2025-04-04: KongTuke activity 文章描述了Kongtuke网络活动，涉及密码保护的压缩文件、参考资料链接以及相关附件下载。... 2025-4-14 23:50:38 | 阅读: 22 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net kongtuke unit42 github captcha

2025-04-13: Twelve days of scans and probes and web traffic hitting my web server 记录了十二天内网站遭受的扫描、探测和网络攻击情况，并提供了相关密码保护的ZIP文件及12.5MB的PCAP数据包供参考。... 2025-4-14 17:42:0 | 阅读: 9 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net probes hitting twelve 465 405

2025-05-12: Unidentified malware infection from email attachment 2025年5月12日发生一起未知恶意软件感染事件，通过邮件附件传播。该恶意软件从ZIP附件中提取并运行可执行文件，在系统中创建持久化启动项，并与C2服务器通信。... 2025-4-13 00:7:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net attachment windows invoice roaming

2025-05-06: Raspberry Robin activity 所请求的URL未在该服务器上找到。... 2025-4-12 21:6:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net

2025-05-06: Raspberry Robin activity 文章描述了Raspberry Robin恶意软件的感染链及其相关活动，包括通过密码保护的ZIP存档传播、提取HTA文件并从WebDAV服务器获取CAB文件以运行DLL。此外还涉及恶意软件样本、网络流量分析及Tor通信。... 2025-4-12 21:6:0 | 阅读: 2 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net 7z robin hxxps raspberry boats

2025-03-26: SmartApeSG traffic for fake browser update leads to NetSupport RAT and StealC 2025年3月26日，SmartApeSG通过伪装浏览器更新传播NetSupport远程控制木马和StealC恶意软件。攻击者利用合法网站注入脚本，诱导用户下载恶意文件，并通过C2服务器分发StealC进行数据窃取。... 2025-3-26 19:19:0 | 阅读: 21 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxp netsupport stealc smartapesg 237

2025-03-10: Remcos RAT infection 2025年3月10日报告了REMCOS木马感染事件，涉及加密Zip文件、恶意软件样本及网络流量数据。相关资料包括密码保护的附件和多个参考资料链接。... 2025-3-10 20:59:0 | 阅读: 7 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net remcos unit42 monday github 690

2025-03-03: Three days of scans and probes and web traffic hitting my web server 三天内服务器遭受扫描、探测和大量网络流量攻击。相关数据以密码保护的ZIP文件形式存储，密码可在网站"about"页面找到。... 2025-3-10 04:40:0 | 阅读: 9 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hitting probes 871 932 monday

2025-02-18: SmartApeSG script for fake browser update leads to NetSupport RAT and StealC SmartApeSG脚本伪装成浏览器更新以分发NetSupport RAT和StealC窃取工具。相关IOCs文件需密码解压，密码位于网站“关于”页面。... 2025-2-19 23:32:30 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net smartapesg stealc netsupport unit42

2025-02-13: Quick post: ClickFix style infection for Lumma Stealer 这篇文章记录了2025年2月13日关于ClickFix风格感染导致Lumma Stealer传播的事件，提供了相关文件和截图，并提到Zip文件为密码保护。... 2025-2-14 05:14:0 | 阅读: 11 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net clickfix lumma stealer thursday saz

2025-02-10: StrelaStealer infection 这篇文章介绍了StrelaStealer恶意软件的感染活动，提供了相关参考资料和数据包下载链接，并提醒Zip文件需密码解压。... 2025-2-11 19:35:0 | 阅读: 3 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net unit42 564 695 vyqy

2025-02-07: Three days of scans and probes and web traffic hitting my web server 这篇文章记录了三天内网站遭受扫描、探测和异常流量攻击的情况，并提供了相关的数据包捕获文件（pcap.zip），文件密码可在网站“about”页面找到。... 2025-2-7 03:43:0 | 阅读: 10 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net probes hitting 390 friday 854

2025-01-31: Two pcaps of AgentTesla-style data exfil, one using FTP and one using SMTP 2025-01-31 (FRIDAY): TWO PCAPS OF AGENTTESLA-STYLE DATA EXFIL, ONE USING FTP AND ONE USING SMTPN... 2025-1-31 21:23:0 | 阅读: 21 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net agenttesla exfil 359 friday pcaps

2025-01-30: XLoader infection 2025-01-30 (THURSDAY): XLOADER INFECTIONNOTES:Zip files are password-protected.  Of note, thi... 2025-1-30 18:12:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net xloader slip shop windows

2025-01-28: Malwre infection from web inject activity 2025-01-28 (TUESDAY): MALWARE INFECTION FROM WEB INJECT ACTIVITYNOTES:Zip files are password-... 2025-1-29 04:53:0 | 阅读: 38 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxps kongtuke inject gholish captcha

2025-01-23: Fake installer leads to Koi Loader/Koi Stealer 2025-01-23 (THURSDAY): FAKE INSTALLER LEADS TO KOI LOADER/KOI STEALERNOTES:Zip files are pass... 2025-1-28 00:53:0 | 阅读: 11 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxp php flocking koi wp

2025-01-22: Traffic Analysis Exercise - Download from fake software site 2025-01-22 - TRAFFIC ANALYSIS EXERCISE: DOWNLOAD FROM FAKE SOFTWARE SITEASSOCIATED FILE:Zip a... 2025-1-23 18:18:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net windows client analysis

2025-01-21: Quick post for Koi Loader/Koi Stealer activity 2025-01-21 (TUESDAY): QUICK POST FOR KOI LOADER/KOI STEALER ACTIVITYNOTES:Zip files are passw... 2025-1-23 05:48:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net koi stealer loader 225 796

2025-01-13: KongTuke campaign leads to infection abusing BOINC platform 2025-01-13 (MONDAY): KONGTUKE CAMPAIGN LEADS TO INFECTION ABUSING BOINC PLATFORMNOTES:Zip fil... 2025-1-13 23:59:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net kongtuke boinc unit42 inkv

2025-01-09: CVE-2017-0199 XLS --> HTA --> VBS --> steganography --> DBatLoader/GuiLoader style malware 2025-01-09 (THURSDAY): CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GUILOAD... 2025-1-11 07:23:0 | 阅读: 19 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net 0199 dbatloader xls unit42