1441 |
2024-07-10 22:48
|
4b98d2919533ab614a7571aa0ef7c8... ad27be427dd7f922143e57fd1fa64f98 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check JPEG Format VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AppData folder Windows DNS keylogger |
|
1
185.157.162.75 - mailcious
|
|
|
9.8 |
|
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1442 |
2024-07-11 13:52
|
Update.js 20cbccdda0677598a1c4c04c6c177a19VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://yzvy.parish.chuathuongxot.org/orderReview
|
2
yzvy.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1443 |
2024-07-11 17:47
|
vd.txt.vbs f3a9219e977b293b8cb364f8c8378284 Generic Malware Antivirus PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://66.225.254.182:222/reg.jpg
|
1
66.225.254.182 - mailcious
|
|
|
10.2 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1444 |
2024-07-11 18:12
|
Books_A0UJKO.pdf.url 461b3386de6d58f773233d9d5536672e AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://cbmelipilla.cl/te/test1.html - rule_id: 41189 http://cbmelipilla.cl/te/test1.html
|
2
cbmelipilla.cl(184.171.244.113) 184.171.244.113 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
1
http://cbmelipilla.cl/te/test1.html
|
4.6 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1445 |
2024-07-12 09:44
|
ddmc.txt.exe db4d78d424d581692cb5483951e32ac5 Hide_EXE VirusTotal Malware |
|
|
|
|
0.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1446 |
2024-07-12 16:26
|
Update.js aec7249b3d61d42aec7e3723176b5fb5VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://trw.parish.chuathuongxot.org/orderReview
|
2
trw.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1447 |
2024-07-15 09:21
|
dmi.txt.vbs 7e4e5ec429a0738c15593112bcf50406 Antivirus VirusTotal Malware |
|
|
|
|
0.8 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1448 |
2024-07-15 09:21
|
nlb.txt.vbs afd1fa691ac9b0ab5b39fd8a0d0e40d7 Antivirus VirusTotal Malware |
|
|
|
|
0.6 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1449 |
2024-07-15 09:27
|
dmi.txt.vbs 7e4e5ec429a0738c15593112bcf50406 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://38.22.104.227:666/tnttawy.jpg
|
|
|
|
6.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1450 |
2024-07-15 09:28
|
nlb.txt.vbs afd1fa691ac9b0ab5b39fd8a0d0e40d7 Generic Malware Antivirus PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/V3Lmu/0
|
2
paste.ee(104.21.84.67) - mailcious 172.67.187.200 - mailcious
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.6 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1451 |
2024-07-15 09:31
|
vikis.txt.vbs 26a4c267e7169f70a2f810854c0214cd Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
6.2 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1452 |
2024-07-15 10:30
|
Update.js 19e9ed9aab2bbf4d40e7d1e1072ebd21Malware download Malware VBScript wscript.exe payload download Tofsee SocGholish DNS crashed Dropper |
1
https://mjlq.parish.chuathuongxot.org/orderReview
|
2
mjlq.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
4
ET MALWARE SocGholish CnC Domain in DNS (* .parish .chuathuongxot .org) ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1453 |
2024-07-15 10:30
|
Update (1).js 43c65f08a365483fc68f8a36958b7b49Malware download Malware VBScript wscript.exe payload download unpack itself Tofsee SocGholish DNS crashed Dropper |
1
https://kacjt.parish.chuathuongxot.org/orderReview
|
2
kacjt.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
4
ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE SocGholish CnC Domain in DNS (* .parish .chuathuongxot .org) ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1454 |
2024-07-16 02:59
|
4b98d2919533ab614a7571aa0ef7c8... ad27be427dd7f922143e57fd1fa64f98 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX JPEG Format PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AppData folder Windows DNS keylogger |
|
1
185.157.162.75 - mailcious
|
|
|
9.8 |
|
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1455 |
2024-07-17 20:50
|
d3l.ps1 d4668b957d53463c68684d6cab89c2b2 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|