| 1 |
2023-11-14 07:58
|
 unsecapp.exe 754ce856887cc1da00e95d45c5163075
AgentTesla Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed keylogger |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
3
mail.bretoffice.com(185.174.174.220) - mailcious
121.254.136.9
185.174.174.220 - phishing
|
2
SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2023-10-04 07:56
|
 processing.exe 5b4cde02e2552a6c3d5f4c96e61a9e4b
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself |
3
http://www.johnnystintshop.com/sy22/?5j=lBpndDaiazzaPDz8oVvNWLtjY8ASY3krgNLZx/nYs7DN6Z9ubRKrMqHrK8vEE3FEQDB+295P&vTdDK=LJBx - rule_id: 36543
http://www.mysticheightstrail.com/sy22/?5j=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&vTdDK=LJBx - rule_id: 36309
http://www.jizihao1.com/sy22/?5j=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&vTdDK=LJBx - rule_id: 36544
|
6
www.johnnystintshop.com(15.197.148.33) - mailcious
www.apneabirmingham.info()
www.mysticheightstrail.com(15.197.148.33) - mailcious
www.jizihao1.com(39.101.169.136) - mailcious
3.33.130.190 - phishing
39.101.169.136 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.johnnystintshop.com/sy22/
http://www.mysticheightstrail.com/sy22/
http://www.jizihao1.com/sy22/
|
5.0 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2023-10-04 07:44
|
 nvpn.exe c17f541fdb6b3cb61be539e348d6ee0f
NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed |
|
|
|
|
4.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2023-09-30 13:32
|
 audiodg.exe 44467cb97748f78289cca59f5ad2cc3a
NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed |
|
|
|
|
4.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2023-09-18 13:41
|
 po# 348839.exe 4a7a9da9b5d246c23e12315e4eac1fcd
Formbook NSIS UPX Malicious Library PE File PE32 OS Processor Check Malware download VirusTotal Malware suspicious privilege Check memory Creates executable files ICMP traffic unpack itself AppData folder |
13
http://www.houtaijiaju.com/stcf/?el=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&isnBX=nywdxOY_N7CAIHs - rule_id: 36372
http://www.ronikonmet.online/stcf/?el=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&isnBX=nywdxOY_N7CAIHs - rule_id: 36374
http://www.innovativefewsustra.com/stcf/?el=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&isnBX=nywdxOY_N7CAIHs - rule_id: 36377
http://www.saintprojetdesalers.com/stcf/ - rule_id: 36373
http://www.saintprojetdesalers.com/stcf/?el=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&isnBX=nywdxOY_N7CAIHs - rule_id: 36373
http://www.innovativefewsustra.com/stcf/ - rule_id: 36377
http://www.hummall.com/stcf/ - rule_id: 36375
http://www.admiralx-qjff.buzz/stcf/ - rule_id: 36376
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip
http://www.ronikonmet.online/stcf/ - rule_id: 36374
http://www.houtaijiaju.com/stcf/ - rule_id: 36372
http://www.hummall.com/stcf/?el=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&isnBX=nywdxOY_N7CAIHs - rule_id: 36375
http://www.admiralx-qjff.buzz/stcf/?el=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&isnBX=nywdxOY_N7CAIHs - rule_id: 36376
|
15
www.houtaijiaju.com(206.237.167.5) - mailcious
www.aboutmart.info(66.29.149.4) - mailcious
www.saintprojetdesalers.com(103.224.182.252) - mailcious
www.hummall.com(192.187.101.110) - mailcious
www.innovativefewsustra.com() - mailcious
www.admiralx-qjff.buzz(104.21.79.241) - mailcious
www.ronikonmet.online(194.58.112.174) - mailcious
103.224.182.252 - mailcious
192.187.101.110 - mailcious
206.237.167.5 - mailcious
199.21.76.77 - mailcious
194.58.112.174 - mailcious
66.29.149.4 - mailcious
45.33.6.223
104.21.79.241
|
2
ET INFO HTTP Request to a *.buzz domain
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
|
12
http://www.houtaijiaju.com/stcf/
http://www.ronikonmet.online/stcf/
http://www.innovativefewsustra.com/stcf/
http://www.saintprojetdesalers.com/stcf/
http://www.saintprojetdesalers.com/stcf/
http://www.innovativefewsustra.com/stcf/
http://www.hummall.com/stcf/
http://www.admiralx-qjff.buzz/stcf/
http://www.ronikonmet.online/stcf/
http://www.houtaijiaju.com/stcf/
http://www.hummall.com/stcf/
http://www.admiralx-qjff.buzz/stcf/
|
6.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2023-09-18 13:40
|
 po# 348839.exe 4a7a9da9b5d246c23e12315e4eac1fcd
Formbook NSIS UPX Malicious Library PE File PE32 OS Processor Check Malware download VirusTotal Malware suspicious privilege Check memory Creates executable files ICMP traffic unpack itself AppData folder |
13
http://www.admiralx-qjff.buzz/stcf/?Pve=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&LSiIl=htN9PL45qap - rule_id: 36376
http://www.houtaijiaju.com/stcf/?Pve=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&LSiIl=htN9PL45qap - rule_id: 36372
http://www.hummall.com/stcf/?Pve=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&LSiIl=htN9PL45qap - rule_id: 36375
http://www.saintprojetdesalers.com/stcf/?Pve=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&LSiIl=htN9PL45qap - rule_id: 36373
http://www.ronikonmet.online/stcf/?Pve=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&LSiIl=htN9PL45qap - rule_id: 36374
http://www.innovativefewsustra.com/stcf/?Pve=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&LSiIl=htN9PL45qap - rule_id: 36377
http://www.saintprojetdesalers.com/stcf/ - rule_id: 36373
http://www.houtaijiaju.com/stcf/ - rule_id: 36372
http://www.innovativefewsustra.com/stcf/ - rule_id: 36377
http://www.hummall.com/stcf/ - rule_id: 36375
http://www.admiralx-qjff.buzz/stcf/ - rule_id: 36376
http://www.ronikonmet.online/stcf/ - rule_id: 36374
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
|
15
www.houtaijiaju.com(206.237.167.5) - mailcious
www.aboutmart.info(66.29.149.4) - mailcious
www.saintprojetdesalers.com(103.224.182.252) - mailcious
www.hummall.com(192.187.101.110) - mailcious
www.innovativefewsustra.com() - mailcious
www.admiralx-qjff.buzz(172.67.172.5) - mailcious
www.ronikonmet.online(194.58.112.174) - mailcious
103.224.182.252 - mailcious
192.187.101.110 - mailcious
206.237.167.5 - mailcious
199.21.76.77 - mailcious
194.58.112.174 - mailcious
66.29.149.4 - mailcious
45.33.6.223
172.67.172.5 - mailcious
|
2
ET INFO HTTP Request to a *.buzz domain
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
|
12
http://www.admiralx-qjff.buzz/stcf/
http://www.houtaijiaju.com/stcf/
http://www.hummall.com/stcf/
http://www.saintprojetdesalers.com/stcf/
http://www.ronikonmet.online/stcf/
http://www.innovativefewsustra.com/stcf/
http://www.saintprojetdesalers.com/stcf/
http://www.houtaijiaju.com/stcf/
http://www.innovativefewsustra.com/stcf/
http://www.hummall.com/stcf/
http://www.admiralx-qjff.buzz/stcf/
http://www.ronikonmet.online/stcf/
|
6.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2023-06-28 07:34
|
 D.exe 62768c1c66df7acd5ce554069ea6a205
Formbook Confuser .NET AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS |
19
http://www.0096061.com/6huu/ - rule_id: 33949
http://www.0096061.com/6huu/?ft51=cmX/07TqI3ZVBqSk8R867+hdp8bVOoL06AzKIpvdRFeyAj6hvaaJUHhkQ/toAIcVWWdRQEgjpGpGrDxsMG4sQneWN+dP3qrEhepv/3Q=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33949
http://www.14zhibo.work/6huu/ - rule_id: 33945
http://www.lancele.com/6huu/?ft51=lkPChsOgbmG6IllhHTLtf7ULj1acQ37do+96zoOFU1wEZ7Q3pDLdySJi8tX/LksgKKJ2zleSV8oD4OY5SI7MA2q2BuCSDDIq7z8yKSo=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33947
http://www.kp69f.top/6huu/ - rule_id: 33944
http://www.lancele.com/6huu/ - rule_id: 33947
http://www.tarolstroy.store/6huu/ - rule_id: 33946
http://www.terrenoscampestres.com/6huu/?ft51=vPEZFS80w83TR1ISai5AEG4cZjK/Z0sPVYJxvP0qkrafDKWjEP7E989Tf/65iA6Wv6B2G+FeAz/F94bTMl2+G2T5U6uSTMLdr8gHGso=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33950
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
http://www.14zhibo.work/6huu/?ft51=DY82kxx300f8Ik70WvLdREOGU4sx5WmLPZ3/q1TGOtAA9/Gzsd9nceuxwkKKmb1RPsemirf5O/kWho3f6FGpO5KONInBcJ6F+ssJurA=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33945
http://www.solarwachstum.com/6huu/?ft51=w02mQAblJWbyIo6ozgnxrIUPRxqR4gn//aKR4b4C2qQSYqcw3Vi29oLFIvtOIeXnZF+XC4+RsLS3HuGm7zRt9dlAuIsc4gbzWXQ9ldM=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33943
http://www.ticimmo.com/6huu/ - rule_id: 33951
http://www.terrenoscampestres.com/6huu/ - rule_id: 33950
http://www.tarolstroy.store/6huu/?ft51=En7LCrBqRDvhnDHpczrHWaIedYbeAgZr6OxVyCrdWihd6XEAizhpO0j/kkT3E0Ail4lmu+00ROJTwCbrXgrUq/0FdQ7yD2DHgTmcEH4=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33946
http://www.ticimmo.com/6huu/?ft51=TigSyFlwP0RNpBbhC/rdMwC8b/Qg/Ivp2etxz330Y/wAN2mEJT4yMf4cHTRgrqo8FsDkyKZ/RDxnb9SkkKZ8CLMuGFsv81COs/EjZGo=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33951
http://www.kp69f.top/6huu/?ft51=c/0CEmjcp1qhbjrBdr7qFpTEdTMNmdGL+2G3nk26J8C5sXkvdYxGabdoDx2ERzE1q79WMkYCDIvd6DDSGqF5RzVKrD1kqEcaGqxbLU4=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33944
http://www.qfx88.com/6huu/ - rule_id: 33948
http://www.qfx88.com/6huu/?ft51=ai4Hj7VNL/eal8v50vngd1esaVL80O28AVhmObBuZqCvkNevFGLtvLG4llGxYwRMqic01nY12J0ERo7jbuO1GzAlXIwPB2kWrkts/2A=&cha_c=Zc4Fjd7OCfzyoFR - rule_id: 33948
http://www.solarwachstum.com/6huu/ - rule_id: 33943
|
19
www.tarolstroy.store(91.106.207.17) - mailcious
www.kp69f.top(34.149.198.43) - mailcious
www.14zhibo.work(43.154.196.178) - mailcious
www.solarwachstum.com(89.31.143.1) - mailcious
www.ticimmo.com(217.26.48.101) - mailcious
www.qfx88.com(120.48.139.92) - mailcious
www.terrenoscampestres.com(109.106.251.102) - mailcious
www.lancele.com(38.239.160.233) - mailcious
www.0096061.com(154.55.172.139) - mailcious
43.154.196.178 - mailcious
38.239.160.233 - mailcious
154.55.172.139 - mailcious
109.106.251.102 - mailcious
120.48.139.92 - mailcious
34.149.198.43 - mailcious
89.31.143.1 - mailcious
217.26.48.101 - mailcious
45.33.6.223
91.106.207.17 - malware
|
6
ET INFO HTTP Request to a *.top domain
ET MALWARE FormBook CnC Checkin (POST) M2
ET DNS Query to a *.top domain - Likely Hostile
ET INFO Observed DNS Query to .work TLD
ET INFO HTTP Request to Suspicious *.work Domain
ET HUNTING Request to .TOP Domain with Minimal Headers
|
18
http://www.0096061.com/6huu/
http://www.0096061.com/6huu/
http://www.14zhibo.work/6huu/
http://www.lancele.com/6huu/
http://www.kp69f.top/6huu/
http://www.lancele.com/6huu/
http://www.tarolstroy.store/6huu/
http://www.terrenoscampestres.com/6huu/
http://www.14zhibo.work/6huu/
http://www.solarwachstum.com/6huu/
http://www.ticimmo.com/6huu/
http://www.terrenoscampestres.com/6huu/
http://www.tarolstroy.store/6huu/
http://www.ticimmo.com/6huu/
http://www.kp69f.top/6huu/
http://www.qfx88.com/6huu/
http://www.qfx88.com/6huu/
http://www.solarwachstum.com/6huu/
|
9.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2023-06-08 09:26
|
 Dollar.exe 99e770cd68e71c4e1fff20ffbb325624
RAT email stealer Downloader Confuser .NET DNS Code injection PWS[m] Escalate priviledges persistence KeyLogger AntiDebug AntiVM PE64 PE File VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS crashed |
|
1
|
|
|
10.0 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2023-01-28 23:31
|
 vbc.exe a20e0dd924d55a1e0b8b403b39b52f34
PWS[m] RAT Confuser .NET SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
1
http://checkip.dyndns.org/
|
2
checkip.dyndns.org(132.226.8.169) -
158.101.44.242 -
|
5
ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain
|
|
12.8 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2022-11-16 10:26
|
 w.exe 00c98ac064c263253fed19ad0d727043
RAT Confuser .NET PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName DNS |
|
2
gvcaeorx.tk(172.93.123.102) - malware
172.93.123.102 - malware
|
3
ET DNS Query to a .tk domain - Likely Hostile
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2022-11-16 10:11
|
 fire.exe f8b268092c168d21b281becc65da3dfa
RAT PWS .NET framework Loki[b] Loki.m UPX Internet API AntiDebug AntiVM PE32 .NET EXE PE File DLL FTP Client Info Stealer VirusTotal Malware Buffer PE PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder Windows ComputerName Cryptographic key Software crashed |
1
|
2
showip.net(162.55.60.2)
162.55.60.2
|
|
|
11.6 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2022-11-02 17:02
|
 maryxloader.exe 307c54a647190489b955dca752245a33
RAT Confuser .NET PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName DNS |
|
2
tgc8x.tk(50.115.174.192) - malware
50.115.174.192 - malware
|
3
ET DNS Query to a .tk domain - Likely Hostile
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2022-11-02 17:00
|
 kexe.exe 115a918d03c2383d15289ea20eda63bd
RAT Confuser .NET PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName DNS |
|
2
tgc8x.tk(50.115.174.192) - malware
50.115.174.192 - malware
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a .tk domain - Likely Hostile
|
|
2.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2022-11-02 16:53
|
 w.exe 9f3d2f161ab12215d8127143188fadc6
RAT Confuser .NET PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName DNS |
|
3
tgc8x.tk(50.115.174.192) - malware
50.115.174.192 - malware
51.75.209.245 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a .tk domain - Likely Hostile
|
|
3.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2022-11-02 16:53
|
 africa.exe 313850abca30e4b2a42c9e12ede6adbc
RAT PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName DNS |
|
2
tgc8x.tk(50.115.174.192) - malware
50.115.174.192 - malware
|
3
ET DNS Query to a .tk domain - Likely Hostile
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|