Malware Corpus Tracker - Info Whitepapers - rockloader

Info for Family: rockloader

Published	Family	Author - Title
2016-04-12 14:04	rockloader	Neera Desai,Ronnie Tokazowski,Paul Burbage,Brendan Griffin / PhishMe - RockLoader – New Upatre-like Downloader Pushed by Dridex, Downloads all the Malwares
2016-04-08 17:04	rockloader	Nelly Vladimirova / Virus Guides - RockLoader Malware Bundled with Locky Ransomware
2016-04-08 10:04	rockloader	Myonlinesecurity / My Online Security - CAJA 87889 FACTURA 48024NMX – CK Polendo, Guillermo Navistar.com – word doc macro malware
2016-04-07 12:04	rockloader	TechHelpList.com - Dossier n° ... - CABINET BETTAN - Malware
2016-04-06 23:04	rockloader	Proofpoint - Locky Ransomware Cybercriminals Continue Email Campaign Innovation, Introduce New RockLoader Malware

Info for parent family:

Published	Family	Author - Title
2017-11-01 01:11	locky	Malware-Traffic-Analysis.net - Necurs Botnet malspam stops using DDE, still uses Word docs to push Locky
2017-10-10 11:10	locky	Racco42 / Pastebin - 2017-10-10 Locky "Voicemail From 845-551-NNNN"
2017-10-09 15:10	locky	Racco42 / Twitter - 917411865776533504
2017-10-09 10:10	locky	Racco42 / Pastebin - 2017-10-09 Locky "New voice message"
2017-10-03 12:10	locky	Racco42 / Pastebin - 2017-10-03 Locky "Emailing - DOCNNN"
2017-10-03 07:10	locky	Racco42 / Pastebin - 2017-10-03 Locky "INVOICE"
2017-10-03 06:10	locky	ring0x0 / Pastebin - locky downloader changed
2017-10-03 01:10	locky	Malware-Traffic-Analysis.net - Necurs Botnet malspam sto;; pushing ".ykcol" variant Locky ransomware
2017-10-02 15:10	locky	Racco42 / Pastebin - 2017-10-02 Locky "Emailed Invoice - NNNNNN"
2017-09-29 12:09	locky	coldshell / Twitter - 913735730509307904
2017-09-29 06:09	locky	Pastebin - Locky (29/09/2017)
2017-09-27 14:09	locky	Racco42 / Pastebin - 2017-09-27 Locky "Scanned image from MX-2600N"
2017-09-27 04:09	locky	Racco42 / Pastebin - 2017-09-26 Locky "INVOICE"
2017-09-27 03:09	locky	Racco42 / Pastebin - 2017-09-26 Locky "Invoice PISxxxxxxx"
2017-09-22 08:09	locky	Racco42 / Pastebin - 2017-09-22 Locky "Your Invoice"
2017-09-21 04:09	locky	Racco42 / Pastebin - 2017-09-21 Locky "Invoice RE-2017-09-21-00168"
2017-09-20 14:09	locky	Racco42 / Pastebin - 2017-09-20 Locky "New voice message"
2017-09-20 06:09	locky	Racco42 / Pastebin - 2017-09-20 Locky "Your Payment # NNNN"
2017-09-20 03:09	locky	Racco42 / Pastebin - 2017-09-20 Locky "Status of invoice A217xxx"
2017-09-19 21:09	locky	Racco42 / Twitter - 910251032915083264
2017-09-19 16:09	locky	Racco42 / Pastebin - 2017-09-19 Locky "HERBALIFE Order Number"
2017-09-19 16:09	locky	Racco42 / Pastebin - 2017-09-19 Locky "Emailing - 1000800NNNN"
2017-09-19 10:09	locky	coldshell / Twitter - 910089307708383232
2017-09-19 05:09	locky	Pastebin - Locky (19/09/2017)
2017-09-18 15:09	locky	Racco42 / Pastebin - 2017-09-18 Locky "Message from KM_C224e"
2017-09-18 09:09	locky	coldshell / Twitter - 909704853110317058
2017-09-18 03:09	locky	Pastebin - Locky (18/09/2017)
2017-09-11 07:09	locky	Malware-Traffic-Analysis.net - Blank Slate malspam pushes "Lukitus" variant Locky ransomware
2017-09-08 08:09	locky	Racco42 / Pastebin - 2017-09-08 Locky "Emailed Invoice"
2017-09-08 08:09	locky	coldshell / Twitter - 906067475791532033
2017-09-08 03:09	locky	Pastebin - Locky (08/09/2017)
2017-09-07 21:09	locky	James_inthe_box / Twitter - 905904209932951553
2017-09-07 17:09	locky	Racco42 / Pastebin - 2017-09-07 Locky "Microsoft Store E-invoice for your order"
2017-09-07 16:09	locky	James_inthe_box / Pastebin - Locky Sep 7
2017-09-07 07:09	locky	Racco42 / Pastebin - Untitled
2017-09-06 20:09	locky	Racco42 / Twitter - 905526704554303488
2017-09-06 15:09	locky	Racco42 / Pastebin - Untitled
2017-09-05 10:09	locky	Racco42 / Twitter - 905017085675401216
2017-09-05 08:09	locky	Racco42 / Twitter - 904987775748988929
2017-09-05 07:09	locky	Racco42 / Twitter - 904975665384050690
2017-09-05 06:09	locky	James_inthe_box / Pastebin - Locky Sep 5
2017-09-05 05:09	locky	Racco42 / Pastebin - 2017-09-05 Locky "Scanning"
2017-09-05 03:09	locky	Racco42 / Pastebin - 2017-09-05 Locky "New voice message"
2017-09-05 02:09	locky	Racco42 / Pastebin - 2017-09-05 Locky "Invoice from Verizon"
2017-09-01 10:09	locky	Racco42 / Twitter - 903568113379274752
2017-09-01 05:09	locky	Racco42 / Pastebin - 2017-01-09 Locky "New voice message"
2017-08-31 17:08	locky	https://pastebin.com/iZhbgVnx
2017-08-31 12:08	locky	coldshell / Twitter - 903232028581253124
2017-08-30 06:08	locky	Pastebin - Locky (30/08/2017)
2017-08-28 11:08	locky	coldshell / Twitter - 902127809228918784
2017-08-28 06:08	locky	Pastebin - Locky (28/08/2017)
2017-08-18 10:08	locky	7jm4j - Ghostbin
2017-08-18 09:08	locky	coldshell / Twitter - 898474763139653632
2017-08-18 04:08	locky	Pastebin - Locky (17/08/2017)
2017-08-17 14:08	locky	coldshell / Twitter - 898184075999137792
2017-08-17 10:08	locky	Bill Brenner / Naked Security - It’s baaaack: Locky ransomware is on the rise again
2017-08-17 09:08	locky	Pastebin - Locky (17/08/2017)
2017-08-17 07:08	locky	coldshell / Twitter - 898087713844457472
2017-08-17 02:08	locky	Pastebin - Locky (17/08/2017)
2017-08-16 20:08	locky	xorsthings / Twitter - 897920247877029891
2017-08-16 15:08	locky	Danny Palmer / ZDNet - Locky ransomware is back from the dead again - with new 'Diablo' and 'Lukitus' variants
2017-08-16 14:08	locky	Lawrence Abrams / BleepingComputer - Locky Ransomware switches to the Lukitus extension for Encrypted Files
2017-08-16 11:08	locky	coldshell / Twitter - 897777479389245441
2017-08-14 06:08	locky	Pastebin - Locky (14/08/17)
2017-06-26 12:06	locky	coldshell / Twitter - 879314196164468737
2017-06-26 11:06	locky	dvk01uk / Twitter - 879300919732711424
2017-06-26 07:06	locky	Pastebin - Locky 26/06/2017
2017-06-23 11:06	locky	Ionut Arghire - Necurs Botnet Distributing Locky Ransomware via Fake Invoices \| SecurityWeek.Com
2017-06-22 14:06	locky	Vencislav Krustev / How to, Technology and PC Security Forum \| SensorsTechForum.com - Locky and Cerber Ransomware Viruses Both Updated (June 2017)
2017-06-22 12:06	locky	coldshell / Twitter - 877866694475001858
2017-06-22 07:06	locky	Pastebin - Locky 22/06/2017
2017-06-22 03:06	locky	Catalin Cimpanu / BleepingComputer - Locky Ransomware Returns, but Targets Only Windows XP & Vista
2017-06-22 03:06	locky	tmmalanalyst / Twitter - 877727009023049729
2017-06-22 02:06	locky	06-21-2017 Locky Ransomware: Config Analysis
2017-06-21 23:06	locky	VK_Intel / Twitter - 877665385251823620
2017-06-21 22:06	locky	MarceloRivero / Twitter - 877649164447793156
2017-06-21 22:06	locky	MarceloRivero / Twitter - 877649164447793156
2017-06-21 21:06	locky	Alexander Chiu - Player 1 Limps Back Into the Ring - Hello again, Locky!
2017-06-21 15:06	locky	peterkruse / Twitter - 877541836319064064
2017-06-21 15:06	locky	Myonlinesecurity / My Online Security - The return of Locky with fake invoice emails
2017-05-10 18:05	locky	PolarToffee / Twitter - 862375490514034688
2017-05-04 16:05	locky	Swapnil Patil,Yin Hong Chang,Sudeep Singh,Robert Venal / FireEye - Dridex and Locky Return Via PDF Attachments in Latest Campaigns
2017-04-21 23:04	locky	Malwarebytes Labs / Malwarebytes Labs - Locky ransomware is back, but we already protect against it
2017-04-21 12:04	locky	Myonlinesecurity / My Online Security - The return of Locky ransomware with fake receipts malspam
2017-02-07 10:02	locky	@securityaffairs / Security Affairs - Phishme observed operators behind Locky and Sage ransomware share delivery infrastructure
2017-02-07 04:02	locky	Felix Weyne - Inside the Necurs botnet: the origin of Locky malspam
2017-02-05 04:02	locky	Trojan-Downloader:JS/Locky: Deobfuscate and Extract IOCs
2017-02-02 16:02	locky	@phishme / PhishMe - Sage and Locky Ransomware Now Sharing Delivery Infrastructure in Phishing Attacks
2017-02-01 15:02	locky	SecurityBeard / Twitter - 826821515173838849
2017-01-31 03:01	locky	Malware-Traffic-Analysis.net - Afraidgate Rig-V from 194.87.94.4 sends Locky ransomware
2017-01-19 19:01	locky	Tom Spring / Threatpost \| The first stop for security news - Locky Limps Back into Action After Lull
2017-01-18 23:01	locky	Nick Biasini - Without Necurs, Locky Struggles
2017-01-16 08:01	locky	@phishme / PhishMe - Kovter Ad Fraud Trojan Now Shipping with Locky Ransomware
2017-01-13 11:01	locky	Tomas Meskauskas / PCrisk.com - Online Security - .Odin Ransomware
2017-01-13 11:01	locky	Tomas Meskauskas / PCrisk.com - Online Security - *.thor Ransomware
2017-01-13 11:01	locky	Tomas Meskauskas / PCrisk.com - Online Security - *.zzzzz Ransomware
2017-01-13 11:01	locky	Tomas Meskauskas / PCrisk.com - Online Security - *.osiris Ransomware
2016-12-20 06:12	locky	Racco42 / Pastebin - 2016-12-20 Locky "for printing"
2016-12-19 17:12	locky	Racco42 / Pastebin - 2016-12-19 Locky "Tracking Sheet"
2016-12-19 17:12	locky	Racco42 / Pastebin - 2016-12-19 Locky "Payslip for the month Dec 2016"
2016-12-16 07:12	locky	Racco42 / Pastebin - 2016-12-16 Locky "Message from RNP00xxxxxxxxxx"
2016-12-16 06:12	locky	Racco42 / Pastebin - 2016-12-16 Locky "Subscription Details"
2016-12-16 05:12	locky	Racco42 / Pastebin - 2016-12-15 Locky "Payment Processing Problem"
2016-12-16 05:12	locky	Racco42 / Pastebin - 2016-12-16 Locky "Attached document"
2016-12-15 08:12	locky	Racco42 / Pastebin - 2016-12-15 Locky "Order Receipt"
2016-12-14 17:12	locky	Racco42 / Pastebin - 2016-12-14 Locky "Amount Payable"
2016-12-14 17:12	locky	Racco42 / Pastebin - 2016-12-14 Locky "DOC, FAX, PHOTO, SCAN_xxxx"
2016-12-14 16:12	locky	Racco42 / Pastebin - 2016-12-14 Locky "Attached document"
2016-12-14 05:12	locky	Racco42 / Pastebin - 2016-12-14 Locky "Booking confirmation"
2016-12-14 04:12	locky	Racco42 / Pastebin - 2016-12-14 Locky "Parcel Certificate"
2016-12-13 17:12	locky	Racco42 / Pastebin - 2016-12-13 Locky "a picture for you"
2016-12-13 04:12	locky	Racco42 / Pastebin - 2016-12-13 Locky "Bill for paper 2016-12-13"
2016-12-12 18:12	locky	Racco42 / Pastebin - 2016-12-12 Locky "Payment Confirmation"
2016-12-12 12:12	locky	Racco42 / Pastebin - 2016-12-12 Locky "Invoice number: xxxxx"
2016-12-12 12:12	locky	Racco42 / Pastebin - 2016-12-12 Locky "New(xxx)"
2016-12-12 10:12	locky	Racco42 / Pastebin - 2016-12-12 Locky "Attached, Copy, Emailing, File"
2016-12-12 05:12	locky	Racco42 / Pastebin - 2016-12-12 Locky "Software License"
2016-12-09 04:12	locky	Racco42 / Pastebin - 2016-12-09 Locky "Firewall Software"
2016-12-08 11:12	locky	Myonlinesecurity / My Online Security - more random orders with long random reference number malspam delivers locky
2016-12-07 02:12	locky	Racco42 / Pastebin - 2016-12-06 Locky "receipt"
2016-12-06 04:12	locky	Racco42 / Pastebin - 2016-12-06 Locky "Recent order"
2016-12-06 03:12	locky	Racco42 / Pastebin - 2016-12-05 Locky "Invoice INV0000xxxxxx"
2016-12-05 12:12	locky	SecurityBeard / Twitter - 805752739703771136
2016-12-05 07:12	locky	Racco42 / Pastebin - 2016-12-05 Locky "Please Consider This"
2016-12-05 05:12	locky	Racco42 / Pastebin - 2016-12-05 Locky "Emailing" / no subject
2016-12-05 02:12	locky	Racco42 / Pastebin - 2016-12-05 Locky "05122016xxxxxx"
2016-12-02 14:12	locky	Racco42 / Pastebin - 2016-12-02 Locky "Attached document"
2016-12-02 09:12	locky	Racco42 / Pastebin - 2016-12-02 Locky "Please Pay Attention"
2016-12-02 07:12	locky	Racco42 / Pastebin - 2016-12-02 Locky "Emailing: EPSxxxxxx"
2016-11-30 05:11	locky	Racco42 / Pastebin - 2016-11-30 Locky "Attached Image"
2016-11-30 02:11	locky	Racco42 / Pastebin - 2016-11-29 Locky "[Scan] 201611dd hh:mm:ss"
2016-11-29 12:11	locky	SecurityBeard / Twitter - 803571114144370688
2016-11-29 06:11	locky	Racco42 / Pastebin - 2016-11-29 Locky "For Your Consideration"
2016-11-28 18:11	locky	Racco42 / Pastebin - 2016-11-28 Locky "Insufficient funds"
2016-11-28 10:11	locky	Myonlinesecurity / My Online Security - Urgent Alert we have detected a suspicious money ATM withdrawal from your card delivers Locky
2016-11-28 07:11	locky	Racco42 / Pastebin - 2016-11-28 Locky "Urgent Alert"
2016-11-25 07:11	locky	Racco42 / Pastebin - 2016-11-25 Locky "Important Information"
2016-11-25 06:11	locky	Racco42 / Pastebin - 2016-11-25 Locky "Overdue Invoice"
2016-11-24 17:11	locky	Racco42 / Pastebin - 2016-11-24 Locky "It Is Important"
2016-11-24 10:11	locky	Racco42 / Pastebin - 2016-11-24 Locky "Fax transmission"
2016-11-24 07:11	locky	Racco42 / Pastebin - 2016-11-24 Locky "scan paper"
2016-11-23 15:11	locky	Racco42 / Pastebin - 2016-11-23 Locky "Attention Required"
2016-11-22 03:11	locky	Racco42 / Pastebin - 2016-11-21 Locky "Receipt"
2016-11-21 22:11	locky	Malware-Traffic-Analysis.net - "Aesir" variant Locky malspam
2016-11-21 14:11	locky	@securityaffairs / Security Affairs - Watch out, Locky ransomware spread via SVG images on Facebook Messenger
2016-11-21 10:11	locky	Myonlinesecurity / My Online Security - Locky delivered by spoofed Your Amazon.com order has dispatched
2016-11-21 10:11	locky	Myonlinesecurity / My Online Security - Locky changed to use .aesir file extension and changed C2 format
2016-11-21 10:11	locky	malwrhunterteam / Twitter - 800649796579102720
2016-11-21 04:11	locky	Racco42 / Pastebin - 2016-11-21 Locky "Spam mailout"
2016-11-09 17:11	locky	Racco42 / Pastebin - 2016-11-09 Locky "unauthorize access"
2016-11-09 15:11	locky	Racco42 / Pastebin - 2016-11-09 Locky "Message from KMBT_C220"
2016-11-09 15:11	locky	Racco42 / Pastebin - 2016-11-09 Locky "Fuel Card E-bill"
2016-11-09 04:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Your Amazon order has dispatched"
2016-11-09 01:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Fax transmission"
2016-11-08 13:11	locky	Pastebin - evening locky
2016-11-08 13:11	locky	@phishme / PhishMe - Unscrupulous Locky Threat Actors Impersonate US Office of Personnel Management to Deliver Ransomware
2016-11-08 13:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Your parcel has arrived"
2016-11-08 11:11	locky	SC Magazine US - Locky ransomware spreading via Bizarro Sundown EK
2016-11-08 11:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Order NNNNN"
2016-11-08 10:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Epson iPrint"
2016-11-08 06:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Suspicious movements"
2016-11-08 05:11	locky	Racco42 / Pastebin - 2016-11-08 Locky "Statement"
2016-11-08 04:11	locky	Racco42 / Pastebin - 2016-11-07 Locky "Financial documents"
2016-11-08 02:11	locky	Racco42 / Pastebin - 2016-11-07 Locky "Health insurance"
2016-11-08 01:11	locky	Racco42 / Pastebin - 2016-11-07 Locky "[Scan] 2016-1107"
2016-11-07 10:11	locky	Racco42 / Pastebin - 2016-11-07 Locky "Scanned image from MX2310U"
2016-11-04 16:11	locky	Racco42 / Pastebin - 2016-11-04 Locky "Please find attached invoice"
2016-11-04 10:11	locky	Brooks Li and Joseph C. Chen (Threats Analysts) / TrendLabs Security Intelligence Blog - New Bizarro Sundown Exploit Kit Spreads Locky
2016-11-04 00:11	locky	malwarebreakdown / MALWARE BREAKDOWN - Malspam Contains WSF, Downloads Locky (.thor) (/linuxsucks.php)
2016-11-03 23:11	locky	malwarebreakdown / MALWARE BREAKDOWN - “Urgent Payment Request” Malspam Leads to Locky (.thor) (/message.php)
2016-11-03 05:11	locky	Racco42 / Pastebin - 2016-11-03 Locky "Urgent payment request"
2016-11-02 16:11	locky	Racco42 / Pastebin - 2016-11-02 Locky "Fax transmission"
2016-11-02 06:11	locky	Racco42 / Pastebin - 2016-11-02 Locky "part X"
2016-11-02 05:11	locky	Racco42 / Pastebin - 2016-11-01 Locky "Invoice No. xxxxxxxx"
2016-11-02 03:11	locky	Racco42 / Pastebin - 2016-11-01 Locky "DSCFxxxx.pdf"
2016-11-01 11:11	locky	Conrad Longmore / Dynamoo - Malware spam: "This is to inform that the transaction you made yesterday is declined." leads to Locky
2016-10-31 14:10	locky	Conrad Longmore / Dynamoo - Malware spam: "SureVoIP" / "Voicemail from.." leads to Locky
2016-10-31 10:10	locky	Conrad Longmore / Dynamoo - Malware spam: "Wrong tracking number" leads to Locky
2016-10-31 08:10	locky	Racco42 / Pastebin - 2016-10-31 Locky "Document No xxxxxx"
2016-10-30 22:10	locky	malwarebreakdown / MALWARE BREAKDOWN - Malspam Leads to Locky (.shit) (/linuxsucks.php)
2016-10-28 13:10	locky	Racco42 / Pastebin - 2016-10-28 Locky "DOC, FAX, IMG, SCAN"
2016-10-27 14:10	locky	Racco42 / Pastebin - 2016-10-27 Locky "Receipt"
2016-10-25 09:10	locky	Racco42 / Pastebin - 2016-10-25 Locky "<Files> NNN"
2016-10-24 08:10	locky	Racco42 / Pastebin - 2016-10-24 Locky "Receipt"
2016-10-24 07:10	locky	Racco42 / Pastebin - 2016-10-24 Locky "Complaint letter"
2016-10-24 03:10	locky	Racco42 / Pastebin - 2016-10-24 Locky "Freebox"
2016-10-13 15:10	locky	Warren Mercer - LockyDump - All Your Configs Are Belong To Us
2016-10-06 17:10	locky	Racco42 / Pastebin - 2016-10-06 Locky "wrong paychecks"
2016-09-28 03:09	locky	Brad / SANS Internet Storm Center - Rig Exploit Kit from the Afraidgate Campaign
2016-09-28 02:09	locky	Malware-Traffic-Analysis.net - pcap and malware for an ISC diary
2016-09-27 15:09	locky	Flashpoint - Anatomy of Locky and Zepto Ransomware
2016-09-27 14:09	locky	@flashpointintel / Flashpoint - Anatomy of Locky and Zepto Ransomware
2016-09-27 00:09	locky	Brad Antoniewicz / OpenDNS Umbrella Blog - Odin is Locky's Latest Persona
2016-09-26 13:09	locky	Is it the End of Angler ?
2016-09-22 16:09	locky	SC Magazine - Locky ransomware pushers keeping things fresh using many new attachments
2016-09-22 15:09	locky	Lyle Frink / Avira Blog - Locky takes the wheel again
2016-09-22 09:09	locky	Trend Micro / TrendLabs Security Intelligence Blog - From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
2016-09-22 00:09	locky	Myonlinesecurity / My Online Security - Receipt of payment malspam delivers Locky
2016-09-21 15:09	locky	Brad / SANS Internet Storm Center - Those never-ending waves of Locky malspam
2016-09-20 02:09	locky	Racco42 / Pastebin - 2016-09-20 Locky "Tracking data"
2016-09-19 17:09	locky	Racco42 / Pastebin - 2019-09-19 Locky "<no subject>"
2016-09-19 15:09	locky	Bradley Barth, Senior Reporter / SC Magazine - Locky developers upgrade ransomware's ability to perform offline encryption
2016-09-19 11:09	locky	Racco42 / Pastebin - 2016-09-19 Locky "Tracking number"
2016-09-19 04:09	locky	Racco42 / Pastebin - 2016-09-19 Locky "Express Parcel service"
2016-09-16 22:09	locky	Diwakar Dinkar,Rahamathulla Hussain / McAfee - Locky Ransomware Hides Inside Packed .DLL
2016-09-16 19:09	locky	vkremez / GitHub - /Locky
2016-09-16 19:09	locky	vrtadmin / GitHub - /locky
2016-09-16 06:09	locky	Racco42 / Pastebin - 2016-09-16 Locky "IMG, FAX, DOC, SCAN"
2016-09-16 05:09	locky	Racco42 / Pastebin - 2016-09-16 Locky "Re: request"
2016-09-15 15:09	locky	SC Magazine - Quant Loader trojan downloader spotted in the wild
2016-09-15 12:09	locky	reminesjoseph / The Merkle - Analysis of New Trojan Reveals That it Might Not be so New
2016-09-14 15:09	locky	Racco42 / Pastebin - 2016-09-14 Locky "Renewed License"
2016-09-14 05:09	locky	Racco42 / Pastebin - 2016-09-14 Locky "Delivery confirmation: XXXXXX"
2016-09-14 03:09	locky	Racco42 / Pastebin - 2016-09-14 Locky "Account report"
2016-09-13 18:09	locky	Racco42 / Pastebin - 2016-09-13 Locky "payment copy"
2016-09-13 17:09	locky	Racco42 / Pastebin - 2016-09-13 Locky "Equipment receipts"
2016-09-13 04:09	locky	Racco42 / Pastebin - 2016-09-13 Locky "Accounts Documentation - Invoices"
2016-09-13 03:09	locky	Racco42 / Pastebin - 2016-09-02 Locky "xxxxxgif, xxxxxtiff, xxxxxpdf"
2016-09-13 02:09	locky	Racco42 / Pastebin - 2016-09-05 Locky "Credit card receipt"
2016-09-12 18:09	locky	Racco42 / Pastebin - 2016-09-06 Locky "Invoice INV0000xxxxx"
2016-09-12 17:09	locky	Pastebin - locky Confirmation letter
2016-09-12 17:09	locky	Racco42 / Pastebin - 2016-09-12 Locky "Budget report"
2016-09-12 09:09	locky	Racco42 / Pastebin - 2016-09-12 Locky & Pony "Image / Photo / Document / Picture"
2016-09-12 04:09	locky	Racco42 / Pastebin - 2016-09-12 Locky "Please find attached invoice no xxxxx"
2016-09-09 09:09	locky	Racco42 / Pastebin - Locky "Documents Requested"
2016-09-08 09:09	locky	Racco42 / Pastebin - Locky "<number>.(gif\|png\|jpg\|tiff\|docx\|pdf)"
2016-09-08 06:09	locky	Racco42 / Pastebin - Locky "[Vigor2820 Series] New voice mail message from"
2016-09-07 04:09	locky	Racco42 / Pastebin - Locky "Agreement form"
2016-09-06 15:09	locky	Racco42 / Pastebin - Locky "Suspected Purchases"
2016-09-06 05:09	locky	Pastebin - Locky "August invoice"
2016-09-06 02:09	locky	Pastebin - Locky "Copy"
2016-09-06 00:09	locky	Malware Breakdown: Malspam contains ZIP'd WSF that retrieves Locky
2016-09-06 00:09	locky	Myonlinesecurity / My Online Security - Invoice INV0000385774 malspam delivers Locky
2016-09-05 15:09	locky	Pastebin - Locky "87b3ff3rc"
2016-09-05 14:09	locky	Racco42 / Pastebin - Locky "copies"
2016-09-05 14:09	locky	0xtadavie / Twitter - 772796495280111616
2016-09-05 08:09	locky	Conrad Longmore / Dynamoo - Malware spam: "We are sending you the credit card receipt from yesterday. Please match the card number and amount."
2016-09-02 05:09	locky	Racco42 / Pastebin - Locky "@icloud.com"
2016-09-02 04:09	locky	Racco42 / Pastebin - Locky "old office facilities"
2016-09-01 18:09	locky	Racco42 / Pastebin - Locky "Scanned image from MX2301U"
2016-09-01 14:09	locky	Racco42 / Pastebin - Locky "Travel expense sheet"
2016-09-01 06:09	locky	Racco42 / Pastebin - Locky "Please find attached invoice no:"
2016-09-01 05:09	locky	Racco42 / Pastebin - Locky "Confirmation"
2016-08-31 17:08	locky	Racco42 / Pastebin - Locky "Voice Message from Outside Caller"
2016-08-31 14:08	locky	Racco42 / Pastebin - Locky "flight tickets"
2016-08-31 08:08	locky	Racco42 / Pastebin - Locky "jhBHTYl"
2016-08-31 03:08	locky	Racco42 / Pastebin - Locky "bank transactions"
2016-08-30 17:08	locky	Racco42 / Pastebin - Locky "FW: [Scan] 2016-08-13"
2016-08-30 08:08	locky	Racco42 / Pastebin - Locky "987nkjh8"
2016-08-29 11:08	locky	Brooks Li (Threats Analyst) / TrendLabs Security Intelligence Blog - Locky Ransomware Now Downloaded as Encrypted DLLs
2016-08-29 11:08	locky	Brooks Li (Threats Analyst) / TrendLabs Security Intelligence Blog - Locky Ransomware Now Downloaded as Encrypted DLLs
2016-08-29 08:08	locky	Racco42 / Pastebin - Locky "Please find attached invoice no. X"
2016-08-29 06:08	locky	Racco42 / Pastebin - Locky "Commission"
2016-08-26 13:08	locky	SC Magazine - Latest Locky version on the loose
2016-08-24 00:08	locky	Myonlinesecurity / My Online Security - Emailing: Image15.jpg malspam using HTA files delivers Locky ransomware
2016-08-22 00:08	locky	Myonlinesecurity / My Online Security - Today’s fax malspam word macros leads to Locky ransomware
2016-08-19 19:08	locky	Healthcare IT News - Massive Locky ransomware attacks hit U.S. hospitals
2016-08-19 15:08	locky	@securityaffairs / Security Affairs - A new LOCKY ransomware campaign targets the healthcare
2016-08-19 05:08	locky	Pastebin - Untitled
2016-08-18 22:08	locky	Malware-Traffic-Analysis.net - Afraidgate Neutrino EK from 176.31.223.167 sends Locky ransomware
2016-08-18 15:08	locky	Tom Spring / Threatpost \| The first stop for security news - Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
2016-08-18 15:08	locky	Danny Palmer / ZDNet - 'Massive' Locky ransomware campaign targets hospitals
2016-08-18 14:08	locky	Conrad Longmore / Dynamoo - Malware spam: "The office printer is having problems so I've had to email the UPS label"
2016-08-18 01:08	locky	Catalin Cimpanu / softpedia - Locky Ransomware Spam Campaigns Switch to Macro-Based Distribution
2016-08-17 16:08	locky	Ronghwa Chong / FireEye - Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
2016-08-16 09:08	locky	Pastebin - locky downloads subject: blank 2
2016-08-15 13:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Jen [Jen@purple-office.com]" / "Documents from Purple Office - IN00003993"
2016-08-15 12:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Emma Critchley (emmacritchley@advantage-finance.co.uk)" / "Emailing - 9104896607509"
2016-08-15 10:08	locky	Conrad Longmore / Dynamoo - Malware spam: "orderconfirmation@esab.co.uk" / "Order Confirmation-7069-2714739-20160815-292650"
2016-08-15 00:08	locky	Trend Micro / TrendLabs Security Intelligence Blog - New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files
2016-08-12 15:08	locky	Conrad Longmore / Dynamoo - Malware spam: This E-mail was sent from "CUKPR0329001" (Aficio MP C305).
2016-08-11 12:08	locky	Conrad Longmore / Dynamoo - Malware spam: "New Doc" / "Scanned by CamScanner" / "Sent from Yahoo Mail on Android"
2016-08-09 05:08	locky	Racco42 / Pastebin - Locky "Documents Requested"
2016-08-08 05:08	locky	Racco42 / Pastebin - Locky "988g765f"
2016-08-07 23:08	locky	Catalin Cimpanu / softpedia - Security Researcher Tricks Tech Support Scammer Into Installing Locky Ransomware
2016-08-05 04:08	locky	Racco42 / Pastebin - Locky "8t76v45"
2016-08-04 16:08	locky	Racco42 / Pastebin - Locky "Budget Reports"
2016-08-04 11:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Please sign the receipt attached for the arrival of new office facilities." leads to Locky
2016-08-04 10:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Business card" / "I have attached the new business card design." leads to Locky
2016-08-04 04:08	locky	Racco42 / Pastebin - Locky "Business card"
2016-08-04 04:08	locky	Racco42 / Pastebin - Locky "h78r3gfe"
2016-08-03 12:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Confirmation letter" leads to Locky
2016-08-03 10:08	locky	Conrad Longmore / Dynamoo - Malware spam: "As you directed, I send the attachment containing the data about the new invoices"
2016-08-03 07:08	locky	Racco42 / Pastebin - Locky "Confirmation letter"
2016-08-03 06:08	locky	Racco42 / Pastebin - Locky "Fw: New invoices"
2016-08-03 03:08	locky	Racco42 / Pastebin - Locky "report"
2016-08-03 00:08	locky	Conrad Longmore / Dynamoo - Malware spam: "I attached the project status report in order to update you about the last meeting"
2016-08-02 11:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Please see the attached last month’s paid bills for the company" leads to Locky
2016-08-02 05:08	locky	Racco42 / Pastebin - Locky "Paid bills"
2016-08-01 14:08	locky	Lawrence Abrams / BleepingComputer - Zepto Ransomware Locky Variant being distributed via WSF Attachments
2016-08-01 14:08	locky	Racco42 / Pastebin - Locky "Sales charts"
2016-08-01 13:08	locky	Conrad Longmore / Dynamoo - Malware spam: "Please review the attached corrected annual report." / "Corrected report"
2016-07-29 11:07	locky	Conrad Longmore / Dynamoo - Malware spam: "Voicemail from Anonymous" / SureVoIP [voicemailandfax@surevoip.co.uk]
2016-07-29 10:07	locky	Brad Duncan / Palo Alto Networks - Afraidgate: Major Exploit Kit Campaign Switches from CryptXXX Ransomware Back to Locky
2016-07-29 05:07	locky	Racco42 / Pastebin - Locky "Bank account record"
2016-07-29 03:07	locky	Racco42 / Pastebin - Locky "Foundation plan"
2016-07-28 10:07	locky	@itproportal / ITProPortal - Two thirds of malicious emails in Q2 contained Locky \| .com
2016-07-28 10:07	locky	@reaqta / ReaQta - Locky Dropper Now Comes Embedded in the Loader
2016-07-28 08:07	locky	Racco42 / Pastebin - Locky "Scanned image from copier"
2016-07-27 19:07	locky	Racco42 / Pastebin - Locky "annual report"
2016-07-27 06:07	locky	Racco42 / Pastebin - Locky "updated details"
2016-07-26 09:07	locky	Racco42 / Pastebin - Locky "list of activities"
2016-07-26 06:07	locky	Racco42 / Pastebin - Locky "okp987g7v"
2016-07-25 21:07	locky	Cybrary - PowerWare Ransomware Masquerades as Locky to Intimidate Victims
2016-07-25 12:07	locky	Conrad Longmore / Dynamoo - Malware spam: "Emailing: Photo 25-07-2016, 34 80 10" / "Emailing: Document 25-07-2016, 72 35 48"
2016-07-25 08:07	locky	Pastebin - Untitled
2016-07-25 06:07	locky	Pastebin - Untitled
2016-07-22 06:07	locky	Pastebin - Untitled
2016-07-20 07:07	locky	Pastebin - Locky
2016-07-19 20:07	locky	Malware-Traffic-Analysis.net - Afraidgate Neutrino EK from 5.2.72.114 sends Locky ransomware
2016-07-18 17:07	locky	Greg Leah / Cloudmark Security Blog - Locky Actors Shift to .wsf Attachments
2016-07-18 12:07	locky	Pastebin - Untitled
2016-07-18 05:07	locky	Pastebin - Untitled
2016-07-16 15:07	locky	Pastebin - Untitled
2016-07-15 06:07	locky	Pastebin - New Locky distribution sites - 15/07/2016
2016-07-15 01:07	locky	Malware-Traffic-Analysis.net - Afraidgate Neutrino EK from 5.2.72.236 sends Locky ransomware
2016-07-14 20:07	locky	Lucian Constantin / PCWorld - New Locky ransomware version can operate in offline mode
2016-07-14 20:07	locky	Lucian Constantin / PCWorld - New Locky ransomware version can operate in offline mode
2016-07-14 16:07	locky	Pastebin - Untitled
2016-07-13 18:07	locky	Lyle Frink / Avira Blog - Locky goes offline (by design)
2016-07-13 09:07	locky	Päivi Tynninen / News from the Lab - A New High For Locky
2016-07-12 21:07	locky	Conrad Longmore / Dynamoo - Malware spam: "Please find attached the profile of Mr.X for a suitable role in your Organisation" leads to Locky
2016-07-12 17:07	locky	Pastebin - Locky 2016-07-12 #2, Subject: Profile
2016-07-12 14:07	locky	Conrad Longmore / Dynamoo - Malware spam: "Here's that excel file (latest invoices) that you wanted." leads to Locky
2016-07-12 09:07	locky	Pastebin - New Locky distribution sites - 12/07/2016
2016-07-06 13:07	locky	Conrad Longmore / Dynamoo - Malware spam with random hexadecimal number leads to Locky
2016-07-05 13:07	locky	Conrad Longmore / Dynamoo - Malware spam: "Scanned image" leads to Locky
2016-07-05 09:07	locky	Pastebin - Untitled
2016-07-01 04:07	locky	Sudeep Singh,Jonell Baltazar ,Joonho Sa / FireEye - Locky is Back Asking for Unpaid Debts
2016-06-29 22:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Documents copies" / "I am sending copies of the documents as attachments."
2016-06-29 16:06	locky	Pastebin - Untitled
2016-06-29 12:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Financial report" / "I have attached the financial report you requested."
2016-06-29 12:06	locky	reddit - Locky ransomware new campaign payload nodes and callback CNC nodes • /r/Malware
2016-06-29 12:06	locky	reddit - Locky ransomware new campaign payload nodes and callback CNC nodes • /r/Malware
2016-06-29 12:06	locky	reddit - Locky ransomware campaign June 25th 2015 • /r/Malware
2016-06-29 12:06	locky	reddit - Locky Ransomware campaign June 27th 2016 • /r/Malware
2016-06-29 12:06	locky	reddit - Locky Ransomware campaign June 27th 2016 • /r/Malware
2016-06-29 12:06	locky	reddit - Locky ransomware campaign June 28th 2016 • /r/Malware
2016-06-28 10:06	locky	Conrad Longmore / Dynamoo - Malware spam: "report" / "I致e attached the report you asked me to send." leads to Locky
2016-06-28 03:06	locky	Malware-Traffic-Analysis.net - Monday malspam hunt - Locky
2016-06-27 21:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Updated" / "Attached please find the documents you requested.." / "King regards"
2016-06-27 15:06	locky	SecurityWeek News - New Locky Variants Change Communication Patterns \| SecurityWeek.Com
2016-06-27 14:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Requested document" / "The document you requested is attached" leads to Locky
2016-06-27 12:06	locky	Conrad Longmore / Dynamoo - Malware spam: DOC1234 / document4321 / Document56789 leads to Locky
2016-06-27 00:06	locky	Nicholas Griffin - Locky Returned With A New Anti-VM Trick \| Forcepoint
2016-06-24 11:06	locky	Kevin Townsend - 50 Hackers Using Lurk Banking Trojan Arrested in Russia \| SecurityWeek.Com
2016-06-24 11:06	locky	SecurityWeek News - Macro Malware Makes Improvements on Hiding Malicious Code \| SecurityWeek.Com
2016-06-24 11:06	locky	SecurityWeek News - Locky Campaign Ramps Up as Necurs Botnet Returns \| SecurityWeek.Com
2016-06-24 06:06	locky	Locky JS and URL Revealer \| Kahu Security
2016-06-23 09:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Final version of the report" probably leads to Locky
2016-06-22 16:06	locky	Alberto Ortega / Nibbleblog - Undefined blog title - Plug it, play it, burn it, rip it - rdtsc x86 instruction to detect virtual machines
2016-06-22 15:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Corresponding Invoice" leads to Locky
2016-06-22 07:06	locky	hFireF0X / Twitter - 745526542663487488
2016-06-22 02:06	locky	malcat - Return of Locky – Malcat! Mew!
2016-06-21 19:06	locky	Conrad Longmore / Dynamoo - Malware spam: "Please find attached our invoice for services rendered and additional disbursements in the above-mentioned matter."
2016-06-21 17:06	locky	Pastebin - New Locky distribution sites - 22/06/2016
2016-06-21 14:06	locky	MalwareTech - What's Happening with Necurs, Dridex, and Locky? \|
2016-06-06 16:06	locky	GossiTheDog / Twitter - 739859770379751424
2016-06-01 02:06	locky	Spiceworks, Inc. / The Spiceworks Community - Locky Ransomware - Encrypts Documents, Databases, Code, BitCoin Wallets and ...
2016-06-01 02:06	locky	Peter Nelson - Locky Ransomware Analysis - Stern Security
2016-06-01 02:06	locky	LookingGlass Cyber Solutions Inc. - Widespread Malspam Campaign Delivering Locky Ransomware
2016-06-01 02:06	locky	SecurityWeek News - Locky Ransomware Gets New Infection Vector, Improved Evasion \| SecurityWeek.Com
2016-06-01 02:06	locky	Jonell Baltazar ,Joonho Sa / FireEye - New Downloader for Locky
2016-05-31 14:05	locky	Website - Evolution And History Of Locky Ransomware \| BCW
2016-05-31 14:05	locky	Malware-Traffic-Analysis.net - Tuesday malspam hunt - more Locky (always more Locky)
2016-05-31 11:05	locky	Conrad Longmore / Dynamoo - Malware spam: "You have 1 new message from bank manager. To read it, please open the attachment down below. "
2016-05-31 11:05	locky	SensePost \| Understanding locky
2016-05-31 00:05	locky	Myonlinesecurity / My Online Security - Fraudlent Behavior – Account Suspended malspam delivers #Locky
2016-05-30 10:05	locky	@reaqta / ReaQta - Locky Ransomware Shipping With a New Loader
2016-05-27 14:05	locky	Update your Browser - Browser-Update.org
2016-05-27 13:05	locky	Lucian Constantin / Network World - New JavaScript spam wave distributes Locky ransomware
2016-05-27 13:05	locky	Lucian Constantin / Network World - New JavaScript spam wave distributes Locky ransomware
2016-05-27 11:05	locky	Conrad Longmore / Dynamoo - Malware spam: "As per our discussion yesterday, please find attached the amended meeting minutes."
2016-05-27 10:05	locky	Conrad Longmore / Dynamoo - Malware spam: "Neue Abrechnung Nr. 746441" / support@sipcall.de
2016-05-27 00:05	locky	@youtube / YouTube - Malware Analysis - Unpacking Locky with VirtualAlloc
2016-05-27 00:05	locky	Myonlinesecurity / My Online Security - » Neue Abrechnung Nr. 090092 support@sipcall.org delivers malware
2016-05-26 16:05	locky	Tom Spring / Threatpost \| The first stop for security news - Amazon Users Targets of Massive Locky Spear-Phishing Campaign
2016-05-26 10:05	locky	Conrad Longmore / Dynamoo - Malware spam: "Please find attached a document containing our responses to the other points which we discussed.."
2016-05-25 13:05	locky	Conrad Longmore / Dynamoo - Malware spam: "Weekly report" / "Please find attached the Weekly report."
2016-05-25 12:05	locky	Conrad Longmore / Dynamoo - Malware spam: "URGENT - DELIVERY" / "Jobin Jacob / "HYTEX"
2016-05-25 11:05	locky	Conrad Longmore / Dynamoo - Malware spam: "Operational Expense" leads to Locky
2016-05-24 12:05	locky	Retooled Locky Ransomware Pummels Healthcare Sector
2016-05-24 00:05	locky	Myonlinesecurity / My Online Security - » SAFARI LPO [MAL] 337659 leads to Locky
2016-05-24 00:05	locky	Myonlinesecurity / My Online Security - » We Have Received Your Payment – Thank You (#49407B2) delivers Locky
2016-05-23 11:05	locky	Conrad Longmore / Dynamoo - Malware spam: "Please find attached the file we spoke about yesterday" leads to Locky
2016-05-21 13:05	locky	Tom Spring / Threatpost \| The first stop for security news - Microsoft Warns of Sneaky New Macro Trick
2016-05-11 12:05	locky	Conrad Longmore / Dynamoo - Malware spam: Emailing: Photo 05-11-2016, 03 26 04
2016-05-11 00:05	locky	Myonlinesecurity / My Online Security - » SPAM MALWARE: “Emailing: Photo 05-11-2016, 82 95 82” delivers #Locky
2016-05-11 00:05	locky	Myonlinesecurity / My Online Security - » SPAM MALWARE: random subjects “You may refer to the attached document for details” delivers #Locky
2016-05-10 20:05	locky	Conrad Longmore / Dynamoo - Malware spam: "As promised, the document you requested is attached" leads to Locky
2016-05-10 17:05	locky	Malware-Traffic-Analysis.net - Tuesday malspam hunt - Cerber, Locky, and Portuguese malspam
2016-05-07 20:05	locky	@securityaffairs / Security Affairs - STUPID LOCKY! Hackers disrupted a Locky ransomware Campaing
2016-05-06 00:05	locky	Myonlinesecurity / My Online Security - » I have attached the spreadsheet contains last 50 transaction and your account actual balance – JS malware delivers Locky
2016-05-06 00:05	locky	Myonlinesecurity / My Online Security - » Sent from my Samsung device Scan – word doc macro malware delivering #Locky
2016-05-05 15:05	locky	Yuri Ilyin / Kaspersky Lab Business Blog - Ransomware: surprising champions
2016-05-03 12:05	locky	Conrad Longmore / Dynamoo - Malware spam: "You Are Fired" leads to Locky
2016-05-03 00:05	locky	Myonlinesecurity / My Online Security - » FINAL NOTICE – OUTSTANDING ACCOUNT – JS malware delivers #Locky
2016-05-02 23:05	locky	AES-128 Locky Ransomware - How to Remove Malware - Malware [Beta] - Sophos Community
2016-05-02 09:05	locky	Lyle Frink / Avira Blog - Locky ransomware goes into lockdown mode
2016-04-29 10:04	locky	Conrad Longmore / Dynamoo - Malware spam: "Second Reminder - Unpaid Invoice"
2016-04-29 08:04	locky	Conrad Longmore / Dynamoo - Malware spam: "Attached Doc" / "Attached Image" / "Attached Document" / "Attached File"
2016-04-29 03:04	locky	Trend Micro / TrendLabs Security Intelligence Blog - Locky Ransomware Spreads via Flash and Windows Kernel Exploits
2016-04-28 11:04	locky	Conrad Longmore / Dynamoo - Malware spam: "FW: Invoice" from multiple senders
2016-04-28 10:04	locky	Conrad Longmore / Dynamoo - Minimalist spam leads to Locky ransomware
2016-04-28 00:04	locky	Myonlinesecurity / My Online Security - RE: Outstanding Account – JS malware »
2016-04-28 00:04	locky	Myonlinesecurity / My Online Security - FW: Invoice – JS malware »
2016-04-27 15:04	locky	Conrad Longmore / Dynamoo - Malware spam: Message from "RNP0BB8A7" / CLAUDIA MARTINEZ leads to Locky
2016-04-27 11:04	locky	Conrad Longmore / Dynamoo - Malware spam: "Thank you. Our latest price list is attached. For additional information, please contact your local ITT office."
2016-04-27 00:04	locky	Myonlinesecurity / My Online Security - Please see attached file regarding clients recent bill – JS malware »
2016-04-19 13:04	locky	Conrad Longmore / Dynamoo - Malware spam: "Facture : 1985 corrigée" / "Louis - Buvasport [louis64@buvasport.com]"
2016-04-19 02:04	locky	"Locky" Ransomware Encrypts Unmapped Network Shares \| SecurityWeek.Com
2016-04-19 02:04	locky	Macro Malware Dridex, Locky Using Forms to Hide Code \| SecurityWeek.Com
2016-04-18 16:04	locky	David Bisson / Graham Cluley - Decryption tool released for Locky ransomware impersonator
2016-04-16 17:04	locky	Lawrence Abrams / BleepingComputer - Decrypted: The new AutoLocky Ransomware fails to impersonate Locky
2016-04-12 14:04	locky	Neera Desai,Ronnie Tokazowski,Paul Burbage,Brendan Griffin / PhishMe - RockLoader – New Upatre-like Downloader Pushed by Dridex, Downloads all the Malwares
2016-04-11 11:04	locky	Check Point Blog - New Locky Variant Implements Evasion Techniques \|
2016-04-07 12:04	locky	Nyebodnye / My Online Security - Your Latest Documents from Angel Springs Ltd [STA054C] – word doc macro malware leads to Locky Ransomware
2016-04-07 12:04	locky	TechHelpList.com - Dossier n° ... - CABINET BETTAN - Malware
2016-04-06 23:04	locky	Proofpoint - Locky Ransomware Cybercriminals Continue Email Campaign Innovation, Introduce New RockLoader Malware \| Proofpoint
2016-04-05 18:04	locky	Tom Spring / Threatpost \| The first stop for security news - Locky Variant Changes C2 Communication, Found in Nuclear EK
2016-04-05 07:04	locky	Fedor Sinitsyn - Locky: the encryptor taking the world by storm - Securelist
2016-04-04 11:04	locky	Check Point Blog - New Locky Ransomware Variant Implementing Changes in Communication Patterns
2016-04-04 10:04	locky	Diego Perez,Diego Perez / We Live Security - Analysis of the Locky infection process
2016-04-01 14:04	locky	Sylvain Sarméjeanne / Lexsi Security Hub - A new dynamic vaccine against Locky
2016-04-01 14:04	locky	Sylvain Sarméjeanne / Lexsi Security Hub - A new dynamic vaccine against Locky
2016-03-25 00:03	locky	Haowei Ren,Jonell Baltazar ,Joonho Sa,Ronghwa Chong,Alex Berry / FireEye - Surge in Spam Campaign Delivering Locky Ransomware Downloaders
2016-03-23 16:03	locky	Sean Gallagher / Ars Technica - Kentucky hospital hit by ransomware attack
2016-03-22 11:03	locky	Sylvain Sarméjeanne / Lexsi Security Hub - Abusing bugs in the Locky ransomware to create a vaccine (update 2)
2016-03-22 00:03	locky	Brian Krebs - Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection — Krebs on Security
2016-03-21 13:03	locky	Brad Duncan / Palo Alto Networks - Locky Ransomware Installed Through Nuclear EK
2016-03-12 00:03	locky	Marc Rivero López / McAfee - Locky Ransomware Arrives via Email Attachment
2016-03-10 22:03	locky	Tom Spring / Threatpost \| The first stop for security news - Locky Ransomware Spreading in Massive Spam Attack
2016-03-10 00:03	locky	Avast - A closer look at the Locky ransomware
2016-03-08 13:03	locky	TechHelpList.com - Compensation - Reference Number #... - Malware
2016-03-08 00:03	locky	Fortinet Blog - CryptoWall, TeslaCrypt and Locky: A Statistical Perspective
2016-03-07 12:03	locky	TechHelpList.com - E-Service (Europe) Ltd Invoice No: ... - Malware
2016-03-04 10:03	locky	Russell Nolen,Russell Nolen / Carbon Black - Tracking Locky Ransomware Using
2016-03-03 07:03	locky	Alan Woodward - Tor Suddenly Goes Into Reverse (Again)
2016-03-03 01:03	locky	SC Magazine UK - .Onion address growth suggests Locky surge
2016-03-02 07:03	locky	Check Point Blog - Locky Ransomware
2016-03-01 13:03	locky	TechHelpList.com - Delay with Your Order #..., Invoice #... - Malware
2016-03-01 00:03	locky	Hasherezade / Malwarebytes Labs - Look Into Locky Ransomware
2016-02-29 09:02	locky	Ian Murphy / Enterprise Times - Forcepoint exposes Locky domains
2016-02-26 09:02	locky	Alan Woodward - Is Locky Back?
2016-02-25 11:02	locky	Pastebin - locky download urls - 2016-02-25-A
2016-02-25 10:02	locky	Alan Woodward - Tor Hidden Services Yoyo
2016-02-22 18:02	locky	Andy Patel / News from the Lab - Locky: Clearly Bad Behavior
2016-02-21 11:02	locky	Alan Woodward - Curiouser & Curiouser: Tor Hidden Services Rollercoaster Continues
2016-02-20 18:02	locky	DidierStevens / SANS Internet Storm Center - Locky: JavaScript Deobfuscation
2016-02-19 13:02	locky	Alan Woodward - Is The Tor Increase Malware?
2016-02-19 11:02	locky	Nicholas Griffin - The Many Evolutions of Locky \| Forcepoint
2016-02-19 09:02	locky	Kevin Beaumont / Medium - Locky experiments with Windows Script Host delivery
2016-02-19 02:02	locky	SR-FI_Team - Feeling even Locky-er
2016-02-19 00:02	locky	sofia.luis / HubSpot - Locky ransomware, metrics and protection
2016-02-18 20:02	locky	@LG_CTIG / Dead Drop - Fake Invoice Malspam Campaign Delivering Locky Ransomware
2016-02-18 12:02	locky	TechHelpList.com - Invoice - finds you well - various - Malware
2016-02-18 11:02	locky	Heimdal Security Blog - Security Alert: New Locky Ransomware Shows Off through Rampant Distribution
2016-02-18 11:02	locky	Chris Brook / Threatpost \| The first stop for security news - Locky Ransomware Borrows Tricks from Dridex
2016-02-18 09:02	locky	Conrad Longmore - Dynamoo's Blog: Malware spam: Copy of Invoice 20161802-12345678 leads to Locky ransomware
2016-02-18 00:02	locky	Rakesh Krishnan / The Hacker News - How Just Opening an MS Word Doc Can Hijack Every File On Your System
2016-02-18 00:02	locky	Symantec Security Response - Locky ransomware on aggressive hunt for victims
2016-02-17 22:02	locky	Brendan Griffin / PhishMe - Locky - New Malware Borrowing Ideas From Dridex and Other Ransomware
2016-02-17 14:02	locky	http://www.theinquirer.net - Dridex-style 'Locky' ransomware is infecting machines via Microsoft Word \| TheINQUIRER
2016-02-17 12:02	locky	Paul Ducklin / Naked Security - “Locky” ransomware – what you need to know
2016-02-17 10:02	locky	Milena Dimitrova - AES-128 Encryption Employed by Locky Ransomware
2016-02-17 09:02	locky	Rady - Locky Ransomware \| malekal's site
2016-02-17 02:02	locky	Fortinet Blog - A Closer Look at Locky Ransomware
2016-02-17 01:02	locky	AlienVault / OTX - Locky: New Ransomware Mimics Dridex-Style Distribution
2016-02-17 00:02	locky	Win32/Filecoder.Locky.A \| ESET Virusradar
2016-02-17 00:02	locky	Proofpoint - Dridex Actors Get In the Ransomware Game With "Locky" \| Proofpoint
2016-02-17 00:02	locky	Proofpoint - Dridex Actors Get In the Ransomware Game With "Locky" \| Proofpoint
2016-02-16 17:02	locky	Lawrence Abrams / BleepingComputer - The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
2016-02-16 17:02	locky	Kevin Beaumont / Medium - Locky ransomware virus spreading via Word documents
2016-02-16 16:02	locky	Brandon Levene,Micah Yates,Rob Downs / Palo Alto Networks - Locky: New Ransomware Mimics Dridex-Style Distribution
2016-02-16 00:02	locky	Malekal's forum • Locky Ransomware (Crypto-Ransomware) : Ransomware
2016-02-01 13:02	locky	Graham Cluley - Email from your photocopier? It could be a malware attack
2016-02-01 11:02	locky	Dennis Schirrmacher / Security - Aktuell im Umlauf: Trojaner-Mail im Namen des Kopierers verschickt
2016-01-21 16:01	locky	by - Locky Variant Changes C2 Communication, Found in Nuclear EK – Tech Win
2015-12-15 15:12	locky	Kate Kochetkova - Locky ransomware: one email can take all data away
2015-10-19 07:10	locky	L. Maik - Remove Locky Ransomware and Restore .locky Encrypted Files \|
2015-10-14 18:10	locky	Forbes Welcome
2015-08-26 09:08	locky	Brooks Li (Threats Analyst) / TrendLabs Security Intelligence Blog - You searched for Locky
2014-04-01 17:04	locky	Lucian Constantin / Computerworld - Free Bitdefender tool prevents Locky, other ransomware infections, for now
2008-03-01 02:03	locky	Nick / Microsoft Malware Protection Center - Malicious macro using a sneaky new trick
2008-03-01 02:03	locky	adwbust / Microsoft Malware Protection Center - JavaScript-toting spam emails: What should you know and how to avoid them?
1988-01-20 04:01	locky	Cloud Security Solutions \| Zscaler - A look at Locky ransomware

Info for sibling families:

Published	Family	Author - Title
	necurs	https://www.blueliv.com/necurs-one-of-the-worlds-biggest-botnets-today/
2018-10-04 02:10	kovter	Kovter Malware Fileless Persistence Mechanism - IBM X-Force Collection
2018-10-04 01:10	kovter	Threat Spotlight: The Truth About Fileless Malware
2018-10-04 01:10	kovter	Threat Spotlight: Kovter Malware Fileless Persistence Mechanism
2018-09-07 15:09	kovter	Brandon Wunderle - Kovter Killer: How to Remediate the APT of Clickjacking »
2018-01-18 16:01	necurs	Jaeson Schultz - The Many Tentacles of the Necurs Botnet
2017-11-01 20:11	necurs	Malware-Traffic-Analysis.net - Necurs Botnet malspam continues pushing Locky
2017-11-01 01:11	necurs	Malware-Traffic-Analysis.net - Necurs Botnet malspam stops using DDE, still uses Word docs to push Locky
2017-10-31 13:10	necurs	Myonlinesecurity / My Online Security - blank emails with fake invoice attachments deliver Locky ransomware via word docs with embedded OLE objects
2017-10-30 20:10	necurs	Malware-Traffic-Analysis.net - Necurs Botnet malspam uses DDE attack to push Locky
2017-10-24 23:10	necurs	Malware-Traffic-Analysis.net - Necurs Botnet malspam uses DDE attack to push Locky
2017-10-24 18:10	necurs	Myonlinesecurity / My Online Security - Locky ransomware delivered via DDE exploit Scan Data malspam no-reply@victim domain
2017-10-24 12:10	necurs	Myonlinesecurity / My Online Security - Another Locky ransomware fake Invoice malspam campaign using DDE "exploit"
2017-10-19 20:10	necurs	Brad / SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.
2017-08-18 08:08	kovter	KOVTER: An Evolving Malware Gone Fileless - Security News - Trend Micro USA
2017-07-31 16:07	necurs	NECURS: The Malware That Breaks Your Security - Threat Encyclopedia - Trend Micro USA
2017-07-31 16:07	necurs	Backdoor.Necurs!gen8 Technical Details \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs!gen7 Technical Details \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs!gen5 Technical Details \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs!gen4 Technical Details \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs!gen3 \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs!gen2 Technical Details \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs!gen1 Technical Details \| Symantec
2017-07-31 16:07	necurs	Backdoor.Necurs Technical Details \| Symantec
2017-07-31 16:07	necurs	Necurs Tracker
2017-07-14 02:07	nemucod	SANS Internet Storm Center - InfoSec Handlers Diary Blog - NemucodAES and the malspam that distributes it
2017-07-10 19:07	kovter	Malware-Traffic-Analysis.net - More UPS-themed malspam pushing Kovter/Nemucod ransomware
2017-07-10 19:07	kovter	Malware-Traffic-Analysis.net - More UPS-themed malspam pushing Kovter/Nemucod ransomware
2017-07-10 19:07	nemucod	Malware-Traffic-Analysis.net - More UPS-themed malspam pushing Kovter/Nemucod ransomware
2017-07-04 01:07	kovter	Malware-Traffic-Analysis.net - More UPS-themed malspam pushing Kovter malspam
2017-06-30 00:06	kovter	Malware-Traffic-Analysis.net - Kovter malspam - UPS delivery theme
2017-06-30 00:06	kovter	Malware-Traffic-Analysis.net - Kovter malspam - UPS delivery theme
2017-06-29 07:06	kovter	Myonlinesecurity / My Online Security - return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload
2017-06-29 07:06	kovter	Myonlinesecurity / My Online Security - return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload
2017-06-21 21:06	necurs	Alexander Chiu - Player 1 Limps Back Into the Ring - Hello again, Locky!
2017-06-13 14:06	necurs	Myonlinesecurity / My Online Security - A busy day with necurs botnet mass malspamming multiple Trickbot campaigns and Jaff ransomware thrown into the mix
2017-06-12 18:06	kovter	Analysis of Kovter, a Very Clever Piece of Malware – VIPRE Labs
2017-06-10 03:06	kovter	ItsReallyNick / Twitter - 873385083717144577
2017-06-08 21:06	necurs	MalwareTech - What’s Happening with Necurs, Dridex, and Locky?
2017-06-08 21:06	necurs	motherboard / Motherboard - One of the World's Largest Botnets Has Vanished
2017-06-08 21:06	necurs	NJCCIC Media / NJCCIC - Necurs
2017-06-08 19:06	necurs	Necurs Rootkit – Not New But Spreading Fast Warns Microsoft
2017-06-08 19:06	necurs	sofia.luis / HubSpot - Necurs Proxy module with DDOS features
2017-06-08 19:06	necurs	sofia.luis / HubSpot - Necurs Proxy module with DDOS features
2017-06-08 18:06	necurs	Necurs Tracker
2017-06-08 18:06	necurs	@flashpointintel / Flashpoint - Necurs Botnet Fuels Campaigns Spreading Jaff Ransomware
2017-06-08 18:06	necurs	@prezi / prezi.com - The Necurs Rootkit
2017-06-08 16:06	necurs	Trojan:Win32/Necurs
2017-06-08 01:06	necurs	IBM X-Force Exchange
2017-06-07 11:06	necurs	SeraphimDomain / Twitter - 872421499877163008
2017-06-07 09:06	necurs	dvk01uk / Twitter - 872389560403210246
2017-06-06 10:06	necurs	0xtadavie / Twitter - 872044148068626433
2017-06-06 05:06	necurs	Pastebin - Untitled
2017-06-05 14:06	necurs	DGAFeedAlerts / Twitter - 871730475550867460
2017-06-05 13:06	necurs	DGAFeedAlerts / Twitter - 871715262000754688
2017-06-05 07:06	necurs	DGAFeedAlerts / Twitter - 871624647846096896
2017-06-02 07:06	necurs	GDPR.Report - Necurs Rootkit spam continues proliferating dating scam
2017-06-01 06:06	kovter	Myonlinesecurity / My Online Security - Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware
2017-05-30 23:05	kovter	Malware-Traffic-Analysis.net - Rig EK sends Kovter
2017-05-25 13:05	necurs	hexlax / Twitter - 867733755246542848
2017-05-24 16:05	necurs	iCyberFighter / Twitter - 867417798288560128
2017-05-16 17:05	necurs	@flashpointintel / Flashpoint - Necurs Rootkit Spam Continues Proliferating Dating Scam
2017-05-11 17:05	necurs	Malwarebytes Labs / Malwarebytes Labs - New 'Jaff' ransomware via Necurs asks for 2 BTC
2017-04-24 15:04	necurs	Limor Kessem / Security Intelligence - The Necurs Botnet: A Pandora's Box of Malicious Spam
2017-04-24 15:04	necurs	Limor Kessem / Security Intelligence - The Necurs Botnet: A Pandora's Box of Malicious Spam
2017-04-21 18:04	necurs	Nick Biasini - Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs
2017-03-28 00:03	necurs	@Symantec / Symantec Security Response - Necurs: Mass mailing botnet returns with new wave of spam campaigns
2017-03-23 08:03	necurs	SC Media UK - Necurs botnet drops Locky ransomware, picks up 'financial fraud' spam
2017-03-20 21:03	necurs	Edmund Brumaghin - Necurs Diversifies Its Portfolio
2017-03-20 11:03	necurs	Conrad Longmore / Dynamoo - Pump and dump spam: Incapta Inc (INCT)
2017-03-20 09:03	necurs	MalwareTechLab / Twitter - 843760420989157378
2017-03-01 00:03	necurs	92mnv6b.html
2017-02-27 12:02	necurs	Tom Spring / Threatpost \| The first stop for security news - Necurs Botnet Learns New DDoS Trick
2017-02-24 13:02	necurs	Milena Dimitrova / How to, Technology and PC Security Forum \| SensorsTechForum.com - Module in Necurs Botnet Could Lead to DDoS Attacks
2017-02-24 09:02	necurs	Catalin Cimpanu / BleepingComputer - World's Largest Spam Botnet Adds DDoS Feature
2017-02-17 02:02	necurs	@DarkReading / Dark Reading - Massive Necurs Spam Botnet Now Equipped to Launch DDoS Attacks
2017-02-08 08:02	kovter	GReAT / Kaspersky - Fileless attacks against enterprise networks
2017-02-07 04:02	necurs	Brad / SANS Internet Storm Center - Exploit kits delivering Necurs
2017-02-07 04:02	necurs	Botnet Tracker
2017-02-07 04:02	necurs	Felix Weyne - Inside the Necurs botnet: the origin of Locky malspam
2017-01-24 18:01	kovter	Proofpoint - Kovter Ad Fraud Malware - Clever Macro Trick
2017-01-19 19:01	necurs	Tom Spring / Threatpost \| The first stop for security news - Locky Limps Back into Action After Lull
2017-01-18 23:01	necurs	Nick Biasini - Without Necurs, Locky Struggles
2017-01-18 23:01	necurs	Nick Biasini - Without Necurs, Locky Struggles
2017-01-16 08:01	kovter	@phishme / PhishMe - Kovter Ad Fraud Trojan Now Shipping with Locky Ransomware
2016-12-29 12:12	nemucod	TrojanDownloader:JS/Nemucod
2016-12-27 07:12	kovter	Myonlinesecurity / My Online Security - Spoofed USPS unable to deliver malspam continues to deliver Locky, Kovter and other malware
2016-11-28 17:11	necurs	Johannes Bader - The DGAs of Necurs
2016-11-21 16:11	nemucod	Michael Mimoso / Threatpost \| The first stop for security news - Nemucod Infections Spreading Over Facebook
2016-11-20 19:11	nemucod	peterkruse / Twitter - 800414481545187328
2016-09-29 07:09	necurs	@securityaffairs / Security Affairs - Necurs botnet: the resurrection of the monster and the rising of spam
2016-09-11 20:09	necurs	Trustwave - Necurs â the Heavyweight Malware Spammer
2016-09-02 11:09	necurs	CERT Polska - Necurs - hybrid spam botnet
2016-08-16 19:08	nemucod	Webroot Threat Blog - Nemucod Ransomware Analysis
2016-08-09 14:08	nemucod	Ondrej Kubovič / WeLiveSecurity - Nemucod is back and serving an ad-clicking backdoor instead of ransomware
2016-07-14 19:07	kovter	Malwarebytes Labs / Malwarebytes Labs - Untangling Kovter's persistence methods
2016-06-25 14:06	kovter	Kovter_Report.pdf
2016-06-22 00:06	tinba	https://www.blueliv.com/research/inside-tinba-infection-stage-1/
2016-06-21 14:06	necurs	MalwareTech / MalwareTech - What’s Happening with Necurs, Dridex, and Locky?
2016-06-16 14:06	nemucod	Guest Writer,Guest Writer / We Live Security - Nemucod ups its game
2016-06-10 13:06	necurs	@securityaffairs / Security Affairs - Necurs Botnet, one of the world’s largest malicious architecture has vanished
2016-06-06 16:06	necurs	GossiTheDog / Twitter - 739860278456799232
2016-06-04 11:06	necurs	VessOnSecurity / Twitter - 739059481766711296
2016-05-31 00:05	necurs	Sofia Luis / BitSight - Monitoring Necurs - The tip of the iceberg
2016-05-30 11:05	necurs	sofia.luis / HubSpot - Monitoring Necurs - The tip of the iceberg
2016-03-22 18:03	necurs	Reverse Engineering Necurs (Part 4 – IDA Pro’s Python API) – UT Austin Information Security Office
2016-03-15 17:03	necurs	Reverse Engineering Necurs (Part 3 – Patching) – UT Austin Information Security Office
2016-03-08 20:03	necurs	Reverse Engineering Necurs (Part 2 – Unpacking) – UT Austin Information Security Office
2016-03-02 16:03	necurs	Joy Woodruff - Reverse Engineering Necurs (Part 1 – Preliminaries) – UT Austin Information Security Office
2016-02-22 16:02	necurs	MalwareTech / MalwareTech - Necurs.P2P – A New Hybrid Peer-to-Peer Botnet
2015-12-20 23:12	kovter	TechHelpList.com - Payment for tax refund #... - IRS - Mawlare
2015-12-09 12:12	kovter	rp-quarterly-threats-nov-2015.pdf
2015-06-09 11:06	kovter	evolution-of-poweliks.pdf
2015-05-20 21:05	necurs	SANS Internet Storm Center - InfoSec Handlers Diary Blog - Exploit kits delivering Necurs
2015-05-15 19:05	necurs	Malware-Traffic-Analysis.net - Angler EK from 178.63.174.153 - Sends Bedep and Necurs
2015-05-15 19:05	necurs	Malware-Traffic-Analysis.net - Nuclear EK from 109.234.37.12 - Sends Necurs
2014-06-02 00:06	necurs	Peter Ferrie - curse-necurs-part-3
2014-05-01 00:05	necurs	Peter Ferrie - curse-necurs-part-2
2014-04-02 00:04	necurs	Peter Ferrie - curse-necurs-part-1
2014-01-09 07:01	necurs	WinNT/Necurs.A : trojan & rootkit \| malekal's site
2013-11-20 19:11	necurs	@DarkReading / Dark Reading - Large Botnet Comes Back To Life -- With More Malware
2012-12-05 05:12	necurs	Microsoft Malware Protection Center - Unexpected reboot: Necurs