2021-03-03 | Brad Duncan | Qakbot infection with Cobalt Strike |
2021-02-23 | Jan Kopriva | Qakbot in a response to Full Disclosure post |
2021-02-17 | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
2021-01-26 | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
2021-01-20 | Brad Duncan | Qakbot activity resumes after holiday break |
2020-12-09 | Brad Duncan | Recent Qakbot (Qbot) activity |
2020-11-03 | Brad Duncan | Emotet -> Qakbot -> more Emotet |
2020-10-20 | Xavier Mertens | Mirai-alike Python Scanner |
2020-10-14 | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
2020-08-19 | Xavier Mertens | Example of Word Document Delivering Qakbot |
2020-08-03 | Xavier Mertens | Powershell Bot with Multiple C2 Protocols |
2020-08-01 | Jan Kopriva | What pages do bad bots look for? |
2020-07-15 | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
2020-06-13 | Guy Bruneau | Mirai Botnet Activity |
2020-05-20 | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
2020-04-01 | Brad Duncan | Qakbot malspam sent from an infected Windows host |
2020-03-21 | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
2020-03-18 | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
2020-01-28 | Brad Duncan | Emotet epoch 1 infection with Trickbot gtag mor84 |
2019-12-24 | Brad Duncan | Malspam with links to Word docs pushes IcedID (Bokbot) |
2019-12-18 | Brad Duncan | Emotet infection with spambot activity |
2019-12-11 | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
2019-11-13 | Brad Duncan | An example of malspam pushing Lokibot malware, November 2019 |
2019-10-30 | Xavier Mertens | Keep an Eye on Remote Access to Mailboxes |
2019-09-18 | Brad Duncan | Emotet malspam is back |
2019-09-03 | Johannes Ullrich | [Guest Diary] Tricky LNK points to TrickBot |
2019-08-14 | Brad Duncan | Recent example of MedusaHTTP malware |
2019-08-08 | Johannes Ullrich | [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign" |
2019-07-26 | Kevin Shortt | DVRIP Port 34567 - Uptick |
2019-03-13 | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
2019-03-06 | Brad Duncan | Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot |
2019-02-14 | Xavier Mertens | Old H-Worm Delivered Through GitHub |
2019-01-16 | Brad Duncan | Emotet infections and follow-up malware |
2019-01-10 | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
2018-12-23 | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
2018-12-18 | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
2018-12-05 | Brad Duncan | Campaign evolution: Hancitor changes its Word macros |
2018-12-04 | Brad Duncan | Malspam pushing Lokibot malware |
2018-11-14 | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
2018-09-26 | Brad Duncan | One Emotet infection leads to three follow-up malware infections |
2018-05-09 | Xavier Mertens | Nice Phishing Sample Delivering Trickbot |
2017-10-19 | Brad Duncan | HSBC-themed malspam uses ISO attachments to push Loki Bot malware |
2017-08-15 | Brad Duncan | Malspam pushing Trickbot banking Trojan |
2017-07-19 | Xavier Mertens | Bots Searching for Keys & Config Files |
2017-05-08 | Renato Marinho | Exploring a P2P Transient Botnet - From Discovery to Enumeration |
2016-12-31 | Xavier Mertens | Ongoing Scans Below the Radar |
2016-12-07 | Xavier Mertens | The Passwords You Should Never Use |
2016-09-10 | Xavier Mertens | Ongoing IMAP Scan, Anyone Else? |
2016-07-27 | Xavier Mertens | Analyze of a Linux botnet client source code |
2015-02-06 | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
2014-10-09 | Johannes Ullrich | CSAM: My servers started speaking IRC, and that is when I started to listen! |
2014-08-16 | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
2014-01-16 | Kevin Shortt | Port 4028 - Interesting Activity |
2013-12-07 | Guy Bruneau | Suspected Active Rovnix Botnet Controller |
2013-10-26 | Guy Bruneau | Active Perl/Shellbot Trojan |
2013-08-11 | Bojan Zdrnja | XATattacks (attacks on xat.com) |
2012-10-26 | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
2011-08-04 | Johannes Ullrich | IRC traffic on non standard ports |
2011-05-14 | Guy Bruneau | Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity |
2011-02-28 | Deborah Hale | Possible Botnet Scanning |
2011-01-11 | Kevin Shortt | Spam Cannons on Holiday |
2010-11-18 | Chris Carboni | All of your pages are belonging to us |
2010-11-05 | Adrien de Beaupre | Bot honeypot |
2010-08-19 | Daniel Wesemann | Casper the unfriendly ghost |
2010-07-29 | Rob VandenBrink | FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators |
2010-06-14 | Manuel Humberto Santander Pelaez | New way of social engineering on IRC |
2010-05-07 | Johannes Ullrich | Stock market "wipe out" may be due to computer error |
2010-05-02 | Mari Nichols | Zbot Social Engineering |
2010-04-23 | Adrien de Beaupre | Shadowserver botnet rules |
2010-03-25 | Kevin Liston | Zeus wants to do your taxes |
2010-03-11 | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
2010-02-02 | Johannes Ullrich | Pushdo Update |
2010-01-25 | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
2009-12-21 | Marcus Sachs | iPhone Botnet Analysis |
2009-11-13 | Deborah Hale | Pushdo/Cutwail Spambot - A Little Known BIG Problem |
2009-11-08 | Kevin Liston | FireEye takes on Ozdok and Recovery Ideas |
2009-10-10 | Tony Carothers | User Notification for Possible Infected Systems |
2009-09-16 | Raul Siles | IETF Draft for Remediation of Bots in ISP Networks |
2009-05-07 | Deborah Hale | Botnet hijacking reveals 70GB of stolen data |
2008-11-05 | donald smith | Bot net hunters get an improved tool from SRI bothunters |
2008-09-09 | Swa Frantzen | The complaint that's an attack |
2008-09-01 | John Bambenek | The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months |
2008-07-19 | William Salusky | A twist in fluxnet operations. Enter Hydraflux |
2008-07-15 | Maarten Van Horenbeeck | Bot controller mimicry |
2008-04-07 | John Bambenek | Got Kraken? |
2008-04-07 | John Bambenek | Kraken Technical Details: UPDATED x3 |
2006-08-31 | Swa Frantzen | NT botnet submitted |
2006-08-31 | Joel Esler | MS06-040 Worm |