106 |
2022-04-19 09:20
|
ComplianceRep-1549899952-Apr-1... 05a9cccfd383c90fc0c6ce68363f4632 Excel Binary Workbook file format(xlsb) Malware Malicious Traffic RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
3
http://146.70.87.163/44666,6175321759.dat http://91.194.11.15/44666,6175321759.dat http://5.254.118.198/44666,6175321759.dat
|
3
146.70.87.163 91.194.11.15 - mailcious 5.254.118.198
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
107 |
2022-04-18 09:22
|
awe.xlsm 05e99e800d1fddef1ccc9adbf1ef4183 VBA_macro unpack itself suspicious process WriteConsoleW DNS |
|
1
|
|
|
6.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
108 |
2022-04-18 09:15
|
see.xlsm 7a300b49ef5af319c91821cf2674d2b9 VBA_macro unpack itself suspicious process WriteConsoleW DNS |
|
1
|
|
|
5.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
109 |
2022-04-14 15:17
|
REJ-1661984978-Apr-12.xlsb 9b5c3e902f42699d310adc50a6a7c0f7 VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://87.236.146.116/7790983516.dat - rule_id: 16121 http://185.82.127.37/7790983516.dat - rule_id: 16122
|
3
51.195.38.33 - malware 87.236.146.116 - mailcious 185.82.127.37 - mailcious
|
|
2
http://87.236.146.116/ http://185.82.127.37/
|
4.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
110 |
2022-04-14 15:17
|
REJ-2073499936-Apr-12.xlsb c335ab1b40cb9d52ad00908e454f260e VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://185.82.127.37/7790983516.dat - rule_id: 16122 http://87.236.146.116/7790983516.dat - rule_id: 16121
|
3
87.236.146.116 - mailcious 51.195.38.33 - malware 185.82.127.37 - mailcious
|
|
2
http://185.82.127.37/ http://87.236.146.116/
|
6.0 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
111 |
2022-04-14 11:21
|
W-187226415.xlsb bed901b1480a2af9b76dc875722ec03a Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
6
natalespatagonia.cl(192.185.17.132) - mailcious
maramaabroo.com(31.22.4.117) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious 31.22.4.117 - mailcious
192.185.17.132 - mailcious
162.241.62.76 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
112 |
2022-04-14 10:41
|
W-160957625.xlsb fdf2f291fa7b70ebea93d238db8aae1f Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
6
natalespatagonia.cl(192.185.17.132) - mailcious
maramaabroo.com(31.22.4.117) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious 31.22.4.117 - mailcious
192.185.17.132 - mailcious
162.241.62.76 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.4 |
|
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
113 |
2022-04-14 10:41
|
W-1611531349.xlsb dd1fb0f77e739767b1c57c2510b73a28 Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Tofsee Exploit crashed |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
6
natalespatagonia.cl(192.185.17.132) - mailcious
maramaabroo.com(31.22.4.117) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious 31.22.4.117 - mailcious
192.185.17.132 - mailcious
162.241.62.76 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
7 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
114 |
2022-04-13 13:34
|
new.xlsm 191cab791281ce1bb8729e77bdce2576 VBA_macro VirusTotal Malware MachineGuid Check memory WMI Creates executable files unpack itself Tofsee Interception ComputerName |
1
https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file - rule_id: 15966
|
4
download2284.mediafire.com(199.91.155.25) - mailcious www.mediafire.com(104.16.203.237) - mailcious 199.91.155.25 - mailcious 104.16.202.237 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
1
https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file
|
5.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
115 |
2022-04-13 12:15
|
E-1253417553.xlsb c06fd22e66beb0fb9b58341480ae5f05 Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process |
2
http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat - rule_id: 16124 http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat - rule_id: 16125
|
6
lojaalamar.com.br(192.185.216.64) - mailcious ateliecordefeltro.com(50.116.87.139) - mailcious amalalhamed.com(162.215.248.83) - mailcious 50.116.87.139 - mailcious 162.215.248.83 - mailcious 192.185.216.64 - phishing
|
|
2
http://ateliecordefeltro.com/ http://lojaalamar.com.br/
|
3.8 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
116 |
2022-04-13 12:12
|
REJ-507558316-Apr-12.xlsb c40dfd30b7298c8fecee2c1dfd04a4ff VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://87.236.146.116/7790983516.dat - rule_id: 16121 http://185.82.127.37/7790983516.dat - rule_id: 16122
|
3
51.195.38.33 - malware 87.236.146.116 - mailcious 185.82.127.37 - mailcious
|
|
2
http://87.236.146.116/ http://185.82.127.37/
|
4.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
2022-04-13 09:42
|
E-1257042592.xlsb 0f21f51666c1564e43c559c30e6a3fe5 Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process |
3
http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat
http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat
http://amalalhamed.com/QOqUcVgYi9n/Omnh.png7790983516.dat
|
|
|
|
3.4 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
118 |
2022-04-13 09:40
|
REJ-507558316-Apr-12.xlsb c40dfd30b7298c8fecee2c1dfd04a4ff VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process |
3
http://185.82.127.37/7790983516.dat
http://87.236.146.116/7790983516.dat
http://51.195.38.33/7790983516.dat
|
|
|
|
3.2 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
119 |
2022-04-13 09:40
|
REJ-1829083810-Apr-12.xlsb 56a84f74bbc66b27141cc78aba520e45 VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit crashed |
3
http://185.82.127.37/7790983516.dat
http://87.236.146.116/7790983516.dat
http://51.195.38.33/7790983516.dat
|
|
|
|
4.4 |
|
10 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
120 |
2022-04-13 09:40
|
E-1253417553.xlsb c06fd22e66beb0fb9b58341480ae5f05 Malicious Library Excel Binary Workbook file format(xlsb) Creates executable files unpack itself suspicious process |
3
http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat
http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat
http://amalalhamed.com/QOqUcVgYi9n/Omnh.png7790983516.dat
|
|
|
|
2.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|