Tag: Malware-Traffic-Analysis.net – Blog Entries

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-12-08 – Pcap for an ISC diary (December 2021…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-11-30 – Emotet epoch 4 uses appinstaller for infection

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-12-08 – Pcap for an ISC diary (December 2021…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-11-24 – Gigi campaign pushes BazarLoader, leads to IcedID

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-11-29 – Emotet epoch 5 infection sent from email…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-11-29 – Emotet epoch 5 infection sent from email…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-11-22 – Contact Forms campaign –> BazarLoader –> Cobalt…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-10-29 – Files for my talk at the 2021…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-10-22 – Files for an ISC diary (October 2021…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-10-20 – Files for an ISC diary (Stolen Images…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-10-20 – TA551 (Shathak) pushes Sliver-based malware

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-10-07 – Qakbot (Qbot) obama111 with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-29 – Hancitor with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-23 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-24 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-21 – Squirrelwaffle Loader with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-22 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-21 – Brazil – currículo (resume) themed malspam

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-20 – Squirrelwaffle Loader with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-17 – Squirrelwaffle Loader with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-14 – Pcap and malware for an ISC diary…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-09-14 – Pcap and malware for an ISC diary…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-08-10 – Pcap and malware for ISC diary (TA551…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-07 – Traffic Analysis Exercise – Dualrunning

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-08-05 – AZORult distributed through malspam

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-07-21 – TA551 (Shathak) BazarLoader with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-07-15 – TA551 (Shathak) Trickbot gtag zev1 with Cobalt…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-07-12 – Trickbot gtag rob106

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-07-02 – Astaroth/Guildma from Brazil malspam

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-06-30 – TA551 (Shathak) pushes Trickbot with DarkVNC and…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-06-21 – BazarCall campaign pushes BazarLoader

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-06-03 – Quick post: BazarCall website to BazarLoader infection…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-06-04 – Quick post: Qakbot (Qbot) with Cobalt Strike…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-06-02 – TA551 (Shathak) Word docs push IcedID (Bokbot)

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-06-01 – Hancitor infection with Cobalt Strike and netping…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-05-24 – Quick post: Hancitor infection with Ficker Stealer…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-05-24 – TA551 (Shathak) Word docs push IcedID (Bokbot)

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-05-21 – Qakbot (Qbot) infection with Cobalt Strike

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-05-21 – Racoon Stealer

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-05-20 – Hancitor with Ficker Stealer, Cobalt Strike, and…

Read more →

This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-05-14 – Email attachment from 10 days prior still…

Read more →

Read the original article: 2021-04-23 – IcedID (Bokbot) infection from zipped JS file This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-23 – IcedID (Bokbot) infection from…

Read more →

Read the original article: 2021-04-16 – TA551 (Shathak) German-template Word docs push Ursnif (Gozi/ISFB) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-16 – TA551 (Shathak) German-template…

Read more →

Read the original article: 2021-04-16 – BazaLoader (BazarLoader) activity This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-16 – BazaLoader (BazarLoader) activity

Read more →

Read the original article: 2021-04-15 – BazaLoader (BazarLoader) activity This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-15 – BazaLoader (BazarLoader) activity

Read more →

Read the original article: 2021-04-12 – Guildma (Astaroth) activity from Brazil-based malspam This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-12 – Guildma (Astaroth) activity from Brazil-based…

Read more →

Read the original article: 2021-04-14 – BazaLoader (BazarLoader) activity This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-14 – BazaLoader (BazarLoader) activity

Read more →

Read the original article: 2021-04-09 – IcedID (Bokbot) infection from zipped JS file This post doesn’t have text content, please click on the link below to view the original article. Read the original article: 2021-04-09 – IcedID (Bokbot) infection from…

Read more →

Read the original article: 2021-04-06 and 07 – Data dump: Hancitor activity This post doesn’t have text content, please click on the link below to view the original article. 2021-04-06 and 07 – Data dump: Hancitor activity   Become a…

Read more →

Read the original article: 2021-04-07 – Quick post: BazaCall activity This post doesn’t have text content, please click on the link below to view the original article. 2021-04-07 – Quick post: BazaCall activity   Become a supporter of IT Security…

Read more →

Read the original article: 2021-04-01 – Quick post: IcedID (Bokbot) activity This post doesn’t have text content, please click on the link below to view the original article. 2021-04-01 – Quick post: IcedID (Bokbot) activity   Become a supporter of…

Read more →

Read the original article: 2021-03-25 – Medical reminder service trial ending scam emails This post doesn’t have text content, please click on the link below to view the original article. 2021-03-25 – Medical reminder service trial ending scam emails  …

Read more →

Read the original article: 2021-03-19 – IcedID (Bokbot) infection This post doesn’t have text content, please click on the link below to view the original article. 2021-03-19 – IcedID (Bokbot) infection   Become a supporter of IT Security News and…

Read more →

Read the original article: 2021-03-17 – TA551 (Shathak) Italian template Word docs push Ursnif/Gozi/ISFB This post doesn’t have text content, please click on the link below to view the original article. 2021-03-17 – TA551 (Shathak) Italian template Word docs push…

Read more →

Read the original article: 2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511) This post doesn’t have text content, please click on the link below to view the original article. 2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)   Become a supporter of IT Security…

Read more →

Read the original article: 2021-03-12 – Quick post: IcedID malware/artifacts This post doesn’t have text content, please click on the link below to view the original article. 2021-03-12 – Quick post: IcedID malware/artifacts   Become a supporter of IT Security…

Read more →

Read the original article: 2021-03-11 – IcedID (Bokbot) from Excel spreadsheet macro This post doesn’t have text content, please click on the link below to view the original article. 2021-03-11 – IcedID (Bokbot) from Excel spreadsheet macro   Become a…

Read more →

Read the original article: 2021-03-08 – Spelevo Exploit Kit (EK) pushes ZLoader malware This post doesn’t have text content, please click on the link below to view the original article. 2021-03-08 – Spelevo Exploit Kit (EK) pushes ZLoader malware  …

Read more →

Read the original article: 2021-03-02 – Pcap and malware for ISC diary (Qakbot with Cobalt Strike) This post doesn’t have text content, please click on the link below to view the original article. 2021-03-02 – Pcap and malware for ISC…

Read more →

Read the original article: 2021-02-25 – TA551 (Shathak) back to pushing IcedID (Bokbot) This post doesn’t have text content, please click on the link below to view the original article. 2021-02-25 – TA551 (Shathak) back to pushing IcedID (Bokbot)  …

Read more →

Read the original article: 2021-02-24 – Qakbot (Qbot) infection with spambot traffic This post doesn’t have text content, please click on the link below to view the original article. 2021-02-24 – Qakbot (Qbot) infection with spambot traffic   Become a…

Read more →

Read the original article: 2021-02-22 – IcedID (Bokbot) from same type of URL that normally delivers Qakbot This post doesn’t have text content, please click on the link below to view the original article. 2021-02-22 – IcedID (Bokbot) from same…

Read more →

Read the original article: 2021-02-19 – Mensagem “Pascholotto” empurra malware This post doesn’t have text content, please click on the link below to view the original article. 2021-02-19 – Mensagem “Pascholotto” empurra malware   Become a supporter of IT Security…

Read more →

Read the original article: 2021-02-01 thru 2021-02-18 – Quick post: 46 malicious emails This post doesn’t have text content, please click on the link below to view the original article. 2021-02-01 thru 2021-02-18 – Quick post: 46 malicious emails  …

Read more →

Read the original article: 2021-02-17 – Pcap and malware for an ISC diary (Trickbot gtag rob13) This post doesn’t have text content, please click on the link below to view the original article. 2021-02-17 – Pcap and malware for an…

Read more →

Read the original article: 2021-02-08 – Traffic analysis exercise – AscoLimited This post doesn’t have text content, please click on the link below to view the original article. 2021-02-08 – Traffic analysis exercise – AscoLimited   Become a supporter of…

Read more →

Read the original article: 2021-02-09 – Files for an ISC diary (phishing email) This post doesn’t have text content, please click on the link below to view the original article. 2021-02-09 – Files for an ISC diary (phishing email)  …

Read more →

Read the original article: 2021-02-08 – Traffic analysis exercise – AscoLimited This post doesn’t have text content, please click on the link below to view the original article. 2021-02-08 – Traffic analysis exercise – AscoLimited   Become a supporter of…

Read more →

Read the original article: 2021-02-09 – Files for an ISC diary (phishing email) This post doesn’t have text content, please click on the link below to view the original article. 2021-02-09 – Files for an ISC diary (phishing email)  …

Read more →

Read the original article: 2021-02-05 – Spelevo EK sends Sharik/SmokeLoader This post doesn’t have text content, please click on the link below to view the original article. 2021-02-05 – Spelevo EK sends Sharik/SmokeLoader   Become a supporter of IT Security…

Read more →

Read the original article: 2021-02-01 – Files for an ISC diary (SystemBC with Cobalt Strike) This post doesn’t have text content, please click on the link below to view the original article. 2021-02-01 – Files for an ISC diary (SystemBC…

Read more →

Read the original article: 2021-02-04 – Rig EK sends possible BuerLoader This post doesn’t have text content, please click on the link below to view the original article. 2021-02-04 – Rig EK sends possible BuerLoader   Become a supporter of…

Read more →

Read the original article: 2021-01-21 – Traffic Analysis Exercise – WokeMountain This post doesn’t have text content, please click on the link below to view the original article. 2021-01-21 – Traffic Analysis Exercise – WokeMountain   Become a supporter of…

Read more →

Read the original article: 2021-01-19 – Pcap and malware for an ISC diary (Qakbot) This post doesn’t have text content, please click on the link below to view the original article. 2021-01-19 – Pcap and malware for an ISC diary…

Read more →

Read the original article: 2021-01-15 – Emotet infection from Epoch 1 botnet This post doesn’t have text content, please click on the link below to view the original article. 2021-01-15 – Emotet infection from Epoch 1 botnet   Become a…

Read more →

Read the original article: 2021-01-12 thru 2021-01-14 – Six items of malspam received by my admin email This post doesn’t have text content, please click on the link below to view the original article. 2021-01-12 thru 2021-01-14 – Six items…

Read more →

Read the original article: 2021-01-12 (Tuesday) – Pcap and malware for an ISC diary (Hancitor) This post doesn’t have text content, please click on the link below to view the original article. 2021-01-12 (Tuesday) – Pcap and malware for an…

Read more →

Read the original article: 2021-01-14 (Thursday) – Pcap and malware for an ISC diary (Rig EK) This post doesn’t have text content, please click on the link below to view the original article. 2021-01-14 (Thursday) – Pcap and malware for…

Read more →

Read the original article: 2021-01-06 (Wednesday) – Remcos RAT infection This post doesn’t have text content, please click on the link below to view the original article. 2021-01-06 (Wednesday) – Remcos RAT infection   Become a supporter of IT Security…

Read more →

Read the original article: 2020-12-29 (Tuesday) – Quick post: Emotet infection with Trickbot and spambot traffic This post doesn’t have text content, please click on the link below to view the original article. 2020-12-29 (Tuesday) – Quick post: Emotet infection…

Read more →

Read the original article: 2020-12-28 (Monday) – Quick post: Emotet activity resumes after Christmas break This post doesn’t have text content, please click on the link below to view the original article. 2020-12-28 (Monday) – Quick post: Emotet activity resumes…

Read more →

Read the original article: 2020-12-24 (Thursday) – Dridex infection example This post doesn’t have text content, please click on the link below to view the original article. 2020-12-24 (Thursday) – Dridex infection example   Become a supporter of IT Security…

Read more →

Read the original article: 2020-12-23 (Wednesday) – Quick post: Qakbot infection with spambot activity This post doesn’t have text content, please click on the link below to view the original article. 2020-12-23 (Wednesday) – Quick post: Qakbot infection with spambot…

Read more →

Read the original article: 2020-12-23 (Wednesday) – Quick post: recent Emotet activity This post doesn’t have text content, please click on the link below to view the original article. 2020-12-23 (Wednesday) – Quick post: recent Emotet activity   Become a…

Read more →

Read the original article: 2020-12-08 – Files for an ISC diary (recent Qakbot activity) This post doesn’t have text content, please click on the link below to view the original article. 2020-12-08 – Files for an ISC diary (recent Qakbot…

Read more →

Read the original article: 2020-12-08 – Files for an ISC diary (recent Qakbot activity) This post doesn’t have text content, please click on the link below to view the original article. 2020-12-08 – Files for an ISC diary (recent Qakbot…

Read more →

Read the original article: 2020-12-07 – Qakbot (Qbot) infection with Cobalt Strike (Beacon) and spambot activity This post doesn’t have text content, please click on the link below to view the original article. 2020-12-07 – Qakbot (Qbot) infection with Cobalt…

Read more →

Read the original article: 2020-12-03 – TA551 (Shathak) Word docs with Italian template send Ursnif (Gozi/ISFB) with Pushdo This post doesn’t have text content, please click on the link below to view the original article. 2020-12-03 – TA551 (Shathak) Word…

Read more →

Read the original article: 2020-12-03 – Pcap and malware for an ISC diary (traffic analysis quiz) This post doesn’t have text content, please click on the link below to view the original article. 2020-12-03 – Pcap and malware for an…

Read more →

Read the original article: 2020-11-24 – TA551 (Shathak) Word docs with English template push IcedID This post doesn’t have text content, please click on the link below to view the original article. 2020-11-24 – TA551 (Shathak) Word docs with English…

Read more →

Read the original article: 2020-11-20 – TA551 (Shathak) Word docs with Japanese template push IcedID This post doesn’t have text content, please click on the link below to view the original article. 2020-11-20 – TA551 (Shathak) Word docs with Japanese…

Read more →

Read the original article: 2020-11-13 – Traffic Analysis Exercise – Quiethub.net This post doesn’t have text content, please click on the link below to view the original article. 2020-11-13 – Traffic Analysis Exercise – Quiethub.net   Become a supporter of…

Read more →

Read the original article: 2020-11-10 – Pcap and malware for an ICS diary (traffic analysis quiz) This post doesn’t have text content, please click on the link below to view the original article. 2020-11-10 – Pcap and malware for an…

Read more →

Read the original article: 2020-11-12 – Dridex activity This post doesn’t have text content, please click on the link below to view the original article. 2020-11-12 – Dridex activity   Become a supporter of IT Security News and help us…

Read more →

Read the original article: 2020-11-09 – Trickbot from malspam (gtag rob2 and gtag tar2) This post doesn’t have text content, please click on the link below to view the original article. 2020-11-09 – Trickbot from malspam (gtag rob2 and gtag…

Read more →

Read the original article: 2020-11-06 – Possible Agent Tesla (AgentTesla) This post doesn’t have text content, please click on the link below to view the original article. 2020-11-06 – Possible Agent Tesla (AgentTesla)   Become a supporter of IT Security…

Read more →

Read the original article: 2020-11-04 – Quick post: Recent Hancitor activity This post doesn’t have text content, please click on the link below to view the original article. 2020-11-04 – Quick post: Recent Hancitor activity   Become a supporter of…

Read more →

Read the original article: 2020-10-20 – Hancitor infection with something and Cobalt Strike This post doesn’t have text content, please click on the link below to view the original article. 2020-10-20 – Hancitor infection with something and Cobalt Strike  …

Read more →

Read the original article: 2020-10-17 – My Patreon mistake This post doesn’t have text content, please click on the link below to view the original article. 2020-10-17 – My Patreon mistake   Become a supporter of IT Security News and…

Read more →

Read the original article: 2020-10-16 – TA551 (Shathak) Word docs push IcedID This post doesn’t have text content, please click on the link below to view the original article. 2020-10-16 – TA551 (Shathak) Word docs push IcedID   Become a…

Read more →