| 1426 |
2024-07-02 14:10
|
 Update.js 365d4f4e6ffed01288e0fae6e352e8a5
VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://czvqr.fans.smalladventureguide.com/orderReview
|
2
czvqr.fans.smalladventureguide.com(162.252.175.117) - mailcious
162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1427 |
2024-07-03 08:07
|
 mku.vbs 723330a9cf1200400aa6a4dcbd27e061
Malware download Wshrat NetWireRC Malware VBScript AutoRuns WMI wscript.exe payload download AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper |
1
http://chongmei33.publicvm.com:7045/is-ready - rule_id: 28328
|
2
chongmei33.publicvm.com(46.246.86.12) - mailcious
46.246.86.12
|
4
ET MALWARE WSHRAT CnC Checkin
ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
|
1
http://chongmei33.publicvm.com:7045/is-ready
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1428 |
2024-07-03 10:46
|
 Update.js cbca476a716c76cf629b3428ee9c3f43
VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://yeo.fans.smalladventureguide.com/orderReview
|
2
yeo.fans.smalladventureguide.com(162.252.175.117)
162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1429 |
2024-07-04 11:31
|
 Update.js 616eae241a26b57cf9d5efc97ff8491f
VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://shryr.fans.smalladventureguide.com/orderReview
|
2
shryr.fans.smalladventureguide.com(162.252.175.117)
162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1430 |
2024-07-04 17:08
|
 Explore.vbs 9b5731dd0f4fe8d82ce62e1ef83ebc8c
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
|
1
89.197.154.116 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
9.0 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1431 |
2024-07-05 15:54
|
 Report.ps1 054618073752ea5823c98130114a3241
Hide_EXE Generic Malware task schedule Antivirus KeyLogger AntiDebug AntiVM Malware download AsyncRAT NetWireRC VirusTotal Malware Code Injection Check memory buffers extracted unpack itself DDNS |
|
2
services-line2.freeddns.org(136.243.111.71)
136.243.111.71
|
3
ET INFO DYNAMIC_DNS Query to a *.freeddns .org Domain
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
7.2 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1432 |
2024-07-07 18:48
|
 qwerty.ps1 b099d0ec774fccc05b662d86eaba027a
Hide_EXE Generic Malware Malicious Packer UPX Antivirus AntiDebug AntiVM PE File PE32 VirusTotal Malware powershell Buffer PE Code Injection Check memory buffers extracted heapspray Creates executable files RWX flags setting unpack itself powershell.exe wrote malicious URLs WriteConsoleW Windows crashed |
4
http://lastimaners.ug/zxcvb.exe - rule_id: 26228
http://lastimaners.ug/asdfg.exe - rule_id: 36174
http://lastimaners.ug/asdf.EXE
http://lastimaners.ug/zxcv.EXE
|
2
lastimaners.ug(91.215.85.223) - malware
91.215.85.223 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 14
ET POLICY PE EXE or DLL Windows file download HTTP
|
2
http://lastimaners.ug/zxcvb.exe
http://lastimaners.ug/asdfg.exe
|
10.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1433 |
2024-07-07 19:11
|
 63vN2.txt.vbs dc087d53594631d1aaa5a22d4b98029f
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://212.70.149.205:2020/c.jpg
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 8
|
|
6.8 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1434 |
2024-07-08 10:04
|
 Update.js affe7c07da3776a191c69b73e50d491aVBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://pkjzv.fans.smalladventureguide.com/orderReview
|
2
pkjzv.fans.smalladventureguide.com(162.252.175.117)
162.252.175.117 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1435 |
2024-07-09 14:18
|
 Update_old.js affe7c07da3776a191c69b73e50d491aVBScript wscript.exe payload download Tofsee crashed Dropper |
|
2
pkjzv.fans.smalladventureguide.com(162.252.175.117) - mailcious
162.252.175.117 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1436 |
2024-07-10 09:52
|
 Update.js 94a69d2789ce8db937bd23160c7cf57bVBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://pyous.parish.chuathuongxot.org/orderReview
|
2
pyous.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1437 |
2024-07-10 09:52
|
 Update2.js 1d07102e4ad699b952201104aca88770VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper |
1
https://wvgbc.parish.chuathuongxot.org/orderReview
|
2
wvgbc.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1438 |
2024-07-10 13:43
|
 mg.vbs 8df76af54c38d5d4c2cd9f6d18eedf92
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
8.2 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1439 |
2024-07-10 13:45
|
 wh.vbs 23454878fb50859c4849ac2b6e256789
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
8.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1440 |
2024-07-10 22:42
|
 4b98d2919533ab614a7571aa0ef7c8... ad27be427dd7f922143e57fd1fa64f98
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check JPEG Format VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AppData folder Windows DNS keylogger |
|
1
185.157.162.75 - mailcious
|
|
|
9.2 |
|
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|