| 106 |
2022-04-19 09:20
|
 ComplianceRep-1549899952-Apr-1... 05a9cccfd383c90fc0c6ce68363f4632
Excel Binary Workbook file format(xlsb) Malware Malicious Traffic RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
3
http://146.70.87.163/44666,6175321759.dat
http://91.194.11.15/44666,6175321759.dat
http://5.254.118.198/44666,6175321759.dat
|
3
146.70.87.163
91.194.11.15 - mailcious
5.254.118.198
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 107 |
2022-04-18 09:22
|
 awe.xlsm 05e99e800d1fddef1ccc9adbf1ef4183
VBA_macro unpack itself suspicious process WriteConsoleW DNS |
|
1
|
|
|
6.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 108 |
2022-04-18 09:15
|
 see.xlsm 7a300b49ef5af319c91821cf2674d2b9
VBA_macro unpack itself suspicious process WriteConsoleW DNS |
|
1
|
|
|
5.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 109 |
2022-04-14 15:17
|
 REJ-1661984978-Apr-12.xlsb 9b5c3e902f42699d310adc50a6a7c0f7
VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://87.236.146.116/7790983516.dat - rule_id: 16121
http://185.82.127.37/7790983516.dat - rule_id: 16122
|
3
51.195.38.33 - malware
87.236.146.116 - mailcious
185.82.127.37 - mailcious
|
|
2
http://87.236.146.116/
http://185.82.127.37/
|
4.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 110 |
2022-04-14 15:17
|
 REJ-2073499936-Apr-12.xlsb c335ab1b40cb9d52ad00908e454f260e
VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://185.82.127.37/7790983516.dat - rule_id: 16122
http://87.236.146.116/7790983516.dat - rule_id: 16121
|
3
87.236.146.116 - mailcious
51.195.38.33 - malware
185.82.127.37 - mailcious
|
|
2
http://185.82.127.37/
http://87.236.146.116/
|
6.0 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 111 |
2022-04-14 11:21
|
 W-187226415.xlsb bed901b1480a2af9b76dc875722ec03a
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
6
natalespatagonia.cl(192.185.17.132) - mailcious
maramaabroo.com(31.22.4.117) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious
31.22.4.117 - mailcious
192.185.17.132 - mailcious
162.241.62.76 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 112 |
2022-04-14 10:41
|
 W-160957625.xlsb fdf2f291fa7b70ebea93d238db8aae1f
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
6
natalespatagonia.cl(192.185.17.132) - mailcious
maramaabroo.com(31.22.4.117) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious
31.22.4.117 - mailcious
192.185.17.132 - mailcious
162.241.62.76 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.4 |
|
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 113 |
2022-04-14 10:41
|
 W-1611531349.xlsb dd1fb0f77e739767b1c57c2510b73a28
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Tofsee Exploit crashed |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
6
natalespatagonia.cl(192.185.17.132) - mailcious
maramaabroo.com(31.22.4.117) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious
31.22.4.117 - mailcious
192.185.17.132 - mailcious
162.241.62.76 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
7 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 114 |
2022-04-13 13:34
|
 new.xlsm 191cab791281ce1bb8729e77bdce2576
VBA_macro VirusTotal Malware MachineGuid Check memory WMI Creates executable files unpack itself Tofsee Interception ComputerName |
1
https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file - rule_id: 15966
|
4
download2284.mediafire.com(199.91.155.25) - mailcious
www.mediafire.com(104.16.203.237) - mailcious
199.91.155.25 - mailcious
104.16.202.237 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
1
https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file
|
5.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 115 |
2022-04-13 12:15
|
 E-1253417553.xlsb c06fd22e66beb0fb9b58341480ae5f05
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process |
2
http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat - rule_id: 16124
http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat - rule_id: 16125
|
6
lojaalamar.com.br(192.185.216.64) - mailcious
ateliecordefeltro.com(50.116.87.139) - mailcious
amalalhamed.com(162.215.248.83) - mailcious
50.116.87.139 - mailcious
162.215.248.83 - mailcious
192.185.216.64 - phishing
|
|
2
http://ateliecordefeltro.com/
http://lojaalamar.com.br/
|
3.8 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 116 |
2022-04-13 12:12
|
 REJ-507558316-Apr-12.xlsb c40dfd30b7298c8fecee2c1dfd04a4ff
VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://87.236.146.116/7790983516.dat - rule_id: 16121
http://185.82.127.37/7790983516.dat - rule_id: 16122
|
3
51.195.38.33 - malware
87.236.146.116 - mailcious
185.82.127.37 - mailcious
|
|
2
http://87.236.146.116/
http://185.82.127.37/
|
4.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 117 |
2022-04-13 09:42
|
 E-1257042592.xlsb 0f21f51666c1564e43c559c30e6a3fe5
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process |
3
http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat
http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat
http://amalalhamed.com/QOqUcVgYi9n/Omnh.png7790983516.dat
|
|
|
|
3.4 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 118 |
2022-04-13 09:40
|
 REJ-507558316-Apr-12.xlsb c40dfd30b7298c8fecee2c1dfd04a4ff
VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process |
3
http://185.82.127.37/7790983516.dat
http://87.236.146.116/7790983516.dat
http://51.195.38.33/7790983516.dat
|
|
|
|
3.2 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 119 |
2022-04-13 09:40
|
 REJ-1829083810-Apr-12.xlsb 56a84f74bbc66b27141cc78aba520e45
VBA_macro Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit crashed |
3
http://185.82.127.37/7790983516.dat
http://87.236.146.116/7790983516.dat
http://51.195.38.33/7790983516.dat
|
|
|
|
4.4 |
|
10 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 120 |
2022-04-13 09:40
|
 E-1253417553.xlsb c06fd22e66beb0fb9b58341480ae5f05
Malicious Library Excel Binary Workbook file format(xlsb) Creates executable files unpack itself suspicious process |
3
http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat
http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat
http://amalalhamed.com/QOqUcVgYi9n/Omnh.png7790983516.dat
|
|
|
|
2.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|