Malware-Traffic-Analysis.net - My technical blog posts - 2022

[ 2013 ] - [ 2014 ] - [ 2015 ] - [ 2016 ] - [ 2017 ] - [ 2018 ] - [ 2019 ] - [ 2020 ] - [ 2021 ] - [ 2022 ]

2022-09-23 -- IcedID (Bokbot) infection with Cobalt Strike
2022-09-21 -- Astaroth (Guildma) infection from Brazil malspam

2022-08-31 -- IcedID (Bokbot) with Cobalt Strike
2022-08-30 -- Follow-up traffic from Bumblebee infection
2022-08-19 -- Files for an ISC diary (Astaroth/Guildma)
2022-08-18 -- IcedID (Bokbot) infection
2022-08-10 -- Three Cobalt Strikes from one IcedID (Bokbot) infection
2022-08-08 -- IcedID (Bokbot) with Cobalt Strike
2022-08-03 -- IcedID (Bokbot) with Cobalt Strike

2022-07-27 -- IcedID (Bokbot) activity: two infection runs
2022-07-26 -- File for an ISC diary (IcedID with DarkVNC & Cobalt Strike)
2022-07-25 -- IcedID (Bokbot) infection with Cobalt Strike
2022-07-21 -- IcedID (Bokbot) infection with DarkVNC and Cobalt Strike
2022-07-07 -- Files for an ISC diary (Emotet with Cobalt Strike)
2022-07-06 -- TA578 Contact Forms --> IcedID (Bokbot) --> DarkVNC & Cobalt Strike
2022-07-05 -- Quick post: Emotet
2022-07-01 -- Monster Libra (TA551) pushes SVCready

2022-06-28 -- TA578 IcedID (Bokbot) with DarkVNC and Cobalt Strike
2022-06-27 -- obama194 Qakbot with DarkVNC and Cobalt Strike
2022-06-21 -- "aa" distribution Qakbot with DarkVNC and Cobalt Strike
2022-06-17 -- Matanbuchus with Cobalt Strike
2022-06-16 -- Files for an ISC diary (Matanbuchus with Cobalt Strike)
2022-06-14 -- TA578 thread-hijacked email --> Bumblebee --> Cobalt Strike
2022-06-13 -- TA578 thread-hijacked emails push Bumblebee or IcedID
2022-06-09 -- TA578 Contact Forms campaign Bumblebee infection with Cobalt Strike
2022-06-08 -- Monster Libra (TA551) pushes SVCready
2022-06-07 -- obama186 distribution Qakbot with DarkVNC and spambot activity
2022-06-07 -- Emotet E5 infection with Cobalt Strike and spambot activity

2022-05-23 -- IcedID infection with DarkVNC traffic
2022-05-18 -- ISC diary: EXOTIC LILY --> Bumblebee --> Cobalt Strike
2022-05-18 -- TA578 thread-hijacked emails and ISO example for Bumblebee
2022-05-10 -- TA578 Contact Forms campaign --> IcedID (Bokbot) --> Cobalt Strike
2022-05-03 -- Contact Forms campaign --> Bumblebee --> Cobalt Strike

2022-04-25 -- Emotet epoch4 activity (LNK files)
2022-04-20 -- Emotet epoch4 activity
2022-04-19 -- Infection from Brazil malspam
2022-04-19 -- Files for an ISC Diary (Qakbot with DarkVNC)
2022-04-14 -- aa distribution Qakbot with Cobalt Strike
2022-04-06 -- Files for an ISC diary (MetaStealer)
2022-04-04 -- Emotet epoch5 infection with spambot traffic

2022-03-29 -- Emotet epoch4 infection with Cobalt Strike
2022-03-24 -- Emotet epoch4 infection with Cobalt Strike
2022-03-21 -- Hancitor infection with Cobalt Strike & Mars Stealer
2022-03-21 -- Infection from Brazil malspam
2022-03-16 -- Pcap and malware for an ISC diary (Qakbot)
2022-03-14 -- Emotet epoch4 and epoch5 activity
2022-03-03 -- Emotet epoch4 infection with Cobalt Strike
2022-03-03 -- Brazil-targeted malware infection from email
2022-03-01 -- Emotet epoch4 infection with Cobalt Strike and spambot traffic

2022-02-25 -- Emotet activity
2022-02-16 -- Files for an ISC diary (Astaroth/Guildma)
2022-02-10 -- Emotet epoch 5 infection with Cobalt Strike
2022-02-08 -- Files for an ISC diary (Emotet with Cobalt Strike)
2022-02-07 -- BazarLoader infection with Cobalt Strike
2022-02-04 -- BazarLoader infection with Cobalt Strike
2022-02-01 -- Hancitor (Chanitor/MAN1/Moskalvzapoe/TA511) infection with Cobalt Strike

2022-01-27 -- Customized Atera installer --> ZLoader --> Raccoon Stealer
2022-01-27 -- Contact Forms Campaign IcedID (Bokbot) with Cobalt Strike
2022-01-20 -- Emotet epoch4 and epoch5 infections
2022-01-17 -- Astaroth (Guildma) activity
2022-01-12 -- IcedID (Bokbot) with Cobalt Strike and DarkVNC
2022-01-11 -- Emotet activity
2022-01-06 -- TA551 (Shathak) pushes IcedID (Bokbot)
2022-01-05 -- TA551 (Shathak) pushes IcedID (Bokbot) with Cobalt Strike
2022-01-04 -- Recmos RAT infection from Excel file with macros
2022-01-03 -- Pcap from web server with log4j attempts & lots of other probing/scanning

Return to main menu
RSS feed
@malware_traffic on Twitter

Traffic analysis exercises
My technical blog posts
My non-technical posts
Guest blog posts

Tutorials and other entries

About this blog

Copyright © 2022 | Malware-Traffic-Analysis.net