121 |
2022-04-11 10:53
|
R-1690355177.xlsb 7857df89687a6cb68a40efbef69039c8 Excel Binary Workbook file format(xlsb) Check memory Creates executable files unpack itself suspicious process Tofsee |
|
6
rangopurnews.com(107.167.95.30) - mailcious cruzandsons.co.za(192.185.16.131) - mailcious sankalpnurshinghome.com(162.241.148.33) - mailcious 192.185.16.131 - mailcious 107.167.95.30 - mailcious 162.241.148.33 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO TLS Handshake Failure
|
|
3.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
122 |
2022-04-09 08:51
|
R-993414964.xlsb 9dd92810d8cad1993a008857dcb21734 Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files ICMP traffic unpack itself suspicious process Tofsee |
3
https://rangopurnews.com/RKAbVv4T/Fbvh.png
https://sankalpnurshinghome.com/GW3scFGGHZp1/Fbvh.png
https://cruzandsons.co.za/Rgqc8er6ma4/Fbvh.png
|
6
rangopurnews.com(107.167.95.30)
cruzandsons.co.za(192.185.16.131)
sankalpnurshinghome.com(162.241.148.33) 192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO TLS Handshake Failure
|
|
4.2 |
|
7 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
123 |
2022-04-09 08:51
|
R-990170702.xlsb b6548b9fc3a8e14e419ea634fa72928c Excel Binary Workbook file format(xlsb) Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://rangopurnews.com/RKAbVv4T/Fbvh.png
https://sankalpnurshinghome.com/GW3scFGGHZp1/Fbvh.png
https://cruzandsons.co.za/Rgqc8er6ma4/Fbvh.png
|
6
rangopurnews.com(107.167.95.30)
cruzandsons.co.za(192.185.16.131)
sankalpnurshinghome.com(162.241.148.33) 192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SURICATA TLS invalid record type SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record/traffic ET INFO TLS Handshake Failure
|
|
3.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
124 |
2022-04-09 08:51
|
R-996681987.xlsb c0d843d02733200bdde4e20dea22b6ff Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Tofsee Exploit crashed |
3
https://rangopurnews.com/RKAbVv4T/Fbvh.png
https://sankalpnurshinghome.com/GW3scFGGHZp1/Fbvh.png
https://cruzandsons.co.za/Rgqc8er6ma4/Fbvh.png
|
6
rangopurnews.com(107.167.95.30)
cruzandsons.co.za(192.185.16.131)
sankalpnurshinghome.com(162.241.148.33) 192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO TLS Handshake Failure
|
|
4.2 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
125 |
2022-04-08 11:24
|
new.xlsm 191cab791281ce1bb8729e77bdce2576 VBA_macro VirusTotal Malware MachineGuid Check memory WMI Creates executable files unpack itself Tofsee Interception ComputerName |
1
https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file
|
4
download2340.mediafire.com(199.91.155.81) - mailcious www.mediafire.com(104.16.203.237) - mailcious 199.91.155.81 - mailcious 104.16.203.237 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
126 |
2022-04-08 10:23
|
PayRoll-032722_0412221.xlsx 5b4dc3829c791784760c52165e6b923aunpack itself Tofsee |
2
https://taxfile.mediafire.com/file/scgqi1dca3tklxl/new.xlsm/ https://taxfile.mediafire.com/file/scgqi1dca3tklxl/new.xlsm/file
|
4
taxfile.mediafire.com(205.196.120.8) - mailcious download1923.mediafire.com(199.91.153.170) 205.196.120.6 - malware 199.91.153.170
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
127 |
2022-04-07 17:32
|
SNC-66168115-Apr-6.xlsb a0e3a2e0777164a03e52cfd9978113af Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files suspicious process DNS |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827 http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious 104.225.129.111 - mailcious 91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/ http://212.46.38.179/
|
4.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
128 |
2022-04-07 17:32
|
SNC-1636493673-Apr-6.xlsb 9f20094f0eff52f61891364301f97d5d Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827 http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious 104.225.129.111 - mailcious 91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/ http://212.46.38.179/
|
6.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
129 |
2022-04-07 11:26
|
SNC-1699465373-Apr-6.xlsb 78a7228fb27b025fafcd65303887f989 Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files suspicious process DNS |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827 http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious 104.225.129.111 - mailcious 91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/ http://212.46.38.179/
|
5.4 |
M |
10 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
130 |
2022-04-07 11:26
|
SNC-1858911127-Apr-6.xlsb f6d94e2b57f5dd80c4f1dcbbbc36688f Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827 http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious 104.225.129.111 - mailcious 91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/ http://212.46.38.179/
|
6.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
131 |
2022-04-07 11:26
|
SNC-612086596-Apr-6.xlsb 4625181b70514f226dcddbb7e9ff87fd Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827 http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious 104.225.129.111 - mailcious 91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/ http://212.46.38.179/
|
5.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
132 |
2022-04-06 17:22
|
ATTR-147470270-Apr-4.xlsb 31d57098f695e4a999a109309cc6cc6a Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://185.82.126.17/44651,6679619213.dat - rule_id: 15661 http://149.255.36.223/44651,6679619213.dat - rule_id: 15659
|
3
149.255.36.223 - mailcious 185.33.86.42 - mailcious 185.82.126.17 - mailcious
|
|
2
http://185.82.126.17/ http://149.255.36.223/
|
4.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
133 |
2022-04-05 17:55
|
ATTR-2019747536-Apr-4.xlsb 58f2d0f2e5c18411e2ecca942a16df78 Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://185.82.126.17/44651,6679619213.dat - rule_id: 15661 http://149.255.36.223/44651,6679619213.dat - rule_id: 15659
|
3
149.255.36.223 - mailcious 185.33.86.42 - mailcious 185.82.126.17 - mailcious
|
|
2
http://185.82.126.17/ http://149.255.36.223/
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
134 |
2022-04-05 17:55
|
RS-1560138737-Apr-4.xlsb 8efc2f900f78f04e2189dac10c40bacf Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://172.93.133.113/44651,6679619213.dat - rule_id: 15677 http://103.20.235.168/44651,6679619213.dat - rule_id: 15676
|
3
91.199.154.200 - mailcious 172.93.133.113 - mailcious 103.20.235.168 - mailcious
|
|
2
http://172.93.133.113/ http://103.20.235.168/
|
6.8 |
M |
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
135 |
2022-04-05 17:54
|
ATTR-926289951-Apr-4.xlsb 79b334216825f7afbc495d0d07abed1c Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://149.255.36.223/44651,6679619213.dat - rule_id: 15659 http://185.82.126.17/44651,6679619213.dat - rule_id: 15661
|
3
149.255.36.223 - mailcious 185.33.86.42 - mailcious 185.82.126.17 - mailcious
|
|
2
http://149.255.36.223/ http://185.82.126.17/
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|