16 |
2023-03-09 11:15
|
5814 N 17ST.doc d44eab3f49c70836c4f7b9524a343f31 emotet Generic Malware VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit crashed |
3
http://apps.identrust.com/roots/dstrootcax3.p7c - rule_id: 27752 http://apps.identrust.com/roots/dstrootcax3.p7c http://baangnews.com/wp-admin/z0lGKS/
|
15
finephotos.com.au(212.1.210.110) - malware baangnews.com(104.21.69.237) - malware www.theaffiliateincome.com(66.96.149.32) - malware snjwellers.com() - malware vietcontents.xyz() - malware pesquisacred.com() - malware arthurjacksonctc.com(185.230.63.171) - malware apps.identrust.com(23.216.159.81) luandasoft.com(103.224.212.222) - malware 104.21.69.237 212.1.210.110 121.254.136.27 185.230.63.107 - phishing 103.224.212.222 - mailcious 66.96.149.32 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
3.8 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
17 |
2023-03-09 10:05
|
EPR Payment Summary.doc ad16430c43ef743109301fa643a25eed VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
6
http://apps.identrust.com/roots/dstrootcax3.p7c
http://meeting.nmconline.org/wp-content/pgynuy3gyq-qib01-12349/
https://www.honeybearlane.com/epj71/tBtwANZJs/
https://ramadepo.000webhostapp.com/wp-includes/90cn-6er-1300852063/
https://royalinteriorsdesign.000webhostapp.com/wp-admin/hkgyeqNXL/
https://stretchpilates.fit/wp-content/kvRYjXUH/
|
12
royalinteriorsdesign.000webhostapp.com(145.14.145.187) - mailcious
stretchpilates.fit(192.124.249.111) - malware
www.honeybearlane.com(199.79.53.17) - mailcious
apps.identrust.com(23.216.159.9)
meeting.nmconline.org(104.207.254.70) - malware
ramadepo.000webhostapp.com(145.14.144.143) - malware 145.14.145.163 - mailcious
104.207.254.70
145.14.144.197 - malware
121.254.136.57
192.124.249.111
199.79.53.17
|
4
ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed DNS Query to .fit TLD ET INFO Observed SSL Cert for Free Hosting Domain (*.000webhostapp .com)
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18 |
2023-03-09 10:01
|
PO-465514-180820.doc d7e6921bfd008f707ba52dee374ff3db Generic Malware VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit crashed |
6
http://apps.identrust.com/roots/dstrootcax3.p7c
http://52550750-56-20180826151453.webstarterz.com/savewayexpressthai.com/jnze_2o3j_k/
http://oubaina.com/wp-includes/lqkz_nvr_1avf4/
https://www.msbc.kz/data/k527_5_cbdvv5bi19/
http://okcupidating.com/im/fsq_esj_qgx060p/
http://bike-nomad.com/cgi-bin/7n_0x0_62mnzyh9q/
|
10
bike-nomad.com(63.247.140.170) - mailcious
52550750-56-20180826151453.webstarterz.com() - malware
www.msbc.kz(195.210.46.42) - mailcious
okcupidating.com() - mailcious
apps.identrust.com(23.216.159.81)
oubaina.com(123.253.24.22) - malware 63.247.140.170 - mailcious
123.253.24.22
195.210.46.42 - mailcious
121.254.136.57
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
19 |
2023-03-03 10:57
|
docMALWARE.doc e1f118af01a87bfc473c6a60d5ab50f5 MSOffice File Malware download VirusTotal Malware ICMP traffic exploit crash unpack itself Exploit DNS crashed |
|
2
protocol-list.com(80.251.18.108) - mailcious 80.251.18.108
|
1
ET MALWARE Suspected CloudAtlas Related Domain in DNS Lookup (protocol-list .com)
|
|
4.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
20 |
2022-10-03 13:21
|
bodli.doc 795c0ee208d098df11d56d72236175b2 Generic Malware VBA_macro MSOffice File VirusTotal Malware exploit crash unpack itself Exploit crashed |
|
|
|
|
3.2 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
21 |
2022-09-25 19:03
|
mbcoin.doc 4bf987800ff8ab9d95f2438510c91685 Generic Malware VBA_macro MSOffice File VirusTotal Malware exploit crash unpack itself Exploit crashed |
|
|
|
|
2.8 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
22 |
2022-09-15 10:08
|
IPhone-Winners.doc 9c7716e1681e45e83096eed703058331 Generic Malware VBA_macro Antivirus Hide_URL MSOffice File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut exploit crash unpack itself suspicious process WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed |
|
1
|
|
|
8.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
23 |
2022-09-14 22:16
|
IPhone-Winners.doc 9c7716e1681e45e83096eed703058331 Generic Malware VBA_macro Antivirus Hide_URL MSOffice File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.8 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
24 |
2022-09-14 22:02
|
IPhone-Winners.doc 9c7716e1681e45e83096eed703058331 Generic Malware VBA_macro Antivirus Hide_URL MSOffice File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.8 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
25 |
2022-09-05 07:45
|
4oXCFBqnnxeb7vIM.php ec37158064e64e685409050426fbacaa MSOffice File unpack itself |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
26 |
2022-08-29 10:26
|
flyer.png 8cf97f8f60792dc2c7b9dd0ab55b0bd2 Generic Malware VBA_macro MSOffice File VirusTotal Malware exploit crash unpack itself Exploit crashed |
|
|
|
|
3.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
27 |
2022-08-29 09:25
|
flyer.png 8cf97f8f60792dc2c7b9dd0ab55b0bd2 Generic Malware VBA_macro MSOffice File VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
28 |
2022-08-23 18:22
|
741-Mau2_Tr.doc e15e45a4d840b91db3adb1907ac9b836 MSOffice File RWX flags setting exploit crash unpack itself Exploit crashed |
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
29 |
2022-08-23 18:18
|
SCL.doc a921188d8e6fa531e50bd6380fc8321e MSOffice File RWX flags setting exploit crash unpack itself Exploit crashed |
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
30 |
2022-08-20 19:08
|
emo.doc 3079af4d01ee6ec51bd3d9911da7e23f Generic Malware VBA_macro MSOffice File Vulnerability VirusTotal Malware unpack itself |
|
7
ngllogistics.htb() daprofesional.htb() biglaughs.htb() www.outspokenvisions.htb() dagranitegiare.htb() mobsouk.htb() da-industrial.htb()
|
|
|
3.0 |
|
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|