76 |
2022-11-18 17:29
|
genufuvogibodiwi.pdf 408ecc14be0368d9b0f6a3743c5e9c28 PDF Suspicious Link PDF VirusTotal Malware Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
|
|
|
|
2.0 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
77 |
2022-11-18 17:27
|
gesegilevukajadame.pdf 69861a6ce45da5c3835efa353b542af6 PDF Suspicious Link PDF VirusTotal Malware Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
|
|
|
|
2.2 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
78 |
2022-11-18 17:25
|
69226738943.pdf d7b80bd21e5260b0df8ce4394f380c49 PDF Suspicious Link PDF Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
79 |
2022-11-18 17:20
|
depapit.pdf bfc72fced72b30e16bf7b141d6baf5d5 PDF Suspicious Link Anti_VM PDF VirusTotal Malware |
|
|
|
|
0.6 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
80 |
2022-11-18 17:18
|
202109160701388048.pdf 8394edb6189484e05a0beee2dba691aa PDF Suspicious Link PDF VirusTotal Malware |
|
|
|
|
0.6 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
81 |
2022-11-12 05:28
|
03_25689745-havfs-kshdg09sj-Fd... 40b4bed84c0d926fdb0a3c731db0e6ee PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
82 |
2022-10-25 09:43
|
32-Advisory-No-32-2022.pdf 95a3e6e8f01d0847128c6ff5f0f7a5b6 PDF Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
83 |
2022-10-04 10:13
|
DetailsInfoPDF.pdf.lnk 71a2a9192ecf4c96cc5046101b869882 Malicious Library UPX PDF AntiDebug AntiVM GIF Format PE32 OS Processor Check DLL PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser ComputerName |
1
https://ovonel.buzz/oPe/moa.php
|
2
ovonel.buzz(64.52.80.168) - malware 64.52.80.168 - malware
|
|
|
8.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
84 |
2022-10-01 12:40
|
Confirmation transfer Copy MT1... 8071f8af591e0433f4709047836143a2VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS DDNS Dropper |
1
http://javaautorun.duia.ro:5465/Vre
|
4
fresh01.ddns.net(79.134.225.11)
javaautorun.duia.ro(41.217.31.194) - mailcious 79.134.225.11 - mailcious
41.217.31.194
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
10.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
85 |
2022-09-27 04:31
|
COMPROBANTE_OPERACION_SPEI.pdf 593003c3a6a04780255e223b1b1f45dd PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
86 |
2022-09-21 18:16
|
Matrixport Pay Raise.pdf e55dff61cfdbdafc827d1031006c2d65 PDF unpack itself Windows utilities Windows |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
87 |
2022-09-09 10:33
|
##INV225PDF.vbs f98abafacba0c5ab793e5662b4baf85dVBScript buffers extracted wscript.exe payload download suspicious process WriteConsoleW Tofsee Dropper |
1
https://onedrive.live.com/download?cid=7C9C82DE5899257A&resid=7C9C82DE5899257A%212326&authkey=AFQStmbC1Mpi4TM
|
2
onedrive.live.com(13.107.42.13) - mailcious 13.107.42.13 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
88 |
2022-09-08 10:08
|
FACTURA DE PAGO 07 LEXOR.pdf b5ea5b75175011e0b15eaba20b6e54b6 PDF unpack itself Windows utilities Windows DNS |
1
https://rebrand.ly/fd1-fac-tura-depag_o00009
|
2
rebrand.ly(3.226.62.59) 23.32.56.18
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
89 |
2022-08-26 09:57
|
OV DU 220722.PDF.js 49bf7b5a02c13cc0b3e7cce7bfebc5b4 Malicious Library PE32 PE File VirusTotal Malware Creates executable files RWX flags setting unpack itself AppData folder ComputerName DNS |
|
1
|
|
|
7.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
90 |
2022-08-18 12:21
|
gamapixejoxawifom.pdf 8bdd2cdd39b2ad7b679faa50f629ce2b PDF AntiDebug AntiVM PNG Format JPEG Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c https://worksflow.net/geoid
|
7
t.me(149.154.167.99) - mailcious apps.identrust.com(119.207.65.137) worksflow.net(52.8.134.32) 149.154.167.99 - mailcious 175.208.134.150 121.254.136.57 52.8.134.32
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|