malware_traffic

Malware_traffic's Pastebin

307,707 1,549,899 0 9 years ago
Name / Title Added Expires Hits Comments Syntax  
2020-03-17 - FedEx themed malspam pushes Dridex Mar 18th, 2020 Never 3,979 0 None -
Trickbot EXE files from ".png" URLs on Monday 2020-03-16 Mar 16th, 2020 Never 2,762 0 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-03-04 Mar 4th, 2020 Never 2,729 0 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-02-26 Feb 26th, 2020 Never 3,475 0 None -
Trickbot EXE files from ".png" URLs on Wednesday 2020-02-19 Feb 19th, 2020 Never 3,375 0 None -
Trickbot EXE files from ".png" URLs on Thursday 2020-02-06 Feb 6th, 2020 Never 3,813 0 None -
2020-02-03 - malspam with attachment for Emotet epoch 2 Feb 3rd, 2020 Never 4,679 0 None -
2020-02-03 - Malspam pushing Qbot (Qakbot) Feb 3rd, 2020 Never 4,607 0 None -
Trickbot EXE files from .png URLs on Monday 2020-02-03 Feb 3rd, 2020 Never 3,134 0 None -
Trickbot EXE from .png URLs on Monday 2020-01-27 Jan 27th, 2020 Never 3,160 0 None -
2020-01-27 - Hancitor malspam example 2 of 2 Jan 27th, 2020 Never 3,545 0 None -
2020-01-27 - Hancitor malspam example 1 of 2 Jan 27th, 2020 Never 3,175 0 None -
2020-01-10: URLs for Trickbot seen from IcedID-infected host Jan 10th, 2020 Never 2,685 0 None -
Info so far: Malware Traffic workshop for BSides Tampa 2020 Jan 8th, 2020 Never 3,198 0 None -
Trickbot EXE from .png URLs on Wednesday 2020-01-08 Jan 8th, 2020 Never 2,989 0 None -
Trickbot EXE from .png URLs as of Monday 2020-01-06 Jan 6th, 2020 Never 3,577 0 None -
2020-01-03 - Word docs with macros (Ostap) possibly Trickbot Jan 3rd, 2020 Never 1,775 0 None -
Trickbot EXE from .png URLs as of Thursday 2019-12-26 Dec 26th, 2019 Never 2,969 0 None -
Trickbot EXE from .png URLs as of Thursday 2019-12-19 Dec 19th, 2019 Never 2,186 0 None -
Trickbot EXE from .png URLs - Friday 2019-12-06 Dec 6th, 2019 Never 2,288 0 None -
Trickbot EXE from .png URLs as of Wed 2019-12-04 Dec 5th, 2019 Never 2,079 0 None -
Trickbot EXE from .png URLs - Tues 2019-12-03 Dec 3rd, 2019 Never 2,595 0 None -
2019-12-02 - Hancitor info Dec 2nd, 2019 Never 2,978 0 None -
Trickbot EXE from .png URLs - Thursday 2019-11-28 Nov 28th, 2019 Never 3,201 0 None -
Trickbot EXE from .png URLs - Tuesday 2019-11-26 Nov 26th, 2019 Never 2,405 0 None -
Trickbot EXE from .png URLs - Monday 2019-11-25 Nov 25th, 2019 Never 1,942 0 None -
Trickbot EXE from .png URLs - Monday 2019-11-18 Nov 18th, 2019 Never 2,500 0 None -
Trickbot EXE from .png URLs - Friday 2019-11-15 Nov 15th, 2019 Never 2,413 0 None -
Trickbot EXE files seen from .png URLs on 2019-10-29 Oct 29th, 2019 Never 2,812 0 None -
2019-10-09 - Hancitor acitivity Oct 9th, 2019 Never 4,139 0 None -
2019-10-03 - Netsupport RAT malspam campaign Oct 4th, 2019 Never 2,738 0 None -
2019-09-30 - Info from malspam pushing Shade ransomware Sep 30th, 2019 Never 2,729 0 None -
2019-09-30 - example of malspam pushing Shade ransomware Sep 30th, 2019 Never 1,470 0 None -
Trickbot EXE files seen from .png URLs on 2019-09-25 Sep 25th, 2019 Never 2,153 0 None -
2019-09-13 - Malspam pushing Shade ransomware Sep 13th, 2019 Never 3,330 0 None -
2019-09-03 - Malspam with password-protected Word docs Sep 3rd, 2019 Never 11,429 0 None -
2019-08-28 - File info from today's Ursnif infection Aug 28th, 2019 Never 2,716 0 None -
2019-08-26 - files from Ursnif infection with Trickbot Aug 26th, 2019 Never 3,193 0 None -
2019-08-22: Trickbot EXEs associated with IcedID (Bokbot) Aug 22nd, 2019 Never 3,247 0 None -
2019-08-22 - info on malspam pushing Shade ransomware Aug 22nd, 2019 Never 3,177 0 None -
2019-08-22 - malspam pushing Shade (Troldesh) ransomware Aug 22nd, 2019 Never 1,743 0 None -
2019-08-21 - malspam pushing Shade (Troldesh) ransomware Aug 21st, 2019 Never 2,987 0 None -
2019-08-21 - malspam pushing Shade (Troldesh) - 2 of 2 Aug 21st, 2019 Never 1,385 0 None -
2019-08-21 - malspam pushing Shade (Troldesh) - 1 of 2 Aug 21st, 2019 Never 1,376 0 None -
2019-08-19 - Trickbot binaries, "the PNGs" Aug 20th, 2019 Never 2,595 0 None -
2019-08-12 - Trickbot EXEs from URLs ending with .png Aug 12th, 2019 Never 2,262 0 None -
IcedID (Bokbot)-related Trickbot binaries seen on 2019-08-12 Aug 12th, 2019 Never 2,730 0 None -
2019-07-30 - Trickbot binaries, "the PNGs" Jul 30th, 2019 Never 2,069 0 None -
File hashes from Hancitor infection on Monday 2019-0722 Jul 22nd, 2019 Never 2,706 0 None -
2019-06-25 and 06-26 - Malspam pushing Trickbot (gtag: wmd1) Jun 26th, 2019 Never 3,633 0 None -
2019-06-20 - malspam pushing Nanocore RAT Jun 20th, 2019 Never 2,873 0 None -
2019-06-13 - Malspam with XLS attachment Jun 13th, 2019 Never 2,436 0 None -
2019-05-30 - PASSWORD-PROTECTED WORD DOCS FROM MALSPAM May 30th, 2019 Never 2,886 0 None -
2019-05-28 - EXAMPLE OF EMOTET MALSPAM (2 OF 2) May 29th, 2019 Never 3,363 0 None -
2019-05-28 - EXAMPLE OF EMOTET MALSPAM (1 OF 2) May 29th, 2019 Never 3,415 0 None -
2019-05-20 - malspam pushing Lokibot May 20th, 2019 Never 2,645 0 None -
2019-05-02 - Emotet malspam example May 2nd, 2019 Never 3,055 0 None -
2019-04-24 - Emote malspam example Apr 24th, 2019 Never 3,256 0 None -
New password-protected docs in malspam since 2018-04-17 Apr 19th, 2019 Never 2,657 0 None -
2019-04-19 - malspam pushing Danabot Apr 19th, 2019 Never 2,040 0 None -
2019-04-16 - Trickbot malspam - gtag: sat43 Apr 16th, 2019 Never 2,779 0 None -
2019-04-15 - Lokibot malspam example Apr 15th, 2019 Never 3,349 0 None -
2019-04-04 - Example of Emotet malspam Apr 4th, 2019 Never 3,069 0 None -
2019-04-03 - Hancitor malspam example Apr 3rd, 2019 Never 2,489 0 None -
2019-04-01 - Active URLs for Emotet Apr 1st, 2019 Never 2,318 0 None -
2019-03-25 - Rig EK landing page from 79.174.13.20 Mar 25th, 2019 Never 2,620 0 None -
2019-03-18 - malspam pushing Trickbot (gtag: ono1) Mar 18th, 2019 Never 2,043 0 None -
2019-03-14 - Info on Trickbot malspam wave Mar 14th, 2019 Never 2,771 0 None -
2019-03-14 - Trickbot malspam example (gtag day2) Mar 14th, 2019 Never 2,494 0 None -
2019-03-14 - Malware from password-protected Word doc Mar 14th, 2019 Never 2,052 0 None -
2019-03-12 - Qakbot EXE sent to Emotet-infected Windows host Mar 12th, 2019 Never 2,244 0 None -
2019-03-11 - Example of malspam pushing Trickbot gtag: day2 Mar 11th, 2019 Never 2,183 0 None -
2019-03-11 - Malspam pushing Trickbot - gtag: day2 Mar 11th, 2019 Never 2,837 0 None -
2019-03-05 and 06: malware from malspam pushing Ursnif/Gozi Mar 6th, 2019 Never 1,888 0 None -
2019-03-05 - Trickbot inject module name tied to gtag now Mar 5th, 2019 Never 1,962 0 None -
2019-03-04 - #Emotet #malspam example Mar 4th, 2019 Never 2,432 0 None -
2019-03-04 - malspam pushes Hawkeye keylogger/info stealer Mar 4th, 2019 Never 1,697 0 None -
2019-02-28 - Hancitor malspam example Feb 28th, 2019 Never 2,357 0 None -
2019-02-26 - Malware from Hancitor infection Feb 26th, 2019 Never 2,030 0 None -
2019-02-26 - Example of malspam pushing Hancitor Feb 26th, 2019 Never 2,277 0 None -
2019-02-25 - Example of malspam pushing Hancitor Feb 25th, 2019 Never 2,208 0 None -
2019-02-25 - malware from Hancitor infection Feb 25th, 2019 Never 2,271 0 None -
2019-02-21 - Example of malspam pushing Hanctor Feb 21st, 2019 Never 2,626 0 None -
2019-02-14 - Emotet malspam example with download link Feb 14th, 2019 Never 3,259 0 None -
2019-02-14 - Recent Trickbot weirdness Feb 14th, 2019 Never 3,941 0 None -
2019-02-14 - Malspam using password-protected Word docs Feb 14th, 2019 Never 4,735 0 None -
2019-02-14 - Malspam uses Dropbox link to push Formbook Feb 14th, 2019 Never 4,114 0 None -
2019-02-13 - Hancitor malspam example Feb 13th, 2019 Never 2,731 0 None -
2019-02-13 - Emotet malspam example with PDF attachment Feb 13th, 2019 Never 2,417 0 None -
2019-02-12 - Emotet malspam example with PDF attachment Feb 12th, 2019 Never 3,161 0 None -
2019-02-12 - malware from Hancitor infection Feb 12th, 2019 Never 2,350 0 None -
2019-02-12 - Hancitor malspam (USPS theme) Feb 12th, 2019 Never 2,581 0 None -
2019-02-09 - Fake Updates campaign pushes Chthonic Feb 8th, 2019 Never 2,861 0 None -
Since 2019-02-04 - Trickbot EXEs as PNG: Sin, Tin, and Win Feb 8th, 2019 Never 3,304 0 None -
2019-02-08 (Friday) - Trickbot malspam (gtag: sat36) Feb 8th, 2019 Never 2,287 0 None -
2019-02-05 - Trickbot malspam - gtag: ser0205us Feb 5th, 2019 Never 3,424 0 None -
2019-02-04 - Trickbot EXEs as .png from 185.68.93[.]30 Feb 4th, 2019 Never 2,145 0 None -
2019-01-29 - Fallout EK possible exploit Jan 29th, 2019 Never 1,467 0 None -
2019-01-29 - Fallout EK landing page Jan 29th, 2019 Never 1,446 0 None -
2019-01-29 - Fallout EK (HTTPS) sends SmokeLoader -> AZORult Jan 29th, 2019 Never 2,612 0 None -