| 9151 |
2021-03-08 15:17
|
geoip.inc bf1e7e0fd0b9755f974217e69c63a31a
Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9152 |
2021-03-08 15:15
|
chart.class.php 556b2524384b1b773732cd9648a23b14
Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9153 |
2021-03-08 15:15
|
fre.php ea9f466d28c594dc4741469805fd440c
Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9154 |
2021-03-08 11:42
|
chashepro3.exe c277ca9bda5cde270d97fb1cbe5568d0
Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName Firmware DNS Cryptographic key Software crashed |
5
http://74.119.193.164:3214/
https://iplogger.org/favicon.ico
https://iplogger.org/1aSny7
https://iplogger.org/1rst77
https://api.ip.sb/geoip
|
10
WHOIS.APNIC.NET(172.104.79.63)
iplogger.org(88.99.66.31)
whois.iana.org(192.0.32.59)
api.ip.sb(104.26.13.31)
195.88.209.205 - mailcious
192.0.32.59
104.26.12.31
88.99.66.31 - mailcious
74.119.193.164
172.104.79.63
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
21.6 |
M |
48 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9155 |
2021-03-08 09:16
|
Rq9UwX3Sxdm9bAfW.exe 7f8a15aca0965d3ef7f5e36245ee20fa
Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://159.69.119.114:3214/
https://www.bing.com/
https://api.ip.sb/geoip
|
6
www.google.com(172.217.161.68)
api.ip.sb(104.26.13.31)
104.26.12.31
159.69.119.114
13.107.21.200
172.217.174.196
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9156 |
2021-03-08 09:12
|
inst_all.exe 7ae05cc2d2a31d9dfa7edbf6beef674e
Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9157 |
2021-03-08 09:11
|
A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e
Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.119.114:3214/
https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.12.31)
159.69.119.114
172.67.75.172
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9158 |
2021-03-08 09:03
|
A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e
Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.119.114:3214/
https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172)
104.26.12.31
159.69.119.114
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9159 |
2021-03-06 19:03
|
updatewin.exe 9010fa92cc83afe00fab38703e6ffa77
VirusTotal Malware suspicious privilege Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
https://reputinodaedo.pw/cfg/ - rule_id: 307
|
2
reputinodaedo.pw(104.21.6.117) - mailcious
172.67.134.209
|
2
ET DNS Query to a *.pw domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://reputinodaedo.pw/cfg/
|
4.0 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9160 |
2021-03-06 18:28
|
5.exe 6a50d5e91b193be284aa02106ee35e97
VirusTotal Malware malicious URLs Tofsee crashed |
|
2
api.faceit.com(104.17.62.50)
104.17.62.50
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9161 |
2021-03-06 09:21
|
http://goaqaba.com/ccwidd/4426... d41d8cd98f00b204e9800998ecf8427e
VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://goaqaba.com/favicon.ico
|
3
goaqaba.com(207.244.229.15) - malware
www.goaqaba.com(207.244.229.15)
207.244.229.15 - malware
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9162 |
2021-03-06 09:20
|
8.iosssappp.exe df60756a8e33b721b357bd7242f4881a
Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://177.47.88.62/rob20/TEST22-PC_W617601.378AC5D337BB31DB195D8B32D85BF05B/5/kps/
|
4
179.191.108.58 - mailcious
154.79.252.132 - mailcious
177.47.88.62
168.232.188.88
|
3
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 7
|
|
6.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9163 |
2021-03-05 13:51
|
PO_2287_Scanned.pdf.exe efa6aa4c9687bdefad45af4771bf5ad5
VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows DNS |
1
|
3
www.google.com(172.217.175.100)
13.107.21.200
172.217.163.228
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9164 |
2021-03-05 13:50
|
PI_1037_Scanned_0547.pdf.exe 37997ca39c9a900255366c354ca2ebbb
VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows |
1
|
3
www.google.com(172.217.175.100)
216.58.200.4 - suspicious
172.217.163.228
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9165 |
2021-03-05 13:39
|
MARBLE-SAMPLE-PICTURES.exe 81d474f480901c0244d0d90e88da15f4
Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself malicious URLs Tofsee Windows Remote Code Execution DNS |
1
https://cdn.discordapp.com/attachments/816412948242890752/816783648769704017/Cluea
|
4
www.diaamondgranitas.org(185.140.53.230)
cdn.discordapp.com(162.159.129.233) - malware
185.140.53.230
162.159.133.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|