2025-01-28: Malwre infection from web inject activity 2025-01-28 (TUESDAY): MALWARE INFECTION FROM WEB INJECT ACTIVITYNOTES:Zip files are password-... 2025-1-29 04:53:0 | 阅读: 21 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxps kongtuke inject gholish captcha

2025-01-23: Fake installer leads to Koi Loader/Koi Stealer 2025-01-23 (THURSDAY): FAKE INSTALLER LEADS TO KOI LOADER/KOI STEALERNOTES:Zip files are pass... 2025-1-28 00:53:0 | 阅读: 7 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxp php flocking koi wp

2025-01-22: Traffic Analysis Exercise - Download from fake software site 2025-01-22 - TRAFFIC ANALYSIS EXERCISE: DOWNLOAD FROM FAKE SOFTWARE SITEASSOCIATED FILE:Zip a... 2025-1-23 18:18:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net windows client analysis

2025-01-21: Quick post for Koi Loader/Koi Stealer activity 2025-01-21 (TUESDAY): QUICK POST FOR KOI LOADER/KOI STEALER ACTIVITYNOTES:Zip files are passw... 2025-1-23 05:48:0 | 阅读: 3 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net koi stealer loader 225 796

2025-01-13: KongTuke campaign leads to infection abusing BOINC platform 2025-01-13 (MONDAY): KONGTUKE CAMPAIGN LEADS TO INFECTION ABUSING BOINC PLATFORMNOTES:Zip fil... 2025-1-13 23:59:0 | 阅读: 0 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net kongtuke boinc unit42 inkv

2025-01-09: CVE-2017-0199 XLS --> HTA --> VBS --> steganography --> DBatLoader/GuiLoader style malware 2025-01-09 (THURSDAY): CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GUILOAD... 2025-1-11 07:23:0 | 阅读: 8 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net 0199 dbatloader xls unit42

2025-01-04: Four days of scans and probes and web traffic hitting my web server 2025-01-04 (SATURDAY): FOUR DAYS OF SCANS AND PROBES AND WEB TRAFFIC HITTING MY WEB SERVERNOTES:... 2025-1-5 05:33:0 | 阅读: 5 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hitting probes 546 518 saturday

2024-12-18 - One week of server scans and probes and web traffic 2024-12-18 (WEDNESDAY): ONE WEEK OF SERVER SCANS AND PROBES AND WEB TRAFFICNOTES:Zip files ar... 2024-12-19 20:47:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net probes 741 908 wednesday

2024-12-17 - SmartApeSG injected script leads to NetSupport RAT 2024-12-17 (TUESDAY): SMARTAPESG INJECTED SCRIPT LEADS TO NETSUPPORT RATNOTES:Zip files are p... 2024-12-17 04:47:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxps depostsolo biz netsupport smartapesg

2024-12-04 - AgentTesla variant using FTP 2024-12-04 (WEDNESDAY): AGENTTESLA VARIANT USING FTPNOTES:Zip files are password-protected.... 2024-12-5 08:45:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net agenttesla wednesday windows bsky

2024-11-26 - Traffic Analysis Exercise: Nemotodes 2024-11-26 - TRAFFIC ANALYSIS EXERCISE: NEMOTODESASSOCIATED FILES:Zip archive of the pcap:  2... 2024-11-28 14:15:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net nemotodes analysis answers 297 facility

2024-11-24 - Redline bash script for Linux malware 2024-11-24 (SUNDAY): "REDTAIL" BASH SCRIPT FOR LINUX MALWARENOTES:Zip files are password-prot... 2024-11-25 12:35:0 | 阅读: 2 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net redtail probes hxxp 179 236

2024-11-14 - Raspberry Robin infection using WebDAV server 2024-11-14 (THURSDAY): RASPBERRY ROBIN INFECTION USING WEBDAV SERVERNOTES:Zip files are passw... 2024-11-15 10:32:0 | 阅读: 0 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net raspberry robin webdav unit42 saz

2020-12-08 - Files for an ISC diary (recent Qakbot activity) 2020-12-08 - FILES FOR AN ISC DIARY (RECENT QAKBOT ACTIVITY)NOTES:The ISC diary is for Wednes... 2020-12-09 13:43:00 | 阅读: 204 | 收藏 | www.malware-traffic-analysis.net qakbot isc diary qbot malspam

2020-12-07 - Qakbot (Qbot) infection with Cobalt Strike (Beacon) and spambot activity 2020-12-07 - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE (BEACON) AND SPAMBOT ACTIVITYASSOCIATED... 2020-12-08 11:28:00 | 阅读: 249 | 收藏 | www.malware-traffic-analysis.net qakbot spambot cobalt malspam qbot

2020-12-03 - TA551 (Shathak) Word docs with Italian template send Ursnif (Gozi/ISFB) with Pushdo 2020-12-03 - TA551 (SHATHAK) WORD DOCS WITH ITALIAN TEMPLATE SEND URSNIF WITH PUSHDOASSOCIATED F... 2020-12-04 12:43:00 | 阅读: 167 | 收藏 | www.malware-traffic-analysis.net ta551 ursnif pushdo italian malspam

2020-12-03 - Pcap and malware for an ISC diary (traffic analysis quiz) 2020-12-03 - PCAP AND INFO FOR AN ISC DIARY (TRAFFIC ANALYSIS QUIZ)NOTES:The ISC diary is for... 2020-12-04 08:50:00 | 阅读: 235 | 收藏 | www.malware-traffic-analysis.net quiz analysis 565 diary isc

2020-11-23 - Quick post: Hancitor infection with Cobalt Strike 2020-11-23 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKEASSOCIATED FILES2020-11-23-Hanc... 2020-11-25 10:17:00 | 阅读: 232 | 收藏 | www.malware-traffic-analysis.net hancitor 944 cobalt 382 malspam

2020-11-24 - TA551 (Shathak) Word docs with English template push IcedID 2020-11-20 - TA551 (SHATHAK) WORD DOCS WITH ENGLISH TEMPALTE PUSH ICEDIDASSOCIATED FILES2020-... 2020-11-25 08:50:00 | 阅读: 174 | 收藏 | www.malware-traffic-analysis.net ta551 icedid malspam artifacts 415

2020-11-20 - TA551 (Shathak) Word docs with Japanese template push IcedID 2020-11-20 - TA551 (SHATHAK) WORD DOCS WITH JAPANESE TEMPALTE PUSH ICEDIDASSOCIATED FILES2020... 2020-11-21 08:42:00 | 阅读: 210 | 收藏 | www.malware-traffic-analysis.net ta551 icedid artifacts malspam infections