| 136 |
2021-11-13 13:09
|
 loader2.exe cfecaaffb48e173260fd2013ba106e60
Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself Windows utilities AppData folder Windows |
7
http://www.strainpsterling.com/yao3/?-Z1dnl=hhgLd90lT5x8wIZrMj7YuyXENJreDYauqRly+J6en/E4gum1n3yZpFGI6buVCRbu11Elk2Q4&2d3=oneha
http://www.cidufetal.com/yao3/?-Z1dnl=PgD1La7e3VbxpopY+hNhawMocaOHF3kYA0v7KyWJLMyw7ZvUGCVfCw+P8wVtSLZcEZKYgifg&2d3=oneha
http://www.stocksellingevent100.com/yao3/?-Z1dnl=BGuMCVlr1/SjT1z1AAzUUtLKDyYsXWUO0Ads+mHXzt+060+ddi/rRJfvKPC7GEH2yK42rxRF&2d3=oneha
http://www.expansionsound.com/yao3/?-Z1dnl=q99EJLW1r1s7p6MH8wi+X/Yze9wL3RhCKM8rPSo10Y1QbU063na87NbqXeAJq8VscFzhiapO&2d3=oneha
http://www.modularscleanroom.com/yao3/?-Z1dnl=IIyhjFh4SG7Uw4Uhh2YtXVVOzEcvrVZdRjb0WDI293OUsHKTq93rx4d1LR/r+8q8Dj/h5Cjk&2d3=oneha
http://www.dariushbordbar.com/yao3/?-Z1dnl=ugOQ1tTSiCrhyhBEVpHPwUaoK7it8NBZmXhBsi2HgeUC9jMMuZAJ0FSd6IrHg6mGql3d3ox7&2d3=oneha
http://www.uewb.net/yao3/?-Z1dnl=Yo8SHF+0eK7x5mXwht3X2wJ4x/UaoJLF2T7s2/ZKGpmAn1Fo1l2hmtgtadKtuRBwyXmVdlRC&2d3=oneha
|
21
www.threeminutesupdate.com()
www.uewb.net(67.227.213.146)
www.expansionsound.com(192.99.246.76)
www.dariushbordbar.com(34.102.136.180)
www.cidufetal.com(64.251.1.115)
www.biz-financeagency.com()
www.docpipe.net(93.190.41.161)
www.testsigmaos.com()
www.modularscleanroom.com(198.54.117.244)
www.strainpsterling.com(104.21.94.221)
www.objuration.xyz()
www.stocksellingevent100.com(104.21.32.199)
www.2578990540.com(192.168.0.113)
172.67.154.179
104.21.94.221
64.251.1.115
198.54.117.244 - phishing
34.102.136.180 - mailcious
192.99.246.76
93.190.41.161
67.227.213.146
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
7.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 137 |
2021-11-13 13:09
|
 scan_01.exe 7a060a1e3aa99e966da96c0ce81195ce
Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 138 |
2021-11-13 13:25
|
 loader1.exe 18208aa1787da8cb3bfe2289a4a4a423
Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
15
http://www.tangerineinit.com/ga6b/?DVEl=CgQkCL4kNOXVaMWaW+W+7tG2VuScNWe1RIrYKb/ikW2Nwi/NJBz1hnm9GQ2J2lMDdzGUFZgw&1bO8Ax=pFNTGZ90snzLa4C0
http://www.smartgadgetscompare.com/ga6b/?DVEl=vDaGXYd6gjLCQTqwOPGPy5LvomfttahAahHE85Q1VhlijdJF30llx7sZQyFNH9wmHXEWSldG&1bO8Ax=pFNTGZ90snzLa4C0
http://www.egyptian-museum.com/ga6b/?DVEl=CYKd0A9ffzzmh+HMixfnmJt+Ibe3PgwQT1IowcrJSMkSzDwRXwABXy8G05QumwrEDOfj2gVO&1bO8Ax=pFNTGZ90snzLa4C0 - rule_id: 7106
http://www.egyptian-museum.com/ga6b/?DVEl=CYKd0A9ffzzmh+HMixfnmJt+Ibe3PgwQT1IowcrJSMkSzDwRXwABXy8G05QumwrEDOfj2gVO&1bO8Ax=pFNTGZ90snzLa4C0
http://www.digitaldreamcloud.net/ga6b/?DVEl=5WGPHl4VPD01j8M9M+tOINDYD63xyRqqO/w0s3LW3P/Qu5xC80vS+vfuMtj60mCVXiqL9STg&1bO8Ax=pFNTGZ90snzLa4C0
http://www.5559913.win/ga6b/?DVEl=BsLI4B+bmIypp6VG9i1mvBr3FbP6MnOeaOpeEVRsQMY9+2loXlkdnmFwfncWgaUkhHBh2x3h&1bO8Ax=pFNTGZ90snzLa4C0
http://www.nobodybutgod.com/ga6b/?DVEl=BS+Mkr60hnaz2VUqn6F4jElENEwbATWztr1txOlCDy4YTJ8rldrX7GuvTHEqc04l9LT0WVoV&1bO8Ax=pFNTGZ90snzLa4C0 - rule_id: 7109
http://www.nobodybutgod.com/ga6b/?DVEl=BS+Mkr60hnaz2VUqn6F4jElENEwbATWztr1txOlCDy4YTJ8rldrX7GuvTHEqc04l9LT0WVoV&1bO8Ax=pFNTGZ90snzLa4C0
http://www.garageair.agency/ga6b/?DVEl=d08S4xcN/NMsorWpXwRlyCCH66HZh3etKhFBY5TZ8MkBXXhOwsqcJfUvANfm4lRK3xvcJJRx&1bO8Ax=pFNTGZ90snzLa4C0
http://www.necesryaou.com/ga6b/?DVEl=Z3o6N93v6CU4m7XtA/lbT1e4xE/jsIueflbFRezDyVtxMYEukOv94ScBegi/ZpW+oVO0nzHV&1bO8Ax=pFNTGZ90snzLa4C0
http://www.baohiemtv24h.com/ga6b/?DVEl=6dQVu8UHcZgaj0y03GzvAhfNwH0MHXa5ZY8rhbUdbCaY8PlbGz89x08imuD5bjryCUUXVHy+&1bO8Ax=pFNTGZ90snzLa4C0
http://www.ara7z.com/ga6b/?DVEl=f8p3ixvuysstkVkbxkSLsyQ08m5iiUSHUSQ+dEucd72/naUGjvA4vd8t8r7qlazlF5SpiXNT&1bO8Ax=pFNTGZ90snzLa4C0
http://www.onlinewritingjobs.net/ga6b/?DVEl=PI3t5I/vLPjLEXSAiMassyghn8jG+EohIXjBFkJ1Bgr3IKLvgafQ0xYRNHrG7F5KwDP0G4jF&1bO8Ax=pFNTGZ90snzLa4C0
http://www.corvusexpeditii.xyz/ga6b/?DVEl=7T8vebYEf2GnHvqeOh/0TgFFgNzfckxTcBNzZeSGzjlNLlbJ9NDPNSTqSdLNqh5j9wLWy4Dd&1bO8Ax=pFNTGZ90snzLa4C0 - rule_id: 7112
http://www.corvusexpeditii.xyz/ga6b/?DVEl=7T8vebYEf2GnHvqeOh/0TgFFgNzfckxTcBNzZeSGzjlNLlbJ9NDPNSTqSdLNqh5j9wLWy4Dd&1bO8Ax=pFNTGZ90snzLa4C0
|
27
www.necesryaou.com(104.18.26.58)
www.maviesurdvd.com()
www.tangerineinit.com(44.238.240.115)
www.egyptian-museum.com(143.95.1.174)
www.baohiemtv24h.com(209.99.40.222)
www.digitaldreamcloud.net(52.214.224.110)
www.corvusexpeditii.xyz(88.214.207.96)
www.5559913.win(188.166.46.127)
www.nobodybutgod.com(34.98.99.30)
www.garageair.agency(172.67.213.197)
www.onlinewritingjobs.net(35.213.169.61)
www.smartgadgetscompare.com(185.210.145.38)
www.era636.com(165.32.109.217)
www.ara7z.com(103.56.98.73)
35.213.169.61
188.166.46.127
104.18.27.58 - mailcious
103.56.98.73
209.99.40.222 - mailcious
165.32.109.217
185.210.145.38
88.214.207.96 - mailcious
52.37.245.235
104.21.75.49
34.251.91.168
34.98.99.30 - phishing
143.95.1.174
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
3
http://www.egyptian-museum.com/ga6b/
http://www.nobodybutgod.com/ga6b/
http://www.corvusexpeditii.xyz/ga6b/
|
7.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 139 |
2021-11-13 13:26
|
 mar-signature_request.exe 479cffcb45bfb5e8b97858ce3cb2c128
Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder Browser ComputerName DNS crashed |
|
1
|
|
|
7.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 140 |
2021-11-17 08:01
|
 file_01.exe c7381f53aae8af38e0878fd55fd4233a
Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.6 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 141 |
2021-11-17 08:02
|
 vbc.exe 8be9e5d41b1921702f3e3cfe036b3321
Loki Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php - rule_id: 5674
|
2
74f26d34ffff049368a6cff8812f86ee.gq(172.67.219.104) - mailcious
104.21.62.32 - mailcious
|
10
ET INFO DNS Query for Suspicious .gq Domain
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.gq domain
ET INFO HTTP Request to a *.gq domain
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
|
10.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 142 |
2021-11-17 08:33
|
 file_02.exe 7e726b581b08953c12d3edb4db2c2488
Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.8 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 143 |
2021-11-17 17:24
|
 vbc.exe eb3c1a04e3ad5c57d32507e027432732
Loki Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php - rule_id: 5674
|
2
74f26d34ffff049368a6cff8812f86ee.gq(172.67.219.104) - mailcious
104.21.62.32 - mailcious
|
10
ET INFO DNS Query for Suspicious .gq Domain
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.gq domain
ET INFO HTTP Request to a *.gq domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
|
10.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 144 |
2021-11-18 07:52
|
 vbc.exe b71718615475c728b530e5b966f1c176
Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 145 |
2021-11-18 08:00
|
 data_01.exe 5a51e998a8ba5fd82a63377fc000df13
Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
11.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 146 |
2021-11-18 08:11
|
 data_02.exe 727e77069ab3d1fdd2c308b05ac86560
Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 147 |
2021-11-18 08:20
|
 OOOOR.exe c30a7fcacc84c6ac819b5ce309463ab2
Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software |
1
http://gebebaglanti.com/myne/Panel/five/fre.php
|
2
gebebaglanti.com(172.67.175.8)
104.21.80.69
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
10.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 148 |
2021-11-18 14:01
|
 vbc.exe 0a770b1e9cad5b9c83a9514bc4083aee
Loki Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
2
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php - rule_id: 6875
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
|
2
74f26d34ffff049368a6cff8812f86ee.ml(104.21.22.146)
104.21.22.146
|
10
ET INFO DNS Query for Suspicious .ml Domain
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ml Domain
ET INFO HTTP Request to a *.ml domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
|
9.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 149 |
2021-11-18 15:02
|
 GoalFit.exe b1815a67a3103f8c462bacc58cd0e0a1
Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
12
http://www.invalidmob.com/fg6s/?hBZ=c239r9fe958S+F1/a+Ow4ejRZ5GHg1F7woFiZTSPM63bBEDr1IS9Bs9IDA3udVl18SDeT0jt&VRKh=vDKtMDQphn4DpR
http://www.lghl56.com/fg6s/?hBZ=uc/5PuIUZlG36os+7LexRTPp6wnTJKg2zgJfW+2DzVSFDGp/ZX6ed7j6rzoWHlmopcfw67ac&or=3f2pdRAhg
http://www.jshntn.com/fg6s/?hBZ=QhJT/lj89jmoERcPnbTQCqPc65rPokueh5BqelcbeJy7pcqc3+lUtgWUw0fy5Ld9UWGgu0ep&or=3f2pdRAhg
http://www.fuqoguiders.xyz/fg6s/?hBZ=GOXv9FyzhJsa8KS8dsMmj7/YoTn1jmPQeNfbpJuZqmm6ucgpeks34qCTkToYyxiW+NLP4pkS&or=3f2pdRAhg
http://www.fairshakeforfarmers.com/fg6s/?hBZ=xKxtAmNEnxoBUukVIEF1kvuK+nwXMLOnedC+SNz+BGaFhI5v6X1MgDSserQot0MFGqCPeyki&or=3f2pdRAhg
http://www.alo360.net/fg6s/?hBZ=Mz4uLoABPVXo3kz7cY9kI1UW/VC8dhujTXpbszs0NPRWzSBmB/biWYhkOb4QFg4YZ/yq4ZIw&or=3f2pdRAhg
http://www.drfarhad-amini.com/fg6s/?hBZ=YemKNOFl2uCC2w2+Hf7nWnP/ao/99kBWt1q/O2BJCHQBIGOUleovmks/GdEUoR1FOJMr1UT2&or=3f2pdRAhg
http://www.leadgenteambyec2.online/fg6s/?hBZ=F2Zf2n4P0FXRaLVHjnLjEfJTEg7xi89YsuUiESEaACXybpqmv6BiuuaznmyJ6mz5DteeP808&or=3f2pdRAhg
http://www.capitandelamarina.com/fg6s/?hBZ=sLzNFFNyjDEco478Bhn0l2SjjrMBdiGF5KmlY86sslKlGHEC66IFdMgpFM2UPuLAB2LyR8Wr&VRKh=vDKtMDQphn4DpR
http://www.doctorfly.mobi/fg6s/?hBZ=ZD+CDfKzm/2YQc3YUSWpgqXUEniGIQPqGnxtch4bxt/WqhYVJmOg1TegURDgRtjTY4agDkrV&or=3f2pdRAhg
http://www.omnebrand.com/fg6s/?hBZ=9brTSNv+C1bZjAKjYfad4vi7E65W3zPrh1IQvHFu7UT2xWBfg4DahvTXlUjO1GKskhxRzYYt&or=3f2pdRAhg
http://www.decentralstream.com/fg6s/?hBZ=5w4qcH3RtmDmlmYd8peDY0KE2wDS2yAwKjriKCc5syzJGBsdqKRa5Igiu1uXS3h05ItrAZN3&or=3f2pdRAhg
|
28
www.decentralstream.com(3.64.163.50)
www.omnebrand.com(23.227.38.74)
www.capitandelamarina.com(2.57.90.16)
www.invalidmob.com(204.11.56.48)
www.jshntn.com(216.137.179.182)
www.doctorfly.mobi(34.102.136.180)
www.thaivisapro.com()
www.lghl56.com(154.86.195.217)
www.drfarhad-amini.com(185.146.22.236)
www.fairshakeforfarmers.com(172.217.31.147)
www.fuqoguiders.xyz(185.151.30.177)
www.myadpwisely.com()
www.astairazur.xyz()
www.engelskapiste.com()
www.alo360.net(154.203.8.28)
www.eislamiceducation.net()
www.leadgenteambyec2.online(34.102.136.180)
185.151.30.177
154.203.8.28
142.250.204.147
185.146.22.236
34.102.136.180 - mailcious
3.64.163.50 - mailcious
154.86.195.217
2.57.90.16 - mailcious
216.137.179.182
204.11.56.48 - phishing
23.227.38.74 - mailcious
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
5.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 150 |
2021-11-19 11:09
|
 maxf.exe 00f6b12eb5e9f063938b604f05a71a5a
Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder suspicious TLD DNS |
3
http://www.okulsepette.info/dyh6/?rV0DUb=Wm4wBF+rv62DpqAArqorW1ww5+15iMAwZ5JIqX54ionAHScRIdeTf+feE4cws9aQyFP2uR0T&uZiX=MXEL9
http://www.carlosmorgan.com/dyh6/?rV0DUb=3ACj/876Iue/e8ON8sSJfhN8fXF1US+ej5D3rGFpnLA4NUaMO9+P0oT861hDlQeA3HJ8xKlg&uZiX=MXEL9
http://www.44255.online/dyh6/?rV0DUb=j61auN3oPpV+YV1VrFCgAk/5vWcxGznwyRAYsVX/wXCyaXurmtCnvmV0lC7tGgAO0jZoAmJH&uZiX=MXEL9
|
8
www.mountaingirlbbq.com()
www.guizhouhl.top()
www.carlosmorgan.com(136.0.144.52)
www.okulsepette.info(185.106.208.3)
www.44255.online(23.225.171.179)
136.0.144.52
185.106.208.3 - mailcious
23.225.171.178
|
2
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE FormBook CnC Checkin (GET)
|
|
6.4 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|