[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025] - [2026]

• 2014-12-26 -- Follow-up to my guest diary for the Internet Storm Center (ISC)
• 2014-12-25 -- Nuclear EK from Windigo Group - 67.215.1[.]162
• 2014-12-18 -- Nuclear EK from 178.62.255[.]107 - woxepityfillo[.]cf
• 2014-12-17 -- Fiesta EK from 92.63.88[.]61 - nrkuktxvn.myftp[.]org
• 2014-12-16 -- Malware infection from email attachment
• 2014-12-15 -- Nuclear EK from 95.85.23[.]178 - fourkopoll[.]co[.]vu
• 2014-12-13 -- Gondad (Gong da) EK from 211.202.2[.]110 - comm.sansung[.]org
• 2014-12-12 -- Ransomware infection after Nuclear EK from 128.199.52.211
• 2014-12-11 -- Malware infection from Asprox botnet malspam
• 2014-12-10 -- Windigo group uses Nuclear EK from 128.199.48[.]110 - seventhnamed[.]co[.]vu
• 2014-12-07 -- Neutrino EK from 23.105.11[.]105 - eytmxgnqlm.nirval[.]eu:8823
• 2014-12-05 -- Upatre/Dyre infection
• 2014-12-03 -- Emotet infection
• 2014-12-01 -- New version of Neutrino EK from 107.191.118[.]231 and 168.235.69[.]123

• 2014-11-30 -- Gondad (Gong da) EK from 211.171.231[.]194 - www.hwashinshop[.]com
• 2014-11-26 -- Sandworm malware
• 2014-11-22 -- Angler EK from 94.23.35[.]86 - wojciktypeinfoptrset.lohrakupunktur[.]de
• 2014-11-21 -- Fake anti-virus: Windows AntiBreach Module
• 2014-11-20 -- Threatglass has 5 examples of Magnitude EK since yesterday
• 2014-11-19 -- Fiesta EK from 205.234.186[.]110 - bitmp3search[.]in
• 2014-11-18 -- Volumebass.com kicked off infection chain for Sweet Orange EK
• 2014-11-15 -- Vastkid[.]com generated Sweet Orange gate and failed Rig EK infection
• 2014-11-15 -- Angler EK from 5.196.189[.]147 - verspeisegraveer.catmitzvah.com
• 2014-11-14 -- Angler EK from 131.72.138[.]141 - asd.songkillerbong[.]ru
• 2014-11-14 -- CryptoWall 2.0 ransomware infection from email attachment
• 2014-11-13 -- Upatre/Dyre infection from email attachments
• 2014-11-13 -- Fiesta EK from 205.234.186[.]110 - betamedsearch[.]in
• 2014-11-12 -- Asprox botnet fake Starbucks emails delivered Sirius Win 7 Antivirus 2014
• 2014-11-11 -- Angler EK uses different obfuscation for the malware payload
• 2014-11-10 -- Angler EK from 94.23.50[.]217 - pompezne1-buddh.seek4autos[.]com
• 2014-11-08 -- Phishing messages with links to fake webmail login pages
• 2014-11-06 -- Nuclear EK sends Silverlight exploit with .wsf file extension
• 2014-11-05 -- Angler exploit kit (EK) example
• 2014-11-05 -- Malicious email attachments
• 2014-11-02 -- Angler EK from 5.196.176[.]167 - faengelshazier.netgouv[.]com
• 2014-11-01 -- Fiesta EK from 205.234.186[.]109 - conocarpusgeorgsimonohm[.]us

• 2014-10-31 -- Netwire RAT infection from email attachment
• 2014-10-30 -- FlashPack EK from 188.227.172[.]106 - kethanlingtoro[.]eu
• 2014-10-30 -- 32x32 gate leads to Angler EK - no fake pop-up as before with these gates
• 2014-10-29 -- Asprox botnet emails serve Starbucks coffee
• 2014-10-28 -- Asprox botnet emails serve free pizza
• 2014-10-27 -- Sweet Orange EK from 38.84.134[.]199
• 2014-10-27 -- Keylogger infection from email attachment
• 2014-10-26 -- Fiesta EK from 205.234.186[.]109 - hematitetekki[.]biz
• 2014-10-09 -- Magnitude EK from 178.32.82[.]137
• 2014-10-08 -- ZBot infection from email attachment
• 2014-10-07 -- Malware infection from email attachment
• 2014-10-06 -- Sweet Orange EK from 8.28.175[.]75 port 15106
• 2014-10-06 -- Rotator generates Angler EK on 5.135.230[.]183 - 7dws8yz0k2.sdiouvb[.]com
• 2014-10-05 -- Rig EK from 37.200.69[.]87 - contact.collegemotorsltd[.]com
• 2014-10-04 -- Rig EK and Upatre from email links
• 2014-10-03 -- Upatre infection with Dyre
• 2014-10-03 -- Sweet Orange EK from 8.28.175[.]74 port 17767
• 2014-10-02 -- Malware infection from email attachment
• 2014-10-02 -- Angler EK from 66.172.27[.]117 - asd.bingevomitsyndromesexy[.]net
• 2014-10-01 -- 32x32 gate leading to Angler EK on 66.172.27[.]117 - asd.crossheading[.]us
• 2014-10-01 -- CryptoWall 2.0 ransomware infection from fake IRS email

• 2014-09-30 -- Possible Zbot infection from email attachment
• 2014-09-30 -- Fiesta EK from 64.202.116[.]153 - affineairforce[.]us
• 2014-09-29 -- Nuclear EK delivers digitally-signed CryptoWall malware
• 2014-09-28 -- Null Hole EK from 162.244.33[.]39 - poolie.vvk49[.]com
• 2014-09-27 -- 32x32 gate to Angler EK on 66.172.12[.]231
• 2014-09-26 -- Upatre infection with follow-up malware
• 2014-09-26 -- 32x32 gate to Angler EK on 162.248.243[.]78 - qwe.tributarykamarupan[.]us
• 2014-09-25 -- Sweet Orange EK from 8.28.175[.]67 port 10016
• 2014-09-24 -- Fiesta EK from 104.28.6[.]73 - eoxsc.kulawyn[.]in
• 2014-09-24 -- Zeus Infection from email attachment
• 2014-09-23 -- Angler EK from 66.172.12[.]231 - asd.blousestraightaway[.]us
• 2014-09-23 -- Rig EK from 178.132.203[.]26 - mdif.boroughventuremenswear[.]com
• 2014-09-22 -- Upatre infection from link in email
• 2014-09-22 -- Angler EK from 192.99.197[.]134 - asd.singularitymusculusintercostalis[.]us
• 2014-09-21 -- Nuclear EK from 176.58.112[.]200 - agelpirostan.nemissa[.]info
• 2014-09-19 -- Sweet Orange EK from 8.28.175[.]67 port 17982
• 2014-09-18 -- Upatre infection from email link
• 2014-09-18 -- 2 different Fiesta EK infections triggered by same compromised website
• 2014-09-17 -- Malware infection from email link
• 2014-09-16 -- Angler EK from email links
• 2014-09-16 -- Nuclear EK from 80.85.87[.]179 - oflatiras.videosdeanimais[.]com[.]br
• 2014-09-15 -- Fiesta EK from 64.202.116[.]152 - ypillow[.]in[.]ua
• 2014-09-13 -- DGAmeover Zeus infection from email attachment
• 2014-09-12 -- Nuclear EK sends Silverlight exploit
• 2014-09-11 -- malware infection from Asprox botnet email
• 2014-09-11 -- Sweet Orange EK from 87.118.126[.]94 port 9290
• 2014-09-10 -- BizCN gate actor's gate on 75.102.9[.]195 points to Magnitude EK
• 2014-09-09 -- Malware infection from Apsrox botnet emails
• 2014-09-09 -- Rig EK from 178.132.204[.]97 - sdfi.apartmentperch[.]com
• 2014-09-09 -- (Fileless infection by) Angler EK from 46.105.140[.]56 port 8080
• 2014-09-08 -- Nuclear EK from 151.236.216[.]177 - bubleroska.smart-simchah[.]com
• 2014-09-08 -- Fileless infection by Angler EK from 5.196.36[.]99 port 8080
• 2014-09-07 -- New patterns in Fiesta EK from 104.28.22[.]24 & 104.28.23[.]24
• 2014-09-06 -- Rig EK from 178.132.203[.]113 - kwi.amulet-am[.]com
• 2014-09-05 -- Malware infection through link in email from Asprox botnet
• 2014-09-05 -- Sweet Orange EK - 8.28.175[.]69 port 9290
• 2014-09-04 -- Neurevt (Betabot) infection from email attachment
• 2014-09-04 -- Nuclear EK from 80.85.84[.]188 - afridun.autoth[.]com
• 2014-09-04 -- Sweet Orange EK from 38.84.134[.]208 port 17982
• 2014-09-03 -- OneLouder infection from email attachment
• 2014-09-03 -- Malware infection from link in email
• 2014-09-03 -- Nuclear EK from 80.85.84[.]142 - giodulder.laurentiucozma[.]ro
• 2014-09-02 -- Malware infection from email attachment
• 2014-09-01 -- Rig EK from 5.231.72[.]115 - nuaysuq.planeimpressions[.]com
• 2014-09-01 -- Possible Zeus malware infection

• 2014-08-31 -- Fiesta EK from 64.202.116[.]154 - wiezersf[.]in[.]ua
• 2014-08-30 -- FlashPack EK from 188.40.24[9].74 - vbsaiord[.]arm[.]ee
• 2014-08-29 -- Zbot infection from email attachment
• 2014-08-29 -- Kuluoz infection from email attachment by Asprox botnet
• 2014-08-29 -- Sweet Orange EK from 95.163.121[.]188 port 16122
• 2014-08-28 -- Nuclear EK from 80.85.85[.]71 - nanoraifa.loosecannon[.]info
• 2014-08-27 -- Sweet Orange EK from 95.163.121[.]188 - cdn.tequilaspectator[.]com:16122
• 2014-08-26 -- Fiesta EK from 64.202.116[.]154 - wklockes[.]in[.]ua
• 2014-08-25 -- Nuclear EK from 178.32.92[.]105 - map.sweetfrogsalisbury[.]net
• 2014-08-25 -- Sweet Orange EK - 95.163.121[.]188 port 16122
• 2014-08-24 -- Fiesta EK from 64.202.116[.]154 - sbzrsvi.ddnsking[.]com
• 2014-08-22 -- Fiesta EK from 64.202.116[.]154 - qopqop[.]in[.]ua
• 2014-08-22 -- Unknown exploit kit from 76.74.157[.]161 - www.pizzanetp[.]com
• 2014-08-22 -- Nuclear EK from 87.117.255[.]66 - limited.marriageamericanet[.]com
• 2014-08-21 -- Malware infection from email attachment
• 2014-08-21 -- Sweet Orange EK from 95.163.121[.]188
• 2014-08-21 -- FlashPack EK - 178.79.153[.]5 & 85.159.214[.]193
• 2014-08-20 -- Sweet Orange EK from 95.163.121[.]188
• 2014-08-19 -- Fiesta EK from 64.202.116[.]154 - quatro[.]in[.]ua
• 2014-08-18 -- Kuluoz infection from email attachment by Asprox botnet
• 2014-08-18 -- Sweet Orange EK from 95.163.121[.]188 - google.chagwichita[.]com:16122
• 2014-08-17 -- Nuclear EK from 176.58.126[.]215 - gegosima.rubiaguru[.]com[.]ar
• 2014-08-16 -- Angler EK from 188.120.243[.]32 - 112lbjkxpv.adwpobi[.]com
• 2014-08-15 -- Magnitude EK from 212.38.166[.]26 - reluctantrid[.]in
• 2014-08-14 -- Upatre from email attachment leads to Cryptowall ransomware
• 2014-08-14 -- Fiesta EK from 217.79.191[.]87 - pokrduof.servepics[.]com
• 2014-08-13 -- Malware infection from links in emails
• 2014-08-12 -- Nuclear EK from 94.229.64[.]231 - intl.echristiancare[.]co
• 2014-08-11 -- Porn-related subdomains of sourceforge[.]net lead to FlashPack EK
• 2014-08-09 -- Fiesta EK from 64.202.116[.]154 - qlokks[.]in[.]ua
• 2014-08-08 -- Betabot (Neurevt) infection from email attachment
• 2014-08-08 -- Zbot infection from email attachment
• 2014-08-08 -- FlashPack EK from 77.78.104[.]96
• 2014-08-06 -- Nuclear EK from 94.229.64[.]227 - ibiz.counselingmoments[.]com
• 2014-08-01 -- Magnitude EK - 193.169.245[.]148
• 2014-08-01 -- Zeus malware infection
• 2014-08-01 -- Nuclear EK from 85.159.213[.]246 - paraletas.patmos-star[.]com

• 2014-07-30 -- FlashPack EK from 85.159.214[.]181 (no domain name)
• 2014-07-30 -- Malware infection from email attachment
• 2014-07-30 -- Rig EK from 194.58.101[.]116 - finish.resinbonding[.]com
• 2014-07-29 -- Malware infection from email attachment
• 2014-07-28 -- Angler EK from 66.96.246[.]143 - 02s.ylukodorsaieaql[.]org
• 2014-07-27 -- Fiesta EK from 64.202.116[.]156 - abyabyab[.]in[.]ua
• 2014-07-26 -- Rig EK from 194.58.101[.]51 - welcome.shiraztshirts[.]com
• 2014-07-25 -- Upatre from email attachment leads to Cryptowall ransomware
• 2014-07-25 -- Rig EK from 194.58.101[.]49 - welcome.shopsthatgivea[.]com
• 2014-07-24 -- Sweet Orange EK from 94.185.82[.]194 port 16122
• 2014-07-23 -- FlashPack EK from 178.79.165[.]213 - dronikaso.denisephotographer[.]com
• 2014-07-22 -- Malware infection from link in Asprox botnet email
• 2014-07-22 -- Fiesta EK from 62.212.73[.]198 - eymjjyebo.myftp[.]org
• 2014-07-21 -- Rig EK from 37.200.65[.]4 - welcome.stovepipedinners[.]com
• 2014-07-20 -- Fiesta EK from 62.212.73[.]198 - wgxjvd.myftp[.]biz
• 2014-07-19 -- FlashPack EK from 88.80.191[.]252 - dudelakos.allcarsmechanical[.]com
• 2014-07-19 -- Nuclear EK from 79.133.219[.]121 - 141320960-6.easypotent[.]co[.]vu
• 2014-07-18 -- FlashPack EK from 88.80.186[.]247 - pistoleor.tustilo[.]com[.]ar
• 2014-07-16 -- Zbot infection from email attachment
• 2014-07-15 -- Magnitude EK from 5.133.179[.]166
• 2014-07-14 -- Rig EK from 46.182.27[.]166 and 178.132.203[.]218
• 2014-07-12 -- Angler EK from 192.200.105[.]130 - three.pasertsion[.]co[.]uk
• 2014-07-11 -- Malware infection from email attachment
• 2014-07-11 -- Angler EK from 192.154.110[.]237 - 41n.degowodyx[.]com
• 2014-07-10 -- Malware infection from link in Asprox botnet email
• 2014-07-10 -- Nuclear EK from 93.189.40[.]229 - gumeno.yahooaple[.]com
• 2014-07-09 -- Fiesta EK from 64.202.116[.]156 - gpoison[.]in[.]ua
• 2014-07-09 -- Kuluoz infection from attachments in Asprox botnet emails
• 2014-07-09 -- Zuponcic EK from 178.33.152[.]221 - mz.watchweedsepisodes[.]net
• 2014-07-08 -- Kuluoz infection from link in Asprox botnet email
• 2014-07-08 -- Sweet Orange EK from 94.185.82[.]199 port 16122 - cdn.ahastore[.]net:16122
• 2014-07-04 -- Nuclear EK from 5.135.211[.]48 - edc.virtualtravelevents[.]net
• 2014-07-03 -- Nuclear EK sends CryptoWall from 23.29.118[.]27
• 2014-07-02 -- Malware infection from link in Asprox botnet email
• 2014-07-02 -- fake Flash installer hosted on 191.238.33[.]50 - update1.azurewebsites[.]net

• 2014-06-30 -- Infinity EK from 188.65.113[.]171 - d7hosting[.]com
• 2014-06-29 -- Magnitude EK from 64.187.226[.]183
• 2014-06-28 -- Sweet Orange EK from 94.185.80[.]43 port 8590
• 2014-06-27 -- Nuclear EK from 87.117.255[.]187 - developers.travelforward[.]de
• 2014-06-26 -- Fiesta EK from 64.202.116[.]151 - ftpnrock[.]in[.]ua
• 2014-06-25 -- Nuclear EK from 185.14.31[.]37
• 2014-06-24 -- Magnitude EK - 64.187.226[.]178
• 2014-06-24 -- Angler EK from 149.3.138[.]235 - postingdromeringsland[.]net
• 2014-06-23 -- FlashPack EK from 46.21.159[.]163
• 2014-06-23 -- Kuluoz infection from email attachment sent by Asprox botnet
• 2014-06-22 -- Nuclear EK from 5.101.140[.]53 - crowdfunding.mazatlan-mazters[.]com
• 2014-06-21 -- Fiesta EK from 64.202.116[.]151 - ferzypsy[.]in[.]ua
• 2014-06-20 -- 32x32 gate to Angler EK on 107.181.246[.]213 - l7qrz.honigiwace[.]info
• 2014-06-19 -- Nuclear EK from 5.135.28.118 - 2624633428-6.disbarmentscore.co7[.]us
• 2014-06-18 -- fake Flash installer hosted on 191.238.33[.]50
• 2014-06-17 -- Magnitude EK from 212.38.166[.]94
• 2014-06-16 -- FlashPack EK from 46.21.159[.]160 - change in URL patterns
• 2014-06-15 -- Nuclear EK from 5.45.179[.]4 - certificat.englewoodfloridarealtor[.]com
• 2014-06-14 -- Fiesta EK from 64.202.116[.]151 - deastome[.]in[.]ua
• 2014-06-13 -- fake Flash updater hosted on Google Drive
• 2014-06-12 -- CVE-2014-0515 exploit from Sweet Orange EK - 82.118.17[.]172 port 16122
• 2014-06-11 -- Fiesta EK from 64.202.116[.]151 - dotcomor[.]in[.]ua
• 2014-06-10 -- FlashPack EK from 192.71.151[.]14
• 2014-06-09 -- Nuclear EK from 185.10.57[.]167 - bt.realwestchestercounty[.]com
• 2014-06-08 -- Infinity EK from 46.226.194[.]6 - elitecad[.]gr
• 2014-06-07 -- Fiesta EK from 85.25.20[.]27 - rukmnqyegt.redirectme[.]net
• 2014-06-06 -- CVE-2014-0515 exploit from FlashPack EK - 176.9.117[.]170
• 2014-06-05 -- Fiesta EK from 64.202.116[.]151 - dogintoo[.]in[.]ua
• 2014-06-04 -- Infinity EK from 173.236.152[.]199 - bcreativeworks[.]com
• 2014-06-03 -- Angler EK from 85.25.43[.]60 port 2980
• 2014-06-02 -- Angler EK from 142.4.206[.]136 - weaverfinch.sociolizer[.]com
• 2014-06-02 -- Nuclear EK from 93.189.40[.]43 - grozam.hiperjogos[.]info
• 2014-06-01 -- Infinity EK from 89.184.75[.]186 - apteka-tas[.]com[.]ua

• 2014-05-30 -- Rig EK from 46.182.24[.]37 - whatsuupp[.]co[.]vu
• 2014-05-29 -- FlashPack EK from 37.230.117[.]89 - fahhdfg.uyy95[.]com
• 2014-05-28 -- Angler EK and another CryptoWall ransomware sample
• 2014-05-27 -- Fiesta EK from 64.202.116[.]151 - betters[.]in[.]ua
• 2014-05-26 -- Nuclear EK from 192.243.115[.]146
• 2014-05-25 -- Angler EK from 192.99.41[.]165 - denoting.centrixsf[.]com
• 2014-05-24 -- FlashPack EK from 62.212.128[.]199
• 2014-05-23 -- Blackhole EK from 109.120.173[.]4 - black1.wha[.]la
• 2014-05-23 -- Angler EK from 91.185.215[.]137 - dgw.tumijilpwq[.]net
• 2014-05-22 -- Fiesta EK from 64.202.116[.]151 - busiuse[.]in[.]ua - 3 examples
• 2014-05-21 -- Sweet Orange EK from 93.171.173[.]173
• 2014-05-21 -- Fiesta EK from 64.202.116[.]151 - bizzess[.]in[.]ua
• 2014-05-20 -- Rig EK from 144.76.118[.]124 - voorelkaarinzuid[.]nl
• 2014-05-19 -- fake Flash updater hosted on dl.dropboxusercontent[.]com
• 2014-05-19 -- FlashPack EK from 95.154.246[.]90
• 2014-05-18 -- Fiesta EK from 69.64.58[.]165 - oxqbce.redirectme[.]net
• 2014-05-17 -- fake Flash updater hosted on 23.91.112[.]4 - preud-homme[.]be
• 2014-05-16 -- Nuclear EK from 37.157.250[.]13 - hospitality.medicalbodydonations[.]org
• 2014-05-16 -- Rig EK from 141.101.116[.]236 - restartbee[.]ml
• 2014-05-14 -- Rig EK from 141.101.116[.]240 - alterbee[.]cf
• 2014-05-14 -- Today's fake Flash updater hosted on Microsoft OneDrive
• 2014-05-13 -- 32x32 gate to Angler EK on 173.212.223[.]243 - one.fdsfgsgdvsd[.]biz
• 2014-05-13 -- Nuclear EK from 37.157.250[.]10 - full.409cremate[.]com
• 2014-05-12 -- Fiesta EK from 69.64.58[.]165 - hkjsejlh.servequake[.]com
• 2014-05-11 -- Today's fake Flash updater hosted on Microsoft OneDrive
• 2014-05-11 -- FlashPack EK from 82.146.41[.]116 - dg9sdgykl.trade-e[.]com
• 2014-05-10 -- RIG Exploit Pack from 141.101.116[.]87 - buiadnaiuayf[.]ml
• 2014-05-09 -- Fiesta EK from 205.234.214[.]168 - 9xgerh0.dimatur[.]pt
• 2014-05-08 -- Nuclear EK - 2 examples started by same URL - Java exploit changing daily
• 2014-05-07 -- 32x32 character gates and Angler EK
• 2014-05-07 -- RIG Exploit Pack from 108.162.199[.]251 - favoros19[.]info
• 2014-05-06 -- FlashPack EK from 89.121.252[.]70 - lchhmba[.]com
• 2014-05-05 -- Sweet Orange EK from 93.171.173[.]113 - 124124.ttl60[.]com
• 2014-05-04 -- Angler EK from 209.159.153[.]186 - three.mdfckel[.]biz
• 2014-05-03 -- Another fake Flash updater hosted on Microsoft OneDrive
• 2014-05-02 -- Magnitude EK from 193.169.245[.]11
• 2014-05-02 -- Angler EK from 64.120.207[.]245 - jdg.gogexycohunsds[.]net
• 2014-05-01 -- Magnitude EK from 193.169.245[.]10
• 2014-05-01 -- Angler EK from 84.82.69[.]94 - 51m9o.licitajyjanyswed[.]info

• 2014-04-30 -- fake Flash player from 87.98.146[.]123
• 2014-04-30 -- Magnitude EK from 193.169.245[.]10 - safehe[.]in
• 2014-04-29 -- Angler EK from 66.96.246[.]151 - ugwpc.bimowamokykpps[.]net
• 2014-04-29 -- Today's fake Flash updater hosted on Microsoft OneDrive
• 2014-04-28 -- Angler EK from 85.10.220[.]153 (fuminexyveqccs[.]com and skwosh[.]eu)
• 2014-04-28 -- fake Flash updater hosted on Microsoft OneDrive IP addresses
• 2014-04-27 -- Nuclear EK from 95.211.128[.]101 - babyserr[.]ru
• 2014-04-26 -- Magnitude EK from 193.169.245[.]5 - feelchips[.]in
• 2014-04-24 -- fake Flash update from 217.26.210[.]127 points to Microsoft OneDrive
• 2014-04-23 -- Goon/Infinity EK from 89.161.140[.]32 and 59.106.13[.]213
• 2014-04-22 -- Angler EK from 69.39.239[.]233 and 23.110.194[.]99
• 2014-04-20 -- Sweet Orange EK from 195.16.88[.]159 port 9290 - Flash and Java exploits
• 2014-04-18 -- Fiesta EK from 64.202.116[.]158 - cpdels[.]in[.]ua - Flash/Silverlight/Java exploits
• 2014-04-17 -- Magnitude EK from 67.196.3[.]69 - referredknew[.]in
• 2014-04-17 -- FlashPack EK from 178.33.85[.]108 - gecekiyafetleri.gen[.]tr
• 2014-04-16 -- Fiesta EK from 64.202.116[.]158 - cryriv[.]in[.]ua - Flash/Silverlight/Java exploits
• 2014-04-16 -- Magnitude EK from 67.196.3[.]67 - poundswhose[.]in
• 2014-04-15 -- Fun with Goon/Infinity EK
• 2014-04-15 -- Magnitude EK from 67.196.3[.]66 - suggestinglots[.]in
• 2014-04-14 -- Magnitude EK from 67.196.3[.]65 - MSIE exploit - 6 malware payloads
• 2014-04-13 -- FlashPack EK from 176.102.37[.]55 - weoikcus[.]org - Java exploit
• 2014-04-12 -- FlashPack EK from 176.102.37[.]55 - kliftpres[.]com - MSIE/Java/Flash exploits
• 2014-04-11 -- Fiesta EK from 64.202.123[.]50 - 11imaw1.dimatur[.]pt
• 2014-04-10 -- Nuclear EK from 198.50.253[.]235 - treywoo[.]ru
• 2014-04-09 -- Nuclear EK from 142.4.194[.]92 - foyilleavrt[.]ru
• 2014-04-08 -- Fiesta EK uses a Flash exploit
• 2014-04-07 -- Nuclear EK from 142.4.194[.]72 - dysteriew[.]ru
• 2014-04-06 -- Goon/Infinity EK
• 2014-04-05 -- Fiesta EK
• 2014-04-04 -- Fiesta EK
• 2014-04-03 -- FlashPack EK
• 2014-04-02 -- Goon/Infinity EK payload generates traffic to OneDrive.Live[.]com
• 2014-04-01 -- Fiesta EK - 3 examples

• 2014-03-29 -- FlashPack EK
• 2014-03-28 -- Fiesta EK uses MSIE, Silverlight, and Java exploits
• 2014-03-27 -- Nuclear EK
• 2014-03-26 -- Fiesta EK
• 2014-03-25 -- Magnitude EK uses IE exploit CVE-2013-2551
• 2014-03-23 -- Goon/Infinity EK using Flash for IE 10 exploit CVE-2014-0322
• 2014-03-23 -- Magnitude EK
• 2014-03-23 -- Blackhole EK
• 2014-03-23 -- Angler EK uses Flash exploit
• 2014-03-22 -- Fiesta EK - Comparing how Silverlight and Java deliver the same malware
• 2014-03-19 -- Goon/Infinity EK
• 2014-03-18 -- Fiesta EK
• 2014-03-17 -- Zuponcic EK
• 2014-03-16 -- Fiesta EK uses IE and Java exploits
• 2014-03-15 -- Styx EK drops Simda, Bitcoin miner, and more
• 2014-03-14 -- Goon/Infinity EK
• 2014-03-13 -- Fiesta EK delivers click fraud trojan
• 2014-03-12 -- Magnitude EK uses IE exploit
• 2014-03-11 -- Fiesta EK
• 2014-03-10 -- Goon/Infinity EK sends bitcoin miner
• 2014-03-09 -- Two examples of Fiesta EK traffic - one failed, the other successful
• 2014-03-08 -- .htaccess redirect to adultfriendfinder[.]com and Neutrino EK
• 2014-03-07 -- Goon/Infinity EK delivers Zbot-style trojan
• 2014-03-06 -- Malicious Android app
• 2014-03-05 -- Gate/Redirect URLs lead to Goon/Infinity EK
• 2014-03-04 -- Hello Exploit Kit
• 2014-03-02 -- Fiesta EK uses MSIE, Silverlight, and Java exploits
• 2014-03-01 -- Nuetrino EK uses Silverlight exploit

• 2014-02-28 -- Fiesta EK uses CVE-2013-2465 Java exploit
• 2014-02-26 -- Angler EK delivers Graftor/Zbot variant
• 2014-02-23 -- Neutrino EK uses Silverlight exploit
• 2014-02-22 -- Three infection chains from one compromised website
• 2014-02-21 -- Fiesta EK uses MSIE, Silverlight, and Java exploits
• 2014-02-19 -- Phishing email links ending with 1.html now redirecting to Goon EK
• 2014-02-18 -- Fiesta EK - Java exploit and two pieces of malware
• 2014-02-13 -- Goon EK delivers malware, causes Asprox alerts
• 2014-02-12 -- Compromised site led to Whitehole EK in Dec 2013--now goes to Fiesta EK
• 2014-02-11 -- Fiesta EK delivers click fraud malware
• 2014-02-09 -- Neutrino EK sends malware, causes Andromeda alert
• 2014-02-07 -- Fiesta EK uses Silverlight and Java exploits
• 2014-02-04 -- Sweet Orange EK over TCP port 60012
• 2014-02-03 -- Nuclear EK delivers malware dropper
• 2014-02-03 -- Neutrino EK leads to Bitcoin mining
• 2014-02-03 -- Neutrino EK delivers Zeus/Zbot/Citadel
• 2014-02-03 -- Goon EK delivers Aprox botnet malware
• 2014-02-02 -- Neutrino EK uses CVE-2013-0074 (Silverlight exploit)
• 2014-02-01 -- BizCN gate actor Fiesta EK uses CVE-2013-0074 (Silverlight exploit)

• 2014-01-31 -- Goon EK
• 2014-01-30 -- Infection from attachment in Asprox botnet email
• 2014-01-27 -- Dotkachef EK
• 2014-01-26 -- Sweet Orange EK uses MSIE exploit
• 2014-01-24 -- Nuclear EK
• 2014-01-21 -- Another Neutrino EK example
• 2014-01-20 -- Another Styx EK example
• 2014-01-19 -- Infection from attachment in Asprox botnet email
• 2014-01-14 -- Magnitude EK
• 2014-01-13 -- Goon EK uses MSIE exploit to deliver malware downloader
• 2014-01-10 -- Dotkachef EK
• 2014-01-08 -- Neutrino EK traffic
• 2014-01-03 -- Fiesta EK
• 2014-01-02 -- Neutrino EK
• 2014-01-01 -- BizCN gate actor Fiesta EK uses CVE-2013-2551 exploit

 

Click here to return to the main page.