Brad Duncan

 @malware_traffic

  • Sundown EK from 37.139.47.53 sends Locky Ransomware - 2016-10-17 - Malware-Traffic-Analysis - Brad Duncan WordsJS Bizarro Sundown Locky
  • 2018-03-27 - FAKE CHROME, FIREFOX, OR FLASH UPDATE PAGES PUSH JS MALWARE - 2018-03-27 - Malware-Traffic-Analysis - Brad Duncan SocGholish js-GhoLoader
  • Fake Updates campaign still active in 2019 - 2019-02-12 - SANS ISC - Brad Duncan SocGholish Chthonic js-GhoLoader
  • Rig Exploit Kit sends Pitou.B Trojan - 2019-06-25 - SANS ISC - Brad Duncan RIG Pitou Bikarys Keitaro
  • 2019-06-24 - Still finding #FakeUpdates traffic similar to Feb 2019 [...] Still seeing #Chthonic banking Trojan as the final payload - 2019-06-27 - Twitter - Brad Duncan SocGholish Chthonic