CDEF-HawkEyeMarch 25, 2026Network Analysis PCAP Wireshark SMTP Keylogger PhishingA victim host downloaded a HawkEye Keylogger dropper via HTTP, which established persistence, periodically checked the external IP via bot.whatismyipaddress.com, and exfiltrated harvested credentials every 10 minutes over SMTP.