| 1 |
2023-03-05 05:54
|
http://136.175.70.129:45330/mo... 59ce0baba11893f90527fc951ac69912
PWS[m] Mozi Botnet IoT Downloader UPX Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File ELF Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET POLICY Executable and linking format (ELF) file download
|
|
4.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2023-03-05 05:16
|
http://23.155.129.78:38487/Moz... 59ce0baba11893f90527fc951ac69912
AntiDebug AntiVM Code Injection unpack itself Windows utilities Windows DNS |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
3.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2023-03-05 02:30
|
http://163.182.232.65:48836/i 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
3.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2023-03-04 19:56
|
http://206.180.141.14:44143/bi... 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
3.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2023-03-04 19:53
|
http://203.91.238.178:37809/Mo... 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
3.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2023-03-04 17:40
|
http://136.175.69.247:39116/Mo... 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Executable and linking format (ELF) file download
ET INFO TLS Handshake Failure
|
|
4.0 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2023-03-04 17:35
|
http://23.155.129.115:60859/i 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
4.0 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2023-03-04 17:33
|
http://163.182.250.48:33633/Mo... 59ce0baba11893f90527fc951ac69912
AntiDebug AntiVM VirusTotal Malware Code Injection unpack itself Windows utilities Windows DNS |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
4.0 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2023-03-04 17:32
|
http://163.182.233.151:42920/M... 59ce0baba11893f90527fc951ac69912
PWS[m] Mozi Botnet IoT Downloader UPX Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM ELF MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
163.182.233.151 - malware
|
3
ET POLICY Executable and linking format (ELF) file download
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2023-03-04 17:25
|
http://23.155.129.50:54195/i 59ce0baba11893f90527fc951ac69912
AntiDebug AntiVM VirusTotal Malware Code Injection unpack itself Windows utilities Windows DNS |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
4.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2023-03-04 17:23
|
http://136.175.69.185:48611/mo... 59ce0baba11893f90527fc951ac69912
AntiDebug AntiVM VirusTotal Malware Code Injection unpack itself Windows utilities Windows DNS |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
3.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2023-03-04 17:22
|
http://104.247.101.177:37260/M... 59ce0baba11893f90527fc951ac69912
AntiDebug AntiVM VirusTotal Malware Code Injection unpack itself Windows utilities Windows DNS |
|
1
104.247.101.177 - malware
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
4.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2023-03-04 17:22
|
http://136.175.70.89:47864/i 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
3.8 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2023-03-04 17:13
|
http://163.182.243.239:32866/i 59ce0baba11893f90527fc951ac69912
Mozi Botnet IoT UPX AntiDebug AntiVM ELF VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
163.182.243.239 - malware
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
4.2 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2023-03-04 17:11
|
http://39.81.144.183:48701/i 59ce0baba11893f90527fc951ac69912
AntiDebug AntiVM VirusTotal Malware Code Injection unpack itself Windows utilities Windows DNS |
|
1
|
1
ET POLICY Executable and linking format (ELF) file download
|
|
4.0 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|