| 8896 |
2021-04-23 09:59
|
 catalog-1605517361.xlsm bf83672739e7a17d2851279684a73ad0
Check memory unpack itself Tofsee DNS crashed |
|
4
ozmontelectrical.com(162.144.12.242)
eletrocoghi.com.br(192.185.216.95)
192.185.216.95 - malware
162.144.12.242
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8897 |
2021-04-23 09:59
|
 catalog-1605179562.xlsm 082645e6b13d4cdd417b3d82c15a8c83
Check memory unpack itself Tofsee crashed |
|
4
eletrocoghi.com.br(192.185.216.95)
ozmontelectrical.com(162.144.12.242)
162.144.12.242
192.185.216.95 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8898 |
2021-04-23 09:55
|
 catalog-1604441556.xlsm 414c41ce670225a38e8c4aeda37df315
Check memory unpack itself Tofsee DNS crashed |
|
4
ozmontelectrical.com(162.144.12.242)
eletrocoghi.com.br(192.185.216.95)
192.185.216.95 - malware
162.144.12.242
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8899 |
2021-04-23 09:54
|
 catalog-1600996489.xlsm aae89be1368bd7f31a17df732c50520c
Check memory unpack itself Tofsee crashed |
|
4
eletrocoghi.com.br(192.185.216.95)
ozmontelectrical.com(162.144.12.242)
162.144.12.242
192.185.216.95 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8900 |
2021-04-22 18:25
|
 IMG_10540078520047.pdf.exe 0584b79b0075099a377c30ffa0bfee28
KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(131.186.161.70)
131.186.161.70
104.21.19.200
|
4
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
M |
17 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8901 |
2021-04-22 17:23
|
 melo.jpg.exe 82b9be6f5cc10510495e9a3368683747
Process Kill FindFirstVolume CryptGenKey Antivirus VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
5
http://edgedl.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:2713802909&cup2hreq=8cab5512950206d82ca4581cc9d1ccfba8c54dfd64bf2baf0aa7e90da4734256
https://paste.ee/r/p7EHC
https://paste.ee/r/oSlYJ
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
5
paste.ee(104.26.4.223) - mailcious
edgedl.gvt1.com(142.250.34.2)
142.250.204.110
142.250.34.2
104.26.5.223 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
13.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8902 |
2021-04-22 17:15
|
 IMG_10540078520047.pdf.exe 0584b79b0075099a377c30ffa0bfee28Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(216.146.43.71)
172.67.188.154
131.186.161.70
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8903 |
2021-04-22 13:39
|
 DLI_0251_053_021.pdf 873fc3f0fdfae3505a3de1bca97e40f9
AgentTesla Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(162.88.193.70)
172.67.188.154
131.186.161.70
|
4
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
21 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8904 |
2021-04-22 10:51
|
 DLI_0251_053_021.pdf 873fc3f0fdfae3505a3de1bca97e40f9Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154)
checkip.dyndns.org(162.88.193.70)
131.186.113.70
104.21.19.200
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
8.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8905 |
2021-04-22 09:53
|
file.rtf 9ca89139d0918e5078122113fc883a7e
RTF File doc Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit crashed |
3
https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/
https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=&e=%EC%9B%90%EA%B2%A9%20%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C%20(404)%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%9D%8C%20%EC%98%A4%EB%A5%98%EB%A5%BC%20%EB%B0%98%ED%99%98%ED%96%88%EC%8A%B5%EB%8B%88%EB%8B%A4.
|
2
mofa.iugur.live(185.163.45.56) - mailcious
185.163.45.56 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
M |
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8906 |
2021-04-22 07:29
|
file.rtf 9ca89139d0918e5078122113fc883a7eMalware Malicious Traffic buffers extracted unpack itself Tofsee |
8
https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA==
https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/
|
4
asw-sns.link(203.55.176.12)
mofa.iugur.live(185.163.45.56)
185.163.45.56
203.55.176.12
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8907 |
2021-04-21 13:58
|
https://prestasicash.com.ar/er... 223975e6f03f5cc32074a00e82f8cf99VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
prestasicash.com.ar(200.68.105.195) - mailcious
200.68.105.195 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8908 |
2021-04-21 10:36
|
 CamLiveSetup1.0.0.exe 82ab12bcd6402e68ae9b1e3cff33699c
Emotet Gen1 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
56
http://www.microsoft.com/china/windows/IE/upgrade/index.aspx
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js
https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=a99b0db8-bfbf-545e-1fb8-9506657ef0a2_548ab34c-2019-5a40-159d-497aca0a31aa_681f815f-66fa-dd0d-337c-f122e5fbc441_03f654df-21f3-ee95-3e73-fff757267bc7_8b6e2c63-6927-7db5-8e32-7f3333da659e_336509cc-abc8-912e-9a27-74fc22d5e823_d05d04f0-2693-ec0c-01de-808f5ad22891_693cb7af-5841-0401-bf99-98f0d9ba4140_a42d7277-10a1-6935-b06a-ebeeb8815ba6_30431ce6-63a7-f889-dfb0-0df5e1561da0_a96731a9-c05d-ced4-6287-89c900b1ed4f_55f6f45b-01ff-8a72-87f2-aef7adb3c4ae_2d3684a3-f1a0-d1c4-8c01-8f5b22b0884d_bec3e8b8-6afd-a4da-0cb7-e3f0e65d6704_25785618-c6df-5018-c882-7493400f3937_3d6f4407-99a7-efc0-9273-2886b50fa823_544bfecd-07c5-9fff-20c9-9125b66a3749_cc850638-66c6-0dc0-e5df-a231bf28e478_551d8557-d7a9-ff79-b33c-444fc691a935_88257d23-e3fb-0deb-d967-418273373312_79c01e4e-6436-0168-278f-66f180dd4fdd_360dd1e2-0971-6b97-6b15-bebe0e7ed91e_548c8edb-b925-5700-12de-1fbe1e801b5e_e102ee4d-7772-ae41-a83e-3b7ad65995ca_d707f600-5853-342b-4975-ecd516bff797
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel11_HighlightFeature_Apps.jpg?version=20838ec0-a03c-6daf-0748-1ae153da306c
https://www.microsoft.com/en-us/silentauth
https://c.s-microsoft.com/zh-cn/CMSImages/weibo-color.png?version=9724af91-3d78-e2ca-0dda-291ae59eee58
https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/69-13871c/b7-0ad59f/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/17-f90ef1?ver=2.0&_cf=20210415&iife=1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item6_Blue.jpg?version=838eebb7-ef23-731b-ee07-deea2ae49dc8
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Neurodiversity.jpg?version=dd9094cf-5aed-e3ec-4c49-2f0ffb0131d1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Support_Win10.svg?version=cd9f4a5f-0b3d-9251-c658-431441ccd316
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-18_Support.svg?version=4a9a4c35-089f-e35e-f8db-f08df9dd53b2
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Time.jpg?version=5b146a03-52cf-74f5-064d-eee060433c0b
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-20_BlogWin.svg?version=3b1d197c-2139-50c4-563f-360f55c40234
https://c.s-microsoft.com/zh-cn/CMSImages/Windows-Consumer-QR-code-for-Wechat.jpg?version=5fa8e6f7-bd8d-d33c-9dbe-9d80f9fd1f1a
https://c.s-microsoft.com/zh-cn/CMSImages/wechat-color.png?version=a0708e8c-0e68-a7c8-9ece-ad71f007821d
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1618968526&rver=7.3.6963.0&wp=MBI_SSL&wreply=https%3a%2f%2fwww.microsoft.com%2fen-us%2fsilentauth%3fsilentauth%3dmsa&lc=1033&id=74335&aadredir=1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel06_FeatureGroup_Gaming.jpg?version=67774c04-06d2-d24c-422f-d267d8c2963a
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Alfred.jpg?version=03a6c714-4847-7450-38fb-8324ca30eb0a
https://mwf-service.akamaized.net/mwf/css/bundle/1.58.0/chinese-simplified/default/mwf-main.min.css
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Jen.jpg?version=c3b7507b-c995-8007-0f0d-42e9479462c2
https://www.microsoft.com/videoplayer/js/oneplayeriframe.js
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_SingleL_Lina.jpg?version=62faa73f-e14b-9432-b764-2a7cb102f396
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item5_Stand.jpg?version=4cb1c4e3-e67f-5175-b325-d17b1ebffb42
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Learning.jpg?version=dd0f5222-972f-3d6a-c4b1-8d1f3cf273c0
https://www.microsoft.com/favicon.ico?v2
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item1_Gray.jpg?version=df68d82a-b81b-b310-e0da-f49a63a83107
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel04_FeatureGroup_Need.jpg?version=0403d7c9-4711-8f9a-cb4d-38274bf57476
https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Protect.jpg?version=74ddf6ec-e0f2-b1c0-68de-ae8073b23695
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Learn_Win10.svg?version=a74055d5-8ea6-b1a6-7ee2-be3e17e60335
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-21_InsiderProgram.svg?version=8768bb27-2df7-f685-7e06-2732b420aa68
https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Apps_ROW.svg?version=fd5609cc-a2f9-94c5-1a66-94a80cd4daa5
https://login.microsoftonline.com/common/oauth2/authorize?client_id=28b567f6-162c-4f54-99a0-6887f387bbcc&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DAAEAAFyCdhnxw3rY8gmsuYE6uYBdYn4tuSjr7dS9bKdxM2NOK0bfQI-ckwqIOpSioIu90T8ipXvDU1SkFvY15YCZ3kN0v78FBeWlOy3b7NEfURpF-rllTQbsXfR6iMEk4QehfBErCksNrgKUEHLDeh9YpaLj_eND1SNgTB9ezoRF2lwi04vBwTL2ZY6rYvuCQt24wYHtd5lZtKB4aC253H9kLfWHuQPKtBww0F5YMjm53gfqake5HaXXBfrJQ8aHQEkMGK72U1f0ygMOecCI1vCMdo6l1kwgEUKLZ18qCJRQ4D673me_Xr5JZQi8vyaVWWiyXr4mRBKT2USZO40DAwncAsUN21bQv-Ag8qF_hJgEFp6BiBjnRp5X-rhOJfJM4K4r7gABAACDsBuQvvtuVdUw_Ne05kwk3Trnrq3taxEQCZSCnA8EF2dJ251SOM4aRbiBgpvmWQeEEGvCmFH4igIG0KaE6bDkOls8YEv0BrX9V2Orm9auCISRWT7Hy_0RcADPJGeaKrm6u2_xxsM2SMKfqpqMQN-SWoYFI24RXANs2GUXfzP3UZlrYWNJzXxYkjeV50-Jl0ZLfAEj74uqzjUOhihKki8oIpq9X-DFnsTUz94zPuGfM63RpkCdKefsmoD1jtpS0B_uC7cs04MhRMLK0VYx_v8Tt0MRZxJ1V8gMwG7GO9l2nyuxm-LFsLk--gH5DDkYxsG7EsZBbV_uGPKgGHPYmeWwUAAAAPnH8Wjz-SSXiBeseXjYXk8eSUCViMbrAmDk_s84CTGqlJwC7pBSHu8-axVAEuqo2xuOGfD8aPe9txtSXKsdrDtBWyV6z95rofgmeVCcP_CZ&nonce=637545653276523839.OTE0Y2YzMGItMWE5Zi00ZGU0LTk1MWEtZDA4OTNmNzg5Njk3NTk0ODQyZGItZTkxYi00NWNkLWJkNDMtZjk3ZDllNTliMmQ5&msafed=0&post_logout_redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fzh-cn%2Fwindows&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsilentauth%3Fsilentauth%3Daad&prompt=none&x-client-SKU=ID_NET451&x-client-ver=5.2.1.0
https://www.microsoft.com/zh-cn/windows
https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/chinese-simplified/shell/_scrf/css/themes=default.device=uplevel_web_pc/ce-7fab8a/4d-a16e89/31-37543f/c8-dc213b/72-bc6e2e/1f-ae6216/7f-eaeb0a/45-279540?ver=2.0&_cf=20210415
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Home.jpg?version=eac57ec1-493d-31c9-6134-0f496332edfd
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item4_Key.jpg?version=e4d63016-4779-72f1-e2d8-7bed327aec74
https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=6bf79a08-9288-6cc8-1e9a-4bf9dbcb4f0b
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item3_Pen.jpg?version=d227593e-08df-4975-4733-7d1adef53088
https://mem.gfx.ms/meversion?partner=windows&market=zh-cn&uhf=1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Devices_Win10.svg?version=9edf105d-64f1-63ed-5722-088fa81cae60
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item2_Nocamera.jpg?version=71a410d4-1d20-bc8f-dc2e-36cc8a4a6c8a
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Together.jpg?version=f129679d-4e30-ff68-4e6f-246b4b6387be
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel05_FeatureGroup_Included.jpg?version=976539f8-3873-bee1-7def-175fd679d5e1
https://mwf-service.akamaized.net/mwf/js/bundle/1.58.0/mwf-auto-init-main.var.min.js
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Mobility.jpg?version=d6cee281-0b4a-7da7-45c1-9290b6842199
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWbRcX
https://www.microsoft.com/en-us/silentauth?silentauth=msa
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-19_Community.svg?version=4a149663-0cd4-3657-a2e5-828f12093a87
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Hearing.jpg?version=48d71b3d-1873-8a94-48cf-51b5004493b1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Pro.jpg?version=6254e865-59d9-772e-b366-18c5a317c764
https://c.s-microsoft.com/zh-cn/CMSStyles/style.csx?k=22361378-32d9-7605-f407-faf3915cc578_5db8aa42-94fc-25e1-b3cb-4c10fc9b3365_19eb7aac-f19d-5b0a-2597-917ab6f56948_6907ca6c-47d0-7fb2-f172-c697ac3fa1d4_c2f71a82-22a3-f26a-5030-ff5ef0258ba5_a681ceee-a34b-e130-8d81-b18ed7ae311c_9364d263-04e2-fa93-295f-ac95deef1b9e_f2c0a7de-c8b4-9ffd-3da8-507c03656f45_1355fc4b-ebb6-3206-623c-1d0bfa198078_4e47a659-c850-3b0e-9619-bf3f3883383f_38c4f8a1-9126-1ac0-fe7c-a6ce511e4d5d_a59217af-ef9a-e7a9-5d2d-3e7c29ec8c74_cadda335-6bb7-dd27-b21c-207becff7f0e_6c374194-c20d-b1fb-c660-cb265575e9f8_8537e4c1-e0c2-217e-35c8-368ff8695452_3a5d0f03-92af-f68f-4d54-9345fd0c450b_101e2959-bef8-bef3-9753-ec50a2e21e47_22f531fa-1ca1-1450-f51f-0ced3605391f_83f79b5f-072c-caff-6be3-fc1c19e6fc7d_38913389-fea5-7880-c2c9-8456eb4bc8b3_96e658dc-47b6-244e-2597-042a5f8f810c_9ec9714d-916b-3af1-3b2b-1319816e27f2_077fbb87-618f-dfeb-9d82-070977d8501e_fe5653f3-5634-2b70-6e35-7877f94f84bb_443818fe-bc64-cfef-48f0-a8818b7f445d_1601b05d-e715-cd85-403f-0320bd5ec7d8_a5c2a06f-7ed2-5a74-5ba9-483951164242_d21bd579-3ea5-f74c-45ef-69c9d1f07c47
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Vision.jpg?version=2e286003-dc42-a343-06c7-a89bf41afc60
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Ideas.jpg?version=4aa4ad31-1581-9d76-ef2f-e9ebe3f8e42c
|
22
img-prod-cms-rt-microsoft-com.akamaized.net(23.67.53.153)
query.prod.cms.rt.microsoft.com(104.74.209.158)
statics-marketingsites-wcus-ms-com.akamaized.net(23.67.53.138)
c.s-microsoft.com(23.40.45.184) - mailcious
assets.onestore.ms(104.74.154.117)
login.live.com(40.126.37.6)
az725175.vo.msecnd.net(117.18.232.200)
mwf-service.akamaized.net(23.67.53.146)
assets.adobedtm.com(23.40.44.242)
login.microsoftonline.com(20.190.165.7)
mem.gfx.ms(184.25.17.153)
www.microsoft.com(23.201.37.168)
184.25.25.207
121.254.136.48
23.212.13.232
104.75.0.209
182.162.106.48
20.190.163.18
182.162.106.8
184.25.17.153
23.201.37.168
23.61.77.47
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
6.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8909 |
2021-04-21 09:39
|
 catalog-532402110.xlsm 3c783f26d920978c063be2e392954da0Check memory unpack itself Tofsee DNS crashed |
2
http://halle-auer20h.ru.com/lenta.html
https://steilppm.ac.id/drms/lenta.html
|
8
steilppm.ac.id(173.254.61.152)
acienciaparaficarrico.com.br(198.50.218.68)
halle-auer20h.ru.com(34.86.137.163)
deccanrestaurant.co.uk(5.100.155.169)
198.50.218.68 - malware
5.100.155.169 - malware
173.254.61.152
34.86.137.163
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8910 |
2021-04-21 09:38
|
 catalog-334041965.xlsm 8d70ebc40f4fdc94aaf8744bdc7879b0Check memory unpack itself Tofsee crashed |
2
http://halle-auer20h.ru.com/lenta.html
https://steilppm.ac.id/drms/lenta.html
|
8
steilppm.ac.id(173.254.61.152)
acienciaparaficarrico.com.br(198.50.218.68)
halle-auer20h.ru.com(34.86.137.163)
deccanrestaurant.co.uk(5.100.155.169)
34.86.137.163
173.254.61.152
5.100.155.169 - malware
198.50.218.68 - malware
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|