[archived] - [2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024]
- Still working on restoring these 2021 blog posts.
- 2021-12-23 -- Astaroth/Guildma infection from Brazil malspam
- 2021-12-20 -- Pcap from web server traffic with log4j attempts & lot of other probing/scanning
- 2021-12-16 -- Hancitor infection with Cobalt Strike
- 2021-12-13 -- Pcap from web server with log4j attempts & lot of other probing/scanning
- 2021-12-13 -- Files for an ISC diary (Contact Forms IcedID infection)
- 2021-12-10 -- TA551 (Shathak) IcedID (Bokbot) with Cobalt Strike, BackConnect & Anubis VNC
- 2021-12-07 -- obama141 malspam pushes both Qakbot and Matanbuchus
- 2021-12-03 -- Contact Forms campaign BazarLoader with Cobalt Strike
- 2021-11-30 -- Emotet epoch 4 uses appinstaller for infection
- 2021-11-29 -- Emotet epoch 5 infection from email sent on Friday 2021-11-26
- 2021-11-24 -- "Gigi" campaign pushes BazarLoader, leads to IcedID
- 2021-11-22 -- Contact Forms campaign --> BazarLoader --> Cobalt Strike
- 2021-11-18 -- Emotet epoch 4 activity (emails/malware/pcap)
- 2021-11-15 -- Matanbuchus --> Qakbot obama128b --> Cobalt Strike
- 2021-11-15 -- Emotet malspam and malware samples for ISC diary
- 2021-11-05 -- TA551 (Shathak) BazarLoader with BackConnect, Cobalt Strike & Dark Cat VNC
- 2021-11-04 -- TR distribution Qakbot (Qbot) with Cobalt Strike
- 2021-11-03 -- TA551 (Shathak) BazarLoader with Cobalt Strike
- 2021-10-29 -- Files for my talk at the 2021 Texas Cyber Summit
- 2021-10-20 -- Files for an ISC diary (Stolen Images Evidence --> Sliver)
- 2021-10-20 -- TA551 (Shathak) pushes Sliver-based malware
- 2021-10-14 -- "Stolen Images Evidence" campaign pushes BazarLoader
- 2021-10-13 -- Malspam-based Dridex activity
- 2021-10-12 -- Data dump: "Stolen Images Evidence" campaign pushes IcedID (Bokbot)
- 2021-10-07 -- obama111 Qakbot (Qbot) with Cobalt Strike
- 2021-10-06 -- "Stolen Images Evidence" campaign pushes Gozi/ISFB/Ursnif
- 2021-10-05 -- MirrorBlast/Kixtart infection
- 2021-10-04 -- MirrorBlast/Kixtart, ReflectiveGnome, and FlawedGrace infection
- 2021-10-01 -- TR Qakbot (Qbot) infection with spambot activity
- 2021-09-29 -- Hancitor with Cobalt Strike
- 2021-09-24 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
- 2021-09-23 -- Gozi/IFSB/Ursnif with Raccoon Stealer
- 2021-09-23 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
- 2021-09-22 -- Squirrelwaffle Loader with Qakbot and Cobalt Strike
- 2021-09-21 -- Squirrelwaffle Loader with Cobalt Strike
- 2021-09-21 -- Brazil currículo (resume) themed malspam
- 2021-09-20 -- Qakbot (Qbot) returns after 2 month absence
- 2021-09-20 -- TA551 (Shathak) pushes BazarLoader
- 2021-09-20 -- Squirrelwaffle Loader with Cobalt Strike
- 2021-09-17 -- Squirrelwaffle Loader with Cobalt Strike
- 2021-09-14 -- Pcap and malware for an ISC diary (Hancitor with Cobalt Strike)
- 2021-09-03 -- GuLoader for possible Remcos RAT
- 2021-09-02 -- Hancitor with Cobalt Strike
- 2021-09-01 -- TA551 (Shathak) BazarLoader to Trickbot gtag zev4
- 2021-08-31 -- Astaroth/Guildma from Brazil malspam
- 2021-08-30 -- Pcap and malware for an ISC diary (STRRAT)
- 2021-08-30 -- Quick post: TA551 (Shathak) BazarLoader
- 2021-08-19 -- Quick post: BazarLoader --> Cobalt Strike --> AdFind
- 2021-08-12 -- Stolen Images Evidence.zip -> BazarLoader -> Cobalt Strike
- 2021-08-10 -- Pcap & malware for ISC diary (TA551 -> BazarLoader -> Cobalt Strike)
- 2021-08-05 -- AZORult distributed through malspam
- 2021-07-21 -- TA551 (Shathak) BazarLoader with Cobalt Strike
- 2021-07-15 -- TA551 (Shathak) Trickbot gtag zev1 with Cobalt Strike
- 2021-07-12 -- Trickbot gtag rob106
- 2021-07-02 -- Astaroth/Guildma from Brazil malspam
- Still working on restoring these 2021 blog posts.
Click here to return to the main page.