Brad

2018-12-27 - #malspam pushes #shade (#Troldesh) #ransomware - 7 email examples, a #pcap of the infection traffic, and the associated #malware at: https://www.malware-traffic-analysis.net/2018/12/27/index.html … - saw #nheqminer sent with this infection and numerous Wordpress site login attempts from my infected hostpic.twitter.com/gULnQPTw43

2018-12-27 - The message text in this #sextortion #spam example from today seems a little more lazy than usual - Paste of the email: https://pastebin.com/X0r4acHs  - Pastebin raw: https://pastebin.com/raw/X0r4acHs pic.twitter.com/N8tW7Crmur

2018-12-27 - #Trickbot executable files sent as URLs ending in ".png" from 195.123.212[.]29 starting today - Paste with info on today's examples: https://pastebin.com/f3RAiQBV  - Pastebin raw: https://pastebin.com/raw/f3RAiQBV  - See Pastebin info about toler.png (it's always an old file)pic.twitter.com/SonoKHqeQM

2018-12-26 - Two #pcap files I provided for UA-CTF in Nov 2018 - Now available to the public, with my suggested tasks and answers - Not a #TrafficAnalysisExercise, but bonus material for those who've done the regular exercises but want more practice - https://www.malware-traffic-analysis.net/2018/CTF/index.html …pic.twitter.com/ylq3dIsTmX

2018-12-18 - Traffic Analysis Exercise - Eggnog Soup - Answers are now available: https://www.malware-traffic-analysis.net/2018/12/18/index.html … - #TrafficAnalysisExercise #pcappic.twitter.com/D92Q6oZPMW

2018-12-26 - #malspam campaign using malicious XLS file attachments - Not sure what this is, but saw thousands of emails went out from this campaign earlier today - Paste of details at: https://pastebin.com/4KARvya8  - Pastebin Raw: https://pastebin.com/raw/4KARvya8 pic.twitter.com/AIFOB4z6FL

2018-12-24 - #Trickbot executable files sent as URLs ending in ".png" from 91.200.100[.]169 starting as early as Wednesday 2018-12-19 - Paste with info on today's examples available at: https://pastebin.com/1bmfNRSt  - Pastebin raw: https://pastebin.com/raw/1bmfNRSt pic.twitter.com/9KziDUYzLa

2018-12-19 - #malspam pushing #MyDoom is still a thing (ever since 2004). I don't think it will ever go away. - Recent examples and a #pcap of the infection traffic available at: https://www.malware-traffic-analysis.net/2018/12/19/index.html …pic.twitter.com/eGjCF8y0Jw

2018-12-20 - Quick post: #Emotet infection with #Gootkit - #pcap and #malware at: https://www.malware-traffic-analysis.net/2018/12/20/index2.html …pic.twitter.com/JhCpTGsaQp

2018-12-20 - Three days of #Hancitor infections, today with #SmokeLoader - #pcap files of the infection traffic, associated #malware, and two #malspam examples available at https://www.malware-traffic-analysis.net/2018/12/20/index.html …pic.twitter.com/vmZoBXRZJu

2018-12-20 - File info from #Hancitor malspam infection (XLS file, #Hancitor EXE, #Ursnif EXE, and #SmokeLoader EXE) - Original thread started by @James_inthe_box: https://twitter.com/James_inthe_box/status/1075767229386346496 … - Paste: https://pastebin.com/RAUgpPxj  - Pastebin raw (without the ads): https://pastebin.com/raw/RAUgpPxj pic.twitter.com/KdQDVXbVM6

2018-12-19 - Traffic Analysis Exercise - Eggnog Soup - Join the fun at: https://www.malware-traffic-analysis.net/2018/12/18/index.html … - How do you make an Eggnog Soup exercise? - Add a few Windows hosts and a scoop of non-Windows hosts to the mix, then bake the #pcap at 1500 MTU for 11 min - #TrafficAnalysisExercisepic.twitter.com/Y91d64mXMA

2018-12-19 - Example of #Hancitor #malspam - Paste: https://pastebin.com/VSavR3sK  - Pastebin raw: https://pastebin.com/raw/VSavR3sK  - Submitted to VT: https://www.virustotal.com/#/file/6dae7c33ee24170ebbb84f49e52a286239c2243b2c6cb7640aa4d6eee62a6789/ …pic.twitter.com/rISW2wOwoQ

2018-12-19 - File info from #Hancitor malspam infection (XLS file, #Hancitor EXE, and #Ursnif EXE) - Thanks @James_inthe_box for your initial tweet chain about this - Paste: https://pastebin.com/FBb30ANp  - Pastebin raw (without the ads): https://pastebin.com/raw/FBb30ANp pic.twitter.com/de4Bn2apQs