API tools faq
paste
malware_traffic

Malware_traffic's Pastebin

275,949 1,305,699 0 8 years ago
Name / Title Added Expires Hits Comments Syntax  
2020-12-09 (Wednesday) - TA551 (Shathak) Word docs with English template push IcedID Dec 9th, 2020 Never 10,254 0 None -
2020-12-07 (Monday) - TA551 (Shathak) Word docs with English template push IcedID Dec 7th, 2020 Never 8,820 0 None -
2020-12-02 (Wednesday) through 2020-12-03 (Thursday) - Qakbot (Qbot) infection with Cobalt Strike Dec 4th, 2020 Never 10,210 0 None -
2020-11-30 (Monday) TA551 (Shathak) Word docs with English template push IcedID Nov 30th, 2020 Never 8,855 0 None -
2020-11-25 (Wednesday) TA551 (Shathak) Word docs with English template push IcedID Nov 25th, 2020 Never 7,817 0 None -
2020-11-24 (Tuesday) - TA551 (Shathak) Word docs with English template push IcedID Nov 24th, 2020 Never 9,308 0 None -
2020-11-23 (Monday) - ZLoader infection with follow-up malwrae Nov 23rd, 2020 Never 9,068 0 None -
2020-11-16 - Fake FedEx email Nov 16th, 2020 Never 8,712 0 None -
2020-11-11 (Wednesday) - IcedID from myResume.xlsb Nov 11th, 2020 Never 9,745 0 None -
2020-11-11 (Wed) - Qakbot-style spreadsheets with macros that retrieved Trickbot gtag rob3 Nov 11th, 2020 Never 9,361 0 None -
Attachment passwords from TA551 (Shathak) malspam Nov 10th, 2020 Never 8,317 0 None -
2020-11-06 (Friday) - malspam pushing Formbook Nov 6th, 2020 Never 8,202 0 None -
2020-11-05 (Thursday) - TA551 (Shathak) Japanese-template Word docs pushing IcedID Nov 4th, 2020 Never 8,950 0 None -
2020-11-04 (Wednesday) - TA551 (Shathak) Japanese-template Word docs pushing IcedID Nov 4th, 2020 Never 8,406 0 None -
2020-11-03 (Tuesday) - TA551 (Shathak) Japanese-template Word docs pushing IcedID Nov 3rd, 2020 Never 7,918 0 None -
2020-10-29 (Thursday) - TA551 (Shathak) Japanese language Word docs with macros for IcedID Oct 29th, 2020 Never 8,195 0 None -
2020-10-28 (Wednesday) - TA551 (Shathak) Japanese language Word docs with macros for IcedID Oct 29th, 2020 Never 8,593 0 None -
2020-10-27 (Tuesday) - TA551 (Shathak) Japanese-language Word docs with macros for IcedID Oct 27th, 2020 Never 8,556 0 None -
2020-10-27 (Tuesday) - Hancitor with Cobalt Strike and unidentified info-stealer Oct 27th, 2020 Never 10,855 0 None -
2020-10-20 (Tuesday) - TA551 (shathak) Word docs push IcedID Oct 21st, 2020 Never 7,918 0 None -
2020-10-15 (Thursday) - BazaLoader from Google Docs links Oct 15th, 2020 Never 8,529 0 None -
2020-10-14 (Wednesday) - TA551 (Shathak) Word docs push IcedID Oct 14th, 2020 Never 8,660 0 None -
2020-10-14 (Wednesday) - Emotet malspam example Oct 14th, 2020 Never 8,215 0 None -
2020-10-07 (Wednesday) - TA551 (shathak) Word docs push IcedID Oct 7th, 2020 Never 8,528 0 None -
2020-10-07 (Wednesday) - Malspam with XLSX attachments pushes Dridex Oct 7th, 2020 Never 9,073 0 None -
2020-10-05 (Monday) - Qakbot (Qbot) abc013 Oct 5th, 2020 Never 9,047 0 None -
2020-10-05 (Monday) DHL-themed malspam pushes Dridex Oct 5th, 2020 Never 8,954 0 None -
2020-09-30 - Qakbot malspam example Sep 30th, 2020 Never 8,443 0 None -
2020-09-23 (Wednesday) TA551 (Shathak) Word docs pushing IcedID Sep 23rd, 2020 Never 8,585 0 None -
2020-09-21 (Monday) TA551 (Shathak) Word docs pushing IcedID Sep 21st, 2020 Never 8,164 0 None -
2020-09-17 (Thursday) TA551 (Shathak) Word docs pushing IcedID Sep 17th, 2020 Never 9,382 0 None -
2020-09-16 (Wednesday) TA551 (Shathak) Word docs pushing IcedID Sep 16th, 2020 Never 9,131 0 None -
2020-09-15 - BazarLoader malware from Google Docs page Sep 15th, 2020 Never 9,050 0 None -
2020-09-11 (Friday) - myResume.xls pushes ZLoader (Silent Night) Sep 11th, 2020 Never 8,799 0 None -
2020-09-11 (Friday) TA551 (Shathak) Word docs pushing IcedID Sep 11th, 2020 Never 9,038 0 None -
2020-09-10 (Thursday) TA551 (Shathak) Word docs pushing IcedID Sep 10th, 2020 Never 9,121 0 None -
2020-09-08 (Tuesday) TA551 (Shathak) Word docs pushing IcedID Sep 8th, 2020 Never 8,733 0 None -
2020-08-20 - Notes on recent TA551 (shathak) activity Aug 20th, 2020 Never 8,439 0 None -
2020-08-20 (Thursday) - TA551 (Shathak) word docs push IcedID Aug 20th, 2020 Never 9,078 0 None -
2020-08-18 (Tuesday) - Emotet malspam example Aug 18th, 2020 Never 7,339 0 None -
2020-08-17 (Monday) - TA551 (shathak) Word docs with macros for IcedID Aug 17th, 2020 Never 9,804 0 None -
2020-08-11 (Tuesday) - TA551 (shathak) Word docs with macros for IcedID Aug 11th, 2020 Never 10,275 0 None -
2020-08-10 (Monday) TA551 (shathak) Word docs with macros for IcedID Aug 10th, 2020 Never 11,648 0 None -
2020-08-05 - "Campaign 56" on amazonaws Aug 5th, 2020 Never 13,979 0 None -
2020-08-03 (Monday) - Qakbot (Qbot) spx147 Aug 3rd, 2020 Never 19,064 0 None -
2020-07-30 (Thursday) - TA551 (Shathak) Word docs push IcedID (Bokbot) Jul 30th, 2020 Never 16,446 0 None -
2020-07-28 - Password-protected XLS pushes ZLoader Jul 28th, 2020 Never 14,452 0 None -
2020-07-28 (Tuesday) - TA551 word docs pushing IcedID (Bokbot) Jul 28th, 2020 Never 16,516 0 None -
2020-07-27 (Monday) - TA551 Word docs push IcedID (Bokbot) Jul 27th, 2020 Never 15,260 0 None -
2020-07-24 (Friday) TA551 word docs with macros for IcedID Jul 24th, 2020 Never 19,366 0 None -
2020-07-23 (Thursday) - TA551 word docs with macros for IcedID Jul 23rd, 2020 Never 20,571 0 None -
2020-07-22 (Wed) - Password-protected XLS files push ZLoader Jul 22nd, 2020 Never 13,956 0 None -
2020-07-21 (Tuesday) - Word docs pushing IcedID (Bokbot) Jul 21st, 2020 Never 12,605 0 None -
2020-07-21 (Tuesday) - Emotet infection with Qakbot Jul 21st, 2020 Never 13,399 0 None -
2020-07-20 (Monday) Word docs with macros for IcedID Jul 20th, 2020 Never 12,199 0 None -
2020-07-17 (Friday) - Word docs with macros for IcedID Jul 20th, 2020 Never 11,194 0 None -
2020-07-17 - Password-protected XLS files Jul 17th, 2020 Never 11,080 0 None -
2020-07-16 (Thursday) - Word docs with macros for IcedID Jul 16th, 2020 Never 9,371 0 None -
2020-07-16 - Hancitor infection with an info-stealer Jul 16th, 2020 Never 7,907 0 None -
2020-07-15 (Wednesday) - Word docs pushing IcedID Jul 16th, 2020 Never 9,467 0 None -
2020-07-15 - XLS files for Hancitor Jul 15th, 2020 Never 8,649 0 None -
2020-07-08 - Trickbot gtag chil61 from XLS macros Jul 8th, 2020 Never 8,393 0 None -
2020-06-30 (Tues) - Valak (soft_sig: mas37) info Jun 30th, 2020 Never 9,234 0 None -
2020-06-24 (Wednesday): Valak activity - Soft_sig: mad35 Jun 24th, 2020 Never 9,539 0 None -
2020-06-23 - Valak (soft_sig: mad34) activity Jun 23rd, 2020 Never 9,075 0 None -
2020-06-22 - Valak (mad33) infection with IcedID (Bokbot) Jun 23rd, 2020 Never 7,821 0 None -
Trickbot propagation URLs on Tuesday 2020-06-23 Jun 23rd, 2020 Never 8,000 0 None -
Trickbot propagation URLs on Friday 2020-06-19 Jun 19th, 2020 Never 8,373 0 None -
2020-06-09 - Recent resume-themed malspam attachments Jun 9th, 2020 Never 7,347 0 None -
2020-06-03 - Valak (Soft_sig: mad29) Jun 4th, 2020 Never 8,901 0 None -
Trickbot propagation URLs (and EXEs) on Thursday 2020-05-28 May 28th, 2020 Never 9,060 0 None -
2020-05-22 - malspam with zip files pushes Valak with IcedID May 22nd, 2020 Never 9,754 0 None -
2020-05-19 - Qakbot (Qbot) spx122 zip archive URLs May 19th, 2020 Never 9,288 0 None -
2020-05-18 - Qakbot (Qbot) zip archive URLs May 18th, 2020 Never 9,819 0 None -
2020-05-12 - Word docs with macros for Valak May 13th, 2020 Never 8,816 0 None -
2020-05-06 (Wednesday) - Qakbot (Qbot) spx114 info May 6th, 2020 Never 10,294 0 None -
2020-05-06 - XLS attachments from malspam pushing Dridex May 6th, 2020 Never 9,247 0 None -
2020-05-05: Links to zip files for Qakbot spx112 & spx113 May 5th, 2020 Never 8,857 0 None -
2020-05-04 (Monday) - malspam with XLS file pushing Dridex May 4th, 2020 Never 8,873 0 None -
2020-05-01 - XLS file w/ macros pushes Loader EXE --> IcedID May 1st, 2020 Never 8,335 0 None -
2020-04-30 - Link-based malspam pushing Dridex - 2 examples Apr 30th, 2020 Never 8,740 0 None -
2020-04-27 - Malspam with password-protected zip archives Apr 28th, 2020 Never 8,586 0 None -
2020-04-23 - URLs/hashes for Qakbot (Qbot) spx103 files Apr 23rd, 2020 Never 9,448 0 None -
2020-04-22 - URLs/hashes for Qakbot (Qbot) spx102 files Apr 22nd, 2020 Never 9,219 0 None -
2020-04-21 - URLs/hashes for Qakbot (Qbot) spx101 files Apr 21st, 2020 Never 8,661 0 None -
Trickbot EXE files from ".png" URLs on Monday 2020-04-20 Apr 20th, 2020 Never 9,908 0 None -
2020-04-20 - URLs/hashes for Qakbot (Qbot) spx100 files Apr 20th, 2020 Never 10,054 0 None -
2020-04-17: Trickbot gtag ono38 from password-protected XLS Apr 17th, 2020 Never 11,629 0 None -
2020-04-17 - URLs/hashes for Qakbot (Qbot) spx99 files Apr 17th, 2020 Never 9,096 0 None -
2020-04-16 - URLs/hashes for Qakbot (Qbot) spx98 files Apr 16th, 2020 Never 10,737 0 None -
2020-04-15 - URLs/hashes for Qakbot (Qbot) spx97 files Apr 15th, 2020 Never 8,515 0 None -
2020-04-14 - URLs/hashes for Qakbot (Qbot) spx96 zip files Apr 14th, 2020 Never 8,720 0 None -
2020-04-13 - URLs/hashes for Qakbot (Qbot) spx95 zip files Apr 13th, 2020 Never 9,412 0 None -
Trickbot EXE files from ".png" URLs on Friday 2020-04-10 Apr 10th, 2020 Never 8,141 0 None -
2020-04-10 - Qakbot (Qbot) spx94 - 30 URLs for zip archives Apr 10th, 2020 Never 7,974 0 None -
2020-04-10 - malpsam pushes GuLodader/NanoCore RAT Apr 10th, 2020 Never 11,085 0 None -
URLs with "/extend/" for Qakbot (Qbot) starting 2020-04-09 Apr 10th, 2020 Never 8,633 0 None -
2020-04-08: OneDrive links to zip archives for Qakbot (Qbot) Apr 9th, 2020 Never 10,279 0 None -
URLs from VT on 2020-04-08 for Qakbot/Qbot zip archives Apr 8th, 2020 Never 10,171 0 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-04-01 Apr 1st, 2020 Never 8,741 0 None -
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!