[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• 2015-12-31 -- Follow up to ISC diary about actor using Rig EK to deliver Qbot
• 2015-12-30 -- Files for an ISC diary (Rig EK delivers Qbot)
• 2015-12-29 -- Angler EK from 185.86.77[.]52 sends Bedep
• 2015-12-28 -- Angler EK from 207.182.133[.]69 sends TeslaCrypt ransomware
• 2015-12-21 -- Angler EK sends CryptoWall ransomware
• 2015-12-18 -- Files for an ISC diary (Rig EK delivers Qbot)
• 2015-12-17 -- Files for an ISC diary (TelsaCrypt ransomware)
• 2015-12-16 -- Angler EK from 51.255.146[.]65 sends CryptoWall ransomwware
• 2015-12-14 -- Angler EK from 51.255.131[.]66 sends CryptoWall ransomware
• 2015-12-09 -- Files for an ISC diary (Blackhole exploit kit)
• 2015-12-08 -- Angler EK from 185.46.8[.]218 sends CryptoWall ransomware
• 2015-12-04 -- Angler EK from 188.120.247[.]14 sends TeslaCrypt ransomware
• 2015-12-03 -- Angler EK from 178.90.159[.]71 sends CryptoWall ransomware

• 2015-11-30 -- Angler EK sends CryptoWall ransomware
• 2015-11-27 -- Angler EK from 5.135.65[.]146 - lvx1wv.ynglrv01[.]xyz
• 2015-11-25 -- Gate led to Angler EK and later led to Neutrino EK
• 2015-11-25 -- Files for an ISC diary (Pony and Vawtrak)
• 2015-11-23 -- Angler EK from 51.255.25[.]10 sends CryptoWall 3.0 ransomware
• 2015-11-23 -- BizCN gate actor from 5.175.193[.]253 sends CryptoWall ransomware
• 2015-11-22 -- BizCN gate actor from 5.175.194[.]135
• 2015-11-21 -- BizCN gate actor from 5.175.185[.]20 sends CryptoWall ransomware
• 2015-11-20 -- BizCN gate actor from 5.231.54[.]59 sends CryptoWall ransomware
• 2015-11-20 -- Angler EK from 209.133.203[.]204 sends CryptoWall 3.0 ransomware
• 2015-11-19 -- BizCN gate actor from 5.231.54[.]59 sends CryptoWall 3.0 ransomware
• 2015-11-19 -- Files for an ISC diary
• 2015-11-17 -- Rig EK from 46.30.46[.]146 - wef.grassrooters[.]org
• 2015-11-16 -- Malicious script with backward URL leads to Rig EK
• 2015-11-15 -- BizCN gate actor Nuclear EK from 212.231.129[.]35
• 2015-11-12 -- Nuclear EK from 104.236.62[.]254 sends CryptoWall 3.0 ransomware
• 2015-11-10 -- Angler EK sends Tinba malware
• 2015-11-09 -- Nuclear EK from 178.62.8[.]117 sends Andromeda/CTB-Locker
• 2015-11-09 -- Angler EK sends Bedep
• 2015-11-03 -- Files for an ISC diary (CryptoWall 3.0 ransomware)
• 2015-11-02 -- Rig EK from 46.30.46[.]21

• 2015-10-30 -- Nuclear EK from 188.166.65[.]14
• 2015-10-27 -- Compromised WordPress site --> Angler EK --> TeslaCrypt 2.1 ransomware
• 2015-10-23 -- Compromised Drupal site --> Angler EK --> TeslaCrypt 2.0 ransomware
• 2015-10-21 -- Neutrino EK from 89.38.150[.]119 sends Necurs
• 2015-10-20 -- 052F gate Nuclear EK fm 178.62.143[.]149 sends CryptoWall 3.0 ransomware / Andromeda
• 2015-10-19 -- 052F gate Nuclear EK from 178.62.4[.]34
• 2015-10-18 -- BizCN gate Nuclear EK from 5.175.148[.]193 sends CryptoWall 3.0 ransomware
• 2015-10-18 -- Angler EK activity
• 2015-10-16 -- Angler EK and 052F gate Nuclear EK from the same compromised website
• 2015-10-15 -- Files for an ISC Diary (Exploit Kit roundup)
• 2015-10-13 -- Neutrino EK from 81.2.241[.]147
• 2015-10-13 -- Angler EK from 188.138.105[.]137 sends CryptoWall 3.0 ransomware
• 2015-10-12 -- Angler EK from 217.172.170[.]4 sends Bedep
• 2015-10-08 -- Three examples of Nuclear EK from 188.226.215[.]37
• 2015-10-05 -- Nuclear EK from 108.61.189[.]157 - 2whnxtj0ax1nudv.spoolhostz[.]ml

• 2015-09-30 -- Files for an ISC diary (Nuclear EK trends)
• 2015-09-29 -- Angler EK from 85.25.102[.]2 sends CryptoWall 3.0 ransomware
• 2015-09-29 -- Nuclear EK from 162.247.1[4].204 - kolenkovolodki[.]cf
• 2015-09-23 -- Bartalex malspam sends Pony and Vawtrak
• 2015-09-21 -- Rig EK from 46.30.43[.]111 - reh.healtzkart[.]org
• 2015-09-18 -- Nuclear EK from 178.62.72[.]26 - oaacderesftu[.]tk
• 2015-09-16 -- Files for an ISC diary
• 2015-09-16 -- Neutrino EK from 89.38.149[.]168 sends CryptoWall 3.0 ransomware
• 2015-09-16 -- Nuclear EK from 162.247.14[.]156 sends TeslaCrypt 2.0 ransomware
• 2015-09-15 -- Angler EK from 185.49.68[.]129 sends Bedep
• 2015-09-15 -- Nuclear EK from 162.247.14[.]136 sends TeslaCrypt 2.0 ransomware
• 2015-09-14 -- Angler EK from 207.182.157[.]157 sends CryptoWall 3.0 ransomware
• 2015-09-14 -- BizCN gate actor Neutrino EK from 46.108.156[.]189 port 35827 sends CrytpoWall 3.0 ransomware
• 2015-09-11 -- BizCN gate actor Neutrino EK from 46.108.156[.]189 port 32393 sends CryptoWall 3.0 ransomware
• 2015-09-10 -- Angler EK from 62.109.9[.]60
• 2015-09-08 -- Neutrino EK from 46.108.156[.]190 sends CryptoWall 3.0 ransomware
• 2015-09-04 -- Upatre/Dyre infection
• 2015-09-03 -- Angler sends TeslaCrypt 2.0 ransomware one day, then CryptoWall 3.0 ransomware the next
• 2015-09-02 -- Neutrino EK from 46.108.156[.]181 sends TeslaCrypt 2.0 ransomware
• 2015-09-01 -- Files for an ISC diary

• 2015-08-28 -- BizCN gate actor activity
• 2015-08-27 -- Angler EK from 74.63.210[.]179 sends TeslaCrypt 2.0 ransomware
• 2015-08-26 -- Upatre/Dyre infection
• 2015-08-25 -- Files for an ISC diary
• 2015-08-24 -- Angler EK from 31.148.219[.]194 sends TeslaCrypt 2.0 ransomware
• 2015-08-24 -- Rig EK from 94.142.140[.]222 - load.ledrequired[.]com
• 2015-08-21 -- Files for an ISC diary
• 2015-08-19 -- Files for an ISC diary
• 2015-08-19 -- BizCN gate actor Nuclear EK from 31.214.157[.]20 - blizfone[.]cf
• 2015-08-17 -- Rig EK from 94.142.139[.]186 - life.mirage-inc[.]com
• 2015-08-17 -- Angler EK sends Bedep - 94.23.170[.]230 - povazan.spacediscussions[.]com
• 2015-08-14 -- Files for an ISC diary
• 2015-08-14 -- BizCN gate actor Nuclear EK from 89.238.181[.]74 - free3dprint[.]cf
• 2015-08-14 -- Nuclear EK from 95.85.21[.]30 - bacuhytgbnvedhhko.ml
• 2015-08-13 -- Angler EK from 176.9.197[.]68 sends CryptoWall 3.0 ransomware ransomware
• 2015-08-12 -- Nuclear EK from 188.166.1[.]98 - aabeweddbhujkoge.cf
• 2015-08-10 -- Angler EK from 144.76.161[.]249 sends Bedep
• 2015-08-07 -- Rig EK from 46.30.46[.]24 - add.ellicottvillerealestate[.]com
• 2015-08-06 -- Adwind infection
• 2015-08-05 -- An example of legitimate Java update traffic
• 2015-08-04 -- Files for an ISC diary
• 2015-08-03 -- Rig EK from 46.30.46[.]26

• 2015-07-31 -- Angler EK from 69.162.112[.]181 sends CryptoWall 3.0 ransomware
• 2015-07-30 -- BizCN gate actor Nuclear EK on 46.101.18[.]39
• 2015-07-27 -- Files for an ISC diary
• 2015-07-27 -- Angler EK from 69.162.116[.]253 sends CryptoWall 3.0 ransomware
• 2015-07-23 -- Angler EK from 216.245.213[.]141 sends CryptoWall 3.0 ransomware
• 2015-07-22 -- Nuclear EK changes URL patterns
• 2015-07-20 -- Nuclear EK sends TelsaCrypt 2.0 ransomware
• 2015-07-17 -- BizCN gate actor Nuclear EK on 188.166.120[.]33 sends CryptoWall 3.0 ransomware
• 2015-07-17 -- Magnitude EK from 188.42.244[.]146
• 2015-07-17 -- Angler EK from 69.162.90[.]107 sends Bedep
• 2015-07-16 -- Neutrino EK from 82.211.30[.]153 port 31251
• 2015-07-16 -- Rig EK from 46.30.42[.]238
• 2015-07-16 -- BizCN gate actor Nuclear EK on 216.170.114[.]126
• 2015-07-16 -- Angler EK from 206.190.134[.]188 sends CryptoWall 3.0 ransomware
• 2015-07-15 -- Files for an ISC diary
• 2015-07-15 -- BizCN gate actor Nuclear EK on 104.207.131[.]131
• 2015-07-15 -- Angler EK from 185.48.58[.]51 sends CryptoWall 3.0 ransomware
• 2015-07-14 -- BizCN gate actor Nuclear EK on 108.61.167[.]124
• 2015-07-14 -- Angler EK - Two examples - Bedep & CryptoWall 3.0 ransomware
• 2015-07-13 -- BizCN gate actor Nuclear EK on 185.92.220[.]196
• 2015-07-13 -- Angler EK from 136.243.96[.]94 sends CryptoWall 3.0 ransomware
• 2015-07-10 -- Angler EK from 176.9.245[.]142 sends CryptoWall 3.0 ransomware
• 2015-07-10 -- Neutrino EK - 3 examples
• 2015-07-09 -- BizCN gate actor Nuclear EK on 104.238.187[.]29
• 2015-07-09 -- Angler EK - 2 examples (CryptoWall 3.0 ransomware and Bedep)
• 2015-07-08 -- BizCN gate actor Nuclear EK on 108.61.188[.]92
• 2015-07-08 -- Angler EK sends CryptoWall 3.0 ransomware - 2 examples
• 2015-07-07 -- BizCN gate actor Nuclear EK
• 2015-07-07 -- Angler EK traffic - 2 examples
• 2015-07-06 -- Angler EK from 74.63.217[.]220 sends CryptoWall 3.0 ransomware
• 2015-07-05 -- BizCN gate actor switches from Fiesta to Nuclear EK
• 2015-07-05 -- Angler EK from 5.196.183[.]76 sends CryptoWall 3.0 ransomware
• 2015-07-03 -- Angler EK sends CryptoWall 3.0 ransomware
• 2015-07-02 -- Fiesta EK from 66.225.219[.]224 - jackkwizc.ddnsking[.]com
• 2015-07-01 -- Files for an ISC diary

• 2015-06-17 -- Angler EK from 213.133.111[.]21 sends CryptoWall 3.0 ransomware
• 2015-06-16 -- Files for an ISC diary
• 2015-06-16 -- Angler EK from 46.4.235[.]1 sends CryptoWall 3.0 ransomware
• 2015-06-15 -- Angler EK from 46.4.235[.]3 sends Bedep
• 2015-06-12 -- Nuclear EK from 108.61.178[.]68
• 2015-06-12 -- Angler EK sends CryptoWall 3.0 (again)
• 2015-06-11 -- Files for an ISC diary
• 2015-06-09 -- CryptoWall 3.0 ransomware infections from email continue
• 2015-06-09 -- Angler EK still pushing Cryptowall ransomware
• 2015-06-08 -- Angler EK - more changes in traffic patterns
• 2015-06-05 -- Angler EK from 209.133.200[.]228 sends Bedep and Necurs
• 2015-06-04 -- CryptoWall 3.0 ransomware infection from resume-themed email
• 2015-06-03 -- Details from SANS ISC diary on exploit kit (EK) roundup
• 2015-06-02 -- Files for an ISC diary
• 2015-06-01 -- Angler EK from 94.242.192[.]222 sends Bedep and Necurs

• 2015-05-27 -- Files for an ISC diary
• 2015-05-26 -- Angler EK sends Bedep, host infected with CryptoWall 3.0 ransomware
• 2015-05-25 -- Angler EK delivers ransomware
• 2015-05-22 -- Fiesta EK from BizCN actor
• 2015-05-20 -- Files for an ISC diary
• 2015-05-19 -- Files for an ISC diary
• 2015-05-18 -- Angler EK sends Bedep
• 2015-05-15 -- Angler EK from 178.63.174[.]153 - sends Bedep & Necurs
• 2015-05-14 -- Nuclear EK from 109.234.37[.]12 - sends Necurs
• 2015-05-14 -- Nuclear EK delivers ransomware
• 2015-05-14 -- Angler EK delivers ransomware
• 2015-05-12 -- Fiesta EK
• 2015-05-12 -- Files for an ISC diary
• 2015-05-11 -- Files for an ISC diary
• 2015-05-11 -- Fariet/Pony infection from email link
• 2015-05-07 -- Angler EK from 94.242.255[.]60 delivers an unnamed ansomware
• 2015-05-07 -- Angler EK from 94.242.255[.]60 delivers Alpha Crypt ransomware
• 2015-05-06 -- Rig EK changed how it sends the malware payload
• 2015-05-06 -- Angler EK from 94.242.255[.]59 delivers Alpha Crypt ransomware
• 2015-05-05 -- Angler EK from 94.242.255[.]53
• 2015-05-04 -- Files for an ISC diary (Upatre/Dyre)
• 2015-05-04 -- Files for an ISC diary (Fiesta EK)

• 2015-04-30 -- Angler EK sends Alpha Crypt ransomware
• 2015-04-28 -- Fiesta EK
• 2015-04-28 -- Files for an ISC diary (Dalexis and CTB Locker)
• 2015-04-26 -- Files for an ISC diary
• 2015-04-25 -- Angler EK followed by Magnitude EK during post-infection traffic
• 2015-04-24 -- Neutrino EK from 193.242.211[.]149
• 2015-04-15 -- Files for an ISC diary
• 2015-04-15 -- Dridex activity
• 2015-04-09 -- Nuclear EK sends Troldesh ransomware
• 2015-04-06 -- Neutrino EK
• 2015-04-03 -- Nuclear EK sends TelsaCrypt ransomware
• 2015-04-02 -- Some pcaps and malware
• 2015-04-01 -- Angler EK from 209.126.113[.]76

• 2015-03-31 -- Neutrino EK
• 2015-03-30 -- Fiesta EK from 205.234.186[.]113 pushes Simda malware
• 2015-03-27 -- Angler EK and Magnitude EK
• 2015-03-26 -- Fiesta EK from 217.172.170[.]17 - mcghmeneuc.servepics[.]com
• 2015-03-25 -- Angler EK pushes ransomware
• 2015-03-24 -- Chanitor/Vawtrak infection from email attachment
• 2015-03-23 -- Angler EK pushes ransomware
• 2015-03-18 -- Upatre/Dyre infection from email
• 2015-03-17 -- Fiesta EK from 217.172.170[.]6 - iueloxp.servepics[.]com
• 2015-03-16 -- Examples of Nuclear EK pushing Kelihos
• 2015-03-01 -- Magnitude EK from 188.138.68[.]68

• 2015-02-23 -- Sweet Orange EK from 95.183.8[.]177 - h.rockyhillrealtor[.]com:8085
• 2015-02-16 -- Chanitor/Vawtrak actvity
• 2015-02-13 -- Magnitude EK - 46.166.182[.]101
• 2015-02-11 -- Windigo Group Nuclear EK
• 2015-02-10 -- Angler EK from 151.80.94[.]250
• 2015-02-09 -- Sweet Orange EK from 91.224.141[.]64
• 2015-02-09 -- Chanitor/Vawtrak activity
• 2015-02-06 -- Traffic pattern change for CryptoWall 3.0 ransomware
• 2015-02-06 -- Rig EK from 46.182.30[.]163 pushes Kronos
• 2015-02-05 -- BizCN gate actor changes IP address, domain names, and URL pattern for its gate
• 2015-02-04 -- Nuclear EK from 5.9.120[.]123 - zxc.mivycem[.]com
• 2015-02-02 -- Chanitor actvity
• 2015-02-01 -- Nuclear EK from 178.62.250[.]102 - discreettarget[.]cf

• 2015-01-31 -- KaiXin EK from 103.251.38[.]20:802 - EK payload from 210.109.101[.]13
• 2015-01-30 -- Angler EK from 178.32.131[.]248 - 6jd5c9.ckk.creacionesliterarias-kirk[.]com
• 2015-01-29 -- Nuclear EK from 178.62.149[.]46 - culturemerge[.]ga - Vawtrak payload
• 2015-01-28 -- Ad traffic from lax1.ib.adnxs[.]com kicks off chain of events to Angler EK
• 2015-01-27 -- Upatre/Dyre infection
• 2015-01-26 -- Dridex infection
• 2015-01-26 -- Neutrino EK from 108.61.197[.]150 sends Vawtrak/NeverQuest
• 2015-01-23 -- Nuclear EK sends Vawtrak/NeverQuest
• 2015-01-23 -- Windigo group Nuclear EK from 188.40.64[.]218
• 2015-01-21 -- Angler EK from 207.182.149[.]13
• 2015-01-21 -- Upatre/Dyre infection
• 2015-01-20 -- Malware infection from link in email impersonating BBVA Bancomer
• 2015-01-20 -- Fiesta EK from 205.234.186[.]112 - justtattoshop[.]in
• 2015-01-18 -- Nuclear EK from 188.226.241[.]6 - nightglass[.]cf and nightglass[.]ga
• 2015-01-13 -- Upatre/Dyre infection
• 2015-01-12 -- Sweet Orange EK from 185.16.40[.]228 port 9633
• 2015-01-08 -- Malware hosted on 82.244.160[.]22
• 2015-01-07 -- Dridex activity
• 2015-01-03 -- KaiXin EK from 119.147.137[.]128 - as2.22wdasda[.]cc
• 2015-01-02 -- Malware infection from Asprox botnet email
• 2015-01-01 -- Malware infection from email attachment
• 2015-01-01 -- Nuclear EK (Operation Windigo) from 67.215.2[.]195

 

Click here to return to the main page.