[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• Still working on restoring these 2014 blog posts.

• 2014-12-26 -- Follow-up to my guest diary for the Internet Storm Center (ISC)
• 2014-12-25 -- Nuclear EK from Windigo Group - 67.215.1[.]162
• 2014-12-18 -- Nuclear EK from 178.62.255[.]107 - woxepityfillo[.]cf
• 2014-12-17 -- Fiesta EK from 92.63.88[.]61 - nrkuktxvn.myftp[.]org
• 2014-12-16 -- Malware infection from email attachment
• 2014-12-15 -- Nuclear EK from 95.85.23[.]178 - fourkopoll[.]co[.]vu
• 2014-12-13 -- Gondad (Gong da) EK from 211.202.2[.]110 - comm.sansung[.]org
• 2014-12-12 -- Ransomware infection after Nuclear EK from 128.199.52.211
• 2014-12-11 -- Malware infection from Asprox botnet malspam
• 2014-12-10 -- Windigo group uses Nuclear EK from 128.199.48[.]110 - seventhnamed[.]co[.]vu
• 2014-12-07 -- Neutrino EK from 23.105.11[.]105 - eytmxgnqlm.nirval[.]eu:8823
• 2014-12-05 -- Upatre/Dyre infection
• 2014-12-03 -- Emotet infection
• 2014-12-01 -- New version of Neutrino EK from 107.191.118[.]231 and 168.235.69[.]123

• 2014-11-30 -- Gondad (Gong da) EK from 211.171.231[.]194 - www.hwashinshop[.]com
• 2014-11-26 -- Sandworm malware
• 2014-11-22 -- Angler EK from 94.23.35[.]86 - wojciktypeinfoptrset.lohrakupunktur[.]de
• 2014-11-21 -- Fake anti-virus: Windows AntiBreach Module
• 2014-11-20 -- Threatglass has 5 examples of Magnitude EK since yesterday
• 2014-11-19 -- Fiesta EK from 205.234.186[.]110 - bitmp3search[.]in
• 2014-11-18 -- Volumebass.com kicked off infection chain for Sweet Orange EK
• 2014-11-15 -- Vastkid[.]com generated Sweet Orange gate and failed Rig EK infection
• 2014-11-15 -- Angler EK from 5.196.189[.]147 - verspeisegraveer.catmitzvah.com
• 2014-11-14 -- Angler EK from 131.72.138[.]141 - asd.songkillerbong[.]ru
• 2014-11-14 -- CryptoWall 2.0 ransomware infection from email attachment
• 2014-11-13 -- Upatre/Dyre infection from email attachments
• 2014-11-13 -- Fiesta EK from 205.234.186[.]110 - betamedsearch[.]in
• 2014-11-12 -- Asprox botnet fake Starbucks emails delivered Sirius Win 7 Antivirus 2014
• 2014-11-11 -- Angler EK uses different obfuscation for the malware payload
• 2014-11-10 -- Angler EK from 94.23.50[.]217 - pompezne1-buddh.seek4autos[.]com
• 2014-11-08 -- Phishing messages with links to fake webmail login pages
• 2014-11-06 -- Nuclear EK sends Silverlight exploit with .wsf file extension
• 2014-11-05 -- Angler exploit kit (EK) example
• 2014-11-05 -- Malicious email attachments
• 2014-11-02 -- Angler EK from 5.196.176[.]167 - faengelshazier.netgouv[.]com
• 2014-11-01 -- Fiesta EK from 205.234.186[.]109 - conocarpusgeorgsimonohm[.]us

• 2014-10-31 -- Netwire RAT infection from email attachment
• 2014-10-30 -- FlashPack EK from 188.227.172[.]106 - kethanlingtoro[.]eu
• 2014-10-30 -- 32x32 gate leads to Angler EK - no fake pop-up as before with these gates
• 2014-10-29 -- Asprox botnet emails serve Starbucks coffee
• 2014-10-28 -- Asprox botnet emails serve free pizza
• 2014-10-27 -- Sweet Orange EK from 38.84.134[.]199
• 2014-10-27 -- Keylogger infection from email attachment
• 2014-10-26 -- Fiesta EK from 205.234.186[.]109 - hematitetekki[.]biz
• 2014-10-09 -- Magnitude EK from 178.32.82[.]137
• 2014-10-08 -- ZBot infection from email attachment
• 2014-10-07 -- Malware infection from email attachment
• 2014-10-06 -- Sweet Orange EK from 8.28.175[.]75 port 15106
• 2014-10-06 -- Rotator generates Angler EK on 5.135.230[.]183 - 7dws8yz0k2.sdiouvb[.]com
• 2014-10-05 -- Rig EK from 37.200.69[.]87 - contact.collegemotorsltd[.]com
• 2014-10-04 -- Rig EK and Upatre from email links
• 2014-10-03 -- Upatre infection with Dyre
• 2014-10-03 -- Sweet Orange EK from 8.28.175[.]74 port 17767
• 2014-10-02 -- Malware infection from email attachment
• 2014-10-02 -- Angler EK from 66.172.27[.]117 - asd.bingevomitsyndromesexy[.]net
• 2014-10-01 -- 32x32 gate leading to Angler EK on 66.172.27[.]117 - asd.crossheading[.]us
• 2014-10-01 -- CryptoWall 2.0 ransomware infection from fake IRS email

• 2014-09-30 -- Possible Zbot infection from email attachment
• 2014-09-30 -- Fiesta EK from 64.202.116[.]153 - affineairforce[.]us
• 2014-09-29 -- Nuclear EK delivers digitally-signed CryptoWall malware
• 2014-09-28 -- Null Hole EK from 162.244.33[.]39 - poolie.vvk49[.]com
• 2014-09-27 -- 32x32 gate to Angler EK on 66.172.12[.]231
• 2014-09-26 -- Upatre infection with follow-up malware
• 2014-09-26 -- 32x32 gate to Angler EK on 162.248.243[.]78 - qwe.tributarykamarupan[.]us
• 2014-09-25 -- Sweet Orange EK from 8.28.175[.]67 port 10016
• 2014-09-24 -- Fiesta EK from 104.28.6[.]73 - eoxsc.kulawyn[.]in
• 2014-09-24 -- Zeus Infection from email attachment
• 2014-09-23 -- Angler EK from 66.172.12[.]231 - asd.blousestraightaway[.]us
• 2014-09-23 -- Rig EK from 178.132.203[.]26 - mdif.boroughventuremenswear[.]com
• 2014-09-22 -- Upatre infection from link in email
• 2014-09-22 -- Angler EK from 192.99.197[.]134 - asd.singularitymusculusintercostalis[.]us
• 2014-09-21 -- Nuclear EK from 176.58.112[.]200 - agelpirostan.nemissa[.]info
• 2014-09-19 -- Sweet Orange EK from 8.28.175[.]67 port 17982
• 2014-09-18 -- Upatre infection from email link
• 2014-09-18 -- 2 different Fiesta EK infections triggered by same compromised website
• 2014-09-17 -- Malware infection from email link
• 2014-09-16 -- Angler EK from email links
• 2014-09-16 -- Nuclear EK from 80.85.87[.]179 - oflatiras.videosdeanimais[.]com[.]br
• 2014-09-15 -- Fiesta EK from 64.202.116[.]152 - ypillow[.]in[.]ua
• 2014-09-13 -- DGAmeover Zeus infection from email attachment
• 2014-09-12 -- Nuclear EK sends Silverlight exploit
• 2014-09-11 -- malware infection from Asprox botnet email
• 2014-09-11 -- Sweet Orange EK from 87.118.126[.]94 port 9290
• 2014-09-10 -- BizCN gate actor's gate on 75.102.9[.]195 points to Magnitude EK
• 2014-09-09 -- Malware infection from Apsrox botnet emails
• 2014-09-09 -- Rig EK from 178.132.204[.]97 - sdfi.apartmentperch[.]com
• 2014-09-09 -- (Fileless infection by) Angler EK from 46.105.140[.]56 port 8080
• 2014-09-08 -- Nuclear EK from 151.236.216[.]177 - bubleroska.smart-simchah[.]com
• 2014-09-08 -- Fileless infection by Angler EK from 5.196.36[.]99 port 8080
• 2014-09-07 -- New patterns in Fiesta EK from 104.28.22[.]24 & 104.28.23[.]24
• 2014-09-06 -- Rig EK from 178.132.203[.]113 - kwi.amulet-am[.]com
• 2014-09-05 -- Malware infection through link in email from Asprox botnet
• 2014-09-05 -- Sweet Orange EK - 8.28.175[.]69 port 9290
• 2014-09-04 -- Neurevt (Betabot) infection from email attachment
• 2014-09-04 -- Nuclear EK from 80.85.84[.]188 - afridun.autoth[.]com
• 2014-09-04 -- Sweet Orange EK from 38.84.134[.]208 port 17982
• 2014-09-03 -- OneLouder infection from email attachment
• 2014-09-03 -- Malware infection from link in email
• 2014-09-03 -- Nuclear EK from 80.85.84[.]142 - giodulder.laurentiucozma[.]ro
• 2014-09-02 -- Malware infection from email attachment
• 2014-09-01 -- Rig EK from 5.231.72[.]115 - nuaysuq.planeimpressions[.]com
• 2014-09-01 -- Possible Zeus malware infection

• 2014-08-31 -- Fiesta EK from 64.202.116[.]154 - wiezersf[.]in[.]ua
• 2014-08-30 -- FlashPack EK from 188.40.24[9].74 - vbsaiord[.]arm[.]ee

 

Click here to return to the main page.