[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]
- Still working on restoring these 2017 blog posts.
- 2017-12-29 -- Dreambot infection
- 2017-12-29 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-28 -- Seamless campaign Rig EK sends Ramnit
- 2017-12-27 -- Emotet infection with Zeus Panda Banker
- 2017-12-26 -- EITest campaign HoeflerText popups or fake AV alerts
- 2017-12-26 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-22 -- Remcos RAT infection from RTF using CVE-2017-0199 exploit
- 2017-12-21 -- Hancitor infection with Zeus Panda Banker
- 2017-12-21 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-20 -- Quick post: Hancitor infection with Zeus Panda Banker
- 2017-12-19 -- Quick post: EITest HoeflerText popups or fake anti-virus pages
- 2017-12-19 -- Quick post: Hancitor infection with Zeus Panda Banker
- 2017-12-19 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-18 -- Quick post: Hancitor infection with Zeus Panda Banker
- 2017-12-18 -- A weekend's worth of phishing emails from my inbox
- 2017-12-14 -- Ngay campaign Rig EK pushes Quant Loader & Monero (XMR) coin miner
- 2017-12-13 -- Hancitor infection with IcedID
- 2017-12-13 -- Necurs Botnet malspam pushes Trickbot or GlobeImposter ransomware
- 2017-12-13 -- Lokibot infection from RTF exploiting CVE-2017-11882
- 2017-12-12 -- EITest HoeflerText popups and fake anti-virus pages
- 2017-12-12 -- Ngay campaign Rig EK pushes Quant Loader & Monero (XMR) coin miner
- 2017-12-11 -- Hancitor infection with Zeus Panda Banker
- 2017-12-08 -- Fobos campaign Rig EK sends Bunitu
- 2017-12-06 -- Quick post: Nymaim infection from UK vehicle violation-themed malspam
- 2017-12-06 -- Hancitor infection with IcedID
- 2017-12-06 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-06 -- Quick post: EITest HoeflerText popup pushes NetSupport Manager RAT
- 2017-12-05 -- Quick post: Hancitor infection with Zeus Panda Banker
- 2017-12-05 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-04 -- Dridex is back, Baby! - Necurs Botnet malspam pushes Dridex
- 2017-12-04 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-01 -- Phishing emails for shopping job at Target
- 2017-12-01 -- Fake anti-virus page from EITest campaign
- 2017-11-30 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-11-29 -- Files for an ISC diary (Emotet)
- 2017-11-28 -- Revenge RAT, Luminosity RAT, and Predator Pain infection from payment slip-themed malspam
- 2017-11-28 -- Hancitor infection with Zeus Panda Banker
- 2017-11-28 -- Fake Netflix login pages from phishing emails
- 2017-11-27 -- "Tungsten Rounded" popup on Chrome/Firefox pushes Monero cryptocurrency miner
- 2017-11-23 -- Necurs Botnet malspam pushes "Scarab" ransomware
- 2017-11-22 -- Netflix-themed phishing
- 2017-11-21 -- Zeus Panda Banker infection from Italian malspam
- 2017-11-21 -- Hancitor infection with IcedID (Bokbot)
- 2017-11-18 -- Files for an ISC diary (Smoke Loader)
- 2017-11-17 -- KaiXin EK still around, very Chinese, and acting like it's 2013
- 2017-11-16 -- Quick post: Hancitor infection with Zeus Panda Banker
- 2017-11-16 -- Lokibot infection from CVE-2017-0199 exploit
- 2017-11-15 -- Banload infection from Brazil malpsam
- 2017-11-12 -- "Mercury Text" popup on Chrome & Firefox pushes Monero cryptocurrency miner
- 2017-11-10 -- Phishing emails link to fake on-line banking pages
- 2017-11-09 -- Necurs Botnet malspam still pushing Locky ransomware
- 2017-11-08 -- Hancitor infection with Zeus Panda Banker
- 2017-11-07 -- A day in the life (of a researcher)
- 2017-11-06 -- Hancitor infection with Zeus Panda Banker
- 2017-11-03 -- Nymaim infection
- 2017-11-03 -- Banload infection from Brazil malpsam
- 2017-11-02 -- Adventures with Smoke Loader
- 2017-11-01 -- Hancitor infection with Zeus Panda Banker
- 2017-11-01 -- Necurs Botnet malspam continues pushing Locky ransomware
- 2017-10-31 -- Quick post: Hancitor infection with Zeus Panda Banker
- 2017-10-31 -- Necurs Botnet malspam stops using DDE, still uses Word docs
- 2017-10-30 -- Hancitor infection
- 2017-10-30 -- Necurs Botnet malspam uses DDE attack to push Locky ransomware
- 2017-10-27 -- Remcos RAT infection
- 2017-10-26 -- Hancitor infection with Zeus Panda Banker
- 2017-10-26 -- Quick post: EITest campaign sends HoeflerText popups or fake AV page
- 2017-10-24 -- Necurs Botnet malspam uses DDE attack to push Locky ransomware
- 2017-10-24 -- Compromised site has EITest campaign pushing fake AV, also has coinminer javascript
- 2017-10-24 -- Phishing website traffic
- 2017-10-23 -- Banload infection
- 2017-10-23 -- A RAT's nest of activity
- 2017-10-19 -- Files for an ISC diary (Necurs Botnet malspam uses DDE attack)
- 2017-10-18 -- Files for an ISC diary (Lokibot)
- 2017-10-17 -- Terror EK sends Smoke Loader, Smoke Loader sends more malware
- 2017-10-16 -- Files for an ISC diary (Hancitor infection with DeLoader/ZLoader)
- 2017-10-13 -- Blank Slate campaign stops pushing Locky ransomware, starts pushing Sage 2.2 ransomware
- 2017-10-11 -- Banload infection
- 2017-10-11 -- FTFY: Necurs Botnet malspam pushing ".asasin" variant Locky ransomware
- 2017-10-11 -- Phishing website traffic
- 2017-10-10 -- Lokibot infection from CVE-2017-0199 exploit
- 2017-10-10 -- Emotet infection with spambot traffic
- 2017-10-09 -- Adwind/jRAT infection
- 2017-10-06 -- PowerShell-based infection from Brazil malspam
- 2017-10-05 -- Hancitor infection with DELoader/ZLoader
- 2017-10-04 -- Blank Slate campaign pushes ".ykcol" variant Locky ransomware
- 2017-10-04 -- EITest campaign sends NetSupport RAT
- 2017-10-03 -- Ursnif infection from Japanese malspam
- 2017-10-03 -- Infostealer infection via DLL side-loading from Brazil malspam
- 2017-10-03 -- Hancitor infection with ZLoader
- 2017-10-02 -- Files for an ISC diary (Formbook)
- 2017-10-02 -- Quick post: Hancitor infection with ZLoader
- 2017-10-02 -- Necurs Botnet malspam still pushing ".ykcol" variant Locky ransomware
- 2017-09-22 -- Infostealer infection from Boleto Malspam
- 2017-09-21 -- Files for an ISC diary (Hancitor)
- 2017-09-20 -- Files for an ISC diary (CVE-2017-8759)
- 2017-09-20 -- Lokibot infection
- 2017-09-18 -- Trickbot infection
- 2017-09-18 -- Hancitor infection with ZLoader
- 2017-09-18 -- Necurs Botnet malspam pushes ".ykcol" variant Locky ransomware
- 2017-09-18 -- Emotet infection
- 2017-09-15 -- More possible Coinbit malware
- 2017-09-15 -- Blank Slate campaign pushes Locky ransomware
- 2017-09-14 -- Possible Coinbit malware
- 2017-09-11 -- Blank Slate malspam pushes "Lukitus" variant Locky ransomware
- 2017-09-08 -- Locky ransomware infection
- 2017-09-08 -- EITest campaign fake AV alerts / HoeflerText popups
- 2017-09-07 -- "Lukitus" variant Locky ransomware
- 2017-09-07 -- EITest campaign still pushing HoeflerText popups for NetSupport RAT or pushing fake AV alerts
- 2017-09-06 -- Ursnif infection from Japanese malspam
- 2017-09-05 -- Grab bag
- 2017-09-04 -- Infostealer infection from Brazil malspam
- 2017-09-04 -- GlobeImposter ransomware (..txt file extensions)
- 2017-09-01 -- EITest campaign leads to HoflerText popups for NetSupport RAT or fake anti-virus pages
- 2017-08-31 -- Grab bag
- 2017-08-29 -- Terror EK seen using HTTPS
- 2017-08-28 -- Infostealer infection from Brazil malspam
- 2017-08-28 -- Fobos campaign Rig EK sends Bunitu
- 2017-08-25 -- Seamless campaign Rig EK sends Ramnit
- 2017-08-21 -- Hancitor infection with ZLoader
- 2017-08-21 -- Trickbot infection
- 2017-08-19 -- Infostealer infection from Brazil malspam
- 2017-08-16 -- Quick post: "Lukitus" variant Locky ransomware
- 2017-08-15 -- Files for an ISC diary (Trickbot)
- 2017-08-12 -- Trickbot activity
- 2017-08-11 -- "Diablo6" variant Locky ransomware
- 2017-08-10 -- Hancitor infection with ZLoader
- 2017-08-09 -- "Diablo6" variant of Locky ransomware
- 2017-08-08 -- Files for an ISC diary
- 2017-08-08 -- Quick post: GlobeImposter ransomware
- 2017-08-07 -- Infection from JavaScript (.js) file, possibly Ursnif
- 2017-08-04 -- Magnitude EK data dump
- 2017-08-03 -- Hancitor infection with ZLoader
- 2017-08-02 -- "Blank Slate" campaign pushes Gryphon ransomware (a BTCware variant)
- 2017-08-02 -- Malspam pushing GlobeImposter ransomware (.726 file extension)
- 2017-08-02 -- Hancitor infection
- 2017-08-02 -- Magnitude EK sends Cerber ransomware
- 2017-08-01 -- Rig EK from the HookAds campaign sends Dreambot
- 2017-07-31 -- GlobeImposter ransomware infection
- 2017-07-29 -- "Blank Slate" campaign pushes BTCware (Aleta variant) ransomware
- 2017-07-26 -- Files for an ISC diary (Emotet)
- 2017-07-24 -- Quick post: Hancitor infection with ZLoader
- 2017-07-24 -- Quick post: Trickbot
- 2017-07-23 -- EITest campaign HolflerText popup sends Mole ransomware
- 2017-07-21 -- Infostealer infection from Brazil malspam
- 2017-07-20 -- Hancitor infection with ZLoader
- 2017-07-18 -- NemucodAES ransomware
- 2017-07-17 -- Rig EK data dump (HookAds and Seamless campaigns)
- 2017-07-14 -- Another tech support scam popup message
- 2017-07-13 -- Files for an ISC diary (NemucodAES ransomware and Kovter)
- 2017-07-12 -- Infostealer infection from Brazil malspam
- 2017-07-10 -- Rig EK from the HookAds campaign
- 2017-07-10 -- Kovter and Nemucod ransomware infection
- 2017-07-07 -- Infostealer infection from Brazil malspam
- 2017-07-06 -- EITest campaign pushes tech support scam
- 2017-07-05 -- Malware infection from Japanese malspam
- 2017-07-04 -- Java-based RAT infection
- 2017-07-03 -- Kovter infection
- 2017-07-03 -- Hancitor infection with ZLoader
- 2017-06-30 -- Rig EK from HookAds campaign send Chthonic banking Trojan
- 2017-06-29 -- Kovter infection
- 2017-06-29 -- Hancitor infection with ZLoader
- 2017-06-28 -- Hancitor infection with ZLoader
- 2017-06-28 -- Files for an ISC diary ("Blank Slate" campaign)
- 2017-06-27 -- Hancitor infection with ZLoader
- 2017-06-26 -- Hancitor infection with ZLoader
- 2017-06-22 -- Locky ransomware infection
- 2017-06-21 -- Hancitor infection with ZLoader
- 2017-06-21 -- Rig EK sends Bunitu
- 2017-06-20 -- Rig EK from HookAds campaign sends Dreambot and Chthonic
- 2017-06-19 -- Rig EK from the HookAds campaign sends Dreambot
- 2017-06-16 -- Rig EK from the HookAds campaign
- 2017-06-16 -- Infostealer infection from Brazil malspam
- 2017-06-15 -- Hancitor infection with ZLoader
- 2017-06-15 -- Rig EK (HookAds and Seamless campaigns)
- 2017-06-14 -- Trickbot infection
- 2017-06-14 -- Hancitor infection with ZLoader
- 2017-06-13 -- Jaff ransomware infection
- 2017-06-12 -- Hancitor infection with ZLoader
- 2017-06-12 -- Trickbot infection
- 2017-06-12 -- Hawkeye infection
- 2017-06-12 -- Ursnif infection from Japanese malspam
- 2017-06-12 -- Lokibot infection
- 2017-06-09 -- EITest campaign still pushing tech support scams
- 2017-06-08 -- Hancitor infection with ZLoader
- 2017-06-08 -- Infostealer infection from Brazil malspam
- 2017-06-07 -- Hancitor infection with ZLoader
- 2017-06-07 -- Lokibot infection
- 2017-06-06 -- Hancitor infection with ZLoader
- 2017-06-06 -- Jaff ransomware infection
- 2017-06-06 -- RoughTed campaign Rig EK
- 2017-06-05 -- Dridex infection
- 2017-06-02 -- Seamless campaign continues using Rig EK to send Ramnit
- 2017-06-02 -- Dridex infection
- 2017-06-01 -- Hancitor infection with ZLoader
- 2017-06-01 -- Jaff ransomware infection
- 2017-06-01 -- Zeus Panda Banker infection
- 2017-05-31 -- Hancitor infection with ZLoader
- 2017-05-31 -- Luminosity RAT
- 2017-05-30 -- Rig EK sends Kovter
- 2017-05-30 -- Tech support scam from EITest campaign
- 2017-05-30 -- Hancitor infection with ZLoader
- 2017-05-26 -- EITest campaign pushes tech support scams, Rig EK, or HoeflerText popups
- 2017-05-26 -- Corebot infection
- 2017-05-25 -- EITest campaign pushing tech support scams in US and UK
- 2017-05-25 -- Jaff ransomware infection
- 2017-05-25 -- Hancitor infection with ZLoader
- 2017-05-24 -- Jaff ransomware infection
- 2017-05-23 -- Files for an ISC diary (Jaff ransomware)
- 2017-05-22 -- Jaff ransomware infection
- 2017-05-17 -- EITest HoeflerText popups sends Spora ransomware
- 2017-05-16 -- Hancitor infection with ZLoader
- 2017-05-16 -- More examples of Jaff ransomware
- 2017-05-15 -- My take on WannaCry ransomware
- 2017-05-15 -- The Jaff ransomware train keeps on rollin'
- 2017-05-12 -- Kovter infection
- 2017-05-12 -- Rig EK examples
- 2017-05-12 -- "Blank Slate" campaign continues pushing Cerber ransomware
- 2017-05-11 -- Jumping on the Jaff ransomware bandwagon
- 2017-05-11 -- Kovter infection
- 2017-05-10 -- Files for an ISC diary (Rig EK)
- 2017-05-10 -- Hancitor infection with ZLoader
- 2017-05-10 -- "Blank Slate" campaign pushes Cerber ransomware or GlobeImposter ransomware
- Still working on restoring these 2017 blog posts.
Click here to return to the main page.