136 |
2021-11-13 13:09
|
loader2.exe cfecaaffb48e173260fd2013ba106e60 Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself Windows utilities AppData folder Windows |
7
http://www.strainpsterling.com/yao3/?-Z1dnl=hhgLd90lT5x8wIZrMj7YuyXENJreDYauqRly+J6en/E4gum1n3yZpFGI6buVCRbu11Elk2Q4&2d3=oneha http://www.cidufetal.com/yao3/?-Z1dnl=PgD1La7e3VbxpopY+hNhawMocaOHF3kYA0v7KyWJLMyw7ZvUGCVfCw+P8wVtSLZcEZKYgifg&2d3=oneha http://www.stocksellingevent100.com/yao3/?-Z1dnl=BGuMCVlr1/SjT1z1AAzUUtLKDyYsXWUO0Ads+mHXzt+060+ddi/rRJfvKPC7GEH2yK42rxRF&2d3=oneha http://www.expansionsound.com/yao3/?-Z1dnl=q99EJLW1r1s7p6MH8wi+X/Yze9wL3RhCKM8rPSo10Y1QbU063na87NbqXeAJq8VscFzhiapO&2d3=oneha http://www.modularscleanroom.com/yao3/?-Z1dnl=IIyhjFh4SG7Uw4Uhh2YtXVVOzEcvrVZdRjb0WDI293OUsHKTq93rx4d1LR/r+8q8Dj/h5Cjk&2d3=oneha http://www.dariushbordbar.com/yao3/?-Z1dnl=ugOQ1tTSiCrhyhBEVpHPwUaoK7it8NBZmXhBsi2HgeUC9jMMuZAJ0FSd6IrHg6mGql3d3ox7&2d3=oneha http://www.uewb.net/yao3/?-Z1dnl=Yo8SHF+0eK7x5mXwht3X2wJ4x/UaoJLF2T7s2/ZKGpmAn1Fo1l2hmtgtadKtuRBwyXmVdlRC&2d3=oneha
|
21
www.threeminutesupdate.com() www.uewb.net(67.227.213.146) www.expansionsound.com(192.99.246.76) www.dariushbordbar.com(34.102.136.180) www.cidufetal.com(64.251.1.115) www.biz-financeagency.com() www.docpipe.net(93.190.41.161) www.testsigmaos.com() www.modularscleanroom.com(198.54.117.244) www.strainpsterling.com(104.21.94.221) www.objuration.xyz() www.stocksellingevent100.com(104.21.32.199) www.2578990540.com(192.168.0.113) 172.67.154.179 104.21.94.221 64.251.1.115 198.54.117.244 - phishing 34.102.136.180 - mailcious 192.99.246.76 93.190.41.161 67.227.213.146
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
7.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
137 |
2021-11-13 13:09
|
scan_01.exe 7a060a1e3aa99e966da96c0ce81195ce Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
138 |
2021-11-13 13:25
|
loader1.exe 18208aa1787da8cb3bfe2289a4a4a423 Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
15
http://www.tangerineinit.com/ga6b/?DVEl=CgQkCL4kNOXVaMWaW+W+7tG2VuScNWe1RIrYKb/ikW2Nwi/NJBz1hnm9GQ2J2lMDdzGUFZgw&1bO8Ax=pFNTGZ90snzLa4C0 http://www.smartgadgetscompare.com/ga6b/?DVEl=vDaGXYd6gjLCQTqwOPGPy5LvomfttahAahHE85Q1VhlijdJF30llx7sZQyFNH9wmHXEWSldG&1bO8Ax=pFNTGZ90snzLa4C0 http://www.egyptian-museum.com/ga6b/?DVEl=CYKd0A9ffzzmh+HMixfnmJt+Ibe3PgwQT1IowcrJSMkSzDwRXwABXy8G05QumwrEDOfj2gVO&1bO8Ax=pFNTGZ90snzLa4C0 - rule_id: 7106 http://www.egyptian-museum.com/ga6b/?DVEl=CYKd0A9ffzzmh+HMixfnmJt+Ibe3PgwQT1IowcrJSMkSzDwRXwABXy8G05QumwrEDOfj2gVO&1bO8Ax=pFNTGZ90snzLa4C0 http://www.digitaldreamcloud.net/ga6b/?DVEl=5WGPHl4VPD01j8M9M+tOINDYD63xyRqqO/w0s3LW3P/Qu5xC80vS+vfuMtj60mCVXiqL9STg&1bO8Ax=pFNTGZ90snzLa4C0 http://www.5559913.win/ga6b/?DVEl=BsLI4B+bmIypp6VG9i1mvBr3FbP6MnOeaOpeEVRsQMY9+2loXlkdnmFwfncWgaUkhHBh2x3h&1bO8Ax=pFNTGZ90snzLa4C0 http://www.nobodybutgod.com/ga6b/?DVEl=BS+Mkr60hnaz2VUqn6F4jElENEwbATWztr1txOlCDy4YTJ8rldrX7GuvTHEqc04l9LT0WVoV&1bO8Ax=pFNTGZ90snzLa4C0 - rule_id: 7109 http://www.nobodybutgod.com/ga6b/?DVEl=BS+Mkr60hnaz2VUqn6F4jElENEwbATWztr1txOlCDy4YTJ8rldrX7GuvTHEqc04l9LT0WVoV&1bO8Ax=pFNTGZ90snzLa4C0 http://www.garageair.agency/ga6b/?DVEl=d08S4xcN/NMsorWpXwRlyCCH66HZh3etKhFBY5TZ8MkBXXhOwsqcJfUvANfm4lRK3xvcJJRx&1bO8Ax=pFNTGZ90snzLa4C0 http://www.necesryaou.com/ga6b/?DVEl=Z3o6N93v6CU4m7XtA/lbT1e4xE/jsIueflbFRezDyVtxMYEukOv94ScBegi/ZpW+oVO0nzHV&1bO8Ax=pFNTGZ90snzLa4C0 http://www.baohiemtv24h.com/ga6b/?DVEl=6dQVu8UHcZgaj0y03GzvAhfNwH0MHXa5ZY8rhbUdbCaY8PlbGz89x08imuD5bjryCUUXVHy+&1bO8Ax=pFNTGZ90snzLa4C0 http://www.ara7z.com/ga6b/?DVEl=f8p3ixvuysstkVkbxkSLsyQ08m5iiUSHUSQ+dEucd72/naUGjvA4vd8t8r7qlazlF5SpiXNT&1bO8Ax=pFNTGZ90snzLa4C0 http://www.onlinewritingjobs.net/ga6b/?DVEl=PI3t5I/vLPjLEXSAiMassyghn8jG+EohIXjBFkJ1Bgr3IKLvgafQ0xYRNHrG7F5KwDP0G4jF&1bO8Ax=pFNTGZ90snzLa4C0 http://www.corvusexpeditii.xyz/ga6b/?DVEl=7T8vebYEf2GnHvqeOh/0TgFFgNzfckxTcBNzZeSGzjlNLlbJ9NDPNSTqSdLNqh5j9wLWy4Dd&1bO8Ax=pFNTGZ90snzLa4C0 - rule_id: 7112 http://www.corvusexpeditii.xyz/ga6b/?DVEl=7T8vebYEf2GnHvqeOh/0TgFFgNzfckxTcBNzZeSGzjlNLlbJ9NDPNSTqSdLNqh5j9wLWy4Dd&1bO8Ax=pFNTGZ90snzLa4C0
|
27
www.necesryaou.com(104.18.26.58) www.maviesurdvd.com() www.tangerineinit.com(44.238.240.115) www.egyptian-museum.com(143.95.1.174) www.baohiemtv24h.com(209.99.40.222) www.digitaldreamcloud.net(52.214.224.110) www.corvusexpeditii.xyz(88.214.207.96) www.5559913.win(188.166.46.127) www.nobodybutgod.com(34.98.99.30) www.garageair.agency(172.67.213.197) www.onlinewritingjobs.net(35.213.169.61) www.smartgadgetscompare.com(185.210.145.38) www.era636.com(165.32.109.217) www.ara7z.com(103.56.98.73) 35.213.169.61 188.166.46.127 104.18.27.58 - mailcious 103.56.98.73 209.99.40.222 - mailcious 165.32.109.217 185.210.145.38 88.214.207.96 - mailcious 52.37.245.235 104.21.75.49 34.251.91.168 34.98.99.30 - phishing 143.95.1.174
|
2
ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers
|
3
http://www.egyptian-museum.com/ga6b/ http://www.nobodybutgod.com/ga6b/ http://www.corvusexpeditii.xyz/ga6b/
|
7.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
139 |
2021-11-13 13:26
|
mar-signature_request.exe 479cffcb45bfb5e8b97858ce3cb2c128 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder Browser ComputerName DNS crashed |
|
1
|
|
|
7.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
140 |
2021-11-17 08:01
|
file_01.exe c7381f53aae8af38e0878fd55fd4233a Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.6 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
141 |
2021-11-17 08:02
|
vbc.exe 8be9e5d41b1921702f3e3cfe036b3321 Loki Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php - rule_id: 5674
|
2
74f26d34ffff049368a6cff8812f86ee.gq(172.67.219.104) - mailcious 104.21.62.32 - mailcious
|
10
ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.gq domain ET INFO HTTP Request to a *.gq domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
|
10.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
142 |
2021-11-17 08:33
|
file_02.exe 7e726b581b08953c12d3edb4db2c2488 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.8 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
143 |
2021-11-17 17:24
|
vbc.exe eb3c1a04e3ad5c57d32507e027432732 Loki Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php - rule_id: 5674
|
2
74f26d34ffff049368a6cff8812f86ee.gq(172.67.219.104) - mailcious 104.21.62.32 - mailcious
|
10
ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.gq domain ET INFO HTTP Request to a *.gq domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
|
10.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
144 |
2021-11-18 07:52
|
vbc.exe b71718615475c728b530e5b966f1c176 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
145 |
2021-11-18 08:00
|
data_01.exe 5a51e998a8ba5fd82a63377fc000df13 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
11.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
146 |
2021-11-18 08:11
|
data_02.exe 727e77069ab3d1fdd2c308b05ac86560 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software |
|
1
63.250.40.204 - mailcious
|
|
|
10.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
147 |
2021-11-18 08:20
|
OOOOR.exe c30a7fcacc84c6ac819b5ce309463ab2 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software |
1
http://gebebaglanti.com/myne/Panel/five/fre.php
|
2
gebebaglanti.com(172.67.175.8) 104.21.80.69
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
10.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
148 |
2021-11-18 14:01
|
vbc.exe 0a770b1e9cad5b9c83a9514bc4083aee Loki Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
2
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php - rule_id: 6875 http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
|
2
74f26d34ffff049368a6cff8812f86ee.ml(104.21.22.146) 104.21.22.146
|
10
ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ml Domain ET INFO HTTP Request to a *.ml domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
|
9.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
149 |
2021-11-18 15:02
|
GoalFit.exe b1815a67a3103f8c462bacc58cd0e0a1 Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
12
http://www.invalidmob.com/fg6s/?hBZ=c239r9fe958S+F1/a+Ow4ejRZ5GHg1F7woFiZTSPM63bBEDr1IS9Bs9IDA3udVl18SDeT0jt&VRKh=vDKtMDQphn4DpR http://www.lghl56.com/fg6s/?hBZ=uc/5PuIUZlG36os+7LexRTPp6wnTJKg2zgJfW+2DzVSFDGp/ZX6ed7j6rzoWHlmopcfw67ac&or=3f2pdRAhg http://www.jshntn.com/fg6s/?hBZ=QhJT/lj89jmoERcPnbTQCqPc65rPokueh5BqelcbeJy7pcqc3+lUtgWUw0fy5Ld9UWGgu0ep&or=3f2pdRAhg http://www.fuqoguiders.xyz/fg6s/?hBZ=GOXv9FyzhJsa8KS8dsMmj7/YoTn1jmPQeNfbpJuZqmm6ucgpeks34qCTkToYyxiW+NLP4pkS&or=3f2pdRAhg http://www.fairshakeforfarmers.com/fg6s/?hBZ=xKxtAmNEnxoBUukVIEF1kvuK+nwXMLOnedC+SNz+BGaFhI5v6X1MgDSserQot0MFGqCPeyki&or=3f2pdRAhg http://www.alo360.net/fg6s/?hBZ=Mz4uLoABPVXo3kz7cY9kI1UW/VC8dhujTXpbszs0NPRWzSBmB/biWYhkOb4QFg4YZ/yq4ZIw&or=3f2pdRAhg http://www.drfarhad-amini.com/fg6s/?hBZ=YemKNOFl2uCC2w2+Hf7nWnP/ao/99kBWt1q/O2BJCHQBIGOUleovmks/GdEUoR1FOJMr1UT2&or=3f2pdRAhg http://www.leadgenteambyec2.online/fg6s/?hBZ=F2Zf2n4P0FXRaLVHjnLjEfJTEg7xi89YsuUiESEaACXybpqmv6BiuuaznmyJ6mz5DteeP808&or=3f2pdRAhg http://www.capitandelamarina.com/fg6s/?hBZ=sLzNFFNyjDEco478Bhn0l2SjjrMBdiGF5KmlY86sslKlGHEC66IFdMgpFM2UPuLAB2LyR8Wr&VRKh=vDKtMDQphn4DpR http://www.doctorfly.mobi/fg6s/?hBZ=ZD+CDfKzm/2YQc3YUSWpgqXUEniGIQPqGnxtch4bxt/WqhYVJmOg1TegURDgRtjTY4agDkrV&or=3f2pdRAhg http://www.omnebrand.com/fg6s/?hBZ=9brTSNv+C1bZjAKjYfad4vi7E65W3zPrh1IQvHFu7UT2xWBfg4DahvTXlUjO1GKskhxRzYYt&or=3f2pdRAhg http://www.decentralstream.com/fg6s/?hBZ=5w4qcH3RtmDmlmYd8peDY0KE2wDS2yAwKjriKCc5syzJGBsdqKRa5Igiu1uXS3h05ItrAZN3&or=3f2pdRAhg
|
28
www.decentralstream.com(3.64.163.50) www.omnebrand.com(23.227.38.74) www.capitandelamarina.com(2.57.90.16) www.invalidmob.com(204.11.56.48) www.jshntn.com(216.137.179.182) www.doctorfly.mobi(34.102.136.180) www.thaivisapro.com() www.lghl56.com(154.86.195.217) www.drfarhad-amini.com(185.146.22.236) www.fairshakeforfarmers.com(172.217.31.147) www.fuqoguiders.xyz(185.151.30.177) www.myadpwisely.com() www.astairazur.xyz() www.engelskapiste.com() www.alo360.net(154.203.8.28) www.eislamiceducation.net() www.leadgenteambyec2.online(34.102.136.180) 185.151.30.177 154.203.8.28 142.250.204.147 185.146.22.236 34.102.136.180 - mailcious 3.64.163.50 - mailcious 154.86.195.217 2.57.90.16 - mailcious 216.137.179.182 204.11.56.48 - phishing 23.227.38.74 - mailcious
|
2
ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
5.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
150 |
2021-11-19 11:09
|
maxf.exe 00f6b12eb5e9f063938b604f05a71a5a Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder suspicious TLD DNS |
3
http://www.okulsepette.info/dyh6/?rV0DUb=Wm4wBF+rv62DpqAArqorW1ww5+15iMAwZ5JIqX54ionAHScRIdeTf+feE4cws9aQyFP2uR0T&uZiX=MXEL9 http://www.carlosmorgan.com/dyh6/?rV0DUb=3ACj/876Iue/e8ON8sSJfhN8fXF1US+ej5D3rGFpnLA4NUaMO9+P0oT861hDlQeA3HJ8xKlg&uZiX=MXEL9 http://www.44255.online/dyh6/?rV0DUb=j61auN3oPpV+YV1VrFCgAk/5vWcxGznwyRAYsVX/wXCyaXurmtCnvmV0lC7tGgAO0jZoAmJH&uZiX=MXEL9
|
8
www.mountaingirlbbq.com() www.guizhouhl.top() www.carlosmorgan.com(136.0.144.52) www.okulsepette.info(185.106.208.3) www.44255.online(23.225.171.179) 136.0.144.52 185.106.208.3 - mailcious 23.225.171.178
|
2
ET DNS Query to a *.top domain - Likely Hostile ET MALWARE FormBook CnC Checkin (GET)
|
|
6.4 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|