2025-02-10: StrelaStealer infection 这篇文章介绍了StrelaStealer恶意软件的感染活动，提供了相关参考资料和数据包下载链接，并提醒Zip文件需密码解压。... 2025-2-11 19:35:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net unit42 564 695 vyqy

2025-02-07: Three days of scans and probes and web traffic hitting my web server 这篇文章记录了三天内网站遭受扫描、探测和异常流量攻击的情况，并提供了相关的数据包捕获文件（pcap.zip），文件密码可在网站“about”页面找到。... 2025-2-7 03:43:0 | 阅读: 10 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net probes hitting 390 friday 854

2025-01-31: Two pcaps of AgentTesla-style data exfil, one using FTP and one using SMTP 2025-01-31 (FRIDAY): TWO PCAPS OF AGENTTESLA-STYLE DATA EXFIL, ONE USING FTP AND ONE USING SMTPN... 2025-1-31 21:23:0 | 阅读: 22 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net agenttesla exfil 359 friday pcaps

2025-01-30: XLoader infection 2025-01-30 (THURSDAY): XLOADER INFECTIONNOTES:Zip files are password-protected.  Of note, thi... 2025-1-30 18:12:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net xloader slip shop windows

2025-01-28: Malwre infection from web inject activity 2025-01-28 (TUESDAY): MALWARE INFECTION FROM WEB INJECT ACTIVITYNOTES:Zip files are password-... 2025-1-29 04:53:0 | 阅读: 39 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxps kongtuke inject gholish captcha

2025-01-23: Fake installer leads to Koi Loader/Koi Stealer 2025-01-23 (THURSDAY): FAKE INSTALLER LEADS TO KOI LOADER/KOI STEALERNOTES:Zip files are pass... 2025-1-28 00:53:0 | 阅读: 12 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxp php flocking koi wp

2025-01-22: Traffic Analysis Exercise - Download from fake software site 2025-01-22 - TRAFFIC ANALYSIS EXERCISE: DOWNLOAD FROM FAKE SOFTWARE SITEASSOCIATED FILE:Zip a... 2025-1-23 18:18:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net windows client analysis

2025-01-21: Quick post for Koi Loader/Koi Stealer activity 2025-01-21 (TUESDAY): QUICK POST FOR KOI LOADER/KOI STEALER ACTIVITYNOTES:Zip files are passw... 2025-1-23 05:48:0 | 阅读: 4 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net koi stealer loader 225 796

2025-01-13: KongTuke campaign leads to infection abusing BOINC platform 2025-01-13 (MONDAY): KONGTUKE CAMPAIGN LEADS TO INFECTION ABUSING BOINC PLATFORMNOTES:Zip fil... 2025-1-13 23:59:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net kongtuke boinc unit42 inkv

2025-01-09: CVE-2017-0199 XLS --> HTA --> VBS --> steganography --> DBatLoader/GuiLoader style malware 2025-01-09 (THURSDAY): CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GUILOAD... 2025-1-11 07:23:0 | 阅读: 19 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net 0199 dbatloader xls unit42

2025-01-04: Four days of scans and probes and web traffic hitting my web server 2025-01-04 (SATURDAY): FOUR DAYS OF SCANS AND PROBES AND WEB TRAFFIC HITTING MY WEB SERVERNOTES:... 2025-1-5 05:33:0 | 阅读: 11 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hitting probes 546 518 saturday

2024-12-18 - One week of server scans and probes and web traffic 2024-12-18 (WEDNESDAY): ONE WEEK OF SERVER SCANS AND PROBES AND WEB TRAFFICNOTES:Zip files ar... 2024-12-19 20:47:0 | 阅读: 7 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net probes 741 908 wednesday

2024-12-17 - SmartApeSG injected script leads to NetSupport RAT 2024-12-17 (TUESDAY): SMARTAPESG INJECTED SCRIPT LEADS TO NETSUPPORT RATNOTES:Zip files are p... 2024-12-17 04:47:0 | 阅读: 7 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net hxxps depostsolo biz netsupport smartapesg

2024-12-04 - AgentTesla variant using FTP 2024-12-04 (WEDNESDAY): AGENTTESLA VARIANT USING FTPNOTES:Zip files are password-protected.... 2024-12-5 08:45:0 | 阅读: 6 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net agenttesla wednesday windows bsky

2024-11-26 - Traffic Analysis Exercise: Nemotodes 2024-11-26 - TRAFFIC ANALYSIS EXERCISE: NEMOTODESASSOCIATED FILES:Zip archive of the pcap:  2... 2024-11-28 14:15:0 | 阅读: 7 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net nemotodes analysis answers 297 facility

2024-11-24 - Redline bash script for Linux malware 2024-11-24 (SUNDAY): "REDTAIL" BASH SCRIPT FOR LINUX MALWARENOTES:Zip files are password-prot... 2024-11-25 12:35:0 | 阅读: 3 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net redtail probes hxxp 179 236

2024-11-14 - Raspberry Robin infection using WebDAV server 2024-11-14 (THURSDAY): RASPBERRY ROBIN INFECTION USING WEBDAV SERVERNOTES:Zip files are passw... 2024-11-15 10:32:0 | 阅读: 1 | 收藏 | Malware-Traffic-Analysis.net - Blog Entries - www.malware-traffic-analysis.net raspberry robin webdav unit42 saz

2020-12-08 - Files for an ISC diary (recent Qakbot activity) read file error: read notes: is a directory... 2020-12-09 13:43:00 | 阅读: 221 | 收藏 | www.malware-traffic-analysis.net qakbot isc diary qbot malspam

2020-12-07 - Qakbot (Qbot) infection with Cobalt Strike (Beacon) and spambot activity 2020-12-07 - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE (BEACON) AND SPAMBOT ACTIVITYASSOCIATED... 2020-12-08 11:28:00 | 阅读: 250 | 收藏 | www.malware-traffic-analysis.net qakbot spambot cobalt malspam qbot

2020-12-03 - TA551 (Shathak) Word docs with Italian template send Ursnif (Gozi/ISFB) with Pushdo 2020-12-03 - TA551 (SHATHAK) WORD DOCS WITH ITALIAN TEMPLATE SEND URSNIF WITH PUSHDOASSOCIATED F... 2020-12-04 12:43:00 | 阅读: 170 | 收藏 | www.malware-traffic-analysis.net ta551 ursnif pushdo italian malspam