8866 |
2021-04-28 18:31
|
IMG_88134.exe 4d0b19cd29e6c8ce724607b85771de8d AsyncRAT backdoor Antivirus AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
4
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-935E964B23126C54BA3A2FFC8EA154CE.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-258E48939AFC85C28CC3028886F4A492.html - rule_id: 1176 http://45.14.115.62:5405// https://api.ip.sb/geoip
|
5
ldvamlwhdpetnyn.ml(172.67.208.174) - mailcious api.ip.sb(172.67.75.172) 45.14.115.62 172.67.75.172 172.67.208.174
|
3
ET INFO DNS Query for Suspicious .ml Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
2
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/ http://ldvamlwhdpetnyn.ml/liverpool-fc-news/
|
18.2 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8867 |
2021-04-28 11:11
|
FreeMaps.af75d672c26d4cc59fc74... 10e868b5ebf405fe2ca10e0552023d44 packer Gen2 OSCheck File format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder sandbox evasion Tofsee DNS |
3
http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-11&errorType=nsisError&errorDetails=File+Not+Found+%28404%29&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2075128396&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry= http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=af75d672c26d4cc59fc74465083f473c&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2022722323&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry= https://dp.tb.ask.com/installerParams.jhtml?coId=af75d672c26d4cc59fc74465083f473c
|
4
dp.tb.ask.com(34.107.128.118) anx.mindspark.com(34.102.222.207) 34.107.128.118 34.102.222.207
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8868 |
2021-04-27 16:46
|
http://union.jctrip.cn/wp-incl... 8d7c388e144427e46654e1f1d75de590 AgentTesla Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://unimedunihealth.com/product/edysta/ https://lopika.buzz/?u=k8pp605&o=c9ewtnr&t=redn
|
10
astrologiaexistencial.com(31.22.4.229) - malware www.dirgantaratuba.com(103.247.9.184) - mailcious lopika.buzz(5.8.47.52) union.jctrip.cn(8.131.69.203) - mailcious unimedunihealth.com(104.21.60.205) - mailcious 5.8.47.52 8.131.69.203 31.22.4.229 103.247.9.184 172.67.201.73
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8869 |
2021-04-27 16:45
|
https://xixaoclothing.com/wp-a... 8d7c388e144427e46654e1f1d75de590 AgentTesla VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
xixaoclothing.com(202.43.110.171) - mailcious 202.43.110.171 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8870 |
2021-04-27 09:14
|
JNhUwWi6.html 1f76d9e2358dcba1670b35ce61d7bd96 Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key |
1
https://gist.githubusercontent.com/1kingspy/af97c0b7658b52f4180c19160c52b767/raw/703ed4925d63aaa92912496452dc8a2f82217db1/gistfile1.txt
|
2
gist.githubusercontent.com(185.199.109.133) - mailcious 185.199.111.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
7 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8871 |
2021-04-27 09:13
|
JNhUwWi6 1f76d9e2358dcba1670b35ce61d7bd96 Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key |
1
https://gist.githubusercontent.com/1kingspy/af97c0b7658b52f4180c19160c52b767/raw/703ed4925d63aaa92912496452dc8a2f82217db1/gistfile1.txt
|
2
gist.githubusercontent.com(185.199.111.133) - mailcious 185.199.108.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8872 |
2021-04-27 08:05
|
https://p8hj.blogspot.com/p/44... 5b0175dd30bd407af2915d017f1f4e90 Antivirus VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
27
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://p8hj.blogspot.com/favicon.ico https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/static/v1/widgets/1564291244-widgets.js https://ssl.gstatic.com/gb/images/p1_c9bc74a1.png https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.google-analytics.com/analytics.js https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://p8hj.blogspot.com/p/44.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://p8hj.blogspot.com/p/44.html%26type%3Dblog%26bpli%3D1&passive=true&go=true https://www.google.com/css/maia.css https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3922155243674983324&zx=8a61e2f3-37c8-4d3a-8fe4-f6b29f03e618 https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/blogin.g?blogspotURL=https://p8hj.blogspot.com/p/44.html&type=blog https://www.gstatic.com/og/_/js/k=og.qtm.en_US.3gGou_DPQGQ.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/rs=AA2YrTuZTrLZ4SHM1gfcCFFxdZIZ-5oj0Q https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fp8hj.blogspot.com%2Fp%2F44.html&type=blog&bpli=1 https://www.blogger.com/static/v1/jsbin/1277698886-ieretrofit.js https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.jcYff4gdSOQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CvAHQybwQAZJQL2tdeysMj0HgHw/cb=gapi.loaded_0 https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://p8hj.blogspot.com/p/44.html https://www.gstatic.com/og/_/ss/k=og.qtm.IkH5OKdqKO4.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTt8q6VIKYZCBV2SKDFkL7YCc5evsA
|
22
fonts.googleapis.com(172.217.26.42) resources.blogblog.com(216.58.220.105) www.google.com(142.250.196.132) www.gstatic.com(142.250.196.99) ssl.gstatic.com(172.217.174.99) accounts.google.com(216.58.197.173) www.google-analytics.com(172.217.25.238) fonts.gstatic.com(216.58.220.131) apis.google.com(172.217.26.46) p8hj.blogspot.com(172.217.25.97) www.blogger.com(216.58.220.105) 142.250.204.141 216.58.199.1 172.217.161.142 172.217.24.78 172.217.161.138 216.58.200.73 142.250.204.68 172.217.174.195 142.250.66.73 142.250.66.67 142.250.204.67
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8873 |
2021-04-26 18:27
|
IMG_5023075401.pdf 427e21ef958ea63e6a12ce4d8d5a3e55 AgentTesla KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
5
freegeoip.app(172.67.188.154) checkip.dyndns.org(216.146.43.70) 131.186.113.70 162.88.193.70 172.67.188.154
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8874 |
2021-04-26 18:12
|
IMG_608943011.pdf 5f0e74e8c039c771ec8c2fa77981c7dd AgentTesla KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154) checkip.dyndns.org(131.186.113.70) 216.146.43.71 172.67.188.154
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.4 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8875 |
2021-04-26 18:00
|
file 45a0cfbd6749929ebd451bd5a04120e4Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
9
https://www.googletagmanager.com/gtag/js?id=UA-829541-1 https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T https://www.aaxdetect.com/pxext.gif https://c.aaxads.com/aax.js?pub=AAX3221EY&hst=&ver=1.2 https://www.google-analytics.com/plugins/ua/ec.js https://c.aaxads.com/pxusr.gif https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 https://www.google-analytics.com/analytics.js https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&dewh=SSP_CLIENT_control&dgeg=0&dgw=desktop&flg=AAX3221EY&fw=YONGDONG&ff=KR&xjg=4&dss=0&skw=899&slg=8PR6YK195&gq=&vhuyqdph=rtb-nv-dcos-ssp-10-6-46-228-14293&vg=-1&vyu=042211_229_042211_95_ssp&vf=&yhuvlrq=4&yk=899&yz=1365&yvlg=&ylg=00001619427471141029496787422051&vvsDeExfnhw=CONTROL&qsd=0&oz=0&gdss=green&uwbsh=&jgsu_hqi=1&fvha=0&jgivwu=&jgsu=0&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&jixqgo=1600&jwg=100&lqlg=&qjixqgo=1700&ugo=800&lg_ghwdlov=°=2&gvwduw=138&ghqg=420&sf=&uhtxuo=file%3A%2F%2F%2FC%3A%2FUsers%2Ftest22%2FAppData%2FLocal%2FTemp%2Ffile.html&nzui=
|
17
www.googletagmanager.com(142.250.196.104) www.aaxdetect.com(104.75.34.8) c.aaxads.com(104.75.22.243) translate.google.com(172.217.26.46) cdn.otnolatrnup.com(104.19.214.37) l3.aaxads.com(104.75.22.243) static.mediafire.com(104.16.202.237) www.google-analytics.com(216.58.197.174) 104.19.215.37 142.250.66.110 104.16.203.237 - mailcious 142.250.204.142 216.58.197.110 104.75.34.8 104.75.22.243 142.250.204.72 104.16.202.237 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8876 |
2021-04-26 09:36
|
"http://5.79.75.210/0beU0RimJU... Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8877 |
2021-04-26 09:24
|
apps.exe cd155fbcc108d054d747ab4514f3cfd6VirusTotal Malware Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious TLD Tofsee Windows Exploit DNS crashed |
46
https://exws.ru/css/themify-icons.css https://fonts.googleapis.com/css?family=Open+Sans:300,400,600%7CPoppins:300,400,500,600&subset=cyrillic https://exws.ru/downloads/js/vendor/isotope.pkgd.min.js https://exws.ru/downloads/js/main.js https://exws.ru/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://mc.yandex.ru/watch/36586115/1?callback=_ymjsp776041626&page-url=https%3A%2F%2Fexws.ru%2Fdownloads%2Fusercp.php%3Fmsg%3D%C3%90%C2%A2%C3%91%E2%82%AC%C3%90%C2%B5%C3%90%C2%B1%C3%91%C6%92%C3%90%C2%B5%C3%91%E2%80%9A%C3%91%C2%81%C3%91%C2%8F%2520%C3%90%C2%B0%C3%90%C2%B2%C3%91%E2%80%9A%C3%90%C2%BE%C3%91%E2%82%AC%C3%90%C2%B8%C3%90%C2%B7%C3%90%C2%B0%C3%91%E2%80%A0%C3%90%C2%B8%C3%91%C2%8F%3A&charset=utf-8&browser-info=nb%3A1%3Acl%3A754%3Aar%3A1%3Agdpr%3A14%3Avf%3A5gv0p5rfuji4o8hq%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ako%3Av%3A502%3Acn%3A1%3Adp%3A0%3Als%3A453733073728%3Ahid%3A839055131%3Az%3A540%3Ai%3A20210426175915%3Aet%3A1619427555%3Ac%3A1%3Arn%3A620849982%3Arqn%3A2%3Au%3A1619427536570725093%3Aw%3A1211x841%3As%3A1365x1024x24%3Aj%3A1%3Ans%3A1619427526687%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C6%2C13572%2C13636%2C3%2C13566%3Awv%3A2%3Arqnl%3A1%3Ati%3A3%3Ast%3A1619427555&wmode=5 https://exws.ru/downloads/js/jquery.ajaxchimp.min.js https://exws.ru/images/logotype/logo-white.png https://mc.yandex.ru/metrika/advert.gif https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOVuhv.woff https://exws.ru/downloads/ https://exws.ru/images/logotype/logo-dark.png https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlEw.woff https://exws.ru/downloads/js/vendor/jquery-2.2.0.min.js https://exws.ru/favicon.ico https://use.fontawesome.com/releases/v5.0.6/js/all.js https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFUZ0d.woff https://exws.ru/downloads/js/style.changer.js https://exws.ru/css/sparkicons.css https://exws.ru/downloads/js/placeholder.js https://mc.yandex.ru/watch/36586115?callback=_ymjsp696528223&page-url=https%3A%2F%2Fexws.ru%2Fdownloads%2Fusercp.php%3Fmsg%3D%C3%90%C2%A2%C3%91%E2%82%AC%C3%90%C2%B5%C3%90%C2%B1%C3%91%C6%92%C3%90%C2%B5%C3%91%E2%80%9A%C3%91%C2%81%C3%91%C2%8F%2520%C3%90%C2%B0%C3%90%C2%B2%C3%91%E2%80%9A%C3%90%C2%BE%C3%91%E2%82%AC%C3%90%C2%B8%C3%90%C2%B7%C3%90%C2%B0%C3%91%E2%80%A0%C3%90%C2%B8%C3%91%C2%8F%3A&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A5gv0p5rfuji4o8hq%3Afp%3A6737%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ako%3Av%3A502%3Acn%3A1%3Adp%3A0%3Als%3A453733073728%3Ahid%3A839055131%3Az%3A540%3Ai%3A20210426175855%3Aet%3A1619427536%3Ac%3A1%3Arn%3A611767612%3Arqn%3A1%3Au%3A1619427536570725093%3Aw%3A1211x841%3As%3A1365x1024x24%3Aj%3A1%3Ans%3A1619427526687%3Ads%3A0%2C0%2C0%2C3%2C1%2C1%2C1%2C22%2C%2C%2C%2C%2C%3Awv%3A2%3Arqnl%3A1%3Ati%3A3%3Ast%3A1619427536%3At%3AEXWS.RU%20-%20%D0%A6%D0%B5%D0%BD%D1%82%D1%80%20%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B7%D0%BE%D0%BA%20%D0%B8%20%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D0%B9&wmode=5 https://exws.ru/downloads/templates/default/default.css https://exws.ru/css/et-line.css https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OVuhv.woff https://mc.yandex.ru/watch/36586115?callback=_ymjsp776041626&page-url=https%3A%2F%2Fexws.ru%2Fdownloads%2Fusercp.php%3Fmsg%3D%C3%90%C2%A2%C3%91%E2%82%AC%C3%90%C2%B5%C3%90%C2%B1%C3%91%C6%92%C3%90%C2%B5%C3%91%E2%80%9A%C3%91%C2%81%C3%91%C2%8F%2520%C3%90%C2%B0%C3%90%C2%B2%C3%91%E2%80%9A%C3%90%C2%BE%C3%91%E2%82%AC%C3%90%C2%B8%C3%90%C2%B7%C3%90%C2%B0%C3%91%E2%80%A0%C3%90%C2%B8%C3%91%C2%8F%3A&charset=utf-8&browser-info=nb%3A1%3Acl%3A754%3Aar%3A1%3Agdpr%3A14%3Avf%3A5gv0p5rfuji4o8hq%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ako%3Av%3A502%3Acn%3A1%3Adp%3A0%3Als%3A453733073728%3Ahid%3A839055131%3Az%3A540%3Ai%3A20210426175915%3Aet%3A1619427555%3Ac%3A1%3Arn%3A620849982%3Arqn%3A2%3Au%3A1619427536570725093%3Aw%3A1211x841%3As%3A1365x1024x24%3Aj%3A1%3Ans%3A1619427526687%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C6%2C13572%2C13636%2C3%2C13566%3Awv%3A2%3Arqnl%3A1%3Ati%3A3%3Ast%3A1619427555&wmode=5 https://www.free-kassa.ru/img/fk_btn/16.png https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlEw.woff https://exws.ru/downloads/js/jquery.magnific-popup.min.js https://exws.ru/downloads/usercp.php?msg=Требуется%20авторизация: https://exws.ru/css/bootstrap.min.css https://mc.yandex.ru/watch/36586115/1?callback=_ymjsp696528223&page-url=https%3A%2F%2Fexws.ru%2Fdownloads%2Fusercp.php%3Fmsg%3D%C3%90%C2%A2%C3%91%E2%82%AC%C3%90%C2%B5%C3%90%C2%B1%C3%91%C6%92%C3%90%C2%B5%C3%91%E2%80%9A%C3%91%C2%81%C3%91%C2%8F%2520%C3%90%C2%B0%C3%90%C2%B2%C3%91%E2%80%9A%C3%90%C2%BE%C3%91%E2%82%AC%C3%90%C2%B8%C3%90%C2%B7%C3%90%C2%B0%C3%91%E2%80%A0%C3%90%C2%B8%C3%91%C2%8F%3A&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A5gv0p5rfuji4o8hq%3Afp%3A6737%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ako%3Av%3A502%3Acn%3A1%3Adp%3A0%3Als%3A453733073728%3Ahid%3A839055131%3Az%3A540%3Ai%3A20210426175855%3Aet%3A1619427536%3Ac%3A1%3Arn%3A611767612%3Arqn%3A1%3Au%3A1619427536570725093%3Aw%3A1211x841%3As%3A1365x1024x24%3Aj%3A1%3Ans%3A1619427526687%3Ads%3A0%2C0%2C0%2C3%2C1%2C1%2C1%2C22%2C%2C%2C%2C%2C%3Awv%3A2%3Arqnl%3A1%3Ati%3A3%3Ast%3A1619427536%3At%3AEXWS.RU%20-%20%D0%A6%D0%B5%D0%BD%D1%82%D1%80%20%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B7%D0%BE%D0%BA%20%D0%B8%20%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D0%B9&wmode=5 https://exws.ru/downloads/js/smoothscroll.js https://exws.ru/downloads/js/owl.carousel.min.js https://exws.ru/css/owl.carousel.css https://mc.yandex.ru/metrika/tag.js https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfedA.woff https://exws.ru/css/magnific-popup.css https://exws.ru/css/style.css https://exws.ru/fonts/sparkicons.eot@wwjpvu https://exws.ru/images/screen/launcher.png https://informer.yandex.ru/informer/36586115/3_0_202020FF_000000FF_1_pageviews https://exws.ru/downloads/js/plugins.js https://exws.ru/downloads/login.php https://www.webmoney.ru/img/icons/88x31_wm_white_blue.png https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlEw.woff https://exws.ru/fonts/et-line.eot@
|
16
exws.ru(104.21.55.21) informer.yandex.ru(93.158.134.119) fonts.googleapis.com(172.217.26.42) use.fontawesome.com(23.111.9.35) fonts.gstatic.com(216.58.220.131) www.webmoney.ru(145.239.95.188) www.free-kassa.ru(104.22.18.208) mc.yandex.ru(93.158.134.119) 23.111.9.35 87.250.250.119 104.22.18.208 87.250.251.119 51.254.201.70 142.250.204.42 216.58.220.195 104.21.55.21
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8878 |
2021-04-24 20:55
|
info-33549970.xlsm effeb6845cee0ab05c452d39f9e5382dVirusTotal Malware Check memory unpack itself Tofsee crashed |
|
4
studio.joellemagazine.com(162.241.194.86) shapoorjipallonji.online(162.241.123.16) 162.241.194.86 162.241.123.16
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8879 |
2021-04-24 18:22
|
documents-633524133.xlsm a14c32fc53b0c42e12a563838d67526bVirusTotal Malware Check memory unpack itself Tofsee crashed |
|
4
kurtos.eu(192.185.166.227) giftsonlinejo.com(67.205.36.230) 67.205.36.230 192.185.166.227
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8880 |
2021-04-24 18:22
|
documents-627949424.xlsm 16a1eca6fb8eb48e67bcfe30beb28dcaVirusTotal Malware Check memory unpack itself Tofsee DNS crashed |
|
4
giftsonlinejo.com(67.205.36.230) kurtos.eu(192.185.166.227) 192.185.166.227 67.205.36.230
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|