[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• 2023 -- Training Material for 2023 Wireshark Workshop

• 2023-12-29 -- 2023-12-29 - GootLoader infection
• 2023-12-18 -- 2023-12-18 - TA577 Pikabot infection with Cobalt Strike
• 2023-12-15 -- 2023-12-15 - TA577 Pikabot infection
• 2023-12-13 -- 2023-12-13 - Quick post: 2 AgentTesla infections (1 FTP and 1 SMTP)
• 2023-12-11 -- 2023-12-11 - Brazil malspam leads to Astaroth (Guildma) infection
• 2023-12-07 -- 2023-12-07 - DarkGate activity
• 2023-12-05 -- 2023-12-05 - Loader --> Unidentified malware

• 2023-11-30 -- 2023-11-30 - DarkGate activity
• 2023-11-29 -- 2023-11-29 - email --> JinxLoader --> Formbook/XLoader
• 2023-11-27 -- 2023-11-27 - TA577 pushes IcedID (Bokbot) variant
• 2023-11-22 -- 2023-11-22 - AgentTesla infection with FTP data exfil
• 2023-11-20 -- 2023-11-20 - DarkGate infection
• 2023-11-06 -- 2023-11-06 - 404 TDS --> unidentified malwre --> Cobalt Strike
• 2023-11-02 -- 2023-11-02 - TA577 Pikabot activity

• 2023-10-31 -- 2023-10-31 - IcedID (Bokbot) infection
• 2023-10-25 -- 2023-10-25 - DarkGate infection from malspam
• 2023-10-23 -- 2023-10-23 - 404 TDS URL chain leads to Async RAT variant
• 2023-10-18 -- 2023-10-18 - IcedID Forked Variant with Anubis VNC, Cobalt Strike, etc.
• 2023-10-17 -- 2023-10-17 - TA577 Pikabot infection with Cobalt Strike
• 2023-10-16 -- 2023-10-16 - TA577 IcedID infection
• 2023-10-13 -- 2023-10-13 - TA577 DarkGate infection
• 2023-10-12 -- 2023-10-12 - DarkGate infection from Teams Chat
• 2023-10-11 -- 2023-10-11 - Lumma Stealer infection
• 2023-10-04 -- 2023-10-04 - DarkGate malware infection
• 2023-10-03 -- 2023-10-03 - Pikabot infection with Cobalt Strike

• 2023-09-28 -- 2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC & Cobalt Strike
• 2023-09-25 -- 2023-09-25 - malspam examples pushing AgentTesla

• 2023-08-31 -- 2023-08-31 - IcedID (Bokbot) activity
• 2023-08-29 -- 2023-08-29 - IcedID (Bokbot) activity
• 2023-08-09 -- 2023-08-09 - .msix file --> IcedID (Bokbot) --> BackConnect & Keyhole VNC
• 2023-08-03 -- 2023-08-03 - Google ad --> fake TurboTax page --> DanaBot
• 2023-08-01 -- 2023-08-01 - Bandook infection

• 2023-07-25 -- 2023-07-25 - IcedID (Bokbot) infection from wave of malspam on 2023-07-24
• 2023-07-13 -- 2023-07-13 - IcedID (Bokbot) from malspam
• 2023-07-12 -- 2023-07-12 - Gozi/ISFB infection with Cobalt Strike
• 2023-07-11 -- 2023-07-11 - Files for an ISC diary (Loader activity for Formbook)
• 2023-07-07 -- 2023-07-07 - AgentTesla data dump
• 2023-07-04 -- 30 days of Formbook: Chronological list of posts
• 2023-07-04 -- 30 days of Formbook: Day 30, Tue 2023-07-04 - "MF6W"
• 2023-07-03 -- 30 days of Formbook: Day 29, Mon 2023-07-03 - GuLoader Formbook "AU22"
• 2023-07-02 -- 30 days of Formbook: Day 28, Sun 2023-07-02 - "SY18"
• 2023-07-01 -- 30 days of Formbook: Day 27, Sat 2023-07-01 - "NES8"

• 2023-06-30 -- 30 days of Formbook: Day 26, Fri 2023-06-30 - "S28Y"
• 2023-06-29 -- 30 days of Formbook: Day 25, Thu 2023-06-29 - "CS94"
• 2023-06-28 -- IcedID (Bokbot) activity
• 2023-06-28 -- 30 days of Formbook: Day 24, Wed 2023-06-28 - "RX63"
• 2023-06-27 -- 30 days of Formbook: Day 23, Tue 2023-06-27 - "FGH2"
• 2023-06-26 -- Files for an ISC diary (loader-style infection for Remcos RAT)
• 2023-06-26 -- 30 days of Formbook: Day 22, Mon 2023-06-26 - "G0E8"
• 2023-06-25 -- 30 days of Formbook: Day 21, Sun 2023-06-25 - "CX01"
• 2023-06-24 -- 30 days of Formbook: Day 20, Sat 2023-06-24 - version 3.8 "P1A4"
• 2023-06-23 -- 30 days of Formbook: Day 19, Fri 2023-06-23 - "P1A4"
• 2023-06-22 -- 30 days of Formbook: Day 18, Thu 2023-06-22 - "K2L0"
• 2023-06-22 -- Files for an ISC diary (obama271 Qakbot)
• 2023-06-21 -- 30 days of Formbook: Day 17, Wed 2023-06-21 - ModiLoader XLoader "NVP4"
• 2023-06-20 -- 30 days of Formbook: Day 16, Tue 2023-06-20 - "F1W6"
• 2023-06-19 -- 30 days of Formbook: Day 15, Mon 2023-06-19 - "CE18"
• 2023-06-18 -- 30 days of Formbook: Day 14, Sun 2023-06-18 - "JY05"
• 2023-06-17 -- 30 days of Formbook: Day 13, Sat 2023-06-17 - "MR04"
• 2023-06-16 -- 30 days of Formbook: Day 12, Fri 2023-06-16 - "TFGP" (ISC diary)
• 2023-06-15 -- 30 days of Formbook: Day 11, Thu 2023-06-15 - "GA94"
• 2023-06-14 -- 30 days of Formbook: Day 10, Wed 2023-06-14 - "J0C7"
• 2023-06-13 -- 30 days of Formbook: Day 9, Tue 2023-06-13 - XLoader "MD8S"
• 2023-06-12 -- 30 days of Formbook: Day 8, Mon 2023-06-12 - "EE2Q"
• 2023-06-11 -- 30 days of Formbook: Day 7, Sun 2023-06-11 - "XCHU"
• 2023-06-10 -- 30 days of Formbook: Day 6, Sat 2023-06-10 - "SN84"
• 2023-06-09 -- 30 days of Formbook: Day 5, Fri 2023-06-09 - GuLoader Formbook "V16R"
• 2023-06-08 -- 30 days of Formbook: Day 4, Thu 2023-06-08 - "T30K"
• 2023-06-07 -- 30 days of Formbook: Day 3, Wed 2023-06-07 - "AE30"
• 2023-06-06 -- 30 days of Formbook: Day 2, Tue 2023-06-06 - "CG62"
• 2023-06-05 -- 30 days of Formbook: Day 1, Mon 2023-06-05 - "HE2A"

• 2023-05-29 -- Pcap and malware for ISC Diary (ModiLoader/Remcos RAT)
• 2023-05-24 -- Bye Bye Pikabot... We're back to Qak!  (obama264 Qakbot infection)
• 2023-05-23 -- Pikabot infection with Cobalt Strike
• 2023-05-22 -- Pikabot infection with Cobalt Strike
• 2023-05-17 -- Knock knock... Guess who? It's Pikabot!
• 2023-05-10 -- IcedID (Bokbot) infection with Cobalt Strike & Keyhole VNC
• 2023-05-10 -- obama262 Qakbot (Qbot) infection with Cobalt Strike & Dark Cat VNC
• 2023-05-02 -- obama259 Qakbot (Qbot) infection with Dark Cat VNC

• 2023-04-19 -- Quick post: Qakbot (Qbot) activity, distribution tags BB24 and obama254
• 2023-04-14 -- Quick post: IcedID (Bokbot) activity
• 2023-04-13 -- Metastealer infection
• 2023-04-12 -- Quick Post: Qakbot (Qbot), Distribution Tag obama251
• 2023-04-03 -- IoC update: Qakbot (Qbot) TCP port 65400 traffic changes IP address

• 2023-03-31 -- Quick post: Qakbot (Qbot), obama247 distribution tag
• 2023-03-24 -- IcedID (Bokbot) with BackConnect traffic and Cobalt Strike
• 2023-03-22 -- Emotet Epoch 4 activity
• 2023-03-17 -- Emotet Epoch 5 activity
• 2023-03-16 -- Epoch 5 activity: Emotet now also using OneNote files
• 2023-03-08 -- IcedID (Bokbot) infection with BackConnect & Keyhole VNC
• 2023-03-07 -- Emotet infection with spambot traffic
• 2023-03-06 -- Gozi (ISFB/Ursnif) activity targeting Italy
• 2023-03-02 -- Rig EK --> malware loader --> Redline Stealer

• 2023-02-27 -- Pcap for an ISC diary (BB17 Qakbot)
• 2023-02-23 -- Files for ISC Diary: URL files & WebDAV used for IcedID (Bokbot)
• 2023-02-13 -- IcedID (Bokbot) from fake Microsoft Teams page
• 2023-02-07 -- OneNote file pushes unidentified malware
• 2023-02-03 -- DEV-0569: Google ad --> "FakeBat" Loader --> Redline Stealer & Gozi/ISFB

• 2023-01-31 -- BB12 Qakbot (Qbot) infection with Cobalt Strike and Dark Cat VNC
• 2023-01-23 -- Google Ad --> Fake AnyDesk page --> possible TA505 activity
• 2023-01-18 -- Google Ad --> Fake Libre Office page --> IcedID (Bokbot) --> Cobalt Strike
• 2023-01-16 -- IcedID (Bokbot) with Backconnect, Keyhole VNC and Cobalt Strike
• 2023-01-16 -- Google Ad --> Fake 7-Zip page --> Malicious .msi file
• 2023-01-12 -- IcedID (Bokbot) infection with Cobalt Strike
• 2023-01-05 -- Infection from AgentTesla variant, possibly OriginLogger
• 2023-01-04 -- Astaroth (Guildma) malware infections
• 2023-01-03 -- Google ad --> fake Notepad++ page --> Rhadamanthys Stealer

 

Click here to return to the main page.