[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• Still working on restoring these 2014 blog posts.

• 2014-12-26 -- Follow-up to my guest diary for the Internet Storm Center (ISC)
• 2014-12-25 -- Nuclear EK from Windigo Group - 67.215.1[.]162
• 2014-12-18 -- Nuclear EK from 178.62.255[.]107 - woxepityfillo[.]cf
• 2014-12-17 -- Fiesta EK from 92.63.88[.]61 - nrkuktxvn.myftp[.]org
• 2014-12-16 -- Malware infection from email attachment
• 2014-12-15 -- Nuclear EK from 95.85.23[.]178 - fourkopoll[.]co[.]vu
• 2014-12-13 -- Gondad (Gong da) EK from 211.202.2[.]110 - comm.sansung[.]org
• 2014-12-12 -- Ransomware infection after Nuclear EK from 128.199.52.211
• 2014-12-11 -- Malware infection from Asprox botnet malspam
• 2014-12-10 -- Windigo group uses Nuclear EK from 128.199.48[.]110 - seventhnamed[.]co[.]vu
• 2014-12-07 -- Neutrino EK from 23.105.11[.]105 - eytmxgnqlm.nirval[.]eu:8823
• 2014-12-05 -- Upatre/Dyre infection
• 2014-12-03 -- Emotet infection
• 2014-12-01 -- New version of Neutrino EK from 107.191.118[.]231 and 168.235.69[.]123

• 2014-11-30 -- Gondad (Gong da) EK from 211.171.231[.]194 - www.hwashinshop[.]com
• 2014-11-26 -- Sandworm malware
• 2014-11-22 -- Angler EK from 94.23.35[.]86 - wojciktypeinfoptrset.lohrakupunktur[.]de
• 2014-11-21 -- Fake anti-virus: Windows AntiBreach Module
• 2014-11-20 -- Threatglass has 5 examples of Magnitude EK since yesterday
• 2014-11-19 -- Fiesta EK from 205.234.186[.]110 - bitmp3search[.]in
• 2014-11-18 -- Volumebass.com kicked off infection chain for Sweet Orange EK
• 2014-11-15 -- Vastkid[.]com generated Sweet Orange gate and failed Rig EK infection
• 2014-11-15 -- Angler EK from 5.196.189[.]147 - verspeisegraveer.catmitzvah.com
• 2014-11-14 -- Angler EK from 131.72.138[.]141 - asd.songkillerbong[.]ru
• 2014-11-14 -- CryptoWall 2.0 ransomware infection from email attachment
• 2014-11-13 -- Upatre/Dyre infection from email attachments
• 2014-11-13 -- Fiesta EK from 205.234.186[.]110 - betamedsearch[.]in
• 2014-11-12 -- Asprox botnet fake Starbucks emails delivered Sirius Win 7 Antivirus 2014
• 2014-11-11 -- Angler EK uses different obfuscation for the malware payload
• 2014-11-10 -- Angler EK from 94.23.50[.]217 - pompezne1-buddh.seek4autos[.]com
• 2014-11-08 -- Phishing messages with links to fake webmail login pages
• 2014-11-06 -- Nuclear EK sends Silverlight exploit with .wsf file extension
• 2014-11-05 -- Angler exploit kit (EK) example
• 2014-11-05 -- Malicious email attachments
• 2014-11-02 -- Angler EK from 5.196.176[.]167 - faengelshazier.netgouv[.]com
• 2014-11-01 -- Fiesta EK from 205.234.186[.]109 - conocarpusgeorgsimonohm[.]us

• 2014-10-31 -- Netwire RAT infection from email attachment
• 2014-10-30 -- FlashPack EK from 188.227.172[.]106 - kethanlingtoro[.]eu
• 2014-10-30 -- 32x32 gate leads to Angler EK - no fake pop-up as before with these gates
• 2014-10-29 -- Asprox botnet emails serve Starbucks coffee
• 2014-10-28 -- Asprox botnet emails serve free pizza
• 2014-10-27 -- Sweet Orange EK from 38.84.134[.]199
• 2014-10-27 -- Keylogger infection from email attachment
• 2014-10-26 -- Fiesta EK from 205.234.186[.]109 - hematitetekki[.]biz
• 2014-10-09 -- Magnitude EK from 178.32.82[.]137
• 2014-10-08 -- ZBot infection from email attachment
• 2014-10-07 -- Malware infection from email attachment
• 2014-10-06 -- Sweet Orange EK from 8.28.175[.]75 port 15106
• 2014-10-06 -- Rotator generates Angler EK on 5.135.230[.]183 - 7dws8yz0k2.sdiouvb[.]com
• 2014-10-05 -- Rig EK from 37.200.69[.]87 - contact.collegemotorsltd[.]com
• 2014-10-04 -- Rig EK and Upatre from email links
• 2014-10-03 -- Upatre infection with Dyre
• 2014-10-03 -- Sweet Orange EK from 8.28.175[.]74 port 17767
• 2014-10-02 -- Malware infection from email attachment
• 2014-10-02 -- Angler EK from 66.172.27[.]117 - asd.bingevomitsyndromesexy[.]net
• 2014-10-01 -- 32x32 gate leading to Angler EK on 66.172.27[.]117 - asd.crossheading[.]us
• 2014-10-01 -- CryptoWall 2.0 ransomware infection from fake IRS email

• 2014-09-30 -- Possible Zbot infection from email attachment
• 2014-09-30 -- Fiesta EK from 64.202.116[.]153 - affineairforce[.]us
• 2014-09-29 -- Nuclear EK delivers digitally-signed CryptoWall malware
• 2014-09-28 -- Null Hole EK from 162.244.33[.]39 - poolie.vvk49[.]com
• 2014-09-27 -- 32x32 gate to Angler EK on 66.172.12[.]231
• 2014-09-26 -- Upatre infection with follow-up malware
• 2014-09-26 -- 32x32 gate to Angler EK on 162.248.243[.]78 - qwe.tributarykamarupan[.]us
• 2014-09-25 -- Sweet Orange EK from 8.28.175[.]67 port 10016
• 2014-09-24 -- Fiesta EK from 104.28.6[.]73 - eoxsc.kulawyn[.]in
• 2014-09-24 -- Zeus Infection from email attachment
• 2014-09-23 -- Angler EK from 66.172.12[.]231 - asd.blousestraightaway[.]us
• 2014-09-23 -- Rig EK from 178.132.203[.]26 - mdif.boroughventuremenswear[.]com
• 2014-09-22 -- Upatre infection from link in email
• 2014-09-22 -- Angler EK from 192.99.197[.]134 - asd.singularitymusculusintercostalis[.]us
• 2014-09-21 -- Nuclear EK from 176.58.112[.]200 - agelpirostan.nemissa[.]info
• 2014-09-19 -- Sweet Orange EK from 8.28.175[.]67 port 17982
• 2014-09-18 -- Upatre infection from email link
• 2014-09-18 -- 2 different Fiesta EK infections triggered by same compromised website
• 2014-09-17 -- Malware infection from email link
• 2014-09-16 -- Angler EK from email links
• 2014-09-16 -- Nuclear EK from 80.85.87[.]179 - oflatiras.videosdeanimais[.]com[.]br
• 2014-09-15 -- Fiesta EK from 64.202.116[.]152 - ypillow[.]in[.]ua
• 2014-09-13 -- DGAmeover Zeus infection from email attachment
• 2014-09-12 -- Nuclear EK sends Silverlight exploit
• 2014-09-11 -- malware infection from Asprox botnet email
• 2014-09-11 -- Sweet Orange EK from 87.118.126[.]94 port 9290
• 2014-09-10 -- BizCN gate actor's gate on 75.102.9[.]195 points to Magnitude EK
• 2014-09-09 -- Malware infection from Apsrox botnet emails
• 2014-09-09 -- Rig EK from 178.132.204[.]97 - sdfi.apartmentperch[.]com
• 2014-09-09 -- (Fileless infection by) Angler EK from 46.105.140[.]56 port 8080
• 2014-09-08 -- Nuclear EK from 151.236.216[.]177 - bubleroska.smart-simchah[.]com
• 2014-09-08 -- Fileless infection by Angler EK from 5.196.36[.]99 port 8080
• 2014-09-07 -- New patterns in Fiesta EK from 104.28.22[.]24 & 104.28.23[.]24
• 2014-09-06 -- Rig EK from 178.132.203[.]113 - kwi.amulet-am[.]com
• 2014-09-05 -- Malware infection through link in email from Asprox botnet
• 2014-09-05 -- Sweet Orange EK - 8.28.175[.]69 port 9290
• 2014-09-04 -- Neurevt (Betabot) infection from email attachment
• 2014-09-04 -- Nuclear EK from 80.85.84[.]188 - afridun.autoth[.]com
• 2014-09-04 -- Sweet Orange EK from 38.84.134[.]208 port 17982
• 2014-09-03 -- OneLouder infection from email attachment
• 2014-09-03 -- Malware infection from link in email
• 2014-09-03 -- Nuclear EK from 80.85.84[.]142 - giodulder.laurentiucozma[.]ro
• 2014-09-02 -- Malware infection from email attachment
• 2014-09-01 -- Rig EK from 5.231.72[.]115 - nuaysuq.planeimpressions[.]com
• 2014-09-01 -- Possible Zeus malware infection

• 2014-08-31 -- Fiesta EK from 64.202.116[.]154 - wiezersf[.]in[.]ua
• 2014-08-30 -- FlashPack EK from 188.40.24[9].74 - vbsaiord[.]arm[.]ee
• 2014-08-29 -- Zbot infection from email attachment
• 2014-08-29 -- Kuluoz infection from email attachment by Asprox botnet
• 2014-08-29 -- Sweet Orange EK from 95.163.121[.]188 port 16122
• 2014-08-28 -- Nuclear EK from 80.85.85[.]71 - nanoraifa.loosecannon[.]info
• 2014-08-27 -- Sweet Orange EK from 95.163.121[.]188 - cdn.tequilaspectator[.]com:16122
• 2014-08-26 -- Fiesta EK from 64.202.116[.]154 - wklockes[.]in[.]ua
• 2014-08-25 -- Nuclear EK from 178.32.92[.]105 - map.sweetfrogsalisbury[.]net
• 2014-08-25 -- Sweet Orange EK - 95.163.121[.]188 port 16122
• 2014-08-24 -- Fiesta EK from 64.202.116[.]154 - sbzrsvi.ddnsking[.]com
• 2014-08-22 -- Fiesta EK from 64.202.116[.]154 - qopqop[.]in[.]ua
• 2014-08-22 -- Unknown exploit kit from 76.74.157[.]161 - www.pizzanetp[.]com
• 2014-08-22 -- Nuclear EK from 87.117.255[.]66 - limited.marriageamericanet[.]com
• 2014-08-21 -- Malware infection from email attachment
• 2014-08-21 -- Sweet Orange EK from 95.163.121[.]188
• 2014-08-21 -- FlashPack EK - 178.79.153[.]5 & 85.159.214[.]193
• 2014-08-20 -- Sweet Orange EK from 95.163.121[.]188
• 2014-08-19 -- Fiesta EK from 64.202.116[.]154 - quatro[.]in[.]ua
• 2014-08-18 -- Kuluoz infection from email attachment by Asprox botnet
• 2014-08-18 -- Sweet Orange EK from 95.163.121[.]188 - google.chagwichita[.]com:16122
• 2014-08-17 -- Nuclear EK from 176.58.126[.]215 - gegosima.rubiaguru[.]com[.]ar
• 2014-08-16 -- Angler EK from 188.120.243[.]32 - 112lbjkxpv.adwpobi[.]com
• 2014-08-15 -- Magnitude EK from 212.38.166[.]26 - reluctantrid[.]in
• 2014-08-14 -- Upatre from email attachment leads to Cryptowall ransomware
• 2014-08-14 -- Fiesta EK from 217.79.191[.]87 - pokrduof.servepics[.]com
• 2014-08-13 -- Malware infection from links in emails
• 2014-08-12 -- Nuclear EK from 94.229.64[.]231 - intl.echristiancare[.]co
• 2014-08-11 -- Porn-related subdomains of sourceforge[.]net lead to FlashPack EK
• 2014-08-09 -- Fiesta EK from 64.202.116[.]154 - qlokks[.]in[.]ua
• 2014-08-08 -- Betabot (Neurevt) infection from email attachment
• 2014-08-08 -- Zbot infection from email attachment
• 2014-08-08 -- FlashPack EK from 77.78.104[.]96
• 2014-08-06 -- Nuclear EK from 94.229.64[.]227 - ibiz.counselingmoments[.]com
• 2014-08-01 -- Magnitude EK - 193.169.245[.]148
• 2014-08-01 -- Zeus malware infection
• 2014-08-01 -- Nuclear EK from 85.159.213[.]246 - paraletas.patmos-star[.]com

• 2014-07-30 -- FlashPack EK from 85.159.214[.]181 (no domain name)
• 2014-07-30 -- Malware infection from email attachment
• 2014-07-30 -- Rig EK from 194.58.101[.]116 - finish.resinbonding[.]com
• 2014-07-29 -- Malware infection from email attachment
• 2014-07-28 -- Angler EK from 66.96.246[.]143 - 02s.ylukodorsaieaql[.]org
• 2014-07-27 -- Fiesta EK from 64.202.116[.]156 - abyabyab[.]in[.]ua
• 2014-07-26 -- Rig EK from 194.58.101[.]51 - welcome.shiraztshirts[.]com
• 2014-07-25 -- Upatre from email attachment leads to Cryptowall ransomware
• 2014-07-25 -- Rig EK from 194.58.101[.]49 - welcome.shopsthatgivea[.]com
• 2014-07-24 -- Sweet Orange EK from 94.185.82[.]194 port 16122
• 2014-07-23 -- FlashPack EK from 178.79.165[.]213 - dronikaso.denisephotographer[.]com
• 2014-07-22 -- Malware infection from link in Asprox botnet email
• 2014-07-22 -- Fiesta EK from 62.212.73[.]198 - eymjjyebo.myftp[.]org
• 2014-07-21 -- Rig EK from 37.200.65[.]4 - welcome.stovepipedinners[.]com
• 2014-07-20 -- Fiesta EK from 62.212.73[.]198 - wgxjvd.myftp[.]biz
• 2014-07-19 -- FlashPack EK from 88.80.191[.]252 - dudelakos.allcarsmechanical[.]com
• 2014-07-19 -- Nuclear EK from 79.133.219[.]121 - 141320960-6.easypotent[.]co[.]vu
• 2014-07-18 -- FlashPack EK from 88.80.186[.]247 - pistoleor.tustilo[.]com[.]ar
• 2014-07-16 -- Zbot infection from email attachment
• 2014-07-15 -- Magnitude EK from 5.133.179[.]166
• 2014-07-14 -- Rig EK from 46.182.27[.]166 and 178.132.203[.]218
• 2014-07-12 -- Angler EK from 192.200.105[.]130 - three.pasertsion[.]co[.]uk
• 2014-07-11 -- Malware infection from email attachment
• 2014-07-11 -- Angler EK from 192.154.110[.]237 - 41n.degowodyx[.]com
• 2014-07-10 -- Malware infection from link in Asprox botnet email
• 2014-07-10 -- Nuclear EK from 93.189.40[.]229 - gumeno.yahooaple[.]com
• 2014-07-09 -- Fiesta EK from 64.202.116[.]156 - gpoison[.]in[.]ua
• 2014-07-09 -- Kuluoz infection from attachments in Asprox botnet emails
• 2014-07-09 -- Zuponcic EK from 178.33.152[.]221 - mz.watchweedsepisodes[.]net
• 2014-07-08 -- Kuluoz infection from link in Asprox botnet email
• 2014-07-08 -- Sweet Orange EK from 94.185.82[.]199 port 16122 - cdn.ahastore[.]net:16122
• 2014-07-04 -- Nuclear EK from 5.135.211[.]48 - edc.virtualtravelevents[.]net
• 2014-07-03 -- Nuclear EK sends CryptoWall from 23.29.118[.]27
• 2014-07-02 -- Malware infection from link in Asprox botnet email
• 2014-07-02 -- fake Flash installer hosted on 191.238.33[.]50 - update1.azurewebsites[.]net

 

Click here to return to the main page.