[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• Still working on restoring these 2015 blog posts.

• 2015-12-31 -- Follow up to ISC diary about actor using Rig EK to deliver Qbot
• 2015-12-30 -- Files for an ISC diary (Rig EK delivers Qbot)
• 2015-12-29 -- Angler EK from 185.86.77[.]52 sends Bedep
• 2015-12-28 -- Angler EK from 207.182.133[.]69 sends TeslaCrypt ransomware
• 2015-12-21 -- Angler EK sends CryptoWall ransomware
• 2015-12-18 -- Files for an ISC diary (Rig EK delivers Qbot)
• 2015-12-17 -- Files for an ISC diary (TelsaCrypt ransomware)
• 2015-12-16 -- Angler EK from 51.255.146[.]65 sends CryptoWall ransomwware
• 2015-12-14 -- Angler EK from 51.255.131[.]66 sends CryptoWall ransomware
• 2015-12-09 -- Files for an ISC diary (Blackhole exploit kit)
• 2015-12-08 -- Angler EK from 185.46.8[.]218 sends CryptoWall ransomware
• 2015-12-04 -- Angler EK from 188.120.247[.]14 sends TeslaCrypt ransomware
• 2015-12-03 -- Angler EK from 178.90.159[.]71 sends CryptoWall ransomware

• 2015-11-30 -- Angler EK sends CryptoWall ransomware
• 2015-11-27 -- Angler EK from 5.135.65[.]146 - lvx1wv.ynglrv01[.]xyz
• 2015-11-25 -- Gate led to Angler EK and later led to Neutrino EK
• 2015-11-25 -- Files for an ISC diary (Pony and Vawtrak)
• 2015-11-23 -- Angler EK from 51.255.25[.]10 sends CryptoWall 3.0 ransomware
• 2015-11-23 -- BizCN gate actor from 5.175.193[.]253 sends CryptoWall ransomware
• 2015-11-22 -- BizCN gate actor from 5.175.194[.]135
• 2015-11-21 -- BizCN gate actor from 5.175.185[.]20 sends CryptoWall ransomware
• 2015-11-20 -- BizCN gate actor from 5.231.54[.]59 sends CryptoWall ransomware
• 2015-11-20 -- Angler EK from 209.133.203[.]204 sends CryptoWall 3.0 ransomware
• 2015-11-19 -- BizCN gate actor from 5.231.54[.]59 sends CryptoWall 3.0 ransomware
• 2015-11-19 -- Files for an ISC diary
• 2015-11-17 -- Rig EK from 46.30.46[.]146 - wef.grassrooters[.]org
• 2015-11-16 -- Malicious script with backward URL leads to Rig EK
• 2015-11-15 -- BizCN gate actor Nuclear EK from 212.231.129[.]35
• 2015-11-12 -- Nuclear EK from 104.236.62[.]254 sends CryptoWall 3.0 ransomware
• 2015-11-10 -- Angler EK sends Tinba malware
• 2015-11-09 -- Nuclear EK from 178.62.8[.]117 sends Andromeda/CTB-Locker
• 2015-11-09 -- Angler EK sends Bedep
• 2015-11-03 -- Files for an ISC diary (CryptoWall 3.0 ransomware)
• 2015-11-02 -- Rig EK from 46.30.46[.]21

• 2015-10-30 -- Nuclear EK from 188.166.65[.]14
• 2015-10-27 -- Compromised WordPress site --> Angler EK --> TeslaCrypt 2.1 ransomware
• 2015-10-23 -- Compromised Drupal site --> Angler EK --> TeslaCrypt 2.0 ransomware
• 2015-10-21 -- Neutrino EK from 89.38.150[.]119 sends Necurs
• 2015-10-20 -- 052F gate Nuclear EK fm 178.62.143[.]149 sends CryptoWall 3.0 ransomware / Andromeda
• 2015-10-19 -- 052F gate Nuclear EK from 178.62.4[.]34
• 2015-10-18 -- BizCN gate Nuclear EK from 5.175.148[.]193 sends CryptoWall 3.0 ransomware
• 2015-10-18 -- Angler EK activity
• 2015-10-16 -- Angler EK and 052F gate Nuclear EK from the same compromised website
• 2015-10-15 -- Files for an ISC Diary (Exploit Kit roundup)
• 2015-10-13 -- Neutrino EK from 81.2.241[.]147
• 2015-10-13 -- Angler EK from 188.138.105[.]137 sends CryptoWall 3.0 ransomware
• 2015-10-12 -- Angler EK from 217.172.170[.]4 sends Bedep
• 2015-10-08 -- Three examples of Nuclear EK from 188.226.215[.]37
• 2015-10-05 -- Nuclear EK from 108.61.189[.]157 - 2whnxtj0ax1nudv.spoolhostz[.]ml

• 2015-09-30 -- Files for an ISC diary (Nuclear EK trends)
• 2015-09-29 -- Angler EK from 85.25.102[.]2 sends CryptoWall 3.0 ransomware
• 2015-09-29 -- Nuclear EK from 162.247.1[4].204 - kolenkovolodki[.]cf
• 2015-09-23 -- Bartalex malspam sends Pony and Vawtrak
• 2015-09-21 -- Rig EK from 46.30.43[.]111 - reh.healtzkart[.]org
• 2015-09-18 -- Nuclear EK from 178.62.72[.]26 - oaacderesftu[.]tk
• 2015-09-16 -- Files for an ISC diary
• 2015-09-16 -- Neutrino EK from 89.38.149[.]168 sends CryptoWall 3.0 ransomware
• 2015-09-16 -- Nuclear EK from 162.247.14[.]156 sends TeslaCrypt 2.0 ransomware
• 2015-09-15 -- Angler EK from 185.49.68[.]129 sends Bedep
• 2015-09-15 -- Nuclear EK from 162.247.14[.]136 sends TeslaCrypt 2.0 ransomware
• 2015-09-14 -- Angler EK from 207.182.157[.]157 sends CryptoWall 3.0 ransomware
• 2015-09-14 -- BizCN gate actor Neutrino EK from 46.108.156[.]189 port 35827 sends CrytpoWall 3.0 ransomware
• 2015-09-11 -- BizCN gate actor Neutrino EK from 46.108.156[.]189 port 32393 sends CryptoWall 3.0 ransomware
• 2015-09-10 -- Angler EK from 62.109.9[.]60
• 2015-09-08 -- Neutrino EK from 46.108.156[.]190 sends CryptoWall 3.0 ransomware
• 2015-09-04 -- Upatre/Dyre infection
• 2015-09-03 -- Angler sends TeslaCrypt 2.0 ransomware one day, then CryptoWall 3.0 ransomware the next
• 2015-09-02 -- Neutrino EK from 46.108.156[.]181 sends TeslaCrypt 2.0 ransomware
• 2015-09-01 -- Files for an ISC diary

 

Click here to return to the main page.