| 9961 |
2020-10-21 10:37
|
https://itravel.co.tz/Img/docu... 28fbc92abd52bd871cfa322673390621
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
itravel.co.tz(160.153.133.172)
117.18.232.200 - suspicious
160.153.133.172
164.124.101.2
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9962 |
2020-10-21 09:55
|
035708552.doc 9bc89e09c2f9d3532490809a26ff2126
Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee DNS |
2
http://188.226.165.170:8080/sUMLSLn5QPY86TXZUlU/tt66ph/moPEwTi/74gIsQHK/Nnq4b/MsmOT9UTSVXPf4/ - mailcious
https://luofox.com/wp-admin/fpTWdJzQR/ - mailcious
|
7
luofox.com(106.54.225.198) - mailcious
104.131.144.215 - suspicious
106.54.225.198 - suspicious
164.124.101.2
188.226.165.170 - suspicious
5.2.246.108 - suspicious
91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
22 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9963 |
2020-10-21 09:28
|
https://globaltechealthy.com/x... 230c5d72b8bfd4d14b4f9e55d2633345
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware
117.18.232.200 - suspicious
164.124.101.2
198.54.126.81 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9964 |
2020-10-21 09:19
|
Copy invoice #1252.doc 3210c2965e9284197cb5618b2492ae1c
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
http://188.226.165.170:8080/OCuKMuQWW/GfkvVful050/KKbOKeF/wLHRvJQjkFppvzHCC/X9XNNYF0ISWHQKLqf/EjggGXx/ - mailcious
|
7
luofox.com(106.54.225.198)
104.131.144.215 - suspicious
106.54.225.198
164.124.101.2
188.226.165.170 - suspicious
5.2.246.108
91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9965 |
2020-10-21 07:53
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware
117.18.232.200 - suspicious
164.124.101.2
198.54.126.81 - suspicious
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9966 |
2020-10-21 07:46
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81)
117.18.232.200 - suspicious
164.124.101.2
198.54.126.81
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9967 |
2020-10-20 16:19
|
http://blockschain.great-site.... 83af9f05c497857ace30bf9077443498
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://blockschain.great-site.net/css/style.css
http://blockschain.great-site.net/?i=1
http://blockschain.great-site.net/favicon.ico
http://blockschain.great-site.net/ - suspicious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://blockschain.great-site.net/aes.js
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
https://fonts.googleapis.com/css?family=Anton
|
10
fonts.googleapis.com(172.217.25.234)
infinityfree.net(104.26.8.174)
cdnjs.cloudflare.com(104.17.78.107) - mailcious
blockschain.great-site.net(185.27.134.216) - suspicious
104.17.79.107
104.26.9.174
117.18.232.200 - suspicious
164.124.101.2
172.217.24.74
185.27.134.216 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9968 |
2020-10-20 14:53
|
http://www.advisertours.com/08... c8bc6937ff78700cc917195d5444585e
Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
78
http://www.advisertours.com/js/core/dic.js?ver=1.2
http://www.advisertours.com/plugins/summernote/summernote.css
http://www.advisertours.com/js/core/maxisUploader.js
http://www.advisertours.com/plugins/fa/css/fa.min.css
http://www.advisertours.com/plugins/color/bootstrap-colorpicker.js
http://www.advisertours.com/plugins/jquery/jquery.cookie.js
http://www.advisertours.com/plugins/bootstrap/bootstrap.min.css
http://www.advisertours.com/Images/Settings/css/theme.css?ver=1.77
http://www.advisertours.com/plugins/summernote/summernote.js
http://www.advisertours.com/plugins/others/numeral.js
http://www.advisertours.com/plugins/fancybox/jquery.fancybox.js
http://www.advisertours.com/css/core/maxisUploader.css
http://www.advisertours.com/plugins/bootstrap/bootstrap.min.js
http://www.advisertours.com/favicon.ico
http://www.advisertours.com/plugins/fa/webfonts/fa-solid-900.eot
http://www.advisertours.com/Images/Logo/adviser.png
http://www.advisertours.com/plugins/menu/metisMenuCustom.css
http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.css
http://www.advisertours.com/css/maxis.css?ver=1.23
http://www.advisertours.com/plugins/addtoany/page.js
http://www.advisertours.com/plugins/googlefonts/fontselect.css?ver=1.0
http://www.advisertours.com/js/admin/html.js?ver=1.2
http://www.advisertours.com/js/core/maxisMenu.js?ver=1.3
http://www.advisertours.com/plugins/others/moment.js
http://www.advisertours.com/plugins/carousel/carousel.css
http://www.advisertours.com/error
http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.js
http://www.advisertours.com/plugins/notify/notify.js
http://www.advisertours.com/plugins/jquery-ui/jquery-ui.js
http://www.advisertours.com/plugins/wow/animate.css
http://www.advisertours.com/plugins/color/bootstrap-colorpicker.min.css
http://www.advisertours.com/plugins/others/form.js
http://www.advisertours.com/plugins/uploader/jquery.uploadfile.js
http://www.advisertours.com/plugins/selectize/js/selectize.min.js
http://www.advisertours.com/plugins/animate/animate.css
http://www.advisertours.com/js/core/maxisSysFun.js?ver=1.2
http://www.advisertours.com/plugins/selectize/css/selectize.default.css
http://www.advisertours.com/js/core/maxisFun.js?ver=1.2
http://www.advisertours.com/plugins/others/jredirect.js
http://www.advisertours.com/js/core/maxisForm.js?ver=1.2
http://www.advisertours.com/images/settings/cms/bar.jpg
http://www.advisertours.com/js/core/maxisGrid.js?ver=1.2
http://www.advisertours.com/plugins/jsgrid/css/jsgrid.css
http://www.advisertours.com/plugins/jsgrid/js/jsgrid.js
http://www.advisertours.com/plugins/uploader/uploadfile.css
http://www.advisertours.com/plugins/jquery/jquery.min.js
http://www.advisertours.com/plugins/jsonToXls/excelexportjs.js
http://www.advisertours.com/plugins/easyAutocomplete/easy-autocomplete.css
http://www.advisertours.com/images/AjaxLoader.gif
http://www.advisertours.com/plugins/sticky/jquery.stickme.js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.advisertours.com/plugins/fa/webfonts/fa-brands-400.eot
http://www.advisertours.com/css/core/jsgrid-custom.css?ver=1.0
http://www.advisertours.com/js/core/maxisCombo.js?ver=1.2
http://www.advisertours.com/plugins/wow/wow.min.js
http://www.advisertours.com/css/cms.css?ver=1.23
http://www.advisertours.com/plugins/googlefonts/jquery.fontselect.js
http://www.advisertours.com/plugins/carousel/owl.carousel.min.js
http://www.advisertours.com/plugins/fancybox/jquery.fancybox.css
http://www.advisertours.com/plugins/jsgrid/css/jsgrid-theme.css
http://www.advisertours.com/0810.gif - malware
http://www.advisertours.com/plugins/easyAutocomplete/jquery.easy-autocomplete.js
http://www.advisertours.com/plugins/menu/metisMenu.min.js
http://www.advisertours.com/plugins/menu/metisMenu.min.css
http://www.advisertours.com/plugins/fa/webfonts/fa-regular-400.eot
http://www.advisertours.com/js/core/maxisModal.js?ver=1.2
http://www.advisertours.com/plugins/others/readmore.js
http://www.advisertours.com/Images/Settings/css/style.css?ver=1.77
http://www.advisertours.com/js/core/maxisMap.js
http://www.advisertours.com/js/admin/errorPage.js
http://www.advisertours.com/js/admin/search.js?ver=1.2
http://www.advisertours.com/plugins/googlemaps/locationpicker.jquery.min.js
https://www.google.com/recaptcha/api.js
https://maps.google.com/maps/api/js?libraries=places&key=AIzaSyAZYkqEi7CmdGgw3sYll-sit-E8ktfqEk0
https://fonts.googleapis.com/css?family=Rubik
https://www.googletagmanager.com/gtag/js?id=UA-37099488-7
https://www.google-analytics.com/analytics.js
https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__ko.js
|
18
www.gstatic.com(172.217.26.3)
maps.google.com(172.217.27.78)
www.google.com(172.217.31.164)
www.google-analytics.com(172.217.175.78)
fonts.googleapis.com(172.217.26.10)
yotatravel.com(192.185.76.193)
www.advisertours.com(205.144.171.63) - malware
www.googletagmanager.com(172.217.175.104)
108.177.97.95
117.18.232.200 - suspicious
164.124.101.2
172.217.163.228
172.217.163.232
172.217.174.206
172.217.25.14 - suspicious
192.185.76.193
205.144.171.63
216.58.200.3
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9969 |
2020-10-20 13:27
|
test.html 796af7ff315d771a7a8e1b85d02be1c3
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
http://riandutra.com/img/esp/gi3m4f-0296/ - mailcious
http://makemoneywithus.work/selfclicks - mailcious
http://mrveggy.com/erros/paclm/ - compromised
http://fairebornfilms.com/anal/img.jpg
http://blockschain.great-site.net/ - suspicious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://ym5zuxo.com/biwe_zibofyra/ripy_lani.php - mailcious
http://fairebornfilms.com/anal/hd-anal-teengirls-sex-vedeos.html
http://dp-womenbasket.com/wp-admin/Li/ - phishing
http://blockschain.great-site.net/aes.js
|
17
riandutra.com(191.6.196.95) - mailcious
dp-womenbasket.com(104.28.13.193) - phishing
www.fairebornfilms.com(192.185.138.117)
mrveggy.com(191.6.198.191) - mailcious
fairebornfilms.com(192.185.138.117)
makemoneywithus.work(188.225.75.54) - mailcious
blockschain.great-site.net(185.27.134.216) - suspicious
ym5zuxo.com(45.150.64.102) - mailcious
117.18.232.200 - suspicious
164.124.101.2
172.67.151.128 - suspicious
185.27.134.216 - suspicious
188.225.75.54 - suspicious
191.6.196.95 - suspicious
191.6.198.191 - suspicious
192.185.138.117
45.150.64.102 - suspicious
|
6
ET INFO Observed DNS Query to .work TLD
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET CURRENT_EVENTS Malicious Fake JS Lib Inject
ET INFO HTTP Request to Suspicious *.work Domain
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9970 |
2020-10-20 11:36
|
test.html 9f44b7790991fb50a33ee18ac31f31bd
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware
studyguidewithlakshmi.com(209.58.160.178) - malware
www.bestabortionpillsrx.com(89.185.234.56) - mailcious
117.18.232.200 - suspicious
164.124.101.2
209.58.160.178 - suspicious
66.235.200.146 - suspicious
89.185.234.56 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9971 |
2020-10-20 11:19
|
test.html a55d059d5d019b679609493a378c0236
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware
inkteach.com(66.235.200.146) - malware
amarettobh.com.br(191.6.196.122) - mailcious
117.18.232.200 - suspicious
164.124.101.2
191.6.196.122 - suspicious
209.58.160.178 - suspicious
66.235.200.146 - suspicious
|
5
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9972 |
2020-10-20 11:15
|
test.html a55d059d5d019b679609493a378c0236
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware
studyguidewithlakshmi.com(209.58.160.178) - malware
amarettobh.com.br(191.6.196.122) - mailcious
117.18.232.200 - suspicious
164.124.101.2
191.6.196.122 - suspicious
209.58.160.178 - suspicious
66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9973 |
2020-10-20 11:02
|
test.html a55d059d5d019b679609493a378c0236
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
4
http://amarettobh.com.br/sys-cache/idPAR/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware
amarettobh.com.br(191.6.196.122) - mailcious
inkteach.com(66.235.200.146) - malware
117.18.232.200 - suspicious
164.124.101.2
191.6.196.122 - suspicious
209.58.160.178 - suspicious
66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9974 |
2020-10-20 09:56
|
BubbleBrowserMaintenance.exe e07e6c29f3df2ab9dc02e9bf41facfa0
VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Detects VirtualBox AppData folder malicious URLs IP Check human activity check Tofsee Windows |
6
http://thecryptocenter.xyz/BubbleBrowser.exe
http://thecryptocenter.xyz/BubbleBrowser.exe
http://ipinfo.io/country
http://ipinfo.io/ip
https://ipinfo.io/country
https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150
https://script.google.com/macros/s/AKfycbyeDUociDSMjODhy_ZapM5zzyoJ3zrch9n5IUJeKIM3UQOEtZs/exec?ip=175.208.134.150&loc=KR&app=BubbleBrowserMaintenance&payoutcents=0.40&ver=5.2
|
9
script.google.com(172.217.26.14)
thecryptocenter.xyz(104.27.156.161)
ipqualityscore.com(104.26.2.60)
ipinfo.io(216.239.36.21)
104.26.2.60
104.27.157.161
164.124.101.2
216.239.38.21 - suspicious
216.58.199.14 - suspicious
|
5
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup ipinfo.io
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
|
|
7.8 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9975 |
2020-10-20 08:01
|
https://raumfuerneues.eu/error... 5c6a8a35ba48ae1fa55d367d622aaa34
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
raumfuerneues.eu(81.19.159.73)
117.18.232.200 - suspicious
164.124.101.2
81.19.159.73
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|