136 |
2023-07-07 10:13
|
page.html f6b00338f9b1aa52396ffb72af40bf04 AntiDebug AntiVM MSOffice File Code Injection unpack itself Windows utilities Tofsee Windows DNS |
4
http://apps.identrust.com/roots/dstrootcax3.p7c http://www.gstatic.com/generate_204 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/n3xmszuzmcp4pxq3qhmant63nm_9.45.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.45.0_all_ecp3yewcq3fuvht5wyi7t7s37y.crx3 http://bit.ly/2TwPVOe
|
34
edgedl.me.gvt1.com(34.104.35.123) - bit.ly(67.199.248.11) - www.google.com(142.250.207.100) - www.gstatic.com(142.250.76.131) - pdf-readonline.website(45.83.122.52) - _googlecast._tcp.local() - fonts.googleapis.com(142.250.206.202) - clients2.googleusercontent.com(142.250.76.129) - accounts.google.com(172.217.25.173) - dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com(66.220.9.58) - fonts.gstatic.com(142.250.206.195) - apis.google.com(142.250.76.142) - dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com(66.220.9.58) - p13n.adobe.io(54.224.241.105) - dhqid45r064utd5gygt2jy6.webdav.drivehq.com(66.220.9.58) - www.smartsheet.com(151.101.194.191) - clientservices.googleapis.com(172.217.25.163) - 142.250.204.35 - 52.6.155.20 - 142.250.207.99 - 146.75.50.191 - 142.250.66.132 - 216.58.200.227 - 67.199.248.10 - 66.220.9.58 - 121.254.136.27 - 142.250.204.129 - 142.250.204.46 - 142.250.66.77 - 172.217.24.99 - 142.250.204.110 - 45.83.122.52 - 142.250.204.74 - 34.104.35.123 -
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
137 |
2023-07-07 09:35
|
page.html f6b00338f9b1aa52396ffb72af40bf04 AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
138 |
2023-06-21 07:39
|
thomas.hta 5ee0717be491e47a97affc5d4bc8d206VirusTotal Malware crashed |
|
|
|
|
1.0 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
139 |
2023-06-18 09:29
|
secret_conversations.html e57fdf1dad4fabac8ad020453f07cdbb AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
https://scontent-lga3-2.xx.fbcdn.net/v/t1.6435-1/cp0/p24x24/240958031_2948688838792595_1661814721335136491_n.jpg?_nc_cat=108&ccb=1-5&_nc_sid=84712d&_nc_ohc=5Cm8iRXW8fkAX_M594l&_nc_ad=z-m&_nc_cid=1087&_nc_ht=scontent-lga3-2.xx&oh=4edcbd681cd75e62941efe15a0a2f60a&oe=6182CCBC
|
2
scontent-lga3-2.xx.fbcdn.net(157.240.241.1) 157.240.241.1
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
140 |
2023-06-14 16:04
|
7za_SC.bat 4bd2a27b7bb64b9d060d0e4cafadceac Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM WriteConsoleW |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
141 |
2023-06-13 09:56
|
smartoption.php.html 00cf40deab29bc4bdf812434e171c14c Generic Malware Antivirus PowerShell Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
10
http://kentwater.cn/caches/caches_template/user/index.php?CAVOt6Npb=xjPDl6R&ydEJCl=MAErLBSCmOJG&4iGjK=4lSxO0qiNcfvm1H7&21Jn0lD=QBUjHXJTHgQjAggSS1UhRVEPJxEgXkwbKwADHxtUbl5QUQU9GWQnLQcaKiAvdQ&E9vtGu=ugi
http://kentwater.cn/caches/caches_template/user/index.php?MXsl7LC8D=N7X1SoIhvZV&uFzOMrnj=M8FeRUNq1nP&qUMSj=7FeDtQP8Hk1csmZI&74bdWNa=Qz8VIUkyP1UlCl8HVQkzO1IlES0bP21KLQhUCgUIfCBTezMBIgUGfAESfTUxKQ&XKAn=WEen6
http://kentwater.cn/caches/caches_template/user/index.php?VXRu=6kLbuY1aWeJmjO&LVfau=lH0D8E1OxtUGIkJR&RA6dcsU=GDFAIQUmXiIVFTsjbw8jIAkrRC1XKww9HRcwLj8ObDsIdWYBbhFnCzENGRELLw
http://kentwater.cn/caches/caches_template/user/index.php?SN6vlWX5=0szj7BZlSTNRF&l9L7t85E1=P9KV5iWFmfb&9il5=AQ3BbrwCUXu1&kzwDru=rp3yzGvbSNwQ&u8dw2=8uLpU5jDOHdsrPly&D4yaJKE=TAw8FWhWBSkiKQoXVDQFC10WOBk6W1c2KisBGgQ1ShBcSBo1A2E8AAYxKCUwFA&vRdFJALhu=bLMoFCsqn
http://kentwater.cn/caches/caches_template/user/index.php?lIc=1FOdISaB&9P71m=NqDdzlOor3fSQpIG&qPv7KDa=Ogg0AUcPIAIfUgg3dxQgNSsSMA0VAnIdF1ADOicVby4qTBIhLDgZKztKKgUTNA
http://kentwater.cn/caches/caches_template/user/index.php?6v=GUrbi7L&vtfW8=sYghU7IQo21ftAXj&9eDt13B=ByAXDWhUJjwCU18CUiUxGBY6EwE6WXQjClFUDwIkfgMXZDEtA2MfFSZLfTA2BQ&Mz4s=UO2J0&g4VEDh=HjdIpfc
http://kentwater.cn/caches/caches_template/user/index.php?DNhmTrg6B=RLgh7dp3c2rTt&h=wap8I5&inu2wpr5G=bKXDenjoQ&2JptK=y7gAKRvqBtib8mpu&F9umKUj=DU4XJHYxGRwvFQcGHgkZBxxUEygkPEsDJxcMC04IVhwdCjEEHQYgNQsNJTR6KQ&7=ugwN
http://kentwater.cn/caches/caches_template/user/index.php?TlMcD0Ao=25IilUCF6y&TU1JA34g=Tyzc7puEYRS1O3Q&hregZ=UO7DwbvfTCphWZzq&Pcm50x6=ITZHIUoBGQs5Ih4McT4TAzAsQy0YDEsUMSAVASE_XBgxcmEBITYgIh06PD4VHg&IHGKOC=4UESkm
http://kentwater.cn/caches/caches_template/user/index.php?z1sUfI=gi8u3&7Aq42=Gub3nUqdgYFKP8Bf&Xi7cSqs=MwwSVlM2HgkKOCgvdlwrFCIWFloBO0wWAjojIiZdZA8jSDR2OAEnIC4gCh0SfA&o43vz0Wd=DUdJK95
http://pumpmotor.net/editor/smartoption.php
|
2
kentwater.cn(43.242.131.134) 43.242.131.134
|
|
|
8.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
142 |
2023-06-13 09:50
|
smartoption.php.html 00cf40deab29bc4bdf812434e171c14cunpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
143 |
2023-06-12 13:11
|
message.html 8840dc3329993782c0ff500a220a000e AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
144 |
2023-06-08 17:41
|
snappyshop.it_img_docse.php.ps... 3e2fdbdefa7c8e16b351a46ed1afc33d Generic Malware Antivirus AutoRuns Check memory unpack itself WriteConsoleW Windows Cryptographic key |
1
https://www.snappyshop.it/img/index.php
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
145 |
2023-06-07 13:42
|
index.html e66507bcd2afe260f82a61cb981ec964 AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
2
f004.backblazeb2.com(149.137.128.16) - mailcious 149.137.128.16 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
146 |
2023-06-07 10:05
|
index.html e66507bcd2afe260f82a61cb981ec964 AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
https://f004.backblazeb2.com/file/QuIOMaOm/03n/June02AP.iso
|
2
f004.backblazeb2.com(149.137.128.16) - mailcious 149.137.128.16 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
147 |
2023-06-07 09:01
|
index.html e66507bcd2afe260f82a61cb981ec964 Generic Malware Browser Info Stealer MachineGuid Code Injection Checks debugger exploit crash unpack itself installed browsers check Exploit Browser crashed |
|
|
|
|
3.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
148 |
2023-06-01 19:56
|
1.html 9b78bbb925f4d5e4fb3b19b1962674b9 Generic Malware Antivirus Hide_URL AntiDebug AntiVM Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://172.93.181.249/control/com.php?U=TEST22-PC-test22
|
1
172.93.181.249 - mailcious
|
|
|
9.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
149 |
2023-06-01 19:46
|
1.html 9b78bbb925f4d5e4fb3b19b1962674b9 Generic Malware Antivirus Browser Info Stealer MachineGuid Code Injection Checks debugger exploit crash unpack itself installed browsers check Exploit Browser crashed |
|
|
|
|
3.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
150 |
2023-06-01 19:27
|
1.html 9b78bbb925f4d5e4fb3b19b1962674b9 Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
|
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|