Malware-Traffic-Analysis.net - My technical blog posts - 2016

[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023]

2016-12-30 -- EK data dump (Rig-E, Rig-V, and Sundown EK)
2016-12-29 -- Another Cerber malspam run
2016-12-29 -- EITest Rig-E from 191.101.31.114 sends Chthonic banking Trojan
2016-12-29 -- pseudoDarkleech Rig-V from 92.53.105.158 sends Cerber ransomware
2016-12-28 -- Sundown EK data dump
2016-12-27 -- pseudoDarkleech Rig-V from 109.234.37.178 sends Cerber ransomware
2016-12-27 -- EITest Rig-E from 185.156.173.99 send Chthonic banking Trojan
2016-12-26 -- pseudoDarkleech Rig-V from 194.87.232.80 sends Cerber ransomware
2016-12-23 -- Afraidgate Rig-V from 81.177.140.7 sends "Osiris" variant Locky
2016-12-22 -- Fake Walgreens malspam distributes Cerber ransomware
2016-12-22 -- pseudoDarkleech Rig-V from 92.53.119.238 sends Cerber ransomware
2016-12-21 -- pseudoDarkleech Rig-V from 195.133.201.36 sends Cerber ransomware
2016-12-21 -- EITest Rig-E from 185.162.9.119
2016-12-21 -- Afraidgate Rig-V from 195.133.201.36 sends "Osiris" variant Locky
2016-12-20 -- "Osiris" Locky malspam with Excel files containing malicious macros
2016-12-20 -- TDS-based Rig-V from 195.133.201.250 sends Terdot.A/Zloader
2016-12-19 -- Portuguese voucher malspam - Subject: ?
2016-12-19 -- EITest Rig-E from 86.104.15.189 sends Zeprox.B
2016-12-16 -- "Osiris" Locky malspam with Word docs containing malicious macros
2016-12-16 -- Pcap and malware for an ISC diary
2016-12-15 -- Pcap and malware for an ISC diary
2016-12-13 -- pseudoDarkleech Rig-V from 195.133.48.182 sends Cerber ransomware
2016-12-13 -- EITest Rig-E from 185.162.8.155 sends Gootkit
2016-12-12 -- "Osiris" variant Locky malspam with zip attachments containing .jse files
2016-12-12 -- EITest Rig-V from 194.87.147.187 sends CryptoMix ransomware
2016-12-11 -- pseudoDarkleech Rig-V from 195.133.48.182 sends Cerber ransomware
2016-12-09 -- "Osiris" variant Locky malspam
2016-12-09 -- Afraidgate Rig-V from 109.234.35.39 sends "Osiris" variant Locky
2016-12-08 -- Sundown EK from 193.70.64.80 and 193.70.64.91
2016-12-07 -- KaiXin EK from 220.169.242.216
2016-12-07 -- Rig EK data dump
2016-12-06 -- Rig EK data dump
2016-12-05 -- Rig EK data dump
2016-12-02 -- pseudoDarkleech Rig-V from 109.234.34.24 sends Cerber ransomware
2016-12-01 -- EITest Rig-E from 70.39.115.202 sends Geodo/Emotet
2016-12-01 -- Malspam - Subject: DHL Italy - Notifica spedizione

2016-11-30 -- Malspam - Subject: DHL Italy - informazioni richieste
2016-11-30 -- Rig EK data dump
2016-11-29 -- "zzzzz" variant Locky malspam
2016-11-28 -- EITest Rig-E from 146.0.72.186 sends Chthonic banking Trojan
2016-11-28 -- Brazilian malspam - Subject: Cobranca Atualizada
2016-11-28 -- pseudoDarkleech Rig-V from 194.87.238.156 sends Cerber ransomware
2016-11-28 -- EITest Rig-V from 194.87.238.156 sends CryptoMix ransomware
2016-11-23 -- Rig EK data dump
2016-11-22 -- Rig EK data dump
2016-11-21 -- Rig EK data dump
2016-11-21 -- "Aesir" variant Locky malspam
2016-11-18 -- Pcap and malware for an ISC diary
2016-11-17 -- Rig-E updates payload encryption, sends CHIP ransomware
2016-11-16 -- EITest campaign Sundown EK
2016-11-16 -- Rig EK data dump
2016-11-16 -- Pcap and malware for an ISC diary
2016-11-15 -- Rig EK data dump
2016-11-14 -- EITest campaign Sundown EK from 164.132.116.54
2016-11-13 -- pseudoDarkleech RIG-v from 109.234.35.232 sends Cerber ransomware
2016-11-10 -- EITest RIG standard from 195.133.147.32 sends CryptFile2 ransomware
2016-11-10 -- EITest RIG-E from 70.39.114.226 causes Vawtrak infection
2016-11-10 -- pseudoDarkleech RIG-v from 109.234.34.91 sends Cerber ransomware
2016-11-09 -- Rig EK/RIG-v data dump
2016-11-08 -- Rig EK/RIG-v data dump
2016-11-08 -- jRAT malspam - Subject: MTCN Reg Query: OPS189985651
2016-11-07 -- EITest Rig EK from 195.133.146.67 sends CryptFile2 ransomware
2016-11-07 -- EITest Rig EK from 185.117.75.239
2016-11-07 -- pseudoDarkleech RIG-v from 195.133.146.68 sends Cerber ransomware
2016-11-06 -- pseudoDarkleech RIG-v from 5.200.55.16 sends Cerber ransomware
2016-11-04 -- pseudoDarkleech RIG-v from 109.234.37.37 sends Cerber ransomware
2016-11-04 -- Facebook-themed malspam: "Denuncia de racismo em seu perfil"
2016-11-03 -- "Thor" variant Locky malspam
2016-11-02 -- EITest Sundown EK from 185.141.26.17 sends MSIL/Kryptik
2016-11-02 -- EITest Rig EK from 185.141.26.17
2016-11-01 -- EITest Rig EK

2016-10-31 -- Facebook-themed malspam
2016-10-31 -- pseudoDarkleech RIG-v from 64.187.225.228 sends Cerber ransomware
2016-10-31 -- EITest Rig EK from 176.223.111.95
2016-10-31 -- pseudoDarkleech RIG-v sends DDoS botnet malware
2016-10-28 -- EITest Rig EK sends CryptFile2 ransomware & Chthonic banking trojan
2016-10-28 -- pseudoDarkleech RIG-v from 109.234.35.124 sends Cerber ransomware
2016-10-27 -- pseudoDarkleech RIG-v from 185.158.152.45 sends Cerber ransomware
2016-10-27 -- EITest Rig EK from 93.115.38.143 sends Chthonic banking trojan
2016-10-26 -- Adwind (jRAT) malspam
2016-10-26 -- pseudoDarkleech RIG-v from 212.8.246.7 sends Cerber ransomware
2016-10-25 -- Rig EK data dump: Regular Rig vs RIG-v
2016-10-24 -- ".shit" variant Locky malspam
2016-10-24 -- pseudoDarkleech Rig EK from 95.183.12.11 sends Cerber ransomware
2016-10-23 -- Adwind (jRAT) malspam - Subj: ** Current Balance SAS - XpressMoney **
2016-10-23 -- Afraidgate Rig EK from 194.87.144.48 sends Locky ransomware
2016-10-20 -- pseudoDarkleech Rig EK data dump
2016-10-20 -- EITest Rig EK data dump
2016-10-19 -- EITest Rig EK from 185.45.193.52
2016-10-18 -- pseudoDarkleech Rig EK from 195.133.201.132 sends Cerber ransomware
2016-10-18 -- EITest Rig EK from 195.133.201.133 sends CryptFile2 ransomware
2016-10-17 -- Sundown EK from 37.139.47.53 sends Locky ransomware
2016-10-17 -- pseudoDarkleech Rig EK from 5.200.35.126 sends Cerber ransomware
2016-10-17 -- EITest Rig EK from 195.133.201.121 sends CryptFile2 ransomware
2016-10-14 -- Pcap and malware for an ISC diary
2016-10-14 -- Afraidgate Rig EK from 194.87.237.217 sends Locky ransomware
2016-10-13 -- EITest Rig EK from 185.141.26.108
2016-10-12 -- pseudoDarkleech Rig EK from 109.234.36.39 sends Cerber ransomware
2016-10-12 -- Afraidgate Rig EK from 109.234.36.39 sends Locky ransomware
2016-10-11 -- EITest Rig EK data dump (Cerber, Ursnif, and Neutrino payloads)
2016-10-10 -- pseudoDarkleech Rig EK from 195.133.48.98 sends Cerber ransomware
2016-10-10 -- EITest Rig EK data dump
2016-10-07 -- pseudoDarkleech Rig EK from 108.61.167.148 sends Cerber ransomware
2016-10-07 -- EITest Rig EK from 178.32.92.100
2016-10-06 -- pseudoDarkleech Rig EK from 107.191.63.102 sends Cerber ransomware
2016-10-06 -- EITest Rig EK
2016-10-06 -- Portuguese malspam: Pay your Meu Vivo (My Vivo) account
2016-10-05 -- pseudoDarkleech Rig EK from 195.133.201.61 sends Cerber ransomware
2016-10-05 -- EITest Rig EK from 194.87.239.148 sends CryptFile2 ransomware
2016-10-04 -- Afraidgate Rig EK from 194.87.239.147 sends Locky ransomware
2016-10-04 -- pseudoDarkleech Rig EK from 194.87.239.147 sends Cerber ransomware
2016-10-04 -- EITest RigEK stops using gate
2016-10-03 -- pseudoDarkleech Rig EK from 194.87.145.238 sends Cerber ransomware
2016-10-03 -- Afraidgate Rig EK from 194.87.145.238

2016-09-30 -- pseudoDarkleech Rig EK from 51.255.213.167 sends CrypMIC ransomware
2016-09-29 -- EITest Rig EK data dump (Cerber, CryptFile2, other payloads)
2016-09-28 -- EITest Rig EK data dump
2016-09-28 -- pseudoDarkleech Rig EK from 91.134.160.174 sends CrypMIC ransomware
2016-09-28 -- Pcap and malware for an ISC diary
2016-09-27 -- Afraidgate campaign switches to Rig EK, sends Odin variant Locky
2016-09-26 -- Odin variant Locky malspam
2016-09-26 -- EITest Rig EK from 185.141.25.151
2016-09-26 -- New host profiling traffic from downloader for Locky ransomware
2016-09-26 -- pseudoDarkleech Rig EK from 5.196.126.167 sends CrypMIC ransomware
2016-09-23 -- Brazilian malspam - Subject: Entrega Correios (65412)
2016-09-23 -- pseudoDarkleech Rig EK from 74.208.147.73 sends CrypMIC ransomware
2016-09-22 -- pseudoDarkleech Rig EK from 74.208.153.31 sends CrypMIC ransomware
2016-09-22 -- Afraidgate Neutrino EK from 78.46.167.130 sends Locky ransomware
2016-09-21 -- Boleto malspam
2016-09-21 -- Two examples of EITest Rig EK
2016-09-21 -- Pcap and malware for an ISC diary
2016-09-20 -- pseudoDarkleech Rig EK from 74.208.192.75 sends CrypMIC
2016-09-19 -- EITest Rig EK from 109.234.36.38 sends CryptFile2 ransomware
2016-09-16 -- EK data dump - EITest & pseudoDarkleech Rig EK, Afraidgate Neutrino EK
2016-09-16 -- EITest Rig EK - Updated pattern for injected EITest script
2016-09-16 -- pseudoDarkleech Rig EK still fails at DLL payload - CrypMIC sent as EXE
2016-09-15 -- Two examples of EITest Rig EK
2016-09-14 -- pseudoDarkleech switches to Rig EK - CrypMIC ransomware sent as EXE
2016-09-14 -- EITest gate URL patterns changed
2016-09-13 -- Two examples of EITest Rig EK: one a successful EXE and one a failed DLL
2016-09-12 -- pseudoDarkleech Neutrino EK from 74.208.193.214 sends CrypMIC
2016-09-12 -- EITest Rig EK from 185.117.73.160 sends Vawtrak
2016-09-12 -- Zepto variant Locky malspam
2016-09-11 -- pseudoDarkleech Neutrino EK from 137.74.223.60 sends CrypMIC
2016-09-08 -- EITest Rig EK from 185.117.73.140
2016-09-08 -- Brazilian malspam: "price of these products"
2016-09-07 -- pseudoDarkleech Neutrino EK sends CrypMIC ransomware
2016-09-06 -- pseudoDarkleech Neutrino EK sends CrypMIC ransomware
2016-09-02 -- pseudoDarkleech Neutrino EK from 74.208.171.129 sends CrypMIC
2016-09-02 -- Android app - Guide for Pokemon Go
2016-09-01 -- EITest Rig EK from 185.141.27.37 sends Bart ransomware
2016-09-01 -- pseudoDarkleech Neutrino EK from 74.208.171.140 sends CrypMIC

2016-08-31 -- EITest Rig EK from 185.117.72.99
2016-08-31 -- pseudoDarkleech Neutrino EK from 69.162.96.148 sends CrypMIC
2016-08-30 -- EITest Rig EK sends CryptFile2 ransomware
2016-08-30 -- EITest campaign sends Rig EK or Neutrino EK
2016-08-30 -- Boleto malspam
2016-08-29 -- Afraidgate Neutrino EK from 5.2.73.124 sends Locky ransomware
2016-08-29 -- pseudoDarkleech Neutrino EK from 74.208.154.9 sends CrypMIC
2016-08-29 -- EITest Rig EK from 178.32.92.126 sends Nymaim or GozNym variant
2016-08-29 -- Rig EK from 178.32.92.0/24
2016-08-26 -- EITest Rig EK sends CryptFile2 ransomware
2016-08-26 -- Boleto malspam
2016-08-26 -- Rig EK from 109.234.36.198 sends Graybird backdoor Trojan
2016-08-25 -- Boleto malspam
2016-08-24 -- EITest Rig EK from 178.32.92.113
2016-08-24 -- PseudoDarkleech Neutrino EK from 74.208.154.9 sends CrypMIC
2016-08-24 -- Boleto malspam
2016-08-23 -- Fake tech support popup
2016-08-23 -- PseudoDarkleech Neutrino EK from 74.208.209.10 sends CrypMIC
2016-08-23 -- Boleto malspam
2016-08-22 -- EITest Rig EK from 178.32.173.180 sends Gootkit
2016-08-22 -- Boleto malspam
2016-08-19 -- Boleto malspam
2016-08-19 -- EITest Rig EK from 185.117.75.34
2016-08-18 -- Boleto malspam
2016-08-18 -- Afraidgate Neutrino EK from 176.31.223.167 sends Locky ransomware
2016-08-18 -- pseudoDarkleech Neutrino EK from 176.31.151.176 sends CrypMIC
2016-08-18 -- EITest Rig EK from 131.72.139.33 sends Gootkit
2016-08-17 -- Boleto malspam
2016-08-17 -- Pcaps and malware for an ISC diary
2016-08-16 -- Boleto malspam
2016-08-16 -- pseudoDarkleech goes from Neutrino EK to Rig EK then back to Neutrino
2016-08-15 -- Boleto malspam
2016-08-15 -- Zepto variant Locky malspam
2016-08-13 -- Boleto malspam
2016-08-12 -- pseudoDarkleech Neutrino EK from 74.208.99.201 sends CrypMIC
2016-08-11 -- EITest Neutrino EK from 107.6.177.2 sends CrypMIC ransomware
2016-08-10 -- Magnitude EK from 185.30.232.85 sends Cerber ransomware
2016-08-08 -- Locky malspam - Subject: Copy: IMG(6559)
2016-08-05 -- EITest Neutrino EK sends CrypMIC ransomware
2016-08-05 -- Magnitude EK from 185.30.232.65 sends Cerber ransomware
2016-08-01 -- pseudoDarkleech Neutrino EK from 64.150.187.10 sends CrypMIC

2016-07-29 -- EK data dump (Magnitude EK, EITest Neutrino EK)
2016-07-29 -- EITest Neutrino EK sends CrypMIC ransomware
2016-07-28 -- PseudoDarkleech Neutrino EK sends CrypMIC ransomware
2016-07-27 -- Afraidgate Neutrino EK from 185.140.33.99 sends Locky ransomware
2016-07-26 -- Malspam hunt
2016-07-26 -- PseudoDarkleech Neutrino EK sends CrypMIC ransomware
2016-07-25 -- Boleto malspam - Subject: Boleto de Cobranca - FIX - URGENTE
2016-07-25 -- Magnitude EK from 51.254.181.39 sends Cerber ransomware
2016-07-25 -- EITest Neutrino EK from 137.74.156.191 sends CryptXXX ransomware
2016-07-25 -- pseudoDarkleech Neutrino EK from sends CryptXXX ransomware
2016-07-22 -- PseudoDarkleech Neutrino EK from 188.138.70.188 sends CryptXXX
2016-07-22 -- Afraidgate Neutrino EK from 185.140.33.76 sends Locky ransomware
2016-07-21 -- Locky malspam - Subject: Financial statement
2016-07-21 -- EITest Neutrino EK from 185.106.120.219 sends Bandarchor ransomware
2016-07-21 -- Neutrino EK sends Bandarchor ransomware
2016-07-21 -- PseudoDarkleech Neutrino EK sends CryptXXX ransomware
2016-07-20 -- PseudoDarkleech Neutrino EK sends CryptXXX ransomware
2016-07-20 -- Neutrino EK from 131.72.139.201 sends Bandarchor ransomware
2016-07-20 -- EITest Neutrino EK from 131.72.139.201
2016-07-19 -- EITest Neutrino EK from 74.208.185.198 sends CryptXXX ransomware
2016-07-19 -- Afraidgate Neutrino EK from 5.2.72.114 sends Locky ransomware
2016-07-18 -- Neutrino EK from 185.141.25.59 sends Bandarchor ransomware
2016-07-18 -- PseudoDarkleech Neutrino EK from 85.93.93.163 sends CryptXXX
2016-07-15 -- Neutrino EK from 5.2.72.237 sends Gootkit
2016-07-15 -- PseudoDarkleech Neutrino EK from 74.208.75.94 sends CryptXXX
2016-07-14 -- Afraidgate Neutrino EK from 5.2.72.236 sends Locky ransomware
2016-07-14 -- Neutrino EK from 185.141.25.57 sends Bandarchor ransomware
2016-07-13 -- Neutrino EK data dump with "juicylemon" Bandarchor
2016-07-12 -- Locky malspam - Subject: Fw:
2016-07-11 -- EK data dump (Magnitude EK, Neutrino EK)
2016-07-08 -- EK dump - Neutrino EK sends CryptXXX & Gootkit, Rig EK sends CrypotBit
2016-07-07 -- Neutrino EK sends CrypMIC (EITest and pseudo-Darkleech campaigns)
2016-07-07 -- Pizzacrypts... Really?
2016-07-06 -- Pcap and malware for an ISC diary
2016-07-05 -- Magnitude EK from 62.138.5.199 sends Cerber ransomware
2016-07-01 -- Neutrino EK and "realstatistics" gate change

Neutrino EK data dump

2016-06-29 -- EK data dump (more Neutrino EK, Rig EK)
2016-06-28 -- EK data dump (Neutrino EK, Rig EK)
2016-06-27 -- Monday malspam hunt - Locky
2016-06-26 -- Rig EK from 46.30.42.236 sends Cerber ransomware
2016-06-25 -- malspam - Subj: Boleto Condominio em Aberto
2016-06-24 -- pseudo-Darkleech Neutrino EK sends CryptXXX ransomware
2016-06-23 -- Neutrino EK from 108.163.224.94 sends CryptXXX
2016-06-21 -- Data dump - Neutrino EK sends CryptXXX
2016-06-20 -- EK data dump (Neutrino EK, Rig EK, Sundown EK)
2016-06-17 -- pseudo-Darkleech Neutrino EK from 45.63.25.106
2016-06-15 -- Sundown EK from 45.63.26.202 sends Flash and Silverlight exploits
2016-06-10 -- EK data dump (Neutrino EK, Rig EK)
2016-06-09 -- Boleto malspam
2016-06-09 -- Smutty malspam
2016-06-08 -- Pcaps and malware for an ISC diary
2016-06-07 -- Pcaps and malware for an ISC diary
2016-06-06 -- EK data dump (Neutrino EK, Rig EK)
2016-06-02 -- EK data dump (Angler EK, KaiXin EK, Rig EK)
2016-06-01 -- pseudo-Darkleech Angler EK sends CryptXXX
2016-06-01 -- Rig EK from 46.30.46.6 sends Tofsee

2016-05-31 -- pseudo-Darkleech Angler EK from 93.170.76.189 sends Bedep/CryptXXX
2016-05-31 -- KaiXin EK from 98.126.83.188 and 98.126.83.189
2016-05-31 -- Tuesday malspam hunt - more Locky (always more Locky)
2016-05-27 -- Rig EK sends Tofsee
2016-05-26 -- Angler EK sends updated version of CryptXXX ransomware
2016-05-25 -- EK traffic dump
2016-05-24 -- Tuesday malspam hunt - "The horror! The horror!"
2016-05-23 -- pseudo-Darkleech Angler EK from 91.134.206.131 sends CryptXXX
2016-05-20 -- Pcap and malware for an ISC diary I wrote
2016-05-19 -- Locky malspam - Fake HP Scanjet messages
2016-05-18 -- pseudo-Darkleech Angler EK from 188.138.70.181 sends CryptXXX
2016-05-17 -- Rig EK from 46.30.43.35 sends Tofsee
2016-05-16 -- EITest Angler EK from 185.117.75.131 sends Ramnit
2016-05-14 -- pseudo-Darkleech Angler EK sends CryptXXX
2016-05-12 -- pseudo-Darkleech Angler EK from 69.162.126.171 sends CryptXXX
2016-05-11 -- Angler EK: two campaigns, four pcaps
2016-05-10 -- Tuesday malspam hunt - Cerber, Locky, and Portuguese malspam
2016-05-09 -- pseudo-Darkleech Angler EK from 185.118.66.154 sends Bedep/CryptXXX
2016-05-06 -- Rig EK from 46.30.46.38 sends Tofsee
2016-05-05 -- Thursday malspam hunt - Dridex and Locky
2016-05-05 -- Neutrino EK/Cerber and Angler EK/Bedep/CryptXXX
2016-05-04 -- Pcap and malware for an ISC diary I wrote
2016-05-03 -- Locky malspam - various subject lines
2016-05-02 -- pseudo-Darkleech Angler EK from 185.73.221.95 sends Bedep/CryptXXX

2016-04-29 -- Angler and Neutrino EK data dump
2016-04-28 -- Thursday malspam hunt
2016-04-28 -- pseudo-Darkleech Angler EK from 92.222.67.38 sends Bedep/CryptXXX
2016-04-27 -- Locky malspam - Subject: Price list
2016-04-27 -- EITest gate generates Neutrino EK and Angler EK
2016-04-26 -- pseudo-Darkleech Angler EK from 85.93.93.166 sends Bedep/CryptXXX
2016-04-23 -- Pcap and malware for an ISC diary I wrote
2016-04-22 -- pseudo-Darkleech Angler EK from 192.169.189.151 sends Bedep/CryptXXX
2016-04-21 -- Rig EK from 5.200.35.189 sends Tofsee
2016-04-20 -- pseudo-Darkleech Angler EK sends Bedep/CryptXXX
2016-04-19 -- TeslaCrypt malspam - Subj: Your Latest Documents from Angel Springs Ltd
2016-04-18 -- EITest and pseudo-Darkleech Angler EK
2016-04-13 -- pseudo-Darkleech Angler EK sends TeslaCrypt
2016-04-11 -- pseudo-Darkleech Angler EK from 148.251.249.110
2016-04-08 -- Three examples of EK traffic
2016-04-07 -- EITest Angler EK from 185.117.75.227
2016-04-06 -- pseudo-Darkleech Angler EK from 85.143.223.178 sends TeslaCrypt
2016-04-05 -- TeslaCrypt malspam - Subj: Actual Status on Your Balance
2016-04-04 -- Angler EK from 198.16.89.55 sends Bedep
2016-04-01 -- pseudo-Darkleech Angler EK from 185.82.216.45 sends TeslaCrypt

2016-03-31 -- Rig EK from 188.227.74.171
2016-03-29 -- EK data dump (5 Angler, 1 Nuclear)
2016-03-28 -- Pseudo-Darkleech Angler EK from 185.46.10.230
2016-03-24 -- Angler and Nuclear EK kicked off by same compromised site
2016-03-23 -- Two examples of Angler EK
2016-03-22 -- KaiXin EK from 58.229.121.108
2016-03-21 -- Angler EK data dump
2016-03-18 -- Angler EK data dump
2016-03-15 -- Angler EK data dump
2016-03-14 -- Rig EK from 188.227.72.46
2016-03-14 -- Angler EK data dump
2016-03-11 -- Angler EK from 91.227.68.180
2016-03-10 -- Pcap and malware for an ISC diary I wrote
2016-03-09 -- Angler EK data dump
2016-03-08 -- pseudo-Darkleech Angler EK from 85.143.220.117
2016-03-07 -- Angler EK data dump
2016-03-04 -- Angler EK data dump
2016-03-03 -- Angler EK data dump
2016-03-02 -- Admedia gate for Angler EK states "helloresearcher"
2016-03-02 -- Angler EK sends TeslaCrypt
2016-03-01 -- Admedia Angler EK from 188.120.227.14 delivers TeslaCrypt

2016-02-29 -- Angler EK data dump
2016-02-26 -- Angler EK from 66.225.241.46 sends TeslaCrypt
2016-02-24 -- Compromised website generates two Angler EK chains
2016-02-23 -- Two examples of Admedia Angler EK
2016-02-23 -- Rig EK data dump
2016-02-22 -- Angler EK data dump
2016-02-19 -- Admedia Angler EK data dump
2016-02-18 -- Angler EK data dump
2016-02-18 -- Pcap and malware for an ISC diary I wrote
2016-02-15 -- Nuclear EK from 198.199.124.127 sends Vawtrak
2016-02-15 -- Three infections with Angler EK delivering TeslaCrypt
2016-02-12 -- Two infections with Angler EK delivering TeslaCrypt
2016-02-12 -- Neutrino EK from 45.32.181.74 send Necurs
2016-02-11 -- Admedia Angler EK from 37.46.133.10 sends TeslaCrypt
2016-02-10 -- EITest Angler EK from 89.45.67.75
2016-02-09 -- Angler EK from 80.78.243.50 sends TeslaCrypt
2016-02-07 -- Rig EK from 188.227.16.59
2016-02-05 -- Angler EK from 148.251.249.108 sends CryptoWall
2016-02-03 -- EITest Angler EK sends HydraCrypt ransomware
2016-02-03 -- Recent examples of Nuclear EK sending TeslaCrypt ransomware
2016-02-01 -- Wave of Dridex malspam

2016-01-29 -- Angler EK from 5.135.104.85 sends CryptoWall
2016-01-28 -- Compromised website generates both Angler EK and Rig EK
2016-01-27 -- Angler EK from 185.49.68.132 sends CryptoWall
2016-01-26 -- EITest Angler EK sends Bedep and TeslaCrypt
2016-01-25 -- EITest Angler EK from 86.106.93.21
2016-01-19 -- EITest Angler EK from 89.45.67.196
2016-01-18 -- Two infections (Rig EK and Angler EK)
2016-01-17 -- Angler EK from 31.148.99.125 sends CryptoWall
2016-01-12 -- Pcap and malware for an ISC diary I wrote
2016-01-11 -- Rig EK from 46.30.43.79 sends Qbot
2016-01-04 -- Neutrino EK from 45.32.238.202 sends CryptoWall

Return to main menu

Copyright © 2016 | Malware-Traffic-Analysis.net