8896 |
2021-04-23 09:59
|
catalog-1605517361.xlsm bf83672739e7a17d2851279684a73ad0 Check memory unpack itself Tofsee DNS crashed |
|
4
ozmontelectrical.com(162.144.12.242) eletrocoghi.com.br(192.185.216.95) 192.185.216.95 - malware 162.144.12.242
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8897 |
2021-04-23 09:59
|
catalog-1605179562.xlsm 082645e6b13d4cdd417b3d82c15a8c83 Check memory unpack itself Tofsee crashed |
|
4
eletrocoghi.com.br(192.185.216.95) ozmontelectrical.com(162.144.12.242) 162.144.12.242 192.185.216.95 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8898 |
2021-04-23 09:55
|
catalog-1604441556.xlsm 414c41ce670225a38e8c4aeda37df315 Check memory unpack itself Tofsee DNS crashed |
|
4
ozmontelectrical.com(162.144.12.242) eletrocoghi.com.br(192.185.216.95) 192.185.216.95 - malware 162.144.12.242
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8899 |
2021-04-23 09:54
|
catalog-1600996489.xlsm aae89be1368bd7f31a17df732c50520c Check memory unpack itself Tofsee crashed |
|
4
eletrocoghi.com.br(192.185.216.95) ozmontelectrical.com(162.144.12.242) 162.144.12.242 192.185.216.95 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8900 |
2021-04-22 18:25
|
IMG_10540078520047.pdf.exe 0584b79b0075099a377c30ffa0bfee28 KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200) checkip.dyndns.org(131.186.161.70) 131.186.161.70 104.21.19.200
|
4
ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response ET INFO DYNAMIC_DNS Query to *.dyndns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
M |
17 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8901 |
2021-04-22 17:23
|
melo.jpg.exe 82b9be6f5cc10510495e9a3368683747 Process Kill FindFirstVolume CryptGenKey Antivirus VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
5
http://edgedl.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:2713802909&cup2hreq=8cab5512950206d82ca4581cc9d1ccfba8c54dfd64bf2baf0aa7e90da4734256 https://paste.ee/r/p7EHC https://paste.ee/r/oSlYJ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
5
paste.ee(104.26.4.223) - mailcious edgedl.gvt1.com(142.250.34.2) 142.250.204.110 142.250.34.2 104.26.5.223 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
13.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8902 |
2021-04-22 17:15
|
IMG_10540078520047.pdf.exe 0584b79b0075099a377c30ffa0bfee28Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200) checkip.dyndns.org(216.146.43.71) 172.67.188.154 131.186.161.70
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8903 |
2021-04-22 13:39
|
DLI_0251_053_021.pdf 873fc3f0fdfae3505a3de1bca97e40f9 AgentTesla Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200) checkip.dyndns.org(162.88.193.70) 172.67.188.154 131.186.161.70
|
4
ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response ET INFO DYNAMIC_DNS Query to *.dyndns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
21 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8904 |
2021-04-22 10:51
|
DLI_0251_053_021.pdf 873fc3f0fdfae3505a3de1bca97e40f9Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154) checkip.dyndns.org(162.88.193.70) 131.186.113.70 104.21.19.200
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
8.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8905 |
2021-04-22 09:53
|
file.rtf 9ca89139d0918e5078122113fc883a7e RTF File doc Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit crashed |
3
https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d= https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/ https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=&e=%EC%9B%90%EA%B2%A9%20%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C%20(404)%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%9D%8C%20%EC%98%A4%EB%A5%98%EB%A5%BC%20%EB%B0%98%ED%99%98%ED%96%88%EC%8A%B5%EB%8B%88%EB%8B%A4.
|
2
mofa.iugur.live(185.163.45.56) - mailcious 185.163.45.56 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
M |
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8906 |
2021-04-22 07:29
|
file.rtf 9ca89139d0918e5078122113fc883a7eMalware Malicious Traffic buffers extracted unpack itself Tofsee |
8
https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA== https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d= https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2 https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1 https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/
|
4
asw-sns.link(203.55.176.12) mofa.iugur.live(185.163.45.56) 185.163.45.56 203.55.176.12
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8907 |
2021-04-21 13:58
|
https://prestasicash.com.ar/er... 223975e6f03f5cc32074a00e82f8cf99VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
prestasicash.com.ar(200.68.105.195) - mailcious 200.68.105.195 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8908 |
2021-04-21 10:36
|
CamLiveSetup1.0.0.exe 82ab12bcd6402e68ae9b1e3cff33699c Emotet Gen1 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
56
http://www.microsoft.com/china/windows/IE/upgrade/index.aspx https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=a99b0db8-bfbf-545e-1fb8-9506657ef0a2_548ab34c-2019-5a40-159d-497aca0a31aa_681f815f-66fa-dd0d-337c-f122e5fbc441_03f654df-21f3-ee95-3e73-fff757267bc7_8b6e2c63-6927-7db5-8e32-7f3333da659e_336509cc-abc8-912e-9a27-74fc22d5e823_d05d04f0-2693-ec0c-01de-808f5ad22891_693cb7af-5841-0401-bf99-98f0d9ba4140_a42d7277-10a1-6935-b06a-ebeeb8815ba6_30431ce6-63a7-f889-dfb0-0df5e1561da0_a96731a9-c05d-ced4-6287-89c900b1ed4f_55f6f45b-01ff-8a72-87f2-aef7adb3c4ae_2d3684a3-f1a0-d1c4-8c01-8f5b22b0884d_bec3e8b8-6afd-a4da-0cb7-e3f0e65d6704_25785618-c6df-5018-c882-7493400f3937_3d6f4407-99a7-efc0-9273-2886b50fa823_544bfecd-07c5-9fff-20c9-9125b66a3749_cc850638-66c6-0dc0-e5df-a231bf28e478_551d8557-d7a9-ff79-b33c-444fc691a935_88257d23-e3fb-0deb-d967-418273373312_79c01e4e-6436-0168-278f-66f180dd4fdd_360dd1e2-0971-6b97-6b15-bebe0e7ed91e_548c8edb-b925-5700-12de-1fbe1e801b5e_e102ee4d-7772-ae41-a83e-3b7ad65995ca_d707f600-5853-342b-4975-ecd516bff797 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel11_HighlightFeature_Apps.jpg?version=20838ec0-a03c-6daf-0748-1ae153da306c https://www.microsoft.com/en-us/silentauth https://c.s-microsoft.com/zh-cn/CMSImages/weibo-color.png?version=9724af91-3d78-e2ca-0dda-291ae59eee58 https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/69-13871c/b7-0ad59f/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/17-f90ef1?ver=2.0&_cf=20210415&iife=1 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item6_Blue.jpg?version=838eebb7-ef23-731b-ee07-deea2ae49dc8 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Neurodiversity.jpg?version=dd9094cf-5aed-e3ec-4c49-2f0ffb0131d1 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Support_Win10.svg?version=cd9f4a5f-0b3d-9251-c658-431441ccd316 https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-18_Support.svg?version=4a9a4c35-089f-e35e-f8db-f08df9dd53b2 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Time.jpg?version=5b146a03-52cf-74f5-064d-eee060433c0b https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-20_BlogWin.svg?version=3b1d197c-2139-50c4-563f-360f55c40234 https://c.s-microsoft.com/zh-cn/CMSImages/Windows-Consumer-QR-code-for-Wechat.jpg?version=5fa8e6f7-bd8d-d33c-9dbe-9d80f9fd1f1a https://c.s-microsoft.com/zh-cn/CMSImages/wechat-color.png?version=a0708e8c-0e68-a7c8-9ece-ad71f007821d https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1618968526&rver=7.3.6963.0&wp=MBI_SSL&wreply=https%3a%2f%2fwww.microsoft.com%2fen-us%2fsilentauth%3fsilentauth%3dmsa&lc=1033&id=74335&aadredir=1 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel06_FeatureGroup_Gaming.jpg?version=67774c04-06d2-d24c-422f-d267d8c2963a https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Alfred.jpg?version=03a6c714-4847-7450-38fb-8324ca30eb0a https://mwf-service.akamaized.net/mwf/css/bundle/1.58.0/chinese-simplified/default/mwf-main.min.css https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Jen.jpg?version=c3b7507b-c995-8007-0f0d-42e9479462c2 https://www.microsoft.com/videoplayer/js/oneplayeriframe.js https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_SingleL_Lina.jpg?version=62faa73f-e14b-9432-b764-2a7cb102f396 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item5_Stand.jpg?version=4cb1c4e3-e67f-5175-b325-d17b1ebffb42 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Learning.jpg?version=dd0f5222-972f-3d6a-c4b1-8d1f3cf273c0 https://www.microsoft.com/favicon.ico?v2 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item1_Gray.jpg?version=df68d82a-b81b-b310-e0da-f49a63a83107 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel04_FeatureGroup_Need.jpg?version=0403d7c9-4711-8f9a-cb4d-38274bf57476 https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Protect.jpg?version=74ddf6ec-e0f2-b1c0-68de-ae8073b23695 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Learn_Win10.svg?version=a74055d5-8ea6-b1a6-7ee2-be3e17e60335 https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-21_InsiderProgram.svg?version=8768bb27-2df7-f685-7e06-2732b420aa68 https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Apps_ROW.svg?version=fd5609cc-a2f9-94c5-1a66-94a80cd4daa5 https://login.microsoftonline.com/common/oauth2/authorize?client_id=28b567f6-162c-4f54-99a0-6887f387bbcc&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DAAEAAFyCdhnxw3rY8gmsuYE6uYBdYn4tuSjr7dS9bKdxM2NOK0bfQI-ckwqIOpSioIu90T8ipXvDU1SkFvY15YCZ3kN0v78FBeWlOy3b7NEfURpF-rllTQbsXfR6iMEk4QehfBErCksNrgKUEHLDeh9YpaLj_eND1SNgTB9ezoRF2lwi04vBwTL2ZY6rYvuCQt24wYHtd5lZtKB4aC253H9kLfWHuQPKtBww0F5YMjm53gfqake5HaXXBfrJQ8aHQEkMGK72U1f0ygMOecCI1vCMdo6l1kwgEUKLZ18qCJRQ4D673me_Xr5JZQi8vyaVWWiyXr4mRBKT2USZO40DAwncAsUN21bQv-Ag8qF_hJgEFp6BiBjnRp5X-rhOJfJM4K4r7gABAACDsBuQvvtuVdUw_Ne05kwk3Trnrq3taxEQCZSCnA8EF2dJ251SOM4aRbiBgpvmWQeEEGvCmFH4igIG0KaE6bDkOls8YEv0BrX9V2Orm9auCISRWT7Hy_0RcADPJGeaKrm6u2_xxsM2SMKfqpqMQN-SWoYFI24RXANs2GUXfzP3UZlrYWNJzXxYkjeV50-Jl0ZLfAEj74uqzjUOhihKki8oIpq9X-DFnsTUz94zPuGfM63RpkCdKefsmoD1jtpS0B_uC7cs04MhRMLK0VYx_v8Tt0MRZxJ1V8gMwG7GO9l2nyuxm-LFsLk--gH5DDkYxsG7EsZBbV_uGPKgGHPYmeWwUAAAAPnH8Wjz-SSXiBeseXjYXk8eSUCViMbrAmDk_s84CTGqlJwC7pBSHu8-axVAEuqo2xuOGfD8aPe9txtSXKsdrDtBWyV6z95rofgmeVCcP_CZ&nonce=637545653276523839.OTE0Y2YzMGItMWE5Zi00ZGU0LTk1MWEtZDA4OTNmNzg5Njk3NTk0ODQyZGItZTkxYi00NWNkLWJkNDMtZjk3ZDllNTliMmQ5&msafed=0&post_logout_redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fzh-cn%2Fwindows&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsilentauth%3Fsilentauth%3Daad&prompt=none&x-client-SKU=ID_NET451&x-client-ver=5.2.1.0 https://www.microsoft.com/zh-cn/windows https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/chinese-simplified/shell/_scrf/css/themes=default.device=uplevel_web_pc/ce-7fab8a/4d-a16e89/31-37543f/c8-dc213b/72-bc6e2e/1f-ae6216/7f-eaeb0a/45-279540?ver=2.0&_cf=20210415 https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Home.jpg?version=eac57ec1-493d-31c9-6134-0f496332edfd https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item4_Key.jpg?version=e4d63016-4779-72f1-e2d8-7bed327aec74 https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=6bf79a08-9288-6cc8-1e9a-4bf9dbcb4f0b https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item3_Pen.jpg?version=d227593e-08df-4975-4733-7d1adef53088 https://mem.gfx.ms/meversion?partner=windows&market=zh-cn&uhf=1 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Devices_Win10.svg?version=9edf105d-64f1-63ed-5722-088fa81cae60 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item2_Nocamera.jpg?version=71a410d4-1d20-bc8f-dc2e-36cc8a4a6c8a https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Together.jpg?version=f129679d-4e30-ff68-4e6f-246b4b6387be https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel05_FeatureGroup_Included.jpg?version=976539f8-3873-bee1-7def-175fd679d5e1 https://mwf-service.akamaized.net/mwf/js/bundle/1.58.0/mwf-auto-init-main.var.min.js https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Mobility.jpg?version=d6cee281-0b4a-7da7-45c1-9290b6842199 https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWbRcX https://www.microsoft.com/en-us/silentauth?silentauth=msa https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-19_Community.svg?version=4a149663-0cd4-3657-a2e5-828f12093a87 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Hearing.jpg?version=48d71b3d-1873-8a94-48cf-51b5004493b1 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Pro.jpg?version=6254e865-59d9-772e-b366-18c5a317c764 https://c.s-microsoft.com/zh-cn/CMSStyles/style.csx?k=22361378-32d9-7605-f407-faf3915cc578_5db8aa42-94fc-25e1-b3cb-4c10fc9b3365_19eb7aac-f19d-5b0a-2597-917ab6f56948_6907ca6c-47d0-7fb2-f172-c697ac3fa1d4_c2f71a82-22a3-f26a-5030-ff5ef0258ba5_a681ceee-a34b-e130-8d81-b18ed7ae311c_9364d263-04e2-fa93-295f-ac95deef1b9e_f2c0a7de-c8b4-9ffd-3da8-507c03656f45_1355fc4b-ebb6-3206-623c-1d0bfa198078_4e47a659-c850-3b0e-9619-bf3f3883383f_38c4f8a1-9126-1ac0-fe7c-a6ce511e4d5d_a59217af-ef9a-e7a9-5d2d-3e7c29ec8c74_cadda335-6bb7-dd27-b21c-207becff7f0e_6c374194-c20d-b1fb-c660-cb265575e9f8_8537e4c1-e0c2-217e-35c8-368ff8695452_3a5d0f03-92af-f68f-4d54-9345fd0c450b_101e2959-bef8-bef3-9753-ec50a2e21e47_22f531fa-1ca1-1450-f51f-0ced3605391f_83f79b5f-072c-caff-6be3-fc1c19e6fc7d_38913389-fea5-7880-c2c9-8456eb4bc8b3_96e658dc-47b6-244e-2597-042a5f8f810c_9ec9714d-916b-3af1-3b2b-1319816e27f2_077fbb87-618f-dfeb-9d82-070977d8501e_fe5653f3-5634-2b70-6e35-7877f94f84bb_443818fe-bc64-cfef-48f0-a8818b7f445d_1601b05d-e715-cd85-403f-0320bd5ec7d8_a5c2a06f-7ed2-5a74-5ba9-483951164242_d21bd579-3ea5-f74c-45ef-69c9d1f07c47 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Vision.jpg?version=2e286003-dc42-a343-06c7-a89bf41afc60 https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Ideas.jpg?version=4aa4ad31-1581-9d76-ef2f-e9ebe3f8e42c
|
22
img-prod-cms-rt-microsoft-com.akamaized.net(23.67.53.153) query.prod.cms.rt.microsoft.com(104.74.209.158) statics-marketingsites-wcus-ms-com.akamaized.net(23.67.53.138) c.s-microsoft.com(23.40.45.184) - mailcious assets.onestore.ms(104.74.154.117) login.live.com(40.126.37.6) az725175.vo.msecnd.net(117.18.232.200) mwf-service.akamaized.net(23.67.53.146) assets.adobedtm.com(23.40.44.242) login.microsoftonline.com(20.190.165.7) mem.gfx.ms(184.25.17.153) www.microsoft.com(23.201.37.168) 184.25.25.207 121.254.136.48 23.212.13.232 104.75.0.209 182.162.106.48 20.190.163.18 182.162.106.8 184.25.17.153 23.201.37.168 23.61.77.47
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
6.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8909 |
2021-04-21 09:39
|
catalog-532402110.xlsm 3c783f26d920978c063be2e392954da0Check memory unpack itself Tofsee DNS crashed |
2
http://halle-auer20h.ru.com/lenta.html https://steilppm.ac.id/drms/lenta.html
|
8
steilppm.ac.id(173.254.61.152) acienciaparaficarrico.com.br(198.50.218.68) halle-auer20h.ru.com(34.86.137.163) deccanrestaurant.co.uk(5.100.155.169) 198.50.218.68 - malware 5.100.155.169 - malware 173.254.61.152 34.86.137.163
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8910 |
2021-04-21 09:38
|
catalog-334041965.xlsm 8d70ebc40f4fdc94aaf8744bdc7879b0Check memory unpack itself Tofsee crashed |
2
http://halle-auer20h.ru.com/lenta.html https://steilppm.ac.id/drms/lenta.html
|
8
steilppm.ac.id(173.254.61.152) acienciaparaficarrico.com.br(198.50.218.68) halle-auer20h.ru.com(34.86.137.163) deccanrestaurant.co.uk(5.100.155.169) 34.86.137.163 173.254.61.152 5.100.155.169 - malware 198.50.218.68 - malware
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|