9076 |
2021-03-08 15:20
|
chart.class.php 556b2524384b1b773732cd9648a23b14 Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9077 |
2021-03-08 15:18
|
index.html d41d8cd98f00b204e9800998ecf8427e Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9078 |
2021-03-08 15:17
|
geoip.inc bf1e7e0fd0b9755f974217e69c63a31a Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9079 |
2021-03-08 15:15
|
chart.class.php 556b2524384b1b773732cd9648a23b14 Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9080 |
2021-03-08 15:15
|
fre.php ea9f466d28c594dc4741469805fd440c Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9081 |
2021-03-08 11:42
|
chashepro3.exe c277ca9bda5cde270d97fb1cbe5568d0 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName Firmware DNS Cryptographic key Software crashed |
5
http://74.119.193.164:3214/ https://iplogger.org/favicon.ico https://iplogger.org/1aSny7 https://iplogger.org/1rst77 https://api.ip.sb/geoip
|
10
WHOIS.APNIC.NET(172.104.79.63) iplogger.org(88.99.66.31) whois.iana.org(192.0.32.59) api.ip.sb(104.26.13.31) 195.88.209.205 - mailcious 192.0.32.59 104.26.12.31 88.99.66.31 - mailcious 74.119.193.164 172.104.79.63
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
|
21.6 |
M |
48 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9082 |
2021-03-08 09:16
|
Rq9UwX3Sxdm9bAfW.exe 7f8a15aca0965d3ef7f5e36245ee20fa Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://159.69.119.114:3214/ https://www.bing.com/ https://api.ip.sb/geoip
|
6
www.google.com(172.217.161.68) api.ip.sb(104.26.13.31) 104.26.12.31 159.69.119.114 13.107.21.200 172.217.174.196
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9083 |
2021-03-08 09:12
|
inst_all.exe 7ae05cc2d2a31d9dfa7edbf6beef674e Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9084 |
2021-03-08 09:11
|
A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.119.114:3214/ https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.12.31) 159.69.119.114 172.67.75.172
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9085 |
2021-03-08 09:03
|
A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.119.114:3214/ https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172) 104.26.12.31 159.69.119.114
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9086 |
2021-03-06 19:03
|
updatewin.exe 9010fa92cc83afe00fab38703e6ffa77 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
https://reputinodaedo.pw/cfg/ - rule_id: 307
|
2
reputinodaedo.pw(104.21.6.117) - mailcious 172.67.134.209
|
2
ET DNS Query to a *.pw domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://reputinodaedo.pw/cfg/
|
4.0 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9087 |
2021-03-06 18:28
|
5.exe 6a50d5e91b193be284aa02106ee35e97 VirusTotal Malware malicious URLs Tofsee crashed |
|
2
api.faceit.com(104.17.62.50) 104.17.62.50
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9088 |
2021-03-06 09:21
|
http://goaqaba.com/ccwidd/4426... d41d8cd98f00b204e9800998ecf8427e VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://goaqaba.com/favicon.ico
|
3
goaqaba.com(207.244.229.15) - malware www.goaqaba.com(207.244.229.15) 207.244.229.15 - malware
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9089 |
2021-03-06 09:20
|
8.iosssappp.exe df60756a8e33b721b357bd7242f4881a Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://177.47.88.62/rob20/TEST22-PC_W617601.378AC5D337BB31DB195D8B32D85BF05B/5/kps/
|
4
179.191.108.58 - mailcious 154.79.252.132 - mailcious 177.47.88.62 168.232.188.88
|
3
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET CNC Feodo Tracker Reported CnC Server group 7
|
|
6.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9090 |
2021-03-05 13:51
|
PO_2287_Scanned.pdf.exe efa6aa4c9687bdefad45af4771bf5ad5 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows DNS |
1
|
3
www.google.com(172.217.175.100) 13.107.21.200 172.217.163.228
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|