[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• Still working on restoring these 2016 blog posts.

• 2016-12-30 -- EK data dump (Rig-E, Rig-V, and Sundown EK)
• 2016-12-29 -- Another Cerber ransomware run
• 2016-12-29 -- EITest Rig-E from 191.101.31[.]114 sends Chthonic banking Trojan
• 2016-12-29 -- pseudoDarkleech Rig-V from 92.53.105[.]158 sends Cerber ransomware
• 2016-12-28 -- Sundown EK data dump
• 2016-12-27 -- pseudoDarkleech Rig-V from 109.234.37[.]178 sends Cerber ransomware
• 2016-12-27 -- EITest Rig-E from 185.156.173[.]99 sends Chthonic banking Trojan
• 2016-12-26 -- pseudoDarkleech Rig-V from 194.87.232[.]80 sends Cerber ransomware
• 2016-12-23 -- Afraidgate Rig-V from 81.177.140[.]7 sends "Osiris" variant Locky ransomware
• 2016-12-22 -- Fake Walgreens malspam distributes Cerber ransomware
• 2016-12-22 -- pseudoDarkleech Rig-V from 92.53.119[.]238 sends Cerber ransomware
• 2016-12-21 -- pseudoDarkleech Rig-V from 195.133.201[.]36 sends Cerber ransomware
• 2016-12-21 -- EITest Rig-E from 185.162.9[.]119
• 2016-12-21 -- Afraidgate Rig-V from 195.133.201.[3]6 sends "Osiris" variant Locky ransomware
• 2016-12-20 -- "Osiris" variant Locky ransomware from Excel files with macros
• 2016-12-20 -- TDS-based Rig-V from 195.133.201[.]250 sends Terdot.A/Zloader
• 2016-12-19 -- Malware infection from link in email
• 2016-12-19 -- EITest Rig-E from 86.104.15[.]189 sends Zeprox.B
• 2016-12-16 -- "Osiris" Locky ransomware from Word docs with macros
• 2016-12-16 -- Files for an ISC diary (Cerber ransomware)
• 2016-12-15 -- Files for an ISC diary (Cerber ransomware)
• 2016-12-13 -- pseudoDarkleech Rig-V from 195.133.48[.]182 sends Cerber ransomware
• 2016-12-13 -- EITest Rig-E from 185.162.8[.]155 sends Gootkit
• 2016-12-12 -- "Osiris" variant Locky ransomware from .jse files
• 2016-12-12 -- EITest Rig-V from 194.87.147[.]187 sends CryptoMix ransomware
• 2016-12-11 -- pseudoDarkleech Rig-V from 195.133.48[.]182 sends Cerber ransomware
• 2016-12-09 -- "Osiris" variant Locky ransomware
• 2016-12-09 -- Afraidgate Rig-V from 109.234.35[.]39 sends "Osiris" variant Locky ransomware
• 2016-12-08 -- Sundown EK from 193.70.64[.]80 and 193.70.64[.]91
• 2016-12-07 -- KaiXin EK from 220.169.242[.]216
• 2016-12-07 -- Rig EK data dump
• 2016-12-06 -- Rig EK data dump
• 2016-12-05 -- Rig EK data dump
• 2016-12-02 -- pseudoDarkleech Rig-V from 109.234.34[.]24 sends Cerber ransomware
• 2016-12-01 -- EITest Rig-E from 70.39.115[.]202 sends Emotet
• 2016-12-01 -- Gozi (ISFB) infection from Italian email

• 2016-11-30 -- Gozi (ISFB) infection from Italian email
• 2016-11-30 -- Rig EK data dump
• 2016-11-29 -- "zzzzz" variant Locky ransomware
• 2016-11-28 -- EITest Rig-E from 146.0.72[.]186 sends Chthonic banking Trojan
• 2016-11-28 -- Malware infection from Brazilian email
• 2016-11-28 -- pseudoDarkleech Rig-V from 194.87.238[.]156 sends Cerber ransomware
• 2016-11-28 -- EITest Rig-V from 194.87.238[.]156 sends CryptoMix ransomware
• 2016-11-23 -- Rig EK data dump
• 2016-11-22 -- Rig EK data dump
• 2016-11-21 -- Rig EK data dump
• 2016-11-21 -- "Aesir" variant Lucky ransomware
• 2016-11-18 -- Files for an ISC diary
• 2016-11-17 -- Rig-E updates payload encryption, sends CHIP ransomware
• 2016-11-16 -- EITest campaign Sundown EK
• 2016-11-16 -- Rig EK data dump
• 2016-11-16 -- Files for an ISC diary
• 2016-11-15 -- Rig EK data dump
• 2016-11-14 -- EITest campaign Sundown EK from 164.132.116[.]54
• 2016-11-13 -- pseudoDarkleech RIG-v from 109.234.35[.]232 sends Cerber ransomware
• 2016-11-10 -- EITest RIG standard from 195.133.147[.]32 sends CryptFile2 ransomware
• 2016-11-10 -- EITest RIG-E from 70.39.114[.]226 causes Vawtrak infection
• 2016-11-10 -- pseudoDarkleech RIG-v from 109.234.34[.]91 sends Cerber ransomware
• 2016-11-09 -- Rig EK/RIG-v data dump
• 2016-11-08 -- Rig EK/RIG-v data dump
• 2016-11-08 -- jRAT infection from email link
• 2016-11-07 -- EITest Rig EK from 195.133.146[.]67 sends CryptFile2 ransomware
• 2016-11-07 -- EITest Rig EK from 185.117.75[.]239
• 2016-11-07 -- pseudoDarkleech RIG-v from 195.133.146[.]68 sends Cerber ransomware
• 2016-11-06 -- pseudoDarkleech RIG-v from 5.200.55[.]16 sends Cerber ransomware
• 2016-11-04 -- pseudoDarkleech RIG-v from 109.234.37[.]37 sends Cerber ransomware
• 2016-11-04 -- Malware infection from link in email
• 2016-11-03 -- "Thor" variant Locky ransomware
• 2016-11-02 -- EITest Sundown EK from 185.141.26[.]17 sends MSIL/Kryptik
• 2016-11-02 -- EITest Rig EK from 185.141.26[.]17
• 2016-11-01 -- EITest Rig EK

• 2016-10-31 -- Infection traffic from email link
• 2016-10-31 -- pseudoDarkleech RIG-v from 64.187.225[.]228 sends Cerber ransomware
• 2016-10-31 -- EITest Rig EK from 176.223.111[.]95
• 2016-10-31 -- pseudoDarkleech RIG-v sends DDoS botnet malware
• 2016-10-28 -- EITest Rig EK sends CryptFile2 ransomware & Chthonic banking trojan
• 2016-10-28 -- pseudoDarkleech RIG-v from 109.234.35[.]124 sends Cerber ransomware
• 2016-10-27 -- pseudoDarkleech RIG-v from 185.158.152[.]45 sends Cerber ransomware
• 2016-10-27 -- EITest Rig EK from 93.115.38[.]143 sends Chthonic banking trojan
• 2016-10-26 -- jRAT (Adwind) infection
• 2016-10-26 -- pseudoDarkleech RIG-v from 212.8.246[.]7 sends Cerber ransomware
• 2016-10-25 -- Rig EK data dump: Regular Rig vs RIG-v
• 2016-10-24 -- ".shit" variant Locky ransomware
• 2016-10-24 -- pseudoDarkleech Rig EK from 95.183.12[.]11 sends Cerber ransomware
• 2016-10-23 -- jRAT (Adwind) infection
• 2016-10-23 -- Afraidgate Rig EK from 194.87.144[.]48 sends Locky ransomware
• 2016-10-20 -- pseudoDarkleech Rig EK data dump
• 2016-10-20 -- EITest Rig EK data dump
• 2016-10-19 -- EITest Rig EK from 185.45.193[.]52
• 2016-10-18 -- pseudoDarkleech Rig EK from 195.133.201[.]132 sends Cerber ransomware
• 2016-10-18 -- EITest Rig EK from 195.133.201[.]133 sends CryptFile2 ransomware
• 2016-10-17 -- Sundown EK from 37.139.47[.]53 sends Locky ransomware
• 2016-10-17 -- pseudoDarkleech Rig EK from 5.200.35[.]126 sends Cerber ransomware
• 2016-10-17 -- EITest Rig EK from 195.133.201[.]121 sends CryptFile2 ransomware
• 2016-10-14 -- Files for an ISC diary
• 2016-10-14 -- Afraidgate Rig EK from 194.87.237[.]217 sends Locky ransomware
• 2016-10-13 -- EITest Rig EK from 185.141.26[.]108
• 2016-10-12 -- pseudoDarkleech Rig EK from 109.234.36[.]39 sends Cerber ransomware
• 2016-10-12 -- Afraidgate Rig EK from 109.234.36[.]39 sends Locky ransomware
• 2016-10-11 -- EITest Rig EK data dump
• 2016-10-10 -- pseudoDarkleech Rig EK from 195.133.48[.]98 sends Cerber ransomware
• 2016-10-10 -- EITest Rig EK data dump
• 2016-10-07 -- pseudoDarkleech Rig EK from 108.61.167[.]148 sends Cerber ransomware
• 2016-10-07 -- EITest Rig EK from 178.32.92[.]100
• 2016-10-06 -- pseudoDarkleech Rig EK from 107.191.63[.]102 sends Cerber ransomware
• 2016-10-06 -- EITest Rig EK
• 2016-10-06 -- Banload infection from email attachment
• 2016-10-05 -- pseudoDarkleech Rig EK from 195.133.201[.]61 sends Cerber ransomware
• 2016-10-05 -- EITest Rig EK from 194.87.239[.]148 sends CryptFile2 ransomware
• 2016-10-04 -- Afraidgate Rig EK from 194.87.239[.]147 sends Locky ransomware
• 2016-10-04 -- pseudoDarkleech Rig EK from 194.87.239[.]147 sends Cerber ransomware
• 2016-10-04 -- EITest RigEK stops using gate
• 2016-10-03 -- pseudoDarkleech Rig EK from 194.87.145[.]238 sends Cerber ransomware
• 2016-10-03 -- Afraidgate Rig EK from 194.87.145[.]238

• 2016-09-30 -- pseudoDarkleech Rig EK from 51.255.213[.]167 sends CrypMIC ransomware
• 2016-09-29 -- EITest Rig EK data dump (Cerber ransomware, CryptFile2 ransomware, and other payloads)
• 2016-09-28 -- EITest Rig EK data dump
• 2016-09-28 -- pseudoDarkleech Rig EK from 91.134.160[.]174 sends CrypMIC ransomware
• 2016-09-28 -- Files for an ISC diary
• 2016-09-27 -- Afraidgate campaign switches to Rig EK, sends Odin variant Locky ransomware
• 2016-09-26 -- Odin variant Locky ransomware
• 2016-09-26 -- EITest Rig EK from 185.141.25[.]151
• 2016-09-26 -- New host profiling traffic from downloader for Locky ransomware
• 2016-09-26 -- pseudoDarkleech Rig EK from 5.196.126[.]167 sends CrypMIC ransomware
• 2016-09-23 -- Malware infection from link in Brazilian email
• 2016-09-23 -- pseudoDarkleech Rig EK from 74.208.147[.]73 sends CrypMIC ransomware
• 2016-09-22 -- pseudoDarkleech Rig EK from 74.208.153[.]31 sends CrypMIC ransomware
• 2016-09-22 -- Afraidgate Neutrino EK from 78.46.167[.]130 sends Locky ransomware
• 2016-09-21 -- Infection from Boleto campaign
• 2016-09-21 -- Two examples of EITest Rig EK
• 2016-09-21 -- Files for an ISC diary
• 2016-09-20 -- pseudoDarkleech Rig EK from 74.208.192[.]75 sends CrypMIC ransomware
• 2016-09-19 -- EITest Rig EK from 109.234.36[.]38 sends CryptFile2 ransomware
• 2016-09-16 -- EK data dump - EITest & pseudoDarkleech Rig EK, Afraidgate Neutrino EK
• 2016-09-16 -- EITest Rig EK - Updated pattern for injected EITest script
• 2016-09-16 -- pseudoDarkleech Rig EK still fails at DLL payload - CrypMIC ransomware sent as EXE

• 2016-08-25 -- Boleto campaign
• 2016-08-23 -- Boleto campaign
• 2016-08-22 -- EITest Rig EK from 178.32.173[.]180 sends Gootkit
• 2016-08-22 -- Boleto campaign
• 2016-08-18 -- Boleto campaign
• 2016-08-18 -- Afraidgate Neutrino EK from 176.31.223[.]167 sends Locky ransomware
• 2016-08-18 -- pseudoDarkleech Neutrino EK from 176.31.151[.]176 sends CrypMIC
• 2016-08-18 -- EITest Rig EK from 131.72.139[.]33 sends Gootkit
• 2016-08-17 -- Boleto campaign
• 2016-08-17 -- Files for an ISC diary
• 2016-08-16 -- Boleto campaign
• 2016-08-16 -- pseudoDarkleech goes from Neutrino EK to Rig EK then back to Neutrino
• 2016-08-13 -- Boleto campaign

• 2016-07-25 -- Boleto campaign - Subject: Boleto de Cobranca - FIX - URGENTE
• 2016-07-25 -- Magnitude EK from 51.254.181[.]39 sends Cerber ransomware
• 2016-07-25 -- EITest Neutrino EK from 137.74.156[.]191 sends CryptXXX ransomware
• 2016-07-25 -- pseudoDarkleech Neutrino EK from sends CryptXXX ransomware

 

Click here to return to the main page.