Back to Handlers
- More Russian language malspam pushing Shade (Troldesh) ransomware
- Fake Updates campaign still active in 2019
- Hancitor malspam and infection traffic from Tuesday 2019-02-05
- Malspam with Word docs uses macro to run Powershell script and steal system data
- Emotet infections and follow-up malware
- Heartbreaking Emails: "Love You" Malspam
- Malspam links to password-protected Word docs that push IcedID (Bokbot)
- Campaign evolution: Hancitor changes its Word macros
- Malspam pushing Lokibot malware
- Russian language malspam pushing Shade (Troldesh) ransomware
- Emotet infection with IcedID banking Trojan
- Day in the life of a researcher: Finding a wave of Trickbot malspam
- More malspam using password-protected Word docs
- Campaign evolution: Hancitor malspam starts pushing Ursnif this week
- One Emotet infection leads to three follow-up malware infections
- Sextortion Spam and the Infinite Monkey Theorem
- More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
- DHL-themed malspam reveals embedded malware in animated gif
- Malspam with password-protected Word docs pushes Hermes ransomware
- Recent Emotet activity
- More malspam pushing Lokibot
- Malspam pushing coin miner and other malware
- Cryptocurrency-themed phishing emails
- Phishing emails for fake MyEtherWallet login page
- Malspam pushing Trickbot malware on Friday 2018-05-11
- GandCrab Ransomware: Now Coming From Malspam
- 3 examples of malspam pushing Loki-Bot malware
- RTF files for Hancitor utilize exploit for CVE-2017-11882
- Reviewing the spam filters: Malspam pushing Gozi-ISFB
- Fake anti-virus pages popping up like weeds
- Pornographic malspam pushes coin miner malware
- More Malspam pushing Emotet malware
- One month later, Magniber ransomware is still out there
- Resume-themed malspam pushing Smoke Loader
- Necurs Botnet malspam pushes Locky using DDE attack
- HSBC-themed malspam uses ISO attachments to push Loki Bot malware
- Hancitor malspam uses DDE attack
- Malspam pushing Formbook info stealer
- Malspam pushing Word documents with Hancitor malware
- Emails threatening DDoS allegedly from Phantom Squad
- Email attachment using CVE-2017-8759 exploit targets Argentina
- Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
- Malspam pushing Trickbot banking Trojan
- How are people fooled by this? Email to sign a contract provides malware instead.
- Malspam pushing Emotet malware
- NemucodAES and the malspam that distributes it
- Catching up with Blank Slate: a malspam campaign still going strong
- Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
- Checking out the new Petya variant
- Wide-scale Petya variant ransomware attack noted
- A Tale of Two Phishies
- Jaff ransomware gets a makeover
- Seamless Campaign using Rig Exploit Kit to send Ramnit Trojan
- Malspam on 2017-04-11 pushes yet another ransomware variant
- April 2017 Microsoft Patch Tuesday
- Dridex malspam seen on Monday 2017-04-10
- "Blank Slate" malspam still pushing Cerber ransomware
- Malspam with password-protected Word documents
- Brazilian malspam sends Autoit-based malware
- Hancitor/Pony malspam
- CryptoShield Ransomware from Rig EK
- Ticketbleed vulnerability affects some f5 appliances
- Sage 2.0 Ransomware
- Upatre/Dyre - the daily grind of botnet-based malspam
- Traffic pattern change noted in Fiesta exploit kit
- Dalexis/CTB-Locker malspam campaign
- Actor using Fiesta exploit kit
- Hancitor/Pony/Vawtrak malspam
- Merry X-Mas ransomware from Sunday 2017-01-08
- One, if by email, and two, if by EK: The Cerbers are coming!
- Domaincop malpsam
- 2016-11-18 example of KaiXin EK activity
- Malspam distributing Troldesh ransomware
- Exploit kit roundup: Less Angler, more Nuclear
- Malspam delivers NanoCore RAT
- pseudoDarkleech Rig EK
- Rig Exploit Kit from the Afraidgate Campaign
- Those never-ending waves of Locky malspam
- 1 compromised site - 2 campaigns
- Follow-up to: Stop calling it a ransomware "attack"
- Stop calling it a ransomware "attack"
- CryptXXX ransomware updated
- Change in patterns for the pseudoDarkleech campaign
- APT and why I don't like the term
- Searching for malspam
- Neutrino EK and CryptXXX
- EITest campaign still going strong
- ImageTragick: Another Vulnerability, Another Nickname
- Neutrino exploit kit sends Cerber ransomware
- Angler Exploit Kit, Bedep, and CryptXXX
- The importance of ongoing dialog
- Recent example of KaiXin exploit kit
- Angler exploit kit generated by "admedia" gates
- A trip through the spam filters: more malspam with zip attachments containing .js files
- Dridex malspam example from January 2016
- OpenSSH 7.1p2 released with security fix for CVE-2016-0777
- CryptoWall sent by Angler and Neutrino exploit kits or through malicious spam
- A recent example of wire transfer fraud
- Actor using Rig EK to deliver Qbot - update
- Actor using Rig EK to deliver Qbot
- ScreenOS vulnerability affects Juniper firewalls
- TeslaCrypt ransomware sent using malicious spam
- Everything old is new again - Blackhole exploit kit since November 2015
- New variant of CryptoWall - Is it right to call it 4.0?
- Malicious spam - Subject: RE: Bill
- BizCN gate actor sends CryptoWall 4.0
- Actors using exploit kits - How they change tactics
- Malicious spam with links to CryptoWall 3.0 - Subject: Domain [name] Suspension Notice
- Botnets spreading Dridex still active
- Compromised Magento sites led to Neutrino exploit kit
- Malicious spam with Word document
- BizCN gate actor update
- Recent trends in Nuclear Exploit Kit activity
- Mistakenly-deployed test patch leads to suspicious Windows update
- Malicious spam with zip attachments containing .js files
- A look through the spam filters - examining waves of Upatre malspam
- Actor that tried Neutrino exploit kit now back to Angler
- What's the situation this week for Neutrino and Angler EK?
- A recent decline in traffic associated with Operation Windigo
- Actor using Angler exploit kit switched to Neutrino
- Adwind: another payload for botnet-based malspam
- Nuclear EK traffic patterns in August 2015
- Malicious spam continues to serve zip archives of javascript files
- Bartalex malspam pushing Pony/Dyre
- After Flash, what will exploit kits focus on next?
- BizCN gate actor changes from Fiesta to Nuclear exploit kit
- Another example of Angler exploit kit pushing CryptoWall 3.0
- Botnet-based malicious spam seen this week
- Updates to OpenSSL fix vulnerabilities related to Logjam
- Increase in CryptoWall 3.0 from malicious spam and Angler exploit kit
- Exploit kit roundup - early June 2015
- Myfax malspam wave with links to malware and Neutrino exploit kit
- Angler exploit kit pushing CryptoWall 3.0
- Exploit kits delivering Necurs
- Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
- Upatre/Dyre malspam - Subject: eFax message from "unknown"
- Recent Dridex activity
- Angler exploit kit pushes new variant of ransomware
- SOC Analyst Pyramid
- Exploit kits (still) pushing Teslacrypt ransomware
- An example of the malicious emails sometimes sent to the ISC handler addresses
- Angler Exploit Kit - Recent Traffic Patterns
- Rig Exploit Kit Changes Traffic Patterns
- Threatglass has pcap files with exploit kit activity
- What Happened to You, Asprox Botnet?
- An Example of Evolving Obfuscation