malware_traffic

Malware_traffic's Pastebin

77,571 367,931 6 years ago
Name / Title Added Expires Hits Syntax  
2020-09-23 (Wednesday) TA551 (Shathak) Word docs pushing IcedID Sep 23rd, 2020 Never 561 None -
2020-09-21 (Monday) TA551 (Shathak) Word docs pushing IcedID Sep 21st, 2020 Never 773 None -
2020-09-17 (Thursday) TA551 (Shathak) Word docs pushing IcedID Sep 17th, 2020 Never 1,468 None -
2020-09-16 (Wednesday) TA551 (Shathak) Word docs pushing IcedID Sep 16th, 2020 Never 1,440 None -
2020-09-15 - BazarLoader malware from Google Docs page Sep 15th, 2020 Never 1,525 None -
2020-09-11 (Friday) - myResume.xls pushes ZLoader (Silent Night) Sep 11th, 2020 Never 1,302 None -
2020-09-11 (Friday) TA551 (Shathak) Word docs pushing IcedID Sep 11th, 2020 Never 1,302 None -
2020-09-10 (Thursday) TA551 (Shathak) Word docs pushing IcedID Sep 10th, 2020 Never 1,401 None -
2020-09-08 (Tuesday) TA551 (Shathak) Word docs pushing IcedID Sep 8th, 2020 Never 1,437 None -
2020-08-20 - Notes on recent TA551 (shathak) activity Aug 20th, 2020 Never 1,335 None -
2020-08-20 (Thursday) - TA551 (Shathak) word docs push IcedID Aug 20th, 2020 Never 1,938 None -
2020-08-18 (Tuesday) - Emotet malspam example Aug 18th, 2020 Never 251 None -
2020-08-17 (Monday) - TA551 (shathak) Word docs with macros for IcedID Aug 17th, 2020 Never 2,607 None -
2020-08-11 (Tuesday) - TA551 (shathak) Word docs with macros for IcedID Aug 11th, 2020 Never 3,191 None -
2020-08-10 (Monday) TA551 (shathak) Word docs with macros for IcedID Aug 10th, 2020 Never 4,544 None -
2020-08-05 - "Campaign 56" on amazonaws Aug 5th, 2020 Never 6,872 None -
2020-08-03 (Monday) - Qakbot (Qbot) spx147 Aug 3rd, 2020 Never 11,312 None -
2020-07-30 (Thursday) - TA551 (Shathak) Word docs push IcedID (Bokbot) Jul 30th, 2020 Never 8,970 None -
2020-07-28 - Password-protected XLS pushes ZLoader Jul 28th, 2020 Never 7,279 None -
2020-07-28 (Tuesday) - TA551 word docs pushing IcedID (Bokbot) Jul 28th, 2020 Never 8,514 None -
2020-07-27 (Monday) - TA551 Word docs push IcedID (Bokbot) Jul 27th, 2020 Never 8,130 None -
2020-07-24 (Friday) TA551 word docs with macros for IcedID Jul 24th, 2020 Never 12,023 None -
2020-07-23 (Thursday) - TA551 word docs with macros for IcedID Jul 23rd, 2020 Never 13,066 None -
2020-07-22 (Wed) - Password-protected XLS files push ZLoader Jul 22nd, 2020 Never 6,680 None -
2020-07-21 (Tuesday) - Word docs pushing IcedID (Bokbot) Jul 21st, 2020 Never 5,427 None -
2020-07-21 (Tuesday) - Emotet infection with Qakbot Jul 21st, 2020 Never 5,343 None -
2020-07-20 (Monday) Word docs with macros for IcedID Jul 20th, 2020 Never 4,743 None -
2020-07-17 (Friday) - Word docs with macros for IcedID Jul 20th, 2020 Never 3,999 None -
2020-07-17 - Password-protected XLS files Jul 17th, 2020 Never 3,877 None -
2020-07-16 (Thursday) - Word docs with macros for IcedID Jul 16th, 2020 Never 1,276 None -
2020-07-16 - Hancitor infection with an info-stealer Jul 16th, 2020 Never 688 None -
2020-07-15 (Wednesday) - Word docs pushing IcedID Jul 16th, 2020 Never 1,702 None -
2020-07-15 - XLS files for Hancitor Jul 15th, 2020 Never 966 None -
2020-07-08 - Trickbot gtag chil61 from XLS macros Jul 8th, 2020 Never 1,168 None -
2020-06-30 (Tues) - Valak (soft_sig: mas37) info Jun 30th, 2020 Never 1,926 None -
2020-06-24 (Wednesday): Valak activity - Soft_sig: mad35 Jun 24th, 2020 Never 1,427 None -
2020-06-23 - Valak (soft_sig: mad34) activity Jun 23rd, 2020 Never 724 None -
2020-06-22 - Valak (mad33) infection with IcedID (Bokbot) Jun 23rd, 2020 Never 665 None -
Trickbot propagation URLs on Tuesday 2020-06-23 Jun 23rd, 2020 Never 704 None -
Trickbot propagation URLs on Friday 2020-06-19 Jun 19th, 2020 Never 1,143 None -
2020-06-09 - Recent resume-themed malspam attachments Jun 9th, 2020 Never 267 None -
2020-06-03 - Valak (Soft_sig: mad29) Jun 4th, 2020 Never 1,689 None -
Trickbot propagation URLs (and EXEs) on Thursday 2020-05-28 May 28th, 2020 Never 1,790 None -
2020-05-22 - malspam with zip files pushes Valak with IcedID May 22nd, 2020 Never 2,307 None -
2020-05-19 - Qakbot (Qbot) spx122 zip archive URLs May 19th, 2020 Never 1,852 None -
2020-05-18 - Qakbot (Qbot) zip archive URLs May 18th, 2020 Never 2,491 None -
2020-05-12 - Word docs with macros for Valak May 13th, 2020 Never 1,619 None -
2020-05-06 (Wednesday) - Qakbot (Qbot) spx114 info May 6th, 2020 Never 2,524 None -
2020-05-06 - XLS attachments from malspam pushing Dridex May 6th, 2020 Never 1,794 None -
2020-05-05: Links to zip files for Qakbot spx112 & spx113 May 5th, 2020 Never 1,489 None -
2020-05-04 (Monday) - malspam with XLS file pushing Dridex May 4th, 2020 Never 1,643 None -
2020-05-01 - XLS file w/ macros pushes Loader EXE --> IcedID May 1st, 2020 Never 1,220 None -
2020-04-30 - Link-based malspam pushing Dridex - 2 examples Apr 30th, 2020 Never 1,628 None -
2020-04-27 - Malspam with password-protected zip archives Apr 28th, 2020 Never 1,117 None -
2020-04-23 - URLs/hashes for Qakbot (Qbot) spx103 files Apr 23rd, 2020 Never 1,698 None -
2020-04-22 - URLs/hashes for Qakbot (Qbot) spx102 files Apr 22nd, 2020 Never 1,625 None -
2020-04-21 - URLs/hashes for Qakbot (Qbot) spx101 files Apr 21st, 2020 Never 1,502 None -
Trickbot EXE files from ".png" URLs on Monday 2020-04-20 Apr 20th, 2020 Never 2,522 None -
2020-04-20 - URLs/hashes for Qakbot (Qbot) spx100 files Apr 20th, 2020 Never 1,616 None -
2020-04-17: Trickbot gtag ono38 from password-protected XLS Apr 17th, 2020 Never 2,439 None -
2020-04-17 - URLs/hashes for Qakbot (Qbot) spx99 files Apr 17th, 2020 Never 1,448 None -
2020-04-16 - URLs/hashes for Qakbot (Qbot) spx98 files Apr 16th, 2020 Never 2,781 None -
2020-04-15 - URLs/hashes for Qakbot (Qbot) spx97 files Apr 15th, 2020 Never 1,226 None -
2020-04-14 - URLs/hashes for Qakbot (Qbot) spx96 zip files Apr 14th, 2020 Never 1,384 None -
2020-04-13 - URLs/hashes for Qakbot (Qbot) spx95 zip files Apr 13th, 2020 Never 1,591 None -
Trickbot EXE files from ".png" URLs on Friday 2020-04-10 Apr 10th, 2020 Never 834 None -
2020-04-10 - Qakbot (Qbot) spx94 - 30 URLs for zip archives Apr 10th, 2020 Never 679 None -
2020-04-10 - malpsam pushes GuLodader/NanoCore RAT Apr 10th, 2020 Never 3,598 None -
URLs with "/extend/" for Qakbot (Qbot) starting 2020-04-09 Apr 10th, 2020 Never 1,092 None -
2020-04-08: OneDrive links to zip archives for Qakbot (Qbot) Apr 9th, 2020 Never 1,874 None -
URLs from VT on 2020-04-08 for Qakbot/Qbot zip archives Apr 8th, 2020 Never 2,673 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-04-01 Apr 1st, 2020 Never 1,502 None -
2020-03-30 - malspam pushing kpot stealer Mar 30th, 2020 Never 2,130 None -
2020-03-17 - FedEx themed malspam pushes Dridex Mar 18th, 2020 Never 1,916 None -
Trickbot EXE files from ".png" URLs on Monday 2020-03-16 Mar 16th, 2020 Never 1,022 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-03-04 Mar 4th, 2020 Never 971 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-02-26 Feb 26th, 2020 Never 1,747 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-02-19 Feb 19th, 2020 Never 1,705 None -
Trickbot EXE files from ".png" URLs on Thursday 2020-02-06 Feb 6th, 2020 Never 2,132 None -
2020-02-03 - malspam with attachment for Emotet epoch 2 Feb 3rd, 2020 Never 2,778 None -
2020-02-03 - Malspam pushing Qbot (Qakbot) Feb 3rd, 2020 Never 2,498 None -
Trickbot EXE files from .png URLs on Monday 2020-02-03 Feb 3rd, 2020 Never 1,532 None -
Trickbot EXE from .png URLs on Monday 2020-01-27 Jan 27th, 2020 Never 1,211 None -
2020-01-27 - Hancitor malspam example 2 of 2 Jan 27th, 2020 Never 1,366 None -
2020-01-27 - Hancitor malspam example 1 of 2 Jan 27th, 2020 Never 907 None -
2020-01-10: URLs for Trickbot seen from IcedID-infected host Jan 10th, 2020 Never 1,033 None -
Info so far: Malware Traffic workshop for BSides Tampa 2020 Jan 8th, 2020 Never 1,130 None -
Trickbot EXE from .png URLs on Wednesday 2020-01-08 Jan 8th, 2020 Never 1,050 None -
Trickbot EXE from .png URLs as of Monday 2020-01-06 Jan 6th, 2020 Never 1,529 None -
2020-01-03 - Word docs with macros (Ostap) possibly Trickbot Jan 3rd, 2020 Never 316 None -
Trickbot EXE from .png URLs as of Thursday 2019-12-26 Dec 26th, 2019 Never 1,479 None -
Trickbot EXE from .png URLs as of Thursday 2019-12-19 Dec 19th, 2019 Never 864 None -
Trickbot EXE from .png URLs - Friday 2019-12-06 Dec 6th, 2019 Never 1,009 None -
Trickbot EXE from .png URLs as of Wed 2019-12-04 Dec 5th, 2019 Never 811 None -
Trickbot EXE from .png URLs - Tues 2019-12-03 Dec 3rd, 2019 Never 1,237 None -
2019-12-02 - Hancitor info Dec 2nd, 2019 Never 1,171 None -
Trickbot EXE from .png URLs - Thursday 2019-11-28 Nov 28th, 2019 Never 1,549 None -
Trickbot EXE from .png URLs - Tuesday 2019-11-26 Nov 26th, 2019 Never 1,173 None -
Trickbot EXE from .png URLs - Monday 2019-11-25 Nov 25th, 2019 Never 711 None -
Trickbot EXE from .png URLs - Monday 2019-11-18 Nov 18th, 2019 Never 931 None -