[ 2013 ] - [ 2014 ] - [ 2015 ] - [ 2016 ] - [ 2017 ] - [ 2018 ] - [ 2019 ] - [ 2020 ] - [ 2021 ] - [ 2022 ]

• 2022-12-01 -- Files for an ISC diary (obama224 Qakbot)

• 2022-11-28 -- BB08 Qakbot (Qbot) infection with CobaltStrike and VNC traffic
• 2022-11-21 and 11-22 -- AgentTesla and RemcosRAT from malspam
• 2022-11-17 -- Bumblebee malware infection
• 2022-11-14 -- obama221 Qakbot (Qbot) infection with Cobalt Strike and VNC traffic
• 2022-11-11 -- IcedID (Bokbot) infection with VNC traffic
• 2022-11-07 -- Emotet (epoch4) infection with IcedID (Bokbot) and Bumblebee malware
• 2022-11-03 -- Emotet infection with IcedID (Bokbot)

• 2022-10-31 -- IcedID (Bokbot) infection with DarkVNC & Cobalt Strike
• 2022-10-17 -- IcedID (Bokbot) infection with Cobalt Strike
• 2022-10-14 -- bb02 Qakbot (Qbot) infection
• 2022-10-11 thru 10-12 -- Icedid (Bokbot) --> Cobalt Strike
• 2022-10-10 -- Qakbot (Qbot) infection with Cobalt Strike
• 2022-10-06 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
• 2022-10-04 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
• 2022-10-01 thru 10-03 -- 3 days of traffic from scans/probes hitting a web server

• 2022-09-16 thru 09-30 -- 15 days of traffic from scans/probes hitting a web server
• 2022-09-29 -- Qakbot (Qbot) infection with Cobalt Strike
• 2022-09-23 -- IcedID (Bokbot) infection with Cobalt Strike
• 2022-09-21 -- Astaroth (Guildma) infection from Brazil malspam
• 2022-09-03 thru 09-15 -- 13 days of traffic from scans/probes hitting a web server

• 2022-08-31 -- IcedID (Bokbot) with Cobalt Strike
• 2022-08-30 -- Follow-up traffic from Bumblebee infection
• 2022-08-19 -- Files for an ISC diary (Astaroth/Guildma)
• 2022-08-18 -- IcedID (Bokbot) infection
• 2022-08-10 -- Three Cobalt Strikes from one IcedID (Bokbot) infection
• 2022-08-08 -- IcedID (Bokbot) with Cobalt Strike
• 2022-08-03 -- IcedID (Bokbot) with Cobalt Strike

• 2022-07-27 -- IcedID (Bokbot) activity: two infection runs
• 2022-07-26 -- File for an ISC diary (IcedID with DarkVNC & Cobalt Strike)
• 2022-07-25 -- IcedID (Bokbot) infection with Cobalt Strike
• 2022-07-21 -- IcedID (Bokbot) infection with DarkVNC and Cobalt Strike
• 2022-07-07 -- Files for an ISC diary (Emotet with Cobalt Strike)
• 2022-07-06 -- TA578 Contact Forms --> IcedID (Bokbot) --> DarkVNC & Cobalt Strike
• 2022-07-05 -- Quick post: Emotet
• 2022-07-01 -- Monster Libra (TA551) pushes SVCready

• 2022-06-28 -- TA578 IcedID (Bokbot) with DarkVNC and Cobalt Strike
• 2022-06-27 -- obama194 Qakbot with DarkVNC and Cobalt Strike
• 2022-06-21 -- "aa" distribution Qakbot with DarkVNC and Cobalt Strike
• 2022-06-17 -- Matanbuchus with Cobalt Strike
• 2022-06-16 -- Files for an ISC diary (Matanbuchus with Cobalt Strike)
• 2022-06-14 -- TA578 thread-hijacked email --> Bumblebee --> Cobalt Strike
• 2022-06-13 -- TA578 thread-hijacked emails push Bumblebee or IcedID
• 2022-06-09 -- TA578 Contact Forms campaign Bumblebee infection with Cobalt Strike
• 2022-06-08 -- Monster Libra (TA551) pushes SVCready
• 2022-06-07 -- obama186 distribution Qakbot with DarkVNC and spambot activity
• 2022-06-07 -- Emotet E5 infection with Cobalt Strike and spambot activity

• 2022-05-23 -- IcedID infection with DarkVNC traffic
• 2022-05-18 -- ISC diary: EXOTIC LILY --> Bumblebee --> Cobalt Strike
• 2022-05-18 -- TA578 thread-hijacked emails and ISO example for Bumblebee
• 2022-05-10 -- TA578 Contact Forms campaign --> IcedID (Bokbot) --> Cobalt Strike
• 2022-05-03 -- Contact Forms campaign --> Bumblebee --> Cobalt Strike

• 2022-04-25 -- Emotet epoch4 activity (LNK files)
• 2022-04-20 -- Emotet epoch4 activity
• 2022-04-19 -- Infection from Brazil malspam
• 2022-04-19 -- Files for an ISC Diary (Qakbot with DarkVNC)
• 2022-04-14 -- aa distribution Qakbot with Cobalt Strike
• 2022-04-06 -- Files for an ISC diary (MetaStealer)
• 2022-04-04 -- Emotet epoch5 infection with spambot traffic

• 2022-03-29 -- Emotet epoch4 infection with Cobalt Strike
• 2022-03-24 -- Emotet epoch4 infection with Cobalt Strike
• 2022-03-21 -- Hancitor infection with Cobalt Strike & Mars Stealer
• 2022-03-21 -- Infection from Brazil malspam
• 2022-03-16 -- Pcap and malware for an ISC diary (Qakbot)
• 2022-03-14 -- Emotet epoch4 and epoch5 activity
• 2022-03-03 -- Emotet epoch4 infection with Cobalt Strike
• 2022-03-03 -- Brazil-targeted malware infection from email
• 2022-03-01 -- Emotet epoch4 infection with Cobalt Strike and spambot traffic

• 2022-02-25 -- Emotet activity
• 2022-02-16 -- Files for an ISC diary (Astaroth/Guildma)
• 2022-02-10 -- Emotet epoch 5 infection with Cobalt Strike
• 2022-02-08 -- Files for an ISC diary (Emotet with Cobalt Strike)
• 2022-02-07 -- BazarLoader infection with Cobalt Strike
• 2022-02-04 -- BazarLoader infection with Cobalt Strike
• 2022-02-01 -- Hancitor (Chanitor/MAN1/Moskalvzapoe/TA511) infection with Cobalt Strike

• 2022-01-27 -- Customized Atera installer --> ZLoader --> Raccoon Stealer
• 2022-01-27 -- Contact Forms Campaign IcedID (Bokbot) with Cobalt Strike
• 2022-01-20 -- Emotet epoch4 and epoch5 infections
• 2022-01-17 -- Astaroth (Guildma) activity
• 2022-01-12 -- IcedID (Bokbot) with Cobalt Strike and DarkVNC
• 2022-01-11 -- Emotet activity
• 2022-01-06 -- TA551 (Shathak) pushes IcedID (Bokbot)
• 2022-01-05 -- TA551 (Shathak) pushes IcedID (Bokbot) with Cobalt Strike
• 2022-01-04 -- Recmos RAT infection from Excel file with macros
• 2022-01-03 -- Pcap from web server with log4j attempts & lots of other probing/scanning