[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024]

• 2024-11-14 -- 2024-11-14: Raspberry Robin infection using WebDAV server

• 2024-10-23 -- 2024-10-23: Redline Stealer infection
• 2024-10-17 -- 2024-10-17: Two days of server scans and probes and web traffic
• 2024-10-07 -- 2024-10-07: Data Dump (Formbook, possible Astaroth/Guildma, Redline Stealer, unidentified malware)
• 2024-10-03 -- 2024-10-03 - SmartLoader to Lumma Stealer
• 2024-10-01 -- 2024-10-01 - Ukrainian language malspam pushes RMS-based malware

• 2024-09-19 -- 2024-09-19 - File downloader to Lumma Stealer
• 2024-09-17 -- 2024-09-17 - Snake KeyLogger (VIP Recovery), FTP exfil
• 2024-09-16 -- 2024-09-16 - Snake KeyLogger (VIP Recovery), SMTP exfil
• 2024-09-12 -- 2024-09-12 - Approximately 11 days of server scans and probes
• 2024-09-11 -- 2024-09-11 - Data Dump: Remcos RAT and XLoader (Formbook)

• 2024-08-30 -- 2024-08-30 - Approximately 11 days of server scans and probes
• 2024-08-29 -- 2024-08-29 - Phishing email and traffic to fake webmail login page
• 2024-08-26 -- 2024-08-26 - GuLoader for Remcos RAT
• 2024-08-12 -- 2024-08-12 - XLoader/Formbook infection
• 2024-08-08 -- 2024-08-08 - Sixteen days of server scans and probes

• 2024-07-23 -- 2024-07-23 - Eight days of server scans and probes

• 2024-06-25 -- 2024-06-25 - Latrodectus infection with BackConnect and Keyhole VNC
• 2024-06-24 -- 2024-06-24 - ClickFix popup leads to Lumma Stealer
• 2024-06-17 -- 2024-06-17 - Google ad --> fake unclaimed funds site --> Matanbuchus with Danabot
• 2024-06-12 -- 2024-06-11 - KoiLoader/KoiStealer infection
• 2024-06-11 -- 2024-06-11 - Traffic example of a CVE-2024-4577 probe
• 2024-06-10 -- 2024-06-10 - Malspam pushing OriginLogger (AgentTesla)
• 2024-06-08 -- 2024-06-08 - Three days of server scans and probes

• 2024-05-14 -- 2024-05-14 - DarkGate activity
• 2024-05-09 -- 2024-05-09 - GootLoader activity

• 2024-04-18 -- 2024-04-18 - Word macro --> SSLoad --> Cobalt Strike
• 2024-04-17 -- 2024-04-17 - TA578 pushes SSLoad malware
• 2024-04-15 -- 2024-04-15 - Contact Forms campaign pushes SSLoad malware as early as 2024-04-11
• 2024-04-09 -- 2024-04-09 - Data dump from Latrodectus infection
• 2024-04-05 -- 2024-04-05 - Data dump from Astaroth (Guildma) malware infection
• 2024-04-04 -- 2024-04-04 - Koi Loader/Stealer activity

• 2024-03-26 -- 2024-03-26 - Google ad leads to Matanbuchus infection with Danabot
• 2024-03-19 -- 2024-03-19 - DarkGate infection
• 2024-03-14 -- 2024-03-14 - AsyncRAT and XWorm infection
• 2024-03-13 -- 2024-03-13 - GootLoader activity
• 2024-03-07 -- 2024-03-07 - Latrodectus infection leads to Lumma Stealer
• 2024-03-06 -- 2024-03-06 - Pikabot infection leads to Meduza Stealer

• 2024-02-23 -- 2024-02-09, 02-22 & 02-23 - Data Dump: Latrodectus from Contact Forms campaign
• 2024-02-21 -- 2024-02-21 - Parrot TDS --> SocGholish --> Async RAT
• 2024-02-14 -- 2024-02-14 - Danabot infection from Italian malspam
• 2024-02-08 -- 2024-02-08 - Pikabot infection

• 2024-01-30 -- 2024-01-30 - DarkGate activity
• 2024-01-25 -- 2024-01-25 - DarkGate activity
• 2024-01-23 -- 2024-01-23 - UltraVNC infection
• 2024-01-19 -- 2024-01-19 - GootLoader infection
• 2024-01-17 -- 2024-01-17 - Malspam pushes WikiLoader
• 2024-01-12 -- 2024-01-12 - Malspam distributing StealC malware
• 2024-01-09 -- 2024-01-09 - Async RAT infection
• 2024-01-08 -- 2024-01-08 - GootLoader infection

Click here to return to the main page.