[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024]

• 2021-12-23 -- Astaroth/Guildma infection from Brazil malspam
• 2021-12-20 -- Pcap from web server traffic with log4j attempts & lot of other probing/scanning
• 2021-12-16 -- Hancitor infection with Cobalt Strike
• 2021-12-13 -- Pcap from web server with log4j attempts & lot of other probing/scanning
• 2021-12-13 -- Files for an ISC diary (Contact Forms IcedID infection)
• 2021-12-10 -- TA551 (Shathak) IcedID (Bokbot) with Cobalt Strike, BackConnect & Anubis VNC
• 2021-12-07 -- obama141 malspam pushes both Qakbot and Matanbuchus
• 2021-12-03 -- Contact Forms campaign BazarLoader with Cobalt Strike

• 2021-11-30 -- Emotet epoch 4 uses appinstaller for infection
• 2021-11-29 -- Emotet epoch 5 infection from email sent on Friday 2021-11-26
• 2021-11-24 -- "Gigi" campaign pushes BazarLoader, leads to IcedID
• 2021-11-22 -- Contact Forms campaign --> BazarLoader --> Cobalt Strike
• 2021-11-18 -- Emotet epoch 4 activity (emails/malware/pcap)
• 2021-11-15 -- Matanbuchus --> Qakbot obama128b --> Cobalt Strike
• 2021-11-15 -- Emotet malspam and malware samples for ISC diary
• 2021-11-05 -- TA551 (Shathak) BazarLoader with BackConnect, Cobalt Strike & Dark Cat VNC
• 2021-11-04 -- TR distribution Qakbot (Qbot) with Cobalt Strike
• 2021-11-03 -- TA551 (Shathak) BazarLoader with Cobalt Strike

• 2021-10-29 -- Files for my talk at the 2021 Texas Cyber Summit
• 2021-10-20 -- Files for an ISC diary (Stolen Images Evidence --> Sliver)
• 2021-10-20 -- TA551 (Shathak) pushes Sliver-based malware
• 2021-10-14 -- "Stolen Images Evidence" campaign pushes BazarLoader
• 2021-10-13 -- Malspam-based Dridex activity
• 2021-10-12 -- Data dump: "Stolen Images Evidence" campaign pushes IcedID (Bokbot)
• 2021-10-07 -- obama111 Qakbot (Qbot) with Cobalt Strike
• 2021-10-06 -- "Stolen Images Evidence" campaign pushes Gozi/ISFB/Ursnif
• 2021-10-05 -- MirrorBlast/Kixtart infection
• 2021-10-04 -- MirrorBlast/Kixtart, ReflectiveGnome, and FlawedGrace infection
• 2021-10-01 -- TR Qakbot (Qbot) infection with spambot activity

• 2021-09-29 -- Hancitor with Cobalt Strike
• 2021-09-24 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
• 2021-09-23 -- Gozi/IFSB/Ursnif with Raccoon Stealer
• 2021-09-23 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
• 2021-09-22 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
• 2021-09-21 -- Squirrelwaffle Loader with Cobalt Strike
• 2021-09-21 -- Brazil currículo (resume) themed malspam
• 2021-09-20 -- Qakbot (Qbot) returns after 2 month absence
• 2021-09-20 -- TA551 (Shathak) pushes BazarLoader
• 2021-09-20 -- Squirrelwaffle Loader with Cobalt Strike
• 2021-09-17 -- Squirrelwaffle Loader with Cobalt Strike
• 2021-09-14 -- Pcap and malware for an ISC diary (Hancitor with Cobalt Strike)
• 2021-09-03 -- GuLoader for possible Remcos RAT
• 2021-09-02 -- Hancitor with Cobalt Strike
• 2021-09-01 -- TA551 (Shathak) BazarLoader to Trickbot gtag zev4

• 2021-08-31 -- Astaroth/Guildma from Brazil malspam
• 2021-08-30 -- Pcap and malware for an ISC diary (STRRAT)
• 2021-08-30 -- Quick post: TA551 (Shathak) BazarLoader
• 2021-08-19 -- Quick post: BazarLoader --> Cobalt Strike --> AdFind
• 2021-08-12 -- Stolen Images Evidence.zip -> BazarLoader -> Cobalt Strike
• 2021-08-10 -- Pcap & malware for ISC diary (TA551 -> BazarLoader -> Cobalt Strike)
• 2021-08-05 -- AZORult distributed through malspam

• 2021-07-21 -- TA551 (Shathak) BazarLoader with Cobalt Strike
• 2021-07-15 -- TA551 (Shathak) Trickbot gtag zev1 with Cobalt Strike
• 2021-07-12 -- Trickbot gtag rob106
• 2021-07-02 -- Astaroth/Guildma from Brazil malspam

• 2021-06-30 -- TA551 (Shathak) pushes Trickbot, leads to Cobalt Strike
• 2021-06-21 -- BazarCall campaign pushes BazarLoader
• 2021-06-18 -- TA551 (Shathak) English-template Word docs push Gozi/ISFB/Ursnif
• 2021-06-17 -- Hancitor with Cobalt Strike
• 2021-06-16 -- Quick post: BazarCall campaign pushes BazarLoader
• 2021-06-15 -- Quick post: Hancitor with Ficker Stealer and Cobalt Strike
• 2021-06-04 -- Quick post: Qakbot (Qbot) with Cobalt Strike and spambot activity
• 2021-06-03 -- Quick post: BazarCall website to BazarLoader infection with Cobalt Strike
• 2021-06-02 -- TA551 (Shathak) Word docs --> IcedID (Bokbot) --> BackConnect traffic & Anubis VNC
• 2021-06-01 -- Hancitor infection with Cobalt Strike and netping tool activity

• 2021-05-27 -- IcedID (Bokbot) from Stolen Images Evidence.zip
• 2021-05-26 -- Pcap only: Trickbot infection with Cobalt Strike
• 2021-05-24 -- Quick post: Hancitor infection with Ficker Stealer and Cobalt Strike
• 2021-05-24 -- TA551 (Shathak) Word docs --> IcedID (Bokbot) --> BackConnect traffic & Anubis VNC
• 2021-05-21 -- Qakbot (Qbot) infection with Cobalt Strike
• 2021-05-21 -- Raccoon Stealer
• 2021-05-20 -- Hancitor with Ficker Stealer, Cobalt Strike, & netping tool
• 2021-05-18 -- Quick post: Qakbot (Qbot) infection with Cobalt Strike
• 2021-05-14 -- Email attachment from 10 days prior still pushing Urnsif (Gozi/ISFB)
• 2021-05-13 -- Hancitor infection with Ficker Stealer and Cobalt Strike

• 2021-04-29 -- TA551 (Shathak) pushes IcedID (Bokbot)
• 2021-04-28 -- TA551 (Shathak) pushes Ursnif (Gozi/ISFB)
• 2021-04-23 -- IcedID (Bokbot) infection from zipped JS file
• 2021-04-16 -- BazaLoader (BazarLoader) activity
• 2021-04-16 -- TA551 (Shathak) German-template Word docs push Ursnif (Gozi/ISFB)
• 2021-04-15 -- BazaLoader (BazarLoader) activity
• 2021-04-14 -- BazaLoader (BazarLoader) activity
• 2021-04-12 -- IcedID (Bokbot) with BackConnect traffic & Anubis VNC
• 2021-04-12 -- Guildma (Astaroth) from Brazil-based malspam
• 2021-04-09 -- IcedID (Bokbot) infection from zipped JS file
• 2021-04-07 -- Quick post: BazaCall activity
• 2021-04-07 -- Data dump: Hancitor activity
• 2021-04-01 -- Quick post: IcedID (Bokbot) activity

• 2021-03-25 -- Medical reminder service trial malspam pushes BazaLoader (BazarLoader)
• 2021-03-19 -- IcedID (Bokbot) infection
• 2021-03-18 -- Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)
• 2021-03-17 -- TA551 (Shathak) Italian template Word docss push Ursnif (Gozi/ISFB)
• 2021-03-12 -- Quick post: IcedID malware/artifacts
• 2021-03-12 -- TA551 (Shathak) Italian template Word docss push Ursnif (Gozi/ISFB)
• 2021-03-11 -- IcedID (Bokbot) from Excel spreadsheet macro
• 2021-03-08 -- Spelevo EK pushes ZLoader
• 2021-03-02 -- Pcap and malware for ISC diary (Qakbot with Cobalt Strike)

• 2021-02-25 -- TA551 (Shathak) back to pushing IcedID (Bokbot)
• 2021-02-24 -- Qakbot (Qbot) infection with spambot traffic
• 2021-02-22 -- IcedID (Bokbot) from same type of URL that normally delivers Qakbot
• 2021-02-19 -- Mensagem "Pascholotto" empurra malware
• 2021-02-18 -- Quick post: 46 malicious emails
• 2021-02-17 -- Pcap and malware for ISC diary (Trickbot gtag rob13)
• 2021-02-12 -- Qakbot (Qbot) infection with Cobalt Strike
• 2021-02-09 -- Quick post: Hancitor infection with Cobalt Strike
• 2021-02-09 -- Files for an ISC diary (phishing email)
• 2021-02-05 -- Spelevo EK sends Sharik/SmokeLoader
• 2021-02-04 -- Rig EK sends possible BuerLoader
• 2021-02-02 -- Hancitor infection with Ficker Stealer, Cobalt Strike, & NetSupport RAT
• 2021-02-01 -- Files for an ISC diary (SystemBC with Cobalt Strike)

• 2021-01-27 -- 14 examples of malspam/phishing emails
• 2021-01-26 -- Pcap and malware for an ISC diary (TA551 Qakbot)
• 2021-01-22 -- Emotet epoch 1 activity
• 2021-01-19 -- Pcap and malware for an ISC diary (Qakbot)
• 2021-01-15 -- Emotet infection from Epoch 1 botnet
• 2021-01-14 -- Six items of malspam received by my admin email
• 2021-01-14 -- Pcap and malware for an ISC diary (Rig EK)
• 2021-01-13 -- Emotet epoch 2 infection with Trickbot gtag mor13
• 2021-01-12 -- Emotet epoch 3 infection with Trickbot gtag mor12 and spambot traffic
• 2021-01-12 -- Pcap and malware for an ISC diary (Hancitor)
• 2021-01-06 -- Remcos RAT infection
• 2021-01-05 -- PurpleFox EK pushes NuggetPhantom malware
• 2021-01-04 -- Emotet epoch 2 infection with Trickbot gtag mor9

 

Click here to return to the main page.