Malware-Traffic-Analysis.net - Posts - 2018

[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

2018-12-27 -- Malspam pushes Shade (Troldesh) ransomware and other malware
2018-12-20 -- Quick post: Emotet infection with Gootkit
2018-12-20 -- Hancitor infection with Ursnif and Smoke Loader
2018-12-19 -- Malspam pushing the MyDoom worm is still a thing
2018-12-17 -- Files for an ISC diary (password-protected Word docs push IcedID)
2018-12-17 -- Quick post: Hancitor malspam links to XLS files instead of Word docs
2018-12-14 -- Emotet infection with Qakbot
2018-12-13 -- Recent bomb threat extortion (bombstortion) spam
2018-12-13 -- Quick post: Hancitor infection with Ursnif
2018-12-10 -- Quick post: malspam pushing Imminent Monitor RAT
2018-12-10 -- Quick post: Ursnif infection with Dridex
2018-12-10 -- Quick post: Password-protected Word doc pushes Nymaim
2018-12-10 -- Quick post: Emotet infection with IcedID (Bokbot)
2018-12-10 -- Quick post: Hancitor
2018-12-07 -- New Trickbot modules bcClientDllTestTest64 and NewBCtestnDll64
2018-12-07 -- Quick post: Emotet with IcedID (Bokbot)
2018-12-06 -- Quick post: Hancitor
2018-12-05 -- Quick post: Hancitor
2018-12-04 -- Files for an ISC diary (Hancitor)
2018-12-03 -- Files for an ISC diary (Lokibot)

2018-11-30 -- Quick post: Flawed Ammyy RAT
2018-11-30 -- Quick post: Emotet infection with IcedID and Trickbot
2018-11-29 -- Quick post: Gootkit
2018-11-29 -- Quick post: Hancitor infection with Ursnif
2018-11-28 -- Files for an ISC diary (Shade/Troldesh malspam)
2018-11-27 -- Ursnif infection with Dridex
2018-11-26 -- Infection from malspam pushing Lokibot
2018-11-23 -- Emotet infection with Gootkit
2018-11-21 -- Ursnif infection with Dridex
2018-11-16 -- Emotet now using XML files as Word docs
2018-11-14 -- Files for an ISC diary (Emotet infection with IcedID)
2018-11-12 -- Trickbot malspam targeting United States recipients (gtag: sat100)
2018-11-09 -- Pcap of week-long Trickbot infection
2018-11-08 -- Infection from malspam pushing Ursnif
2018-11-06 -- Emotet infection with Trickbot
2018-11-02 -- GandCrab ransomware infection (version 5.0.4)

2018-10-30 -- Files for ISC diary (malspam with password-protected Word docs)
2018-10-29 -- Files for an ISC diary (Hancitor with Ursnif)
2018-10-26 -- Malspam with password-protected Word docs now pushing GlobeImposter
2018-10-26 -- Quick post: Trickbot malspam gtag: ser1025us
2018-10-22 -- Quick post: Trickbot malspam - gtag: ser1022
2018-10-22 -- Quick post: Hancitor malspam - No Zeus Panda Banker... just Pony
2018-10-19 -- malspam using links for zipped Windows shortcuts to push Nymaim
2018-10-18 -- Trickbot malspam using links, not attachments (gtag: any1)
2018-10-17 -- Quick post: Hancitor malspam
2018-10-15 -- Quick post: Changes in Trickbot seen today
2018-10-12 -- Hookads campaign Fallout EK (3 examples)
2018-10-10 -- Quick post: Paypal-themed Trickbot malspam targeting United States
2018-10-10 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-10-10 -- Malspam link leads to fake updater malware
2018-10-09 -- Hancitor infection with Zeus Panda Banker
2018-10-08 -- Quick post: Trickbot sat75 infection with Powershell Empire traffic
2018-10-05 -- Quick post: Trickbot malspam, gtag sat74
2018-10-04 -- Quick post: Trickbot spreads from client to DC
2018-10-02 -- Russian malspam pushes Redaman malware

2018-09-28 -- more malspam with password-protected Word docs pushing Nymaim
2018-09-27 -- Quick Post: 4 days of Hancitor
2018-09-25 -- Files for an ISC diary (Emotet + Trickbot + IcedID + AZORult)
2018-09-24 -- Files for an ISC diary (sextortion spam)
2018-09-21 -- Malspam with password-protected Word docs still pushing Nymaim
2018-09-21 -- Emotet infections with Trickbot (UK and US)
2018-09-20 -- Quick post: Emotet infection with Trickbot (gtag: arz1)
2018-09-19 -- Data dump (Hancitor, Nymaim, Trickbot)
2018-09-17 -- Quick post: Malspam with password-protected Word doc pushes Nymaim
2018-09-14 -- Quick post: Emotet infection with Trickbot
2018-09-11 -- Quick post: Hancitor
2018-09-06 -- Data dump (Emotet, Hancitor, and Trickbot)
2018-09-06 -- Malspam with password-protected Word doc pushes AZORult then Neutrino
2018-09-05 -- Quick post: Hancitor malspam stops using PDF attachments after 1 day
2018-09-05 -- Emotet infection with IcedID banking Trojan and AZORult
2018-09-05 -- Extortion malspam: 30 email examples
2018-09-04 -- Emotet infection with IcedID banking Trojan
2018-09-04 -- Quick post: Hancitor malspam uses PDF attachments
2018-09-03 -- Quick post: Emotet infection with Zeus Panda Banker
2018-09-03 -- Quick post: Trickbot malspam and infection traffic

2018-08-24 -- Quick post: Emotet infection with Zeus Panda Banker
2018-08-23 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-08-22 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-08-21 -- malspam w/ password-protected Word docs, now pushes Neutrino malware
2018-08-21 -- malspam using HTML attachments --> LNK files for Windows infections
2018-08-17 -- Emotet infection with Trickbot, Trickbot spreads to DC
2018-08-16 -- Two Emotet infections with Zeus Panda Banker
2018-08-16 -- Hancitor infection traffic with Zeus Panda Banker
2018-08-15 -- Files for an ISC diary
2018-08-15 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-08-14 -- Quick post: Emotet infection with Zeus Panda Banker
2018-08-14 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-08-10 -- Quick post: Emotet infection with Zeus Panda Banker
2018-08-08 -- Quick post: Emotet infection with Trickbot (gtag: tot285)
2018-08-07 -- Quick post: Trickbot (gtag: tot284) moves from client to DC
2018-08-07 -- Hookads Rig EK pushes AZORult, AZORult pushes SmokeLoader
2018-08-06 -- Quick post: Emotet and Hancitor both pushing Zeus Panda Banker
2018-08-06 -- XMRig coinminer caused by ad traffic
2018-08-02 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-08-01 -- Files for an ISC diary (DHL-themed malspam)
2018-08-01 -- Quick post: Emotet + spammer malware traffic

2018-07-31 -- Two Emotet infections: Emotet with Trickbot & Emotet with Zeus Panda Banker
2018-07-26 -- Files for an ISC diary (malspam pushes Hermes ransomware)
2018-07-25 -- Quick post: Rig EK pushes GandCrab ransomware
2018-07-23 -- Pcap for an ISC diary (Emotet with Zeus Panda Banker)
2018-07-23 -- Malspam using password-protected Word docs still pushing ransomware
2018-07-21 -- Quick post: Trickbot infection with PowerShell Empire
2018-07-20 -- Emotet infections with Zeus Panda Banker or Trickbot (gtag: del34)
2018-07-19 -- Quick post: Another Trickbot infection moves from client to DC
2018-07-19 -- Hancitor infection with AZORult and Zeus Panda Banker
2018-07-19 -- Emotet infection with Zeus Panda Banker
2018-07-18 -- Quick post: Trickbot infection with Tor traffic and new module
2018-07-18 -- Quick post: Hancitor infection with AZORult and Zeus Panda Banker
2018-07-17 -- Necurs Botnet malspam uses .iqy files to push Flawed Ammyy RAT
2018-07-16 -- Quick post: Hancitor infection with AZORult and Zeus Panda Banker
2018-07-16 -- Quick post: Emotet infection with Trickbot (gtag: mon1)
2018-07-13 -- Malspam uses .iqy files to push Flawed Ammyy RAT
2018-07-10 -- Data dump: Emotet with Trickbot, Hancitor with Zeus Panda Banker, and Goofy "Windows 11" themed malspam
2018-07-09 -- Quick post: Trickbot infection (gtag: ser0709us)
2018-07-09 -- Hancitor infection with Zeus Panda Banker
2018-07-09 -- Emotet infection with Zeus Panda Banker
2018-07-05 -- Trickbot infection
2018-07-05 -- Fake updater traffic (Chthonic, Dridex, and NetSupport RAT)
2018-07-03 -- Emotet infection with Zeus Panda Banker
2018-07-03 -- Hancitor infection with Zeus Panda Banker and Send Safe Enterprise (SSE) spambot malware
2018-07-02 -- Trickbot infection
2018-07-02 -- Emotet infection with Zeus Panda Banker

2018-06-29 -- More Trickbot moving from client (gtag: ser0629) to DC (gtag: lib257)
2018-06-29 -- Quick Post: Rig EK
2018-06-28 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-06-28 -- Fake AV screen locker (a relatively easy fix)
2018-06-27 -- Quick post: Emotet infection with IcedID
2018-06-27 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-06-26 -- Quick post: Trickbot infection
2018-06-26 -- Quick post: Emotet infection with IcedID
2018-06-22 -- Quick post: Emotet with Trickbot and Emotet with Zeus Panda Banker
2018-06-20 -- Malspam pushes Emotet & Emotet pushes IcedID (again)
2018-06-19 -- Malspam pushes Emotet and Emotet pushes IcedID
2018-06-18 -- Emotet infection with IcedID
2018-06-15 -- Emotet infection with Trickbot (gtag: del9), moves to DC
2018-06-14 -- Emotet infection with Trickbot (gtag: del8)
2018-06-13 -- Necurs Botnet malspam uses .iqy file to push Flawed Ammyy RAT
2018-06-12 -- Emotet infection with Zeus Panda Banker
2018-06-11 -- Emotet data dump
2018-06-11 -- Files for an ISC diary (Lokibot)
2018-06-08 -- Files for an ISC diary (coin miner malspam)
2018-06-04 -- Gandcrab ransomare from malspam with password-protected Word docs

2018-05-31 -- Fake HelloFax notifications lead to Hancitor with Zeus Pana Banker
2018-05-31 -- End of month round-up: Emotet malspam and infection traffic
2018-05-29 -- DHL-themed malspam with links to .js file downloader
2018-05-27 -- SlyIP campaign uses Grandsoft EK to push Ursnif
2018-05-25 -- Quick post: Emotet
2018-05-25 -- Quick post: Trickbot
2018-05-25 -- Necurs Botnet malspam pushes Flawed Ammyy RAT
2018-05-24 -- Quick post: Trickbot infection from client to domain controller
2018-05-24 -- Quick post: Hancitor infection with Zeus Panda banker
2018-05-17 -- Quick post: Emotet
2018-05-17 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-05-16 -- Quick post: Emotet
2018-05-16 -- Quick post: Hancitor with Zeus Panda Banker
2018-05-16 -- Quick post: Trickbot
2018-05-15 -- Quick post: Emotet with Zeus Panda Banker
2018-05-15 -- Quick post: Hancitor with Zeus Panda Banker
2018-05-15 -- Quick post: Trickbot
2018-05-15 -- Files for an ISC diary (MyEtherWallet phishing emails)
2018-05-14 -- Quick post: Hancitor with Zeus Panda Banker
2018-05-11 -- Files for an ISC diary (Trickbot)
2018-05-09 -- Sigma ransomware from malspam using password-protected Word docs
2018-05-09 -- Quick Post: Emotet infection
2018-05-08 -- Grandsoft EK leads to QuantLoader and Ursnif
2018-05-08 -- Fake Bright!Tax emails distribute Xorist Ransomware
2018-05-08 -- Data dump (Emotet/Hancitor/Trickbot)
2018-05-07 -- Data dump (Emotet/Hancitor/Lokibot)
2018-05-04 -- malspam pushing Emotet moved from links to attachments this week
2018-05-03 -- Trickbot from malspam, Subject: Bill payment alert
2018-05-03 -- Hancitor from fake Vemno notifications
2018-05-02 -- Hancitor from fake Verizon notifications
2018-05-01 -- Trickbot from malspam, Subject: FW: Account Documents
2018-05-01 -- Hancitor from fake U.S. Bank notifications

2018-04-30 -- Example of Trickbot moving from client to domain controller
2018-04-27 -- Data dump (Necurs Botnet, Emotet, Trickbot)
2018-04-26 -- Data dump (Necurs Botnet FlawedAmmy, Emotet, Hancitor)
2018-04-25 -- Data dump (Phishing, Necurs Botnet, Emotet, Hancitor)
2018-04-24 -- Data daump (Hancitor, Trickbot, Necurs botnet/FlawedAmmyy)
2018-04-23 -- DHL-themed malspam pushes Agent Telsa and other malware - a somewhat sloppy job
2018-04-23 -- Hancitor infection with Zeus Panda Banker
2018-04-20 -- Yesterday's fake Netflix phishing emails are today's fake Spotify messages
2018-04-19 -- Hancitor infection with Zeus Panda Banker
2018-04-18 -- Hancitor infection with Zeus Panda Banker
2018-04-18 -- Italian invoice (Fattura) malspam pushes Zeus Panda Banker
2018-04-17 -- "Zero-Gand" malspam pushing GandCrab ransomware again since Monday 2018-04-16
2018-04-17 -- Quick post: Trickbot
2018-04-16 -- Quick post: Trickbot
2018-04-14 -- Quick post: Rig EK sends GandCrab ransomware
2018-04-13 -- Data dump (Emotet, Formbook, GandCrab, Lokibot)
2018-04-12 -- Quick post: Trickbot
2018-04-12 -- Files for an ISC diary ("Zero Gand" malspam pushes GandCrab ransomware)
2018-04-11 -- Hancitor infection with Zeus Panda Banker
2018-04-10 -- Gandcrab ransomware infection
2018-04-09 -- Grandsoft EK sends Zeus Panda Banker
2018-04-06 -- I went after Rig EK like it was a snake on Whacking Day
2018-04-05 -- Data dump: Emotet, Hancitor, Trickbot
2018-04-04 -- Quick post: Necurs Botnet malspam pushes Quantloader
2018-04-04 -- Quick post: Trickbot
2018-04-04 -- Hancitor infection with Zeus Panda Banker
2018-04-03 -- Quick post: Malspam pushing Gandcrab ransomware
2018-04-03 -- Quick post: Necurs Botnet malspam pushes Quantloader
2018-04-03 -- Quick post: Fake Chrome, Firefox & Flash player updates
2018-04-02 -- Quick post: Necurs Botnet malspam pushes QuantLoader & follow-up malware

2018-03-30 -- Malspam pushing possible Ursnif through batch files
2018-03-28 -- Quick post: Trickbot
2018-03-27 -- Fake Chrome, Firefox, or Flash update pages push JS malware
2018-03-26 -- Sigma ransomware
2018-03-26 -- Emotet infection
2018-03-23 -- Quick post: Those pesky Netflix-themed phishing emails
2018-03-23 -- Quick post: Emotet
2018-03-22 -- GoDaddy-themed phishing
2018-03-22 -- Netflix-themed phishing
2018-03-22 -- Trickbot activity
2018-03-21 -- Emotet activity
2018-03-20 -- Infection from Brazil-targed malware
2018-03-16 -- GandCrab ransomware
2018-03-15 -- GrandSoft EK sends AZORult
2018-03-15 -- Quick post: Rig EK
2018-03-15 -- Quick post: Emotet
2018-03-14 -- Hancitor infection with Zeus Panda Banker
2018-03-14 -- Files for an ISC diary (Sigma ransomware)
2018-03-13 -- Hancitor infection with Zeus Panda Banker
2018-03-09 -- Lokibot infection
2018-03-08 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-03-08 -- Quick post: HookAds campaign Rig EK sends Bunitu
2018-03-07 -- 100 examples of Emotet malspam
2018-03-07 -- Hancitor infection with Zeus Panda Banker
2018-03-07 -- Files for an ISC diary (GlobeImposter & GandCrab ransomware)
2018-03-06 -- Hancitor infection with Zeus Panda Banker
2018-03-05 -- Coins LTD campaign uses Rig EK to push Ursnif
2018-03-05 -- Boleto Mestre campaign
2018-03-01 -- Emotet activity

2018-02-28 -- Hancitor infection with Zeus Panda Banker
2018-02-27 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-02-27 -- Files for an ISC diary (Formbook)
2018-02-26 -- Quick post: Formbook
2018-02-26 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-02-24 -- Quick post: ISRstealer
2018-02-22 -- Quick post: Hancitor
2018-02-21 -- Infection traffic from Italian DHL-themed malspam
2018-02-20 -- Hancitor infection with Zeus Panda Banker
2018-02-16 -- Formbook infection
2018-02-14 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-02-13 -- Hancitor infection with Zeus Panda Banker
2018-02-12 -- Quick post: Emotet
2018-02-12 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-02-12 -- Seamless campaign Rig EK sends Ramnit
2018-02-08 -- Return of Quant Loader: Malspam Using PDF Files Tries A New Tactic
2018-02-07 -- Files for an ISC diary (GandCrab ransomware)
2018-02-06 -- Hancitor infection with Zeus Panda Banker
2018-02-05 -- Malspam using PDF attachments to push Dridex since 2018-01-30
2018-02-02 -- Data dump: Dridex, Formbook, Hancitor, EITest HoeflerText popup for GandCrab ransomware
2018-02-01 -- Quick test-drive of Trickbot (it now has a Monero module)

2018-01-30 -- Rig EK sends Ramnit, follow-up malware: AZORult
2018-01-29 -- Quick post: Hancitor infection with Zeus Panda Banker
2018-01-29 -- Three days of Seamless campaign Rig EK pushing Gandcrab ransomware
2018-01-25 -- Quick post: Dridex
2018-01-24 -- Quick post: Hancitor with Zeus Panda Banker and Send Safe Enterprise (SSE) Spambot
2018-01-23 -- Files for an ISC diary: Hancitor with Zeus Panda Banker and Send Safe Enterprise (SSE) Spambot
2018-01-22 -- SmokeLoader infection with other malware
2018-01-19 -- Three examples of Ngay campaign Rig EK
2018-01-17 -- Files for an ISC diary (Gozi/ISFB)
2018-01-16 -- Zeus Panda Banker infection
2018-01-15 -- Formbook from CVE-2017-11882 RTF document
2018-01-12 -- NanoCore RAT
2018-01-11 -- Rig EK sends SmokeLoader (Sharik/Dofoil) and Monero coin miner
2018-01-10 -- Hancitor infection with Zeuz Panda Banker
2018-01-09 -- Emotet infection with Zeus Panda Banker
2018-01-09 -- Seamless campaign Rig EK sends Ramnit
2018-01-09 -- Java-based RAT infection
2018-01-08 -- Lokibot infection
2018-01-08 -- Pcap for an ISC diary (fake AV page)
2018-01-06 -- Compromised web sites leading to fake AV or other unwanted pages
2018-01-04 -- Formbook infection
2018-01-04 -- PCRAT/Gh0st infection
2018-01-03 -- Ursnif infection
2018-01-02 -- Fake Flash updater is actually a cryptocurrency miner
2018-01-02 -- Infection from WhatsApp-themed malspam targeting Brazil

Click here to return to the main page.

Copyright © 2025 | Malware-Traffic-Analysis.net