| 121 |
2022-04-11 10:53
|
 R-1690355177.xlsb 7857df89687a6cb68a40efbef69039c8
Excel Binary Workbook file format(xlsb) Check memory Creates executable files unpack itself suspicious process Tofsee |
|
6
rangopurnews.com(107.167.95.30) - mailcious
cruzandsons.co.za(192.185.16.131) - mailcious
sankalpnurshinghome.com(162.241.148.33) - mailcious
192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET INFO TLS Handshake Failure
|
|
3.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 122 |
2022-04-09 08:51
|
 R-993414964.xlsb 9dd92810d8cad1993a008857dcb21734
Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files ICMP traffic unpack itself suspicious process Tofsee |
3
https://rangopurnews.com/RKAbVv4T/Fbvh.png
https://sankalpnurshinghome.com/GW3scFGGHZp1/Fbvh.png
https://cruzandsons.co.za/Rgqc8er6ma4/Fbvh.png
|
6
rangopurnews.com(107.167.95.30)
cruzandsons.co.za(192.185.16.131)
sankalpnurshinghome.com(162.241.148.33)
192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET INFO TLS Handshake Failure
|
|
4.2 |
|
7 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 123 |
2022-04-09 08:51
|
 R-990170702.xlsb b6548b9fc3a8e14e419ea634fa72928c
Excel Binary Workbook file format(xlsb) Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://rangopurnews.com/RKAbVv4T/Fbvh.png
https://sankalpnurshinghome.com/GW3scFGGHZp1/Fbvh.png
https://cruzandsons.co.za/Rgqc8er6ma4/Fbvh.png
|
6
rangopurnews.com(107.167.95.30)
cruzandsons.co.za(192.185.16.131)
sankalpnurshinghome.com(162.241.148.33)
192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SURICATA TLS invalid record type
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record/traffic
ET INFO TLS Handshake Failure
|
|
3.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 124 |
2022-04-09 08:51
|
 R-996681987.xlsb c0d843d02733200bdde4e20dea22b6ff
Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Tofsee Exploit crashed |
3
https://rangopurnews.com/RKAbVv4T/Fbvh.png
https://sankalpnurshinghome.com/GW3scFGGHZp1/Fbvh.png
https://cruzandsons.co.za/Rgqc8er6ma4/Fbvh.png
|
6
rangopurnews.com(107.167.95.30)
cruzandsons.co.za(192.185.16.131)
sankalpnurshinghome.com(162.241.148.33)
192.185.16.131 - mailcious
107.167.95.30 - mailcious
162.241.148.33 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET INFO TLS Handshake Failure
|
|
4.2 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 125 |
2022-04-08 11:24
|
 new.xlsm 191cab791281ce1bb8729e77bdce2576
VBA_macro VirusTotal Malware MachineGuid Check memory WMI Creates executable files unpack itself Tofsee Interception ComputerName |
1
https://www.mediafire.com/file/p3ay4it08j1s7hp/0main.htm/file
|
4
download2340.mediafire.com(199.91.155.81) - mailcious
www.mediafire.com(104.16.203.237) - mailcious
199.91.155.81 - mailcious
104.16.203.237 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 126 |
2022-04-08 10:23
|
 PayRoll-032722_0412221.xlsx 5b4dc3829c791784760c52165e6b923aunpack itself Tofsee |
2
https://taxfile.mediafire.com/file/scgqi1dca3tklxl/new.xlsm/
https://taxfile.mediafire.com/file/scgqi1dca3tklxl/new.xlsm/file
|
4
taxfile.mediafire.com(205.196.120.8) - mailcious
download1923.mediafire.com(199.91.153.170)
205.196.120.6 - malware
199.91.153.170
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 127 |
2022-04-07 17:32
|
 SNC-66168115-Apr-6.xlsb a0e3a2e0777164a03e52cfd9978113af
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files suspicious process DNS |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827
http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious
104.225.129.111 - mailcious
91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/
http://212.46.38.179/
|
4.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 128 |
2022-04-07 17:32
|
 SNC-1636493673-Apr-6.xlsb 9f20094f0eff52f61891364301f97d5d
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827
http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious
104.225.129.111 - mailcious
91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/
http://212.46.38.179/
|
6.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 129 |
2022-04-07 11:26
|
 SNC-1699465373-Apr-6.xlsb 78a7228fb27b025fafcd65303887f989
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files suspicious process DNS |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827
http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious
104.225.129.111 - mailcious
91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/
http://212.46.38.179/
|
5.4 |
M |
10 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 130 |
2022-04-07 11:26
|
 SNC-1858911127-Apr-6.xlsb f6d94e2b57f5dd80c4f1dcbbbc36688f
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827
http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious
104.225.129.111 - mailcious
91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/
http://212.46.38.179/
|
6.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 131 |
2022-04-07 11:26
|
 SNC-612086596-Apr-6.xlsb 4625181b70514f226dcddbb7e9ff87fd
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://91.234.254.131/7790983516.dat - rule_id: 15827
http://212.46.38.179/7790983516.dat - rule_id: 15828
|
3
212.46.38.179 - mailcious
104.225.129.111 - mailcious
91.234.254.131 - mailcious
|
|
2
http://91.234.254.131/
http://212.46.38.179/
|
5.6 |
M |
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 132 |
2022-04-06 17:22
|
 ATTR-147470270-Apr-4.xlsb 31d57098f695e4a999a109309cc6cc6a
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://185.82.126.17/44651,6679619213.dat - rule_id: 15661
http://149.255.36.223/44651,6679619213.dat - rule_id: 15659
|
3
149.255.36.223 - mailcious
185.33.86.42 - mailcious
185.82.126.17 - mailcious
|
|
2
http://185.82.126.17/
http://149.255.36.223/
|
4.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 |
2022-04-05 17:55
|
 ATTR-2019747536-Apr-4.xlsb 58f2d0f2e5c18411e2ecca942a16df78
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://185.82.126.17/44651,6679619213.dat - rule_id: 15661
http://149.255.36.223/44651,6679619213.dat - rule_id: 15659
|
3
149.255.36.223 - mailcious
185.33.86.42 - mailcious
185.82.126.17 - mailcious
|
|
2
http://185.82.126.17/
http://149.255.36.223/
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 134 |
2022-04-05 17:55
|
 RS-1560138737-Apr-4.xlsb 8efc2f900f78f04e2189dac10c40bacf
Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://172.93.133.113/44651,6679619213.dat - rule_id: 15677
http://103.20.235.168/44651,6679619213.dat - rule_id: 15676
|
3
91.199.154.200 - mailcious
172.93.133.113 - mailcious
103.20.235.168 - mailcious
|
|
2
http://172.93.133.113/
http://103.20.235.168/
|
6.8 |
M |
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 135 |
2022-04-05 17:54
|
 ATTR-926289951-Apr-4.xlsb 79b334216825f7afbc495d0d07abed1c
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://149.255.36.223/44651,6679619213.dat - rule_id: 15659
http://185.82.126.17/44651,6679619213.dat - rule_id: 15661
|
3
149.255.36.223 - mailcious
185.33.86.42 - mailcious
185.82.126.17 - mailcious
|
|
2
http://149.255.36.223/
http://185.82.126.17/
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|