[ 2013 ] - [ 2014 ] - [ 2015 ] - [ 2016 ] - [ 2017 ] - [ 2018 ] - [ 2019 ] - [ 2020 ] - [ 2021 ]
- 2017-12-29 -- Resume-themed malspam pushing Dreambot banking Trojan
- 2017-12-29 -- Traffic, email, and malware samples from 3 days of Necurs Botnet malspam
- 2017-12-28 -- Seamless campaign continues using Rig EK to send Ramnit banking Trojan
- 2017-12-27 -- Malspam pushing Emotet Trojan - Subject: Merry Christmas!
- 2017-12-26 -- EITest campaign HoeflerText popups or fake AV alerts
- 2017-12-26 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-22 -- Malspam uses CVE-2017-0199 to distribute Remcos RAT
- 2017-12-21 -- Hancitor malspam - Subject: RE: FW: december billing invoice
- 2017-12-21 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-20 -- Quick post - Hancitor malspam
- 2017-12-19 -- Quick post - EITest HoeflerText popups or fake anti-virus pages
- 2017-12-19 -- Quick post - Hancitor malspam
- 2017-12-19 -- Quick post - Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-18 -- Quick post - Hancitor malspam
- 2017-12-18 -- A weekend's worth of phishing emails from my inbox
- 2017-12-14 -- Ngay campaign Rig EK pushes Quant Loader & Monero CPU miner
- 2017-12-13 -- Hancitor malspam (eFax-themed)
- 2017-12-13 -- Necurs Botnet malspam examples, 2017-12-07 thru 12
- 2017-12-13 -- Email attachment exploits CVE-2017-11882 to spread Loki Bot
- 2017-12-12 -- EITest HoeflerText popups and fake anti-virus pages
- 2017-12-12 -- Ngay campaign Rig EK pushes Quant Loader & Monero CPU miner
- 2017-12-11 -- AutoIT malspam - Subject: NFe - FISCAL
- 2017-12-11 -- Hancitor malspam (eFax-themed)
- 2017-12-08 -- Fobos campaign Rig EK pushes Bunitu
- 2017-12-06 -- Quick post: UK vehicle violation-themed malspam pushes Nymaim
- 2017-12-06 -- Hancitor malspam - More IcedID banking Trojan (no Zeus Panda Banker)
- 2017-12-06 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-06 -- Quick post: EITest HoeflerText popup pushes NetSupport Manager RAT
- 2017-12-05 -- Quick post: Hancitor malspam
- 2017-12-05 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-04 -- Dridex is back, Baby! - Necurs Botnet malspam pushes Dridex
- 2017-12-04 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-12-01 -- Phishing emails for shopping job at Target
- 2017-12-01 -- EITest campaign fake anti-virus alert
- 2017-11-30 -- Necurs Botnet malspam pushes GlobeImposter ransomware
- 2017-11-29 -- pcap/malware for an ISC diary (Emotet malspam)
- 2017-11-28 -- Payment slip malspam
- 2017-11-28 -- Two days of Hancitor malspam
- 2017-11-28 -- Fake Netflix login pages from phishing emails
- 2017-11-27 -- "Tungsten Rounded" popup on Chrome/Firefox pushes Monero CPU miner
- 2017-11-23 -- Necurs Botnet malspam pushes "Scarab" ransomware
- 2017-11-22 -- Netflix phishing emails
- 2017-11-21 -- Italian malspam pushing Zeus Panda Banker
- 2017-11-21 -- Hancitor malspam - Now w/ IcedID banking Trojan (not Zeus Panda Banker)
- 2017-11-19 -- pcap/malware for an ISC diary (resume malspam pushing Smoke Loader)
- 2017-11-17 -- KaiXin EK still around, very Chinese, and acting like it's 2013
- 2017-11-16 -- traffic, emails, and malware from 5 days of Hancitor malspam
- 2017-11-16 -- Malspam using CVE-2017-0199 to push Loki Bot
- 2017-11-15 -- Brazil malpsam pushes Banload malware
- 2017-11-12 -- "Mercury Text" popup for Chrome/FireFox pushes Monero CPU miner
- 2017-11-10 -- Phishing emails link to fake on-line banking pages
- 2017-11-09 -- Necurs Botnet malspam still pushing Locky ransomware
- 2017-11-08 -- Hancitor malspam - Subject: RE: iPhone X pre-order
- 2017-11-07 -- A Day in the Life (of a Researcher)
- 2017-11-06 -- Hancitor malspam - Subject: Delivery failed
- 2017-11-03 -- malspam pushing Nymaim
- 2017-11-03 -- Brazil malpsam pushes Banload malware
- 2017-11-02 -- Adventures with Smoke Loader
- 2017-11-01 -- Hancitor malspam (fake RingCentral fax)
- 2017-11-01 -- Necurs Botnet malspam continues pushing Locky
- 2017-10-31 -- Quick post: Hancitor malspam (Payment notice for invoice)
- 2017-10-31 -- Necurs Botnet malspam stops using DDE, still uses Word docs
- 2017-10-30 -- Hancitor malspam (View your Office 365 Business billing statement)
- 2017-10-30 -- Necurs Botnet malspam uses DDE attack to push Locky
- 2017-10-27 -- malspam pushing Remcos RAT
- 2017-10-26 -- Hancitor malspam (missed delivery/shipment/shipping notification)
- 2017-10-26 -- EITest campaign sends HoeflerText popups or fake AV page
- 2017-10-24 -- Necurs Botnet malspam uses DDE attack to push Locky
- 2017-10-24 -- Compromised site has EITest fake AV, also has coinminer javascript
- 2017-10-24 -- Phishing email, Subject: BAHL Internet Banking - Update
- 2017-10-23 -- Brazil malspam pushes Banload
- 2017-10-23 -- malspam pushes a RAT's nest of malware
- 2017-10-19 -- Pcap & malware for an ISC diary (Necurs Botnet malspam uses DDE attack)
- 2017-10-18 -- Pcap and malware for an ISC diary (Loki Bot malspam)
- 2017-10-17 -- Terror EK sends Smoke Loader, Smoke Loader sends more malware
- 2017-10-16 -- pcap and malware for an ISC diary (Hancitor malspam)
- 2017-10-13 -- Blank Slate malspam stops pushing Locky, starts pushing Sage 2.2
- 2017-10-11 -- WhatsApp-themed Brazil malspam pushes Banload malware
- 2017-10-11 -- FTFY: Necurs Botnet malspam pushing ".asasin" variant Locky ransomware
- 2017-10-11 -- Phishing email - Subject: Completed Title Work :Please DocuSign
- 2017-10-10 -- Malspam using CVE-2017-0199 to push Loki Bot
- 2017-10-10 -- Malspam pushing Emotet Trojan
- 2017-10-09 -- Adwind/jRAT malspam - Subject: Payment TT Copy
- 2017-10-06 -- Brazil malspam - Subject: Envio de Boleto - URGENTE - GRUPO FREITAS
- 2017-10-05 -- Hancitor malspam (2 waves: Make Hacking Difficult & FW: IRS)
- 2017-10-04 -- Blank Slate malspam pushes ".ykcol" variant Locky ransomware
- 2017-10-04 -- EITest campaign HoeflerText popup / fake AV alert
- 2017-10-03 -- Japanese malspam pushing Ursnif
- 2017-10-03 -- Brazil malspam - Subj: Fotos Enviadas via WhatsApp Messenger WEB
- 2017-10-03 -- Hancitor malspam (fake RingCentral Fax)
- 2017-10-03 -- pcap and malware for an ISC diary (Formbook info stealer malspam)
- 2017-10-02 -- Quick post: Hancitor malspam (fake FedEx emails)
- 2017-10-02 -- Necurs Botnet malspam still pushing ".ykcol" variant Locky ransomware
- 2017-09-22 -- Brazil malspam - Subject: Envio de Boleto - URGENTE - GRUPO FREITAS
- 2017-09-22 -- Pcap and malware for an ISC diary (Hancitor malspam)
- 2017-09-21 -- Pcap and malware for an ISC diary (CVE-2017-8759)
- 2017-09-20 -- Loki bot malspam - Subject: RFQ: FROM: Fortune Sciences Co., Ltd
- 2017-09-18 -- Malspam pushing Emotet Trojan
- 2017-09-18 -- Hancitor malspam (sept invoice)
- 2017-09-18 -- Necurs Botnet malspam pushing ".ykcol" variant Locky ransomware
- 2017-09-18 -- Malspam pushing Emotet Trojan
- 2017-09-15 -- Amateur hour: more fake Microsoft update malspam with .exe attachments
- 2017-09-15 -- Blank Slate malspam pushes Locky ransomware
- 2017-09-14 -- Fake Microsoft update malspam with .exe attachments
- 2017-09-11 -- Blank Slate malspam pushes "Lukitus" variant Locky ransomware
- 2017-09-08 -- Locky malspam
- 2017-09-08 -- EITest campaign fake AV alert / HoeflerText popup
- 2017-09-07 -- Malspam pushes "Lukitus" variant Locky ransomware
- 2017-09-07 -- EITest campaign still using fake AV alerts or HoeflerText popups
- 2017-09-06 -- Japanese malspam pushing Ursnif
- 2017-09-05 -- Grab bag
- 2017-09-04 -- Brazil malspam - Subj: Crt: 386 / Oper: 2557 / Contrato: 5213706677228235...
- 2017-09-04 -- Malspam pushing GlobeImposter ransomware (..txt file extensions)
- 2017-09-01 -- EITest HoflerText popups or fake anti-virus pages
- 2017-08-31 -- Grab bag
- 2017-08-29 -- Traffic analysis pop quiz
- 2017-08-29 -- Terror EK seen using HTTPS
- 2017-08-28 -- Brazil malspam - Subject: Envio de Boleto - URGENTE - GRUPO FREITAS
- 2017-08-28 -- Fobos campaign Rig EK sends Bunitu
- 2017-08-25 -- Seamless campaign Rig EK sends Ramnit
- 2017-08-21 -- Hancitor malspam (UPS Quantum View)
- 2017-08-21 -- Malspam continues pushing Trickbot banking Trojan
- 2017-08-19 -- Brazil spam pushes banking Trojan - Subj: Aviso de Inclusao De Protesto
- 2017-08-16 -- Some emails, malware, and pcaps for "Lukitus" variant Locky ransomware
- 2017-08-15 -- Pcap and malware for and ISC diary (Trickbot malspam)
- 2017-08-12 -- Malspam continues to push Trickbot banking Trojan
- 2017-08-11 -- "Diablo6" Locky malspam - PDF attachments with embedded .docm files
- 2017-08-10 -- Hancitor malspam (FedEx shipment delivered)
- 2017-08-09 -- Malware & traffic from malspam pushing Diablo6 variant of Locky
- 2017-08-09 -- Pcap and malware for an ISC diary I wrote
- 2017-08-08 -- Quick post: malspam pushing GlobeImposter ransomware
- 2017-08-07 -- Fake BBB malspam uses goo.gl links to send JavaScript file
- 2017-08-04 -- Magnitude EK data dump
- 2017-08-03 -- Hancitor malspam (invoice from Casey Martinez)
- 2017-08-02 -- "Blank Slate" malspam pushing Gryphon ransomware (a BTCware variant)
- 2017-08-02 -- Malspam pushing GlobeImposter ransomware (726 file extension)
- 2017-08-02 -- Hancitor malspam (ADP payroll invoice)
- 2017-08-02 -- Magnitude EK sends Cerber ransomware
- 2017-08-01 -- Rig EK from the HookAds campaign sends Dreambot
- 2017-07-31 -- malspam pushing GlobeImposter ransomware
- 2017-07-29 -- "Blank Slate" malspam pushing BTCware (Aleta variant) ransomware
- 2017-07-28 -- Dog Turd in a Big Bowl of Soup: A Security Parable
- 2017-07-26 -- Pcap and malware for an ISC diary (malspam pushing Emotet)
- 2017-07-24 -- quick post: Hancitor malspam
- 2017-07-24 -- quick post: Trickbot malspam
- 2017-07-23 -- EITest campaign HolflerText popup sends Mole ransomware
- 2017-07-21 -- Brazil malspam - Subject: Envio de Boleto - URGENTE - AXECAPITAL
- 2017-07-20 -- Hancitor malspam (invoice notification)
- 2017-07-18 -- UPS-themed malspam pushing NemucodAES ransomware
- 2017-07-17 -- Rig EK data dump (HookAds and Seamless campaigns)
- 2017-07-14 -- Another tech support scam popup message
- 2017-07-14 -- Pcap and malware for an ISC diary (Kovter/NemucodAES malspam)
- 2017-07-12 -- Brazil malspam - Subject: Ultimo aviso da 2a via boleto em Atraso
- 2017-07-10 -- Rig EK from the HookAds campaign
- 2017-07-10 -- More UPS-themed malspam pushing Kovter/Nemucod ransomware
- 2017-07-07 -- Brazil malspam - Subj: Mensagem pessoal (Detran) - (87960)
- 2017-07-06 -- EITest campaign pushes tech support scam
- 2017-07-05 -- Japanese malspam with Excel spreadsheet attachment
- 2017-07-04 -- Malspam with Java-based RAT
- 2017-07-03 -- More UPS-themed malspam pushing Kovter
- 2017-07-03 -- Hancitor malspam (FedEx tracking notification)
- 2017-06-30 -- Rig EK from HookAds campaign send Chthonic banking Trojan
- 2017-06-29 -- Kovter malspam - UPS delivery theme
- 2017-06-29 -- Hancitor malspam (Google Docs)
- 2017-06-28 -- Hancitor Malspam (RingCentral fax)
- 2017-06-28 -- Pcap and malware for an ISC diary (Blank Slate malspam)
- 2017-06-27 -- Hancitor malspam (invoice problems)
- 2017-06-26 -- Hancitor malspam (ADP payroll)
- 2017-06-22 -- Locky malspam - PDF attachments with embedded .docm files
- 2017-06-21 -- Hancitor malspam (from "De Leons Transport, Inc.")
- 2017-06-21 -- Rig EK sends Bunitu Trojan
- 2017-06-20 -- Rig EK from HookAds campaign sends Dreambot & Chthonic
- 2017-06-19 -- Rig EK from the HookAds campaign sends Dreambot
- 2017-06-16 -- Rig EK from the HookAds campaign
- 2017-06-16 -- Boleto malspam
- 2017-06-15 -- Hancitor malspam (Google Docs-themed)
- 2017-06-15 -- Rig EK (HookAds and Seamless campaigns)
- 2017-06-14 -- Trickbot malspam - PDF attachments with embedded .xlsm files
- 2017-06-14 -- Hancitor malspam (ADP bill)
- 2017-06-13 -- malspam pushing Jaff ransomware from .wsf files
- 2017-06-12 -- Hancitor malspam (Docusign-themed)
- 2017-06-12 -- malspam pushing Trickbot from .wsf files
- 2017-06-12 -- malspam - Subject: Confirmation Required
- 2017-06-12 -- Japanese Ursnif malspam
- 2017-06-12 -- Loki Bot malspam - Subject: Re: PURCHASE ORDER 457211
- 2017-06-09 -- EITest campaign still pushing tech support scams
- 2017-06-08 -- Hancitor malspam (Dropbox-themed)
- 2017-06-08 -- Portuguese malspam - Notificacao IPTU
- 2017-06-07 -- Hancitor malspam (Google Docs-themed)
- 2017-06-07 -- Loki Bot malspam - Subject: Re:Purchase request
- 2017-06-06 -- Hancitor malspam - Subject: New incoming fax from 421-xxx-xxxx
- 2017-06-06 -- malspam pushing Jaff ransomware from Word docs in PDF attachments
- 2017-06-06 -- RoughTed campaign Rig EK
- 2017-06-05 -- Dridex malspam (Word docs in PDF attachments)
- 2017-06-02 -- Seamless campaign continues using Rig EK to send Ramnit
- 2017-06-02 -- Dridex malspam (Word docs in PDF attachments)
- 2017-06-01 -- Hancitor malspam - Google Docs-themed emails
- 2017-06-01 -- malspam pushing Jaff ransomware from Word docs in PDF attachments
- 2017-06-01 -- Parking ticket-themed malspam pushing Zeus Panda Banker
- 2017-05-31 -- Hancitor malspam - Subject: Your package has been returned!
- 2017-05-31 -- malspam - Subject: RFQ-Doc
- 2017-05-30 -- Rig EK sends Kovter
- 2017-05-30 -- EITest campaign pushing tech support scams, Rig EK, HoeflerText popups
- 2017-05-30 -- Hancitor malspam - Subject: FedEx Shipment Notification
- 2017-05-26 -- EITest campaign pushing tech support scams, Rig EK, HoeflerText popups
- 2017-05-26 -- Malspam - Subject: DHL Tracking Number for shipment 97 93745 186
- 2017-05-25 -- EITest campaign pushing tech support scams in US and UK
- 2017-05-25 -- Malspam pushing Jaff ransomware from Word docs in PDF attachments
- 2017-05-25 -- Hancitor malspam with a Google Docs theme
- 2017-05-24 -- Malspam pushing Jaff ransomware from Word docs in PDF attachments
- 2017-05-24 -- Pcap and malware for an ISC diary (about Jaff ransomware)
- 2017-05-22 -- Malspam pushing Jaff ransomware from Word docs in PDF attachments
- 2017-05-17 -- EITest HoeflerText popups sends Spora ransomware
- 2017-05-16 -- Hancitor malspam - Subject: UPS Shipment Label Notification
- 2017-05-16 -- More examples of malspam pushing Jaff ransomware
- 2017-05-15 -- My take on WannaCry ransomware
- 2017-05-15 -- The Jaff ransomware train keeps on rollin'
- 2017-05-12 -- FedEx-themed malspam pushes Kovter (again)
- 2017-05-12 -- Rig EK examples
- 2017-05-12 -- "Blank Slate" malspam continues pushing Cerber ransomware
- 2017-05-11 -- Jumping on the Jaff ransomware bandwagon
- 2017-05-11 -- FedEx-themed malspam pushes Kovter
- 2017-05-11 -- Pcap and malware for an ISC diary on Rig EK
- 2017-05-10 -- Hancitor malspam - Subpoenas and Comcast bills
- 2017-05-10 -- "Blank Slate" malspam pushing Cerber and GlobeImposter ransomware
- 2017-05-09 -- Hancitor malspam - Subject: RE: may subpoena from FTC
- 2017-05-09 -- Rig EK sends Bunitu Trojan
- 2017-05-05 -- "Blank Slate" malspam back to sending Cerber
- 2017-05-04 -- Hancitor malspam - Subj: USPS Proof of Delivery letter on your shipment
- 2017-05-04 -- Decimal IP campaign uses fake Flash Player site to send Smoke Loader
- 2017-05-03 -- "Blank Slate" malspam pushes GlobeImposter ransomware variant
- 2017-05-03 -- WhatsApp malspam - Subject: Missed voice message
- 2017-05-02 -- Hancitor malspam - Subj: Your online bill is available. Amount due $484.45
- 2017-05-02 -- Keeping it 100: "Blank Slate" malspam starts pushing Mordor ransomware
- 2017-05-01 -- Hancitor malspam - Subject: 725-630-1234 has sent you a 3 page(s) fax!
- 2017-04-28 -- Banking Trojan - Subj: UPS Tracking Number for shipment H6902644376
- 2017-04-27 -- "Blank Slate" malspam still pushing Cerber, also trying CVE-2017-0199
- 2017-04-26 -- Hancitor malspam - Subject: Your invoice 123456 is available for review!
- 2017-04-26 -- USPS-themed malspam pushes Mole Ransomware and Kovter
- 2017-04-25 -- "Good Man" campaign Rig EK sends Latentbot
- 2017-04-24 -- Hancitor malspam - Subject: RE: RE: wrong amount for invoice # 1234567
- 2017-04-23 -- Dridex-style malspam pushes Locky ransomware instead
- 2017-04-21 -- USPS-themed malspam changes to Parking Service malspam
- 2017-04-20 -- "Blank Slate" malspam still pushing Cerber
- 2017-04-20 -- EITest campaign Rig EK / HoeflerText Chrome popup
- 2017-04-19 -- Dridex malspam with PDF attachments containing embedded Word docs
- 2017-04-19 -- USPS-themed malspam continues pushing Panda Banker, Kovter, & Miuref
- 2017-04-18 -- USPS-themed malspam resumes after weekend break
- 2017-04-18 -- EITest campaign Rig EK / HoeflerText Chrome popup
- 2017-04-16 -- EITest campaign Rig EK / HoeflerText Chrome popup
- 2017-04-15 -- EITest campaign Rig EK / HoeflerText Chrome popup
- 2017-04-14 -- Gate leads to Terror EK, same gate later leads to Rig EK
- 2017-04-13 -- "Blank Slate" malspam still pushing Cerber, still using fake Chrome page
- 2017-04-13 -- What seems like Rig EK sends possible SmokeLoader payload
- 2017-04-12 -- Pcap and malware for an ISC diary
- 2017-04-11 -- Pcap and malware for an ISC diary
- 2017-04-07 -- If using Chrome: EITest = HoeflerText popup - If using IE: EITest = Rig EK
- 2017-04-06 -- EITest Rig EK from 109.234.36.165 sends Matrix ransomware variant
- 2017-04-06 -- "Blank Slate" malspam still pushing Cerber, still using fake Chrome page
- 2017-04-05 -- Hancitor malspam - Subject: march invoice # 1234567 due
- 2017-04-05 -- Cerber/Kovter malspam - Subject: Delivery Notification
- 2017-04-05 -- malspam - Subject: problem with your order
- 2017-04-05 -- Terror EK sends Andromeda
- 2017-04-04 -- Hancitor malspam - Subject: Your monthly bill 123456 is available!
- 2017-04-04 -- Cerber/Kovter malspam - Subject: Our UPS courier can not contact you
- 2017-04-03 -- EITest Rig EK from 5.101.77.137 sends MSIL/Matrix ransomware variant
- 2017-04-03 -- DHL invoice malspam/photo malspam - various subject lines
- 2017-04-03 -- Hancitor malspam - Subj: New Fax Message, incoming from 849-930-xxxx
- 2017-03-31 -- "Blank Slate" malspam still pushing Cerber
- 2017-03-30 -- Dridex malspam (two waves)
- 2017-03-30 -- Terror EK from 159.203.185.4
- 2017-03-29 -- Hancitor malspam - Subject: Your Flight Ticket Order
- 2017-03-28 -- EITest Rig EK from 46.173.214.185 sends (some sort of) ransomware
- 2017-03-24 -- "Blank Slate" malspam tries fake Chrome install page
- 2017-03-23 -- Malspam for "Quantum Code" scam
- 2017-03-22 -- Portuguese invoice malspam
- 2017-03-21 -- Pcaps and malware for an ISC diary
- 2017-03-20 -- pseudoDarkleech Rig EK from 92.53.104.78 sends Cerber ransomware
- 2017-03-20 -- EITest Rig EK from 92.53.104.78 sends Cerber ransomware
- 2017-03-16 -- Hancitor malspam - Subject: RE: divorce papers
- 2017-03-15 -- "Blank Slate" malspam campaign sending Cerber ransomware
- 2017-03-15 -- Hancitor malspam - Subject: RE: subpoena
- 2017-03-15 -- EITest Rig EK sends Revenge Ransomware
- 2017-03-15 -- pseudoDarkleech Rig EK sends Cerber
- 2017-03-15 -- unidentified campaign Rig EK sends DELoader/Zloader
- 2017-03-14 -- Kovter malspam - Subject: Status of your UPS delivery
- 2017-03-14 -- Hancitor malspam - Subject: Payment request for invoice
- 2017-03-14 -- "Blank Slate" malspam campaign sending Cerber ransomware
- 2017-03-13 -- "Good Man" campaign Rig EK sends Godzilla Loader/Zbot
- 2017-03-13 -- Hancitor malspam - Subject: Incoming Fax
- 2017-03-13 -- Kovter/Locky malspam - Subject: Status of your UPS delivery
- 2017-03-10 -- "Blank Slate" malspam continues sending Cerber ransomware
- 2017-03-10 -- malspam: URGENTE - Informe de Rendimentos de 2016 - CORRIGIDO
- 2017-03-10 -- EITest HoeflerText Chrome popup leads to Spora ransomware
- 2017-03-09 -- Rig EK sends Zbot
- 2017-03-08 -- Hancitor malspam - fake eFax emails
- 2017-03-07 -- EITest Rig EK from 188.225.32.10 sends Dreambot
- 2017-03-07 -- Sundown EK
- 2017-03-06 -- Hancitor malspam - fake Delta Air Lines emails
- 2017-03-06 -- EITest HoeflerText Chrome popup leads to Spora ransomware
- 2017-03-04 -- KaiXin EK from 220.170.89.153
- 2017-03-03 -- Malspam - Subject: IRS Urgent Notification
- 2017-03-02 -- Nebula EK sends DiamondFox malware
- 2017-02-28 -- Hancitor malspam - fake USPS emails
- 2017-02-28 -- Ongoing malspam campaign spreading ransomware
- 2017-02-28 -- EITest Rig EK from 81.177.140.75 sends CryptoShield ransomware
- 2017-02-27 -- Hancitor malspam
- 2017-02-27 -- Rig EK examples (pseudoDarkleech and EITest campaigns)
- 2017-02-23 -- Hancitor malspam
- 2017-02-23 -- EITest Rig EK from 188.225.35.79 sends Dreambot
- 2017-02-22 -- EITest HoeflerText Chrome popup leads to Spora ransomware
- 2017-02-22 -- pseudoDarkleech Rig EK from 81.177.6.153 sends Cerber ransomware
- 2017-02-21 -- Zeus Panda Banker malspam
- 2017-02-21 -- Hancitor malspam
- 2017-02-20 -- Malspam - Subject: radar photo proof 57628324
- 2017-02-18 -- Pcaps and malware for an ISC diary
- 2017-02-16 -- Hancitor malspam
- 2017-02-15 -- EITest HoeflerText Chrome popup leads to Spora ransomware
- 2017-02-14 -- EITest HoeflerText Chrome popup leads to Spora ransomware
- 2017-02-14 -- EITest Rig EK sends CryptoShield ransomware
- 2017-02-10 -- Pcaps and malware for an ISC diary
- 2017-02-09 -- Pcaps and malware for an ISC diary
- 2017-02-08 -- Ongoing malspam campaign spreading ransomware
- 2017-02-07 -- Hancitor/Pony malspam - Subject: You received a new eFax
- 2017-02-06 -- pseudoDarkleech Rig EK from 194.87.94.37 sends Cerber ransomware
- 2017-02-06 -- Afraidgate Rig EK from 194.87.94.37 sends Godzilla Loader/Locky/other
- 2017-02-06 -- Hancitor/Pony malspam - Subject: Shipping information for parcel
- 2017-02-06 -- EITest Rig EK sends CryptoShield ransomware
- 2017-02-04 -- EITest fake Chrome popup leads to Spora ransomware
- 2017-02-02 -- Ongoing malspam campaign spreading ransomware
- 2017-02-01 -- Hancitor/Pony malspam - Subject: Invoice #12345678
- 2017-01-31 -- Hancitor/Pony malspam - Subject: You received a new eFax
- 2017-01-31 -- EITest Rig EK from 195.133.144.228 sends CryptoShield ransomware
- 2017-01-31 -- Ongoing malspam campaign spreading ransomware
- 2017-01-30 -- EITest fake Chrome popup leads to Spora ransomware
- 2017-01-30 -- Hancitor/Pony malspam - Subject: Parcel Delivery Information
- 2017-01-30 -- Afraidgate Rig-V from 194.87.94.4 sends Locky ransomware
- 2017-01-27 -- More malspam spreading ransomware
- 2017-01-27 -- More Afraidgate Rig-V
- 2017-01-27 -- Ongoing malspam campaign spreading ransomware
- 2017-01-26 -- pseudoDarkleech Rig-V sends Cerber ransomware
- 2017-01-26 -- Afraidgate Rig-V sends Godzilla Loader/Locky/something else
- 2017-01-25 -- Hancitor/Pony malspam - Subject: You received a new eFax
- 2017-01-25 -- Ongoing Japanese malspam campaign spreading Ursnif variant
- 2017-01-24 -- Ongoing Japanese malspam campaign spreading Ursnif variant
- 2017-01-24 -- EITest Rig-V from 89.223.29.254 sends CryptoMix ransomware
- 2017-01-24 -- pseudoDarkleech Rig-V from 89.223.29.254 sends Cerber ransomware
- 2017-01-23 -- Ongoing malspam campaign spreading Cerber and Sage 2.0 ransomware
- 2017-01-23 -- EITest Rig-V from 89.223.29.252 sends CryptoMix ransomware
- 2017-01-21 -- Pcap and malware for an ISC diary
- 2017-01-20 -- EITest Rig-V from 92.53.120.142 sends Cerber ransomware
- 2017-01-19 -- EITest Sundown EK from 93.190.143.82 sends Cerber ransomware
- 2017-01-19 -- pseudoDarkleech Rig-V sends Cerber ransomware
- 2017-01-19 -- EITest Rig-V from 92.53.119.137 sends Cerber ransomware
- 2017-01-18 -- pseudoDarkleech Rig-V and malspam campaign back to sending Cerber
- 2017-01-18 -- pseudoDarkleech Rig-V and malspam campaign stop sending Cerber
- 2017-01-17 -- EITest Rig-V from 92.53.127.86 sends Spora ransomware
- 2017-01-17 -- Malspam spreading Cerber ransomware (HELP_HELP_HELP)
- 2017-01-13 -- Android malware
- 2017-01-13 -- Malspam spreading Cerber ransomware from AWS IP addresses
- 2017-01-13 -- Afraidgate Rig-V from 92.53.120.233 sends "Osiris" variant Locky
- 2017-01-13 -- pseudoDarkleech Rig-V from 92.53.120.233 sends Cerber ransomware
- 2017-01-13 -- EITest Rig-V from 92.53.120.233 sends CryptoMix ransomware
- 2017-01-12 -- Hancitor/Pony/Vawtrak malspam - Subject: RE: RE: your iphone order
- 2017-01-12 -- EITest Rig-V from 81.177.139.122 sends CryptoMix ransomware
- 2017-01-11 -- Rig-V from 109.234.38.150
- 2017-01-11 -- Pcap and malware for an ISC diary
- 2017-01-10 -- EITest Rig-V from 92.53.124.185 sends CryptoMix ransomware
- 2017-01-09 -- DHL malspam
- 2017-01-09 -- pseudoDarkleech Rig-V from 194.87.94.227 sends Cerber ransomware
- 2017-01-09 -- malspam spreading Cerber ransomware
- 2017-01-09 -- Pcap and malware for an ISC diary
- 2017-01-06 -- Sundown EK from 188.165.163.226 and 93.190.143.201
- 2017-01-06 -- pseudoDarkleech Rig-V from 92.53.119.69 sends Cerber ransomware
- 2017-01-05 -- malspam - Subj: A NF-e (Nota Fiscal Eletronica) do seu pedido foi emitida
- 2017-01-05 -- malspam spreading Cerber ransomware
- 2017-01-05 -- pseudoDarkleech Rig-V sends Cerber ransomware
- 2017-01-04 -- Malspam spreading Cerber ransomware
- 2017-01-04 -- pseudoDarkleech Rig-V from 194.87.232.6 sends Cerber ransomware
- 2017-01-03 -- pseudoDarkleech Rig-V from 46.30.42.31 sends Cerber ransomware
- 2017-01-03 -- malspam - Subject: URGENTE - Entrega não Efetuada. (71678)
- 2017-01-02 -- pseudoDarkleech Rig-V from 109.234.36.210 sends Cerber ransomware
- 2017-01-01 -- pseudoDarkleech Rig-V from 109.234.36.133 sends Cerber ransomware