646 |
2021-04-26 18:00
|
file 45a0cfbd6749929ebd451bd5a04120e4 Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
9
https://www.googletagmanager.com/gtag/js?id=UA-829541-1 https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T https://www.aaxdetect.com/pxext.gif https://c.aaxads.com/aax.js?pub=AAX3221EY&hst=&ver=1.2 https://www.google-analytics.com/plugins/ua/ec.js https://c.aaxads.com/pxusr.gif https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 https://www.google-analytics.com/analytics.js https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&dewh=SSP_CLIENT_control&dgeg=0&dgw=desktop&flg=AAX3221EY&fw=YONGDONG&ff=KR&xjg=4&dss=0&skw=899&slg=8PR6YK195&gq=&vhuyqdph=rtb-nv-dcos-ssp-10-6-46-228-14293&vg=-1&vyu=042211_229_042211_95_ssp&vf=&yhuvlrq=4&yk=899&yz=1365&yvlg=&ylg=00001619427471141029496787422051&vvsDeExfnhw=CONTROL&qsd=0&oz=0&gdss=green&uwbsh=&jgsu_hqi=1&fvha=0&jgivwu=&jgsu=0&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&jixqgo=1600&jwg=100&lqlg=&qjixqgo=1700&ugo=800&lg_ghwdlov=°=2&gvwduw=138&ghqg=420&sf=&uhtxuo=file%3A%2F%2F%2FC%3A%2FUsers%2Ftest22%2FAppData%2FLocal%2FTemp%2Ffile.html&nzui=
|
17
www.googletagmanager.com(142.250.196.104) www.aaxdetect.com(104.75.34.8) c.aaxads.com(104.75.22.243) translate.google.com(172.217.26.46) cdn.otnolatrnup.com(104.19.214.37) l3.aaxads.com(104.75.22.243) static.mediafire.com(104.16.202.237) www.google-analytics.com(216.58.197.174) 104.19.215.37 142.250.66.110 104.16.203.237 - mailcious 142.250.204.142 216.58.197.110 104.75.34.8 104.75.22.243 142.250.204.72 104.16.202.237 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
647 |
2021-04-23 13:56
|
index.html f80e9553e5387cb4fcb09a9094416f4d Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
4
http://d3js.org/d3.v4.js https://d3js.org/d3.v4.js https://d3js.org/d3-scale-chromatic.v1.min.js https://d3js.org/d3-geo-projection.v2.min.js
|
2
d3js.org(172.67.73.126) 172.67.73.126
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
648 |
2021-04-23 13:42
|
index.html f80e9553e5387cb4fcb09a9094416f4d Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
4
http://d3js.org/d3.v4.js https://d3js.org/d3.v4.js https://d3js.org/d3-scale-chromatic.v1.min.js https://d3js.org/d3-geo-projection.v2.min.js
|
2
d3js.org(104.26.6.30) 104.26.6.30
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
649 |
2021-04-23 13:10
|
index.html f80e9553e5387cb4fcb09a9094416f4d Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
4
http://d3js.org/d3.v4.js https://d3js.org/d3.v4.js https://d3js.org/d3-scale-chromatic.v1.min.js https://d3js.org/d3-geo-projection.v2.min.js
|
2
d3js.org(104.26.7.30) 104.26.6.30
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
650 |
2021-04-08 19:43
|
zender.txt 5db24413257332efd03849b64f49b2c1 Antivirus Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities suspicious process Windows Exploit DNS crashed |
|
3
79.141.170.43 104.26.13.31 104.192.141.1 - mailcious
|
|
|
6.4 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
651 |
2021-04-07 09:47
|
real.wsf 6587e06aed7a51ec54d73394cf3b8d9dVirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
5.6 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
652 |
2021-04-07 09:33
|
deal.wsf aad06a91c13f3f118b9c1a23b0af4f87VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
|
|
5.6 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
653 |
2021-04-07 09:33
|
real.wsf 6587e06aed7a51ec54d73394cf3b8d9dVirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder DNS |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
|
|
6.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
654 |
2021-04-01 07:46
|
divine11.html 39f36486a95dd6945a63a4f028b8af54VBScript suspicious privilege MachineGuid Code Injection WMI wscript.exe payload download Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS crashed Dropper |
32
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D9202096335134795169%26pageID%3D3844689482953206831%26blogspotRpcToken%3D8511820%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D9202096335134795169%26pageID%3D3844689482953206831%26blogspotRpcToken%3D8511820%26bpli%3D1&passive=true&go=true https://resources.blogblog.com/img/anon36.png https://www.blogger.com/comment-iframe.g?blogID=9202096335134795169&pageID=3844689482953206831&blogspotRpcToken=8511820 https://www.blogger.com/static/v1/widgets/2080820689-widgets.js https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=Pa5A_0uaAzeWbINaO2TQXL0lZm6tAyox2Q6Ari2SFkE https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/blogin.g?blogspotURL=https://humtotmharyhain.blogspot.com/p/divine11.html https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://humtotmharyhain.blogspot.com/p/divine11.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://humtotmharyhain.blogspot.com/p/divine11.html%26bpli%3D1&passive=true&go=true https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://www.blogger.com/static/v1/jsbin/3762525058-cmt__en_gb.js https://resources.blogblog.com/img/blank.gif https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.google.com/css/maia.css https://www.blogger.com/comment-iframe.g?blogID=9202096335134795169&pageID=3844689482953206831&blogspotRpcToken=8511820&bpli=1 https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fhumtotmharyhain.blogspot.com%2Fp%2Fdivine11.html&bpli=1 https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/jsbin/1277698886-ieretrofit.js https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js https://www.google.com/js/bg/Pa5A_0uaAzeWbINaO2TQXL0lZm6tAyox2Q6Ari2SFkE.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/dyn-css/authorization.css?targetBlogID=9202096335134795169&zx=13bf7370-9e7a-4c19-af40-56e74bd3158e https://resources.blogblog.com/img/icon18_wrench_allbkg.png
|
19
resources.blogblog.com(172.217.31.137) ia801408.us.archive.org(207.241.228.148) - mailcious www.google.com(172.217.24.132) www.gstatic.com(172.217.175.99) fonts.googleapis.com(172.217.175.42) archive.org(207.241.224.2) - mailcious accounts.google.com(172.217.175.45) www.google-analytics.com(172.217.175.78) fonts.gstatic.com(172.217.31.131) www.blogger.com(172.217.31.137) 172.217.163.228 216.58.200.74 216.58.197.109 207.241.228.148 - mailcious 216.58.200.67 172.217.174.206 172.217.24.201 216.58.220.195 172.217.26.137
|
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
655 |
2021-03-27 11:36
|
Encoding.html d7bb6b9d1cd02209f89dc0c4759ddd87 Antivirus Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://198.251.72.110/ALL.txt http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.bing.com/favicon.ico
|
3
ia801407.us.archive.org(207.241.228.147) - mailcious 207.241.228.147 - mailcious 198.251.72.110 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Windows executable base64 encoded ET HUNTING EXE Base64 Encoded potential malware
|
|
10.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
656 |
2021-03-27 11:26
|
Encoding.html d7bb6b9d1cd02209f89dc0c4759ddd87VirusTotal Malware crashed |
|
|
|
|
0.6 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
657 |
2021-03-17 16:47
|
test.html 1e4afb756fe35ed1998103207ffb6758Code Injection RWX flags setting unpack itself Windows utilities Windows |
|
|
|
|
2.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|