quick post: Korean malspam pushes Flawed Ammyy RAT malware
• 2019-03-04 -- Files for an ISC diary (malspam with password-protected Word docs)
• 2019-03-01 -- Quick post: Emotet infection with Trickbot

• 2019-02-28 -- Fallout EK from the HookAds campaign
• 2019-02-26 -- Quick post: malspam pushing Gandcrab
• 2019-02-22 -- Malspam with Word docs pushing Vidar
• 2019-02-20 -- Quick post: Emotet to IcedID (Bokbot) to Trickbot
• 2019-02-15 -- Quick post: Emotet to IcedID (Bokbot) to Trickbot
• 2019-02-12 -- Quick post: Hancitor infection with Gozi/ISFB (Urnsif)
• 2019-02-11 -- Pcap and malware for an ISC diary (Fake Updates campaign)
• 2019-02-07 -- Info stealer (Agent Tesla) uses FTP to exfiltrate data
• 2019-02-05 -- Pcap for an ISC diary (Hancitor malspam)

• 2019-01-30 -- Data dump (Emotet malspam, Trickbot malspam)
• 2019-01-25 -- Examples from three days of Emotet + follow-up malware
• 2019-01-23 -- Files for an ISC diary
• 2019-01-22 -- Quick post: Emotet + Trickbot, IcedID (Bokbot), or Gootkit
• 2019-01-22 -- Hancitor malspam with FedEx theme
• 2019-01-21 -- Emotet infection with Gootkit
• 2019-01-18 -- Quick post: Emotet infection with IcedID (Bokbot)
• 2019-01-16 -- Hancitor malspam with Paypal theme
• 2019-01-15 -- files for an ISC diary (Emotet infections and follow-up malware)
• 2019-01-14 -- Emotet infection with Gootkit
• 2019-01-11 -- Quick post: Wave of Trickbot malspam (gtag: sat32)
• 2019-01-10 -- HookAds campaign Rig EK pushes Vidar
• 2019-01-09 -- Fake AV/tech support scam popup
• 2019-01-08 -- files for an ISC diary ("love you" malspam)
• 2019-01-04 -- HookAds campaign Rig EK pushes SmokeLoader
• 2019-01-04 -- Malspam pushing Nanocore RAT
• 2019-01-03 -- Malspam pushing Lokibot
• 2019-01-02 -- Malware from malspam pushing Formbook

 

Click here to return to the main page.