| 76 |
2022-11-18 17:29
|
 genufuvogibodiwi.pdf 408ecc14be0368d9b0f6a3743c5e9c28
PDF Suspicious Link PDF VirusTotal Malware Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
|
|
|
|
2.0 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 77 |
2022-11-18 17:27
|
 gesegilevukajadame.pdf 69861a6ce45da5c3835efa353b542af6
PDF Suspicious Link PDF VirusTotal Malware Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
|
|
|
|
2.2 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 78 |
2022-11-18 17:25
|
 69226738943.pdf d7b80bd21e5260b0df8ce4394f380c49
PDF Suspicious Link PDF Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
2022-11-18 17:20
|
 depapit.pdf bfc72fced72b30e16bf7b141d6baf5d5
PDF Suspicious Link Anti_VM PDF VirusTotal Malware |
|
|
|
|
0.6 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 80 |
2022-11-18 17:18
|
 202109160701388048.pdf 8394edb6189484e05a0beee2dba691aa
PDF Suspicious Link PDF VirusTotal Malware |
|
|
|
|
0.6 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 81 |
2022-11-12 05:28
|
 03_25689745-havfs-kshdg09sj-Fd... 40b4bed84c0d926fdb0a3c731db0e6ee
PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 82 |
2022-10-25 09:43
|
 32-Advisory-No-32-2022.pdf 95a3e6e8f01d0847128c6ff5f0f7a5b6
PDF Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 83 |
2022-10-04 10:13
|
 DetailsInfoPDF.pdf.lnk 71a2a9192ecf4c96cc5046101b869882
Malicious Library UPX PDF AntiDebug AntiVM GIF Format PE32 OS Processor Check DLL PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser ComputerName |
1
https://ovonel.buzz/oPe/moa.php
|
2
ovonel.buzz(64.52.80.168) - malware
64.52.80.168 - malware
|
|
|
8.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 84 |
2022-10-01 12:40
|
 Confirmation transfer Copy MT1... 8071f8af591e0433f4709047836143a2VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS DDNS Dropper |
1
http://javaautorun.duia.ro:5465/Vre
|
4
fresh01.ddns.net(79.134.225.11)
javaautorun.duia.ro(41.217.31.194) - mailcious
79.134.225.11 - mailcious
41.217.31.194
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
10.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 85 |
2022-09-27 04:31
|
 COMPROBANTE_OPERACION_SPEI.pdf 593003c3a6a04780255e223b1b1f45dd
PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 86 |
2022-09-21 18:16
|
 Matrixport Pay Raise.pdf e55dff61cfdbdafc827d1031006c2d65
PDF unpack itself Windows utilities Windows |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 87 |
2022-09-09 10:33
|
 ##INV225PDF.vbs f98abafacba0c5ab793e5662b4baf85dVBScript buffers extracted wscript.exe payload download suspicious process WriteConsoleW Tofsee Dropper |
1
https://onedrive.live.com/download?cid=7C9C82DE5899257A&resid=7C9C82DE5899257A%212326&authkey=AFQStmbC1Mpi4TM
|
2
onedrive.live.com(13.107.42.13) - mailcious
13.107.42.13 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 88 |
2022-09-08 10:08
|
 FACTURA DE PAGO 07 LEXOR.pdf b5ea5b75175011e0b15eaba20b6e54b6
PDF unpack itself Windows utilities Windows DNS |
1
https://rebrand.ly/fd1-fac-tura-depag_o00009
|
2
rebrand.ly(3.226.62.59)
23.32.56.18
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 89 |
2022-08-26 09:57
|
 OV DU 220722.PDF.js 49bf7b5a02c13cc0b3e7cce7bfebc5b4
Malicious Library PE32 PE File VirusTotal Malware Creates executable files RWX flags setting unpack itself AppData folder ComputerName DNS |
|
1
|
|
|
7.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 90 |
2022-08-18 12:21
|
 gamapixejoxawifom.pdf 8bdd2cdd39b2ad7b679faa50f629ce2b
PDF AntiDebug AntiVM PNG Format JPEG Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://worksflow.net/geoid
|
7
t.me(149.154.167.99) - mailcious
apps.identrust.com(119.207.65.137)
worksflow.net(52.8.134.32)
149.154.167.99 - mailcious
175.208.134.150
121.254.136.57
52.8.134.32
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|