9961 |
2020-10-21 10:37
|
https://itravel.co.tz/Img/docu... 28fbc92abd52bd871cfa322673390621 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
itravel.co.tz(160.153.133.172) 117.18.232.200 - suspicious 160.153.133.172 164.124.101.2
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9962 |
2020-10-21 09:55
|
035708552.doc 9bc89e09c2f9d3532490809a26ff2126 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee DNS |
2
http://188.226.165.170:8080/sUMLSLn5QPY86TXZUlU/tt66ph/moPEwTi/74gIsQHK/Nnq4b/MsmOT9UTSVXPf4/ - mailcious https://luofox.com/wp-admin/fpTWdJzQR/ - mailcious
|
7
luofox.com(106.54.225.198) - mailcious 104.131.144.215 - suspicious 106.54.225.198 - suspicious 164.124.101.2 188.226.165.170 - suspicious 5.2.246.108 - suspicious 91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
22 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9963 |
2020-10-21 09:28
|
https://globaltechealthy.com/x... 230c5d72b8bfd4d14b4f9e55d2633345 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9964 |
2020-10-21 09:19
|
Copy invoice #1252.doc 3210c2965e9284197cb5618b2492ae1c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
http://188.226.165.170:8080/OCuKMuQWW/GfkvVful050/KKbOKeF/wLHRvJQjkFppvzHCC/X9XNNYF0ISWHQKLqf/EjggGXx/ - mailcious
|
7
luofox.com(106.54.225.198) 104.131.144.215 - suspicious 106.54.225.198 164.124.101.2 188.226.165.170 - suspicious 5.2.246.108 91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9965 |
2020-10-21 07:53
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81 - suspicious
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9966 |
2020-10-21 07:46
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) 117.18.232.200 - suspicious 164.124.101.2 198.54.126.81
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9967 |
2020-10-20 16:19
|
http://blockschain.great-site.... 83af9f05c497857ace30bf9077443498 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://blockschain.great-site.net/css/style.css http://blockschain.great-site.net/?i=1 http://blockschain.great-site.net/favicon.ico http://blockschain.great-site.net/ - suspicious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://blockschain.great-site.net/aes.js https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css https://fonts.googleapis.com/css?family=Anton
|
10
fonts.googleapis.com(172.217.25.234) infinityfree.net(104.26.8.174) cdnjs.cloudflare.com(104.17.78.107) - mailcious blockschain.great-site.net(185.27.134.216) - suspicious 104.17.79.107 104.26.9.174 117.18.232.200 - suspicious 164.124.101.2 172.217.24.74 185.27.134.216 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9968 |
2020-10-20 14:53
|
http://www.advisertours.com/08... c8bc6937ff78700cc917195d5444585e Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
78
http://www.advisertours.com/js/core/dic.js?ver=1.2 http://www.advisertours.com/plugins/summernote/summernote.css http://www.advisertours.com/js/core/maxisUploader.js http://www.advisertours.com/plugins/fa/css/fa.min.css http://www.advisertours.com/plugins/color/bootstrap-colorpicker.js http://www.advisertours.com/plugins/jquery/jquery.cookie.js http://www.advisertours.com/plugins/bootstrap/bootstrap.min.css http://www.advisertours.com/Images/Settings/css/theme.css?ver=1.77 http://www.advisertours.com/plugins/summernote/summernote.js http://www.advisertours.com/plugins/others/numeral.js http://www.advisertours.com/plugins/fancybox/jquery.fancybox.js http://www.advisertours.com/css/core/maxisUploader.css http://www.advisertours.com/plugins/bootstrap/bootstrap.min.js http://www.advisertours.com/favicon.ico http://www.advisertours.com/plugins/fa/webfonts/fa-solid-900.eot http://www.advisertours.com/Images/Logo/adviser.png http://www.advisertours.com/plugins/menu/metisMenuCustom.css http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.css http://www.advisertours.com/css/maxis.css?ver=1.23 http://www.advisertours.com/plugins/addtoany/page.js http://www.advisertours.com/plugins/googlefonts/fontselect.css?ver=1.0 http://www.advisertours.com/js/admin/html.js?ver=1.2 http://www.advisertours.com/js/core/maxisMenu.js?ver=1.3 http://www.advisertours.com/plugins/others/moment.js http://www.advisertours.com/plugins/carousel/carousel.css http://www.advisertours.com/error http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.js http://www.advisertours.com/plugins/notify/notify.js http://www.advisertours.com/plugins/jquery-ui/jquery-ui.js http://www.advisertours.com/plugins/wow/animate.css http://www.advisertours.com/plugins/color/bootstrap-colorpicker.min.css http://www.advisertours.com/plugins/others/form.js http://www.advisertours.com/plugins/uploader/jquery.uploadfile.js http://www.advisertours.com/plugins/selectize/js/selectize.min.js http://www.advisertours.com/plugins/animate/animate.css http://www.advisertours.com/js/core/maxisSysFun.js?ver=1.2 http://www.advisertours.com/plugins/selectize/css/selectize.default.css http://www.advisertours.com/js/core/maxisFun.js?ver=1.2 http://www.advisertours.com/plugins/others/jredirect.js http://www.advisertours.com/js/core/maxisForm.js?ver=1.2 http://www.advisertours.com/images/settings/cms/bar.jpg http://www.advisertours.com/js/core/maxisGrid.js?ver=1.2 http://www.advisertours.com/plugins/jsgrid/css/jsgrid.css http://www.advisertours.com/plugins/jsgrid/js/jsgrid.js http://www.advisertours.com/plugins/uploader/uploadfile.css http://www.advisertours.com/plugins/jquery/jquery.min.js http://www.advisertours.com/plugins/jsonToXls/excelexportjs.js http://www.advisertours.com/plugins/easyAutocomplete/easy-autocomplete.css http://www.advisertours.com/images/AjaxLoader.gif http://www.advisertours.com/plugins/sticky/jquery.stickme.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.advisertours.com/plugins/fa/webfonts/fa-brands-400.eot http://www.advisertours.com/css/core/jsgrid-custom.css?ver=1.0 http://www.advisertours.com/js/core/maxisCombo.js?ver=1.2 http://www.advisertours.com/plugins/wow/wow.min.js http://www.advisertours.com/css/cms.css?ver=1.23 http://www.advisertours.com/plugins/googlefonts/jquery.fontselect.js http://www.advisertours.com/plugins/carousel/owl.carousel.min.js http://www.advisertours.com/plugins/fancybox/jquery.fancybox.css http://www.advisertours.com/plugins/jsgrid/css/jsgrid-theme.css http://www.advisertours.com/0810.gif - malware http://www.advisertours.com/plugins/easyAutocomplete/jquery.easy-autocomplete.js http://www.advisertours.com/plugins/menu/metisMenu.min.js http://www.advisertours.com/plugins/menu/metisMenu.min.css http://www.advisertours.com/plugins/fa/webfonts/fa-regular-400.eot http://www.advisertours.com/js/core/maxisModal.js?ver=1.2 http://www.advisertours.com/plugins/others/readmore.js http://www.advisertours.com/Images/Settings/css/style.css?ver=1.77 http://www.advisertours.com/js/core/maxisMap.js http://www.advisertours.com/js/admin/errorPage.js http://www.advisertours.com/js/admin/search.js?ver=1.2 http://www.advisertours.com/plugins/googlemaps/locationpicker.jquery.min.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/js?libraries=places&key=AIzaSyAZYkqEi7CmdGgw3sYll-sit-E8ktfqEk0 https://fonts.googleapis.com/css?family=Rubik https://www.googletagmanager.com/gtag/js?id=UA-37099488-7 https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__ko.js
|
18
www.gstatic.com(172.217.26.3) maps.google.com(172.217.27.78) www.google.com(172.217.31.164) www.google-analytics.com(172.217.175.78) fonts.googleapis.com(172.217.26.10) yotatravel.com(192.185.76.193) www.advisertours.com(205.144.171.63) - malware www.googletagmanager.com(172.217.175.104) 108.177.97.95 117.18.232.200 - suspicious 164.124.101.2 172.217.163.228 172.217.163.232 172.217.174.206 172.217.25.14 - suspicious 192.185.76.193 205.144.171.63 216.58.200.3
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9969 |
2020-10-20 13:27
|
test.html 796af7ff315d771a7a8e1b85d02be1c3 Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
http://riandutra.com/img/esp/gi3m4f-0296/ - mailcious http://makemoneywithus.work/selfclicks - mailcious http://mrveggy.com/erros/paclm/ - compromised http://fairebornfilms.com/anal/img.jpg http://blockschain.great-site.net/ - suspicious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://ym5zuxo.com/biwe_zibofyra/ripy_lani.php - mailcious http://fairebornfilms.com/anal/hd-anal-teengirls-sex-vedeos.html http://dp-womenbasket.com/wp-admin/Li/ - phishing http://blockschain.great-site.net/aes.js
|
17
riandutra.com(191.6.196.95) - mailcious dp-womenbasket.com(104.28.13.193) - phishing www.fairebornfilms.com(192.185.138.117) mrveggy.com(191.6.198.191) - mailcious fairebornfilms.com(192.185.138.117) makemoneywithus.work(188.225.75.54) - mailcious blockschain.great-site.net(185.27.134.216) - suspicious ym5zuxo.com(45.150.64.102) - mailcious 117.18.232.200 - suspicious 164.124.101.2 172.67.151.128 - suspicious 185.27.134.216 - suspicious 188.225.75.54 - suspicious 191.6.196.95 - suspicious 191.6.198.191 - suspicious 192.185.138.117 45.150.64.102 - suspicious
|
6
ET INFO Observed DNS Query to .work TLD SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET CURRENT_EVENTS Malicious Fake JS Lib Inject ET INFO HTTP Request to Suspicious *.work Domain
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9970 |
2020-10-20 11:36
|
test.html 9f44b7790991fb50a33ee18ac31f31bd Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware studyguidewithlakshmi.com(209.58.160.178) - malware www.bestabortionpillsrx.com(89.185.234.56) - mailcious 117.18.232.200 - suspicious 164.124.101.2 209.58.160.178 - suspicious 66.235.200.146 - suspicious 89.185.234.56 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9971 |
2020-10-20 11:19
|
test.html a55d059d5d019b679609493a378c0236 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware inkteach.com(66.235.200.146) - malware amarettobh.com.br(191.6.196.122) - mailcious 117.18.232.200 - suspicious 164.124.101.2 191.6.196.122 - suspicious 209.58.160.178 - suspicious 66.235.200.146 - suspicious
|
5
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9972 |
2020-10-20 11:15
|
test.html a55d059d5d019b679609493a378c0236 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware studyguidewithlakshmi.com(209.58.160.178) - malware amarettobh.com.br(191.6.196.122) - mailcious 117.18.232.200 - suspicious 164.124.101.2 191.6.196.122 - suspicious 209.58.160.178 - suspicious 66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9973 |
2020-10-20 11:02
|
test.html a55d059d5d019b679609493a378c0236 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
4
http://amarettobh.com.br/sys-cache/idPAR/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware amarettobh.com.br(191.6.196.122) - mailcious inkteach.com(66.235.200.146) - malware 117.18.232.200 - suspicious 164.124.101.2 191.6.196.122 - suspicious 209.58.160.178 - suspicious 66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9974 |
2020-10-20 09:56
|
BubbleBrowserMaintenance.exe e07e6c29f3df2ab9dc02e9bf41facfa0 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Detects VirtualBox AppData folder malicious URLs IP Check human activity check Tofsee Windows |
6
http://thecryptocenter.xyz/BubbleBrowser.exe http://thecryptocenter.xyz/BubbleBrowser.exe http://ipinfo.io/country http://ipinfo.io/ip https://ipinfo.io/country https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://script.google.com/macros/s/AKfycbyeDUociDSMjODhy_ZapM5zzyoJ3zrch9n5IUJeKIM3UQOEtZs/exec?ip=175.208.134.150&loc=KR&app=BubbleBrowserMaintenance&payoutcents=0.40&ver=5.2
|
9
script.google.com(172.217.26.14) thecryptocenter.xyz(104.27.156.161) ipqualityscore.com(104.26.2.60) ipinfo.io(216.239.36.21) 104.26.2.60 104.27.157.161 164.124.101.2 216.239.38.21 - suspicious 216.58.199.14 - suspicious
|
5
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
|
|
7.8 |
M |
44 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9975 |
2020-10-20 08:01
|
https://raumfuerneues.eu/error... 5c6a8a35ba48ae1fa55d367d622aaa34 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
raumfuerneues.eu(81.19.159.73) 117.18.232.200 - suspicious 164.124.101.2 81.19.159.73
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|