| 9016 |
2023-10-30 17:42
|
HTMLHisotoryCleaner.dOC baf31ab5eb242de4b7deb9bc7864f08f
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Wrong direction first Data
|
|
2.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9017 |
2023-10-30 17:45
|
 KEW.txt.exe 2630f19eed1e2899a652c10f5edf1532
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9018 |
2023-10-30 17:47
|
 MAW.txt.exe edc9b4f305d1232558161d5e8d466dd5
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9019 |
2023-10-30 17:50
|
주요도시 시장가격 조사2023.lnk d1dc2db2956803de7eef7a76a6ac5cb2
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM Lnk Format GIF Format PowerShell .NET VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Interception Windows Exploit ComputerName Cryptographic key crashed |
2
http://app.documentoffice.club/salt_view_doc_words?user=H11I75PFF0ZG53NDG00H64OE
https://dl.dropboxusercontent.com/scl/fi/h7p5aearkbq6rnb2oh633/20231028_selca.zip
|
4
dl.dropboxusercontent.com(162.125.84.15) - malware
app.documentoffice.club(84.32.131.104)
162.125.84.15 - malware
84.32.131.104
|
2
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9020 |
2023-10-30 21:16
|
 0cae8683e3d3e6ba8812f8d0d3e34b... 0cae8683e3d3e6ba8812f8d0d3e34b9d
NSIS Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 MSOffice File DLL PNG Format BMP Format JPEG Format VirusTotal Malware MachineGuid Code Injection Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
|
3
dsapi.io()
download.studio(141.255.166.101)
141.255.166.101
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
7.4 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9021 |
2023-10-31 17:34
|
 HTMLbrowserHistoryCleanerhta.d... a5e653641362ac4e0fae2c211a6fd38d
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9022 |
2023-10-31 17:34
|
 XLARFQ77802578790.pdf.hta 9f5447784eb960df0833273eded3324c
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
|
2
imageupload.io(172.67.222.26) - malware
104.21.83.102 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
11.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9023 |
2023-10-31 17:46
|
 XLARFQ77802578790.pdf.hta 9f5447784eb960df0833273eded3324c
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
2
https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg
http://185.254.37.174/cuzinebase64bxjhgvhsj.txt
|
2
imageupload.io(104.21.83.102) - malware
104.21.83.102 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
11.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9024 |
2023-10-31 17:47
|
 lowkeeeeeFile.hta 393385547048586dc9eac0ba496b5c6a
Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
2
https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg
http://185.254.37.174/droidlokiiiiiiiiiiiibase64.txt
|
3
imageupload.io(104.21.83.102) - malware
185.196.8.176 - malware
104.21.83.102 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9025 |
2023-10-31 17:51
|
HRE.vbs dd68aaf78901710759406c19281e1d6bVirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9026 |
2023-10-31 17:57
|
MSS.vbs 95ef971ad0bbdace8a049b8b59ddd0e8wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9027 |
2023-10-31 17:59
|
 HTMLbrowserHistoryCleanerhta.d... a5e653641362ac4e0fae2c211a6fd38d
MS_RTF_Obfuscation_Objects RTF File doc RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9028 |
2023-10-31 18:01
|
JDS.vbs 16c6922f713e35f485266c858eeeb038wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9029 |
2023-11-01 07:47
|
 700.exe 450783b6304d896d217b0a816a3f4853
Hide_EXE Suspicious_Script_Bin Malicious Library UPX Socket Http API ScreenShot Escalate priviledges Steal credential HTTP DNS Code injection Internet API KeyLogger AntiDebug AntiVM PE File PE32 MZP Format OS Processor Check Lnk Format GIF Format ZIP Form Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
6
ipinfo.io(34.117.59.81)
db-ip.com(104.26.5.15)
KXKQBfogIOh.KXKQBfogIOh()
172.67.75.166
91.103.253.146
34.117.59.81
|
6
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
|
|
20.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9030 |
2023-11-01 09:48
|
 settings.md.ps1 d4a8463332d11c465c311485626a089e
Lnk Format GIF Format VirusTotal Malware powershell AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://www.dropbox.com/scl/fi/xomwf87h5an20v2gilmvv/m.zip?rlkey=xg1osj3s43fl9pagr7zgj6y70&dl=1
|
4
www.dropbox.com(162.125.84.18) - mailcious
ambjulio.com(154.56.63.216) - mailcious
154.56.63.216 - mailcious
162.125.84.18 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.2 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|