Malware-Traffic-Analysis.net - My technical blog posts - 2014

[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023]

2014-12-26 -- Follow-up to my guest diary for the Internet Storm Center (ISC)
2014-12-25 -- Nuclear EK from Windigo Group - 67.215.1.162
2014-12-18 -- Nuclear EK from 178.62.255.107 - woxepityfillo.cf
2014-12-17 -- Fiesta EK from 92.63.88.61 - nrkuktxvn.myftp.org
2014-12-16 -- Phishing email - Subject: Note D-57022RI-4035
2014-12-15 -- Nuclear EK from 95.85.23.178 - fourkopoll.co.vu
2014-12-13 -- Gondad (Gong da) EK from 211.202.2.110 - comm.sansung.org
2014-12-12 -- Ransomware infection after Nuclear EK from 128.199.52.211
2014-12-11 -- Asprox botnet phishing campaign - Subject: Facebook password change
2014-12-10 -- Windigo group uses Nuclear EK from 128.199.48.110 - seventhnamed.co.vu
2014-12-07 -- Neutrino EK from 23.105.11.105 - eytmxgnqlm.nirval.eu:8823
2014-12-05 -- Upatre/Dyre campaign - Subject: Video shows Norwegian fighter pilot's
2014-12-03 -- Phishing email - Subject: Auffällige Kontobewegung
2014-12-01 -- New version of Neutrino EK from 107.191.118.231 and 168.235.69.123

2014-11-30 -- Gondad (Gong da) EK from 211.171.231.194 - www.hwashinshop.com
2014-11-26 -- Sandworm sample
2014-11-22 -- Angler EK from 94.23.35.86 - wojciktypeinfoptrset.lohrakupunktur.de
2014-11-21 -- Fake anti-virus: Windows AntiBreach Module
2014-11-20 -- Threatglass has 5 examples of Magnitude EK since yesterday
2014-11-19 -- Fiesta EK from 205.234.186.110 - bitmp3search.in
2014-11-18 -- Volumebass.com kicked off infection chain for Sweet Orange EK
2014-11-15 -- Vastkid.com generated Sweet Orange gate and failed Rig EK infection
2014-11-15 -- Angler EK from 5.196.189.147 - verspeisegraveer.catmitzvah.com
2014-11-14 -- Angler EK from 131.72.138.141 - asd.songkillerbong.ru
2014-11-14 -- Phishing email causes CryptoWall 2.0 infection
2014-11-13 -- Phish - Subject: You have received a new secure message from BankLine
2014-11-13 -- Fiesta EK from 205.234.186.110 - betamedsearch.in
2014-11-12 -- Asprox botnet fake Starbucks emails - delivered Sirius Win 7 Antivirus 2014
2014-11-11 -- Angler EK uses different obfuscation for the malware payload
2014-11-10 -- Angler EK from 94.23.50.217 - pompezne1-buddh.seek4autos.com
2014-11-08 -- Phishing messages with links to fake webmail login pages
2014-11-06 -- Nuclear EK sends Silverlight exploit as a Flash file
2014-11-05 -- Phishing email - Subject: invoices and payment copy attached
2014-11-02 -- Angler EK from 5.196.176.167 - faengelshazier.netgouv.com
2014-11-01 -- Fiesta EK from 205.234.186.109 - conocarpusgeorgsimonohm.us

2014-10-31 -- Phishing email - Subject: Your Fedex Rewards Has Been Shipped
2014-10-30 -- FlashPack EK from 188.227.172.106 - kethanlingtoro.eu
2014-10-30 -- 32x32 gate leads to Angler EK - no fake pop-up as before with these gates
2014-10-29 -- Asprox botnet serving Starbucks coffee
2014-10-28 -- Asprox botnet serving free pizza
2014-10-27 -- Sweet Orange EK from 38.84.134.199
2014-10-27 -- Phishing email - Subject: Payment via Western Union
2014-10-26 -- Fiesta EK from 205.234.186.109 - hematitetekki.biz
2014-10-10 -- Out for the next two weeks or so
2014-10-09 -- Magnitude EK from 178.32.82.137
2014-10-08 -- Phishing email - Subject: Fw:Order Inquiry
2014-10-07 -- Phishing campaign - Subject: You have a voice message
2014-10-06 -- Sweet Orange EK from 8.28.175.75 port 15106
2014-10-06 -- Rotator generates Angler EK on 5.135.230.183 - 7dws8yz0k2.sdiouvb.com
2014-10-05 -- Rig EK from 37.200.69.87 - contact.collegemotorsltd.com
2014-10-04 -- Rig EK and Upatre from phishing emails
2014-10-03 -- Phishing campaign - Incoming fax reports - fake HMRC tax notices
2014-10-03 -- Sweet Orange EK from 8.28.175.74 port 17767
2014-10-02 -- Phishing email - Subject: Job in financial service
2014-10-02 -- Angler EK from 66.172.27.117 - asd.bingevomitsyndromesexy.net
2014-10-01 -- 32x32 gate leading to Angler EK on 66.172.27.117 - asd.crossheading.us
2014-10-01 -- Malware from fake IRS notification causes "CryptoWall 2.0" infection

2014-09-30 -- Phishing email - Subject: Requirement.
2014-09-30 -- Fiesta EK from 64.202.116.153 - affineairforce.us
2014-09-29 -- Nuclear EK delivers digitally-signed CryptoWall malware
2014-09-28 -- Null Hole EK from 162.244.33.39 - poolie.vvk49.com
2014-09-27 -- 32x32 gate to Angler EK on 66.172.12.231
2014-09-26 -- Phishing campaign - Subject: Transaction not complete
2014-09-26 -- 32x32 gate to Angler EK on 162.248.243.78 - qwe.tributarykamarupan.us
2014-09-25 -- Sweet Orange EK from 8.28.175.67 port 10016
2014-09-24 -- Fiesta EK from 104.28.6.73 - eoxsc.kulawyn.in
2014-09-24 -- Phishing campaign - Subject: Overdue Payment: 884272725375713
2014-09-23 -- Rig EK from 178.132.203.26 - mdif.boroughventuremenswear.com
2014-09-22 -- Phishing email - Subject: NatWest Statement
2014-09-22 -- Angler EK from 192.99.197.134 - asd.singularitymusculusintercostalis.us
2014-09-21 -- Nuclear EK from 176.58.112.200 - agelpirostan.nemissa.info
2014-09-19 -- Sweet Orange EK from 8.28.175.67 port 17982
2014-09-18 -- Phishing campaign - NatWest and fake fax messages
2014-09-18 -- 2 different Fiesta EK infections triggered by same compromised website
2014-09-17 -- Phishing email - Subject: You have a voice message
2014-09-16 -- Phishing links to Angler EK - Subject: [IMPORTANT] Invoice overdue
2014-09-16 -- Nuclear EK from 80.85.87.179 - oflatiras.videosdeanimais.com.br
2014-09-15 -- Fiesta EK from 64.202.116.152 - ypillow.in.ua
2014-09-13 -- Phishing campaign - Subject: M & M Kitchen Appliances - INV211457
2014-09-12 -- Nuclear EK sends Silverlight exploit
2014-09-11 -- Asprox botnet phishing campaign - Subject: Home Delivery Notification
2014-09-11 -- Sweet Orange EK from 87.118.126.94 port 9290
2014-09-10 -- BizCN gate actor's gate on 75.102.9.195 points to Magnitude EK
2014-09-09 -- Apsrox botnet phishing emails - Delta Airlines
2014-09-09 -- Rig EK from 178.132.204.97 - sdfi.apartmentperch.com
2014-09-09 -- (Fileless infection by) Angler EK from 46.105.140.56 port 8080
2014-09-08 -- Nuclear EK from 151.236.216.177 - bubleroska.smart-simchah.com
2014-09-08 -- Fileless infection by Angler EK from 5.196.36.99 port 8080
2014-09-07 -- New patterns in Fiesta EK from 104.28.22.24 & 104.28.23.24
2014-09-06 -- Rig EK from 178.132.203.113 - kwi.amulet-am.com
2014-09-05 -- Asprox botnet phishing email - Subject: Postal Notification
2014-09-05 -- Sweet Orange EK - 8.28.175.69 port 9290
2014-09-04 -- Phishing campaign - Subject: FedEx | Shipping Notification Update
2014-09-04 -- Nuclear EK from 80.85.84.188 - afridun.autoth.com
2014-09-04 -- Sweet Orange EK from 38.84.134.208 port 17982
2014-09-03 -- Phishing campaign - Subject: NDR Bill
2014-09-03 -- Phishing email - Subject: 1 New Voicemail(s)
2014-09-03 -- Nuclear EK from 80.85.84.142 - giodulder.laurentiucozma.ro
2014-09-02 -- Phishing campaign - Subject: Order no. [10- or 11-digit number]
2014-09-01 -- Rig EK from 5.231.72.115 - nuaysuq.planeimpressions.com
2014-09-01 -- Phishing email - Subject: Statement as at 01/09/2014

2014-08-31 -- Fiesta EK from 64.202.116.154 - wiezersf.in.ua
2014-08-30 -- FlashPack EK from 188.40.249.74 - vbsaiord.arm.ee
2014-08-29 -- Phishing email - Subject: NEW ORDER BY AIR
2014-08-29 -- Asprox botnet phishing email - Subject: Notice of court attendance
2014-08-29 -- Sweet Orange EK from 95.163.121.188 port 16122
2014-08-28 -- Nuclear EK from 80.85.85.71 - nanoraifa.loosecannon.info
2014-08-27 -- Sweet Orange EK from 95.163.121.188 - cdn.tequilaspectator.com:16122
2014-08-26 -- Fiesta EK from 64.202.116.154 - wklockes.in.ua
2014-08-25 -- Nuclear EK from 178.32.92.105 - map.sweetfrogsalisbury.net
2014-08-25 -- Sweet Orange EK - 95.163.121.188 port 16122
2014-08-24 -- Fiesta EK from 64.202.116.154 - sbzrsvi.ddnsking.com
2014-08-22 -- Fiesta EK from 64.202.116.154 - qopqop.in.ua
2014-08-22 -- Unknown exploit kit from 76.74.157.161 - www.pizzanetp.com
2014-08-22 -- Nuclear EK from 87.117.255.66 - limited.marriageamericanet.com
2014-08-21 -- Phishing email - Subject: Re:deposit payment
2014-08-21 -- Sweet Orange EK from 95.163.121.188
2014-08-21 -- FlashPack EK - 178.79.153.5 & 85.159.214.193
2014-08-20 -- Sweet Orange EK from 95.163.121.188
2014-08-19 -- Fiesta EK from 64.202.116.154 - quatro.in.ua
2014-08-18 -- Asprox botnet phishing email - Subject: Payment for driving on a toll road
2014-08-18 -- Sweet Orange EK from 95.163.121.188 - google.chagwichita.com:16122
2014-08-17 -- Nuclear EK from 176.58.126.215 - gegosima.rubiaguru.com.ar
2014-08-16 -- Angler EK from 188.120.243.32 - 112lbjkxpv.adwpobi.com
2014-08-15 -- Magnitude EK from 212.38.166.26 - reluctantrid.in
2014-08-14 -- Phishing Email - Subject: RE: Account documents have been uploaded
2014-08-14 -- Fiesta EK from 217.79.191.87 - pokrduof.servepics.com
2014-08-13 -- phishing emails with links to malware hosted on copy.com
2014-08-12 -- Nuclear EK from 94.229.64.231 - intl.echristiancare.co
2014-08-11 -- Porn-related subdomains of sourceforge.net lead to FlashPack EK
2014-08-09 -- Fiesta EK from 64.202.116.154 - qlokks.in.ua
2014-08-08 -- Phishing email - Subject: New Request for an offer
2014-08-08 -- Phishing email - Subject: RE: PURCHASE ORDER
2014-08-08 -- FlashPack EK from 77.78.104.96
2014-08-06 -- Nuclear EK from 94.229.64.227 - ibiz.counselingmoments.com
2014-08-01 -- Magnitude EK - 193.169.245.148
2014-08-01 -- Phishing email - Subject: debt
2014-08-01 -- Nuclear EK from 85.159.213.246 - paraletas.patmos-star.com

2014-07-30 -- FlashPack EK from 85.159.214.181 (no domain name)
2014-07-30 -- Phishing email - Subject: FW : Payment Slip
2014-07-30 -- Rig EK from 194.58.101.116 - finish.resinbonding.com
2014-07-29 -- Phishing email - Subject: Invoice (#9849839)
2014-07-28 -- Angler EK from 66.96.246.143 - 02s.ylukodorsaieaql.org
2014-07-27 -- Fiesta EK from 64.202.116.156 - abyabyab.in.ua
2014-07-26 -- Rig EK from 194.58.101.51 - welcome.shiraztshirts.com
2014-07-25 -- Phishing email - dropped CryptoWall - Subject: RE: Important Documents
2014-07-25 -- Rig EK from 194.58.101.49 - welcome.shopsthatgivea.com
2014-07-24 -- Sweet Orange EK from 94.185.82.194 port 16122
2014-07-23 -- FlashPack EK from 178.79.165.213 - dronikaso.denisephotographer.com
2014-07-22 -- Asprox botnet fake E-ZPass phishing emails
2014-07-22 -- Fiesta EK from 62.212.73.198 - eymjjyebo.myftp.org
2014-07-21 -- Rig EK from 37.200.65.4 - welcome.stovepipedinners.com
2014-07-20 -- Fiesta EK from 62.212.73.198 - wgxjvd.myftp.biz
2014-07-19 -- FlashPack EK from 88.80.191.252 - dudelakos.allcarsmechanical.com
2014-07-19 -- Nuclear EK from 79.133.219.121 - 141320960-6.easypotent.co.vu
2014-07-18 -- FlashPack EK from 88.80.186.247 - pistoleor.tustilo.com.ar
2014-07-16 -- Phishing email - Subject: Hoovers Order (Urgent!)
2014-07-15 -- Magnitude EK from 5.133.179.166
2014-07-14 -- Rig EK from 46.182.27.166 and 178.132.203.218
2014-07-12 -- Angler EK from 192.200.105.130 - three.pasertsion.co.uk
2014-07-11 -- fake purchase invoice phishing emails
2014-07-11 -- Angler EK from 192.154.110.237 - 41n.degowodyx.com
2014-07-10 -- Asprox botnet fake court case phishing emails
2014-07-10 -- Nuclear EK from 93.189.40.229 - gumeno.yahooaple.com
2014-07-09 -- Fiesta EK from 64.202.116.156 - gpoison.in.ua
2014-07-09 -- Asprox botnet fake funeral announcement phishing emails
2014-07-09 -- Zuponcic EK from 178.33.152.221 - mz.watchweedsepisodes.net
2014-07-08 -- Asprox botnet fake E-ZPass phishing emails
2014-07-08 -- Sweet Orange EK from 94.185.82.199 port 16122 - cdn.ahastore.net:16122
2014-07-04 -- Nuclear EK from 5.135.211.48 - edc.virtualtravelevents.net
2014-07-03 -- Nuclear EK sends CryptoWall from 23.29.118.27
2014-07-02 -- recent Asprox botnet phishing emails
2014-07-02 -- fake Flash installer hosted on 191.238.33.50 - update1.azurewebsites.net

2014-06-30 -- Infinity EK from 188.65.113.171 - d7hosting.com
2014-06-29 -- Magnitude EK from 64.187.226.183
2014-06-28 -- Sweet Orange EK from 94.185.80.43 port 8590
2014-06-27 -- Nuclear EK from 87.117.255.187 - developers.travelforward.de
2014-06-26 -- Fiesta EK from 64.202.116.151 - ftpnrock.in.ua
2014-06-25 -- Nuclear EK from 185.14.31.37
2014-06-24 -- Magnitude EK - 64.187.226.178
2014-06-24 -- Angler EK from 149.3.138.235 - postingdromeringsland.net
2014-06-23 -- FlashPack EK from 46.21.159.163
2014-06-23 -- another fake Costco phishing email
2014-06-22 -- Nuclear EK from 5.101.140.53 - crowdfunding.mazatlan-mazters.com
2014-06-21 -- Fiesta EK from 64.202.116.151 - ferzypsy.in.ua
2014-06-20 -- 32x32 gate to Angler EK on 107.181.246.213 - l7qrz.honigiwace.info
2014-06-19 -- Nuclear EK from 5.135.28.118 - 2624633428-6.disbarmentscore.co7.us
2014-06-18 -- fake Flash installer hosted on 191.238.33.50
2014-06-17 -- Magnitude EK from 212.38.166.94
2014-06-16 -- FlashPack EK from 46.21.159.160 - change in URL patterns
2014-06-15 -- Nuclear EK from 5.45.179.4 - certificat.englewoodfloridarealtor.com
2014-06-14 -- Fiesta EK from 64.202.116.151 - deastome.in.ua
2014-06-13 -- fake Flash updater hosted on Google Drive
2014-06-12 -- CVE-2014-0515 exploit from Sweet Orange EK - 82.118.17.172 port 16122
2014-06-11 -- Fiesta EK from 64.202.116.151 - dotcomor.in.ua
2014-06-10 -- FlashPack EK from 192.71.151.14
2014-06-09 -- Nuclear EK from 185.10.57.167 - bt.realwestchestercounty.com
2014-06-08 -- Infinity EK from 46.226.194.6 - elitecad.gr
2014-06-07 -- Fiesta EK from 85.25.20.27 - rukmnqyegt.redirectme.net
2014-06-06 -- CVE-2014-0515 exploit from FlashPack EK - 176.9.117.170
2014-06-05 -- Fiesta EK from 64.202.116.151 - dogintoo.in.ua
2014-06-04 -- Infinity EK from 173.236.152.199 - bcreativeworks.com
2014-06-03 -- Angler EK from 85.25.43.60 port 2980
2014-06-02 -- Angler EK from 142.4.206.136 - weaverfinch.sociolizer.com
2014-06-02 -- Nuclear EK from 93.189.40.43 - grozam.hiperjogos.info
2014-06-01 -- Infinity EK from 89.184.75.186 - apteka-tas.com.ua

2014-05-30 -- Rig EK from 46.182.24.37 - whatsuupp.co.vu
2014-05-29 -- FlashPack EK from 37.230.117.89 - fahhdfg.uyy95.com
2014-05-28 -- Angler EK and another CryptoWall sample
2014-05-27 -- Fiesta EK from 64.202.116.151 - betters.in.ua
2014-05-26 -- Nuclear EK from 192.243.115.146
2014-05-25 -- Angler EK from 192.99.41.165 - denoting.centrixsf.com
2014-05-24 -- FlashPack EK from 62.212.128.199
2014-05-23 -- Blackhole EK from 109.120.173.4 - black1.wha.la
2014-05-23 -- Angler EK from 91.185.215.137 - dgw.tumijilpwq.net
2014-05-22 -- Fiesta EK from 64.202.116.151 - busiuse.in.ua - 3 examples
2014-05-21 -- Sweet Orange EK from 93.171.173.173
2014-05-21 -- Fiesta EK from 64.202.116.151 - bizzess.in.ua
2014-05-20 -- Rig EK from 144.76.118.124 - voorelkaarinzuid.nl
2014-05-19 -- fake Flash updater hosted on dl.dropboxusercontent.com
2014-05-19 -- FlashPack EK from 95.154.246.90
2014-05-18 -- Fiesta EK from 69.64.58.165 - oxqbce.redirectme.net
2014-05-17 -- fake Flash updater hosted on 23.91.112.4 - preud-homme.be
2014-05-16 -- Nuclear EK from 37.157.250.13 - hospitality.medicalbodydonations.org
2014-05-16 -- Rig EK from 141.101.116.236 - restartbee.ml
2014-05-14 -- Rig EK from 141.101.116.240 - alterbee.cf
2014-05-14 -- Today's fake Flash updater hosted on Microsoft OneDrive
2014-05-13 -- 32x32 gate to Angler EK on 173.212.223.243 - one.fdsfgsgdvsd.biz
2014-05-13 -- Nuclear EK from 37.157.250.10 - full.409cremate.com
2014-05-12 -- Fiesta EK from 69.64.58.165 - hkjsejlh.servequake.com
2014-05-11 -- Today's fake Flash updater hosted on Microsoft OneDrive
2014-05-11 -- FlashPack EK from 82.146.41.116 - dg9sdgykl.trade-e.com
2014-05-10 -- RIG Exploit Pack from 141.101.116.87 - buiadnaiuayf.ml
2014-05-09 -- Fiesta EK from 205.234.214.168 - 9xgerh0.dimatur.pt
2014-05-08 -- Nuclear EK - 2 examples started by same URL - Java exploit changing daily
2014-05-07 -- 32x32 character gates and Angler EK
2014-05-07 -- RIG Exploit Pack from 108.162.199.251 - favoros19.info
2014-05-06 -- FlashPack EK from 89.121.252.70 - lchhmba.com
2014-05-05 -- Sweet Orange EK from 93.171.173.113 - 124124.ttl60.com
2014-05-04 -- Angler EK from 209.159.153.186 - three.mdfckel.biz
2014-05-03 -- Another fake Flash updater hosted on Microsoft OneDrive
2014-05-02 -- Magnitude EK from 193.169.245.11
2014-05-02 -- Angler EK from 64.120.207.245 - jdg.gogexycohunsds.net
2014-05-01 -- Magnitude EK from 193.169.245.10
2014-05-01 -- Angler EK from 84.82.69.94 - 51m9o.licitajyjanyswed.info

2014-04-30 -- fake Flash player from 87.98.146.123
2014-04-30 -- Magnitude EK from 193.169.245.10 - safehe.in
2014-04-29 -- Angler EK from 66.96.246.151 - ugwpc.bimowamokykpps.net
2014-04-29 -- Today's fake Flash updater hosted on Microsoft OneDrive
2014-04-28 -- Angler EK from 85.10.220.153 (fuminexyveqccs.com and skwosh.eu)
2014-04-28 -- fake Flash updater hosted on Microsoft OneDrive IP addresses
2014-04-27 -- Nuclear EK from 95.211.128.101 - babyserr.ru
2014-04-26 -- Magnitude EK from 193.169.245.5 - feelchips.in
2014-04-24 -- fake Flash update from 217.26.210.127 points to Microsoft OneDrive IP
2014-04-23 -- Goon/Infinity EK from 89.161.140.32 and 59.106.13.213
2014-04-22 -- Angler EK from 69.39.239.233 and 23.110.194.99
2014-04-20 -- Sweet Orange EK from 195.16.88.159 port 9290 - Flash and Java exploits
2014-04-18 -- Fiesta EK from 64.202.116.158 - cpdels.in.ua - Flash/Silverlight/Java exploits
2014-04-17 -- FlashPack EK from 178.33.85.108 - gecekiyafetleri.gen.tr
2014-04-17 -- Magnitude EK from 67.196.3.69 - referredknew.in
2014-04-16 -- Magnitude EK from 67.196.3.67 - poundswhose.in
2014-04-16 -- Fiesta EK from 64.202.116.158 - cryriv.in.ua - Flash/Silverlight/Java exploits
2014-04-15 -- Magnitude EK from 67.196.3.66 - suggestinglots.in
2014-04-15 -- Fun with Goon/Infinity EK
2014-04-14 -- Magnitude EK from 67.196.3.65 - MSIE exploit - 6 malware payloads
2014-04-13 -- FlashPack EK from 176.102.37.55 - weoikcus.org - Java exploit
2014-04-12 -- FlashPack EK from 176.102.37.55 - kliftpres.com - MSIE/Java/Flash exploits
2014-04-11 -- Fiesta EK from 64.202.123.50 - 11imaw1.dimatur.pt
2014-04-10 -- Nuclear EK from 198.50.253.235 - treywoo.ru
2014-04-09 -- Nuclear EK from 142.4.194.92 - foyilleavrt.ru
2014-04-08 -- Fiesta EK uses a Flash exploit
2014-04-07 -- Nuclear EK from 142.4.194.72 - dysteriew.ru
2014-04-06 -- Goon/Infinity EK
2014-04-05 -- Fiesta EK
2014-04-04 -- Fiesta EK
2014-04-03 -- FlashPack EK
2014-04-02 -- Goon/Infinity EK payload generates traffic to OneDrive.Live.com
2014-04-01 -- Fiesta EK - 3 examples

2014-03-29 -- FlashPack EK
2014-03-28 -- Fiesta EK uses MSIE, Silverlight, and Java exploits
2014-03-27 -- Nuclear EK
2014-03-26 -- Fiesta EK
2014-03-25 -- Magnitude EK uses IE exploit CVE-2013-2551
2014-03-24 -- Three different VM infections
2014-03-23 -- Angler EK uses Flash exploit
2014-03-22 -- Fiesta EK - Comparing how Silverlight and Java deliver the same malware
2014-03-19 -- Goon/Infinity EK
2014-03-18 -- Fiesta EK
2014-03-17 -- Zuponcic EK
2014-03-16 -- Fiesta EK uses IE and Java exploits
2014-03-15 -- Styx EK drops Simda, Bitcoin miner, and more
2014-03-14 -- Goon/Infinity EK
2014-03-13 -- Fiesta EK delivers click fraud trojan
2014-03-12 -- Magnitude EK uses IE exploit
2014-03-10 -- Goon/Infinity EK sends bitcoin miner
2014-03-09 -- Two examples of Fiesta EK traffic - one failed, the other successful
2014-03-08 -- .htaccess redirect to adultfriendfinder.com and Neutrino EK
2014-03-07 -- Goon/Infinity EK delivers Zbot-style trojan
2014-03-06 -- Malicious Android app
2014-03-05 -- Gate/Redirect URLs lead to Goon/Infinity EK
2014-03-04 -- Hello Exploit Kit
2014-03-02 -- Fiesta EK uses MSIE, Silverlight, and Java exploits
2014-03-01 -- Nuetrino EK uses Silverlight exploit

2014-02-28 -- Fiesta EK uses CVE-2013-2465 Java exploit
2014-02-27 -- Angler EK - another example
2014-02-26 -- Angler EK delivers Graftor/Zbot variant
2014-02-23 -- Neutrino EK uses Silverlight exploit
2014-02-22 -- Three infection chains from one compromised website
2014-02-21 -- Fiesta EK uses MSIE, Silverlight, and Java exploits
2014-02-19 -- Phishing email links ending with 1.html now redirecting to Goon EK
2014-02-18 -- Fiesta EK - Java exploit and two pieces of malware
2014-02-13 -- Goon EK delivers malware, causes Asprox alerts
2014-02-12 -- Compromised site led to Whitehole EK in Dec 2013--now goes to Fiesta EK
2014-02-11 -- Fiesta EK delivers click fraud malware
2014-02-09 -- Neutrino EK sends malware, causes Andromeda alert
2014-02-07 -- Fiesta EK uses Silverlight and Java exploits
2014-02-04 -- Sweet Orange EK over TCP port 60012
2014-02-03 -- Four different VM infections
2014-02-02 -- Neutrino EK uses CVE-2013-0074 (Silverlight exploit)
2014-02-01 -- BizCN gate actor Fiesta EK uses CVE-2013-0074 (Silverlight exploit)

2014-01-31 -- Two examples: Goon EK and Dotkachef EK
2014-01-30 -- Asprox emails and malware
2014-01-26 -- Sweet Orange EK uses MSIE exploit
2014-01-24 -- Nuclear EK
2014-01-21 -- Another Neutrino EK example
2014-01-20 -- Another Styx EK example
2014-01-19 -- Recent court-related Asprox botnet phishing emails
2014-01-14 -- Magnitude EK
2014-01-13 -- Goon EK uses MSIE exploit to deliver trojan downloader
2014-01-09 -- Dotkachef EK
2014-01-07 -- Neutrino EK traffic
2014-01-02 -- Two examples: Fiesta EK and Neutrino EK
2014-01-01 -- BizCN gate actor Fiesta EK uses CVE-2013-2551 exploit

Return to main menu

Copyright © 2014 | Malware-Traffic-Analysis.net