Malware-Traffic-Analysis.net - Posts - 2022

[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

2022 -- Pcaps for January 2022 OISF Webinar about IcedID activity
2022 -- Training Material for 2022 Pcap Analysis Workshop

2022-12-29 -- Google ad --> fake Adobe Reader page --> malware
2022-12-28 -- Link from USPS-themed email pushes NetSupport RAT
2022-12-21 -- Files for an ISC diary (malicious Google ads)
2022-12-20 -- IcedID (Bokbot) infection with Cobalt Strike
2022-12-14 -- Pcap and malware for an ISC diary (IcedID)
2022-12-09 -- HTML smuggling leads to Qakbot, distribution/botnet tag: azd
2022-12-07 -- Bumblebee infection with Cobalt Strike
2022-12-01 -- Files for an ISC diary (obama224 Qakbot)

2022-11-28 -- BB08 Qakbot (Qbot) infection with CobaltStrike and VNC traffic
2022-11-22 -- AgentTesla and RemcosRAT from malspam
2022-11-17 -- Bumblebee malware infection
2022-11-14 -- obama221 Qakbot (Qbot) infection with Cobalt Strike and VNC traffic
2022-11-11 -- IcedID (Bokbot) infection with VNC traffic
2022-11-07 -- Emotet (epoch4) infection with IcedID (Bokbot) and Bumblebee malware
2022-11-03 -- Emotet infection with IcedID (Bokbot)

2022-10-31 -- IcedID (Bokbot) infection with BackConnect, Keyhole VNC & Cobalt Strike
2022-10-17 -- IcedID (Bokbot) infection with Cobalt Strike
2022-10-14 -- bb02 Qakbot (Qbot) infection
2022-10-12 -- Icedid (Bokbot) --> Cobalt Strike
2022-10-10 -- Qakbot (Qbot) infection with Cobalt Strike
2022-10-06 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
2022-10-04 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
2022-10-03 -- Three days of traffic from scans/probes hitting a web server

2022-09-30 -- Fifteen days of traffic from scans/probes hitting a web server
2022-09-29 -- Qakbot (Qbot) infection with Cobalt Strike
2022-09-23 -- IcedID (Bokbot) infection with Cobalt Strike
2022-09-21 -- Astaroth (Guildma) infection from Brazil malspam
2022-09-15 -- Thirteen days of traffic from scans/probes hitting a web server

2022-08-31 -- IcedID (Bokbot) with Cobalt Strike
2022-08-30 -- Follow-up traffic from Bumblebee infection
2022-08-19 -- Files for an ISC diary (Astaroth/Guildma)
2022-08-18 -- IcedID (Bokbot) infection
2022-08-10 -- Three Cobalt Strikes from one IcedID (Bokbot) infection
2022-08-08 -- IcedID (Bokbot) with Cobalt Strike
2022-08-03 -- IcedID (Bokbot) with Cobalt Strike

2022-07-27 -- IcedID (Bokbot) activity: two infection runs
2022-07-26 -- File for an ISC diary (IcedID with BackConnect & Cobalt Strike)
2022-07-25 -- IcedID (Bokbot) infection with Cobalt Strike
2022-07-22 -- IcedID (Bokbot) infection with BackConnect, Anubis VNC and Cobalt Strike
2022-07-07 -- Files for an ISC diary (Emotet with Cobalt Strike)
2022-07-06 -- TA578 Contact Forms --> IcedID (Bokbot) --> BackConnect, Anubis VNC & Cobalt Strike
2022-07-05 -- Quick post: Emotet
2022-07-01 -- Monster Libra (TA551) pushes SVCready

2022-06-28 -- TA578 IcedID (Bokbot) with Anubis VNC and Cobalt Strike
2022-06-27 -- obama194 Qakbot with Dark Cat VNC and Cobalt Strike
2022-06-21 -- "AA" distribution Qakbot with Dark Cat VNC and Cobalt Strike
2022-06-17 -- Matanbuchus with Cobalt Strike
2022-06-16 -- Files for an ISC diary (Matanbuchus with Cobalt Strike)
2022-06-14 -- TA578 thread-hijacked email --> Bumblebee --> Cobalt Strike
2022-06-13 -- TA578 thread-hijacked emails push Bumblebee or IcedID
2022-06-09 -- TA578 Contact Forms campaign Bumblebee infection with Cobalt Strike
2022-06-08 -- Monster Libra (TA551) pushes SVCready
2022-06-07 -- obama186 distribution Qakbot with Dark Cat VNC and spambot activity
2022-06-07 -- Emotet E5 infection with Cobalt Strike and spambot activity

2022-05-23 -- IcedID infection with BackConnect and Anubis VNC
2022-05-18 -- ISC diary: EXOTIC LILY --> Bumblebee --> Cobalt Strike
2022-05-18 -- TA578 thread-hijacked emails and ISO example for Bumblebee
2022-05-10 -- TA578 Contact Forms campaign --> IcedID (Bokbot) --> Cobalt Strike
2022-05-03 -- Contact Forms campaign --> Bumblebee --> Cobalt Strike

2022-04-25 -- Emotet epoch4 activity (LNK files)
2022-04-20 -- Emotet epoch4 activity
2022-04-19 -- Infection from Brazil malspam
2022-04-19 -- Files for an ISC Diary (Qakbot with possible VNC traffic)
2022-04-14 -- aa distribution Qakbot with Cobalt Strike
2022-04-04 -- Emotet epoch5 infection with spambot traffic

2022-03-31 -- Files for an ISC diary (MetaStealer)
2022-03-29 -- Emotet epoch4 infection with Cobalt Strike
2022-03-24 -- Emotet epoch4 infection with Cobalt Strike
2022-03-21 -- Hancitor infection with Cobalt Strike & Mars Stealer
2022-03-21 -- Infection from Brazil malspam
2022-03-14 -- Pcap and malware for an ISC diary (Qakbot with Cobalt Strike and VNC)
2022-03-14 -- Emotet epoch4 and epoch5 activity
2022-03-03 -- Emotet epoch4 infection with Cobalt Strike
2022-03-03 -- Brazil-targeted malware infection from email
2022-03-01 -- Emotet epoch4 infection with Cobalt Strike and spambot traffic

2022-02-25 -- Emotet activity
2022-02-16 -- Files for an ISC diary (Astaroth/Guildma)
2022-02-10 -- Emotet epoch 5 infection with Cobalt Strike
2022-02-08 -- Files for an ISC diary (Emotet with Cobalt Strike)
2022-02-07 -- BazarLoader infection with Cobalt Strike
2022-02-04 -- BazarLoader infection with Cobalt Strike
2022-02-01 -- Hancitor (Chanitor/MAN1/Moskalvzapoe/TA511) infection with Cobalt Strike

2022-01-27 -- Customized Atera installer --> ZLoader --> Raccoon Stealer
2022-01-27 -- Contact Forms Campaign IcedID (Bokbot) with Cobalt Strike
2022-01-20 -- Emotet epoch4 and epoch5 infections
2022-01-17 -- Astaroth (Guildma) activity
2022-01-12 -- IcedID (Bokbot) with Cobalt Strike, BackConnect & Anubis VNC
2022-01-11 -- Emotet activity
2022-01-06 -- TA551 (Shathak) pushes IcedID (Bokbot)
2022-01-05 -- TA551 (Shathak) pushes IcedID (Bokbot) with Cobalt Strike
2022-01-04 -- Recmos RAT infection from Excel file with macros
2022-01-03 -- Pcap from web server with log4j attempts & and other probing/scanning

Click here to return to the main page.

Copyright © 2025 | Malware-Traffic-Analysis.net