9976 |
2020-10-19 17:55
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls - mailcious
|
4
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 8.208.102.117
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9977 |
2020-10-19 17:25
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9978 |
2020-10-19 17:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1790317629
|
5
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 194.36.191.177 - suspicious 8.208.102.117
|
4
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9979 |
2020-10-19 17:07
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9980 |
2020-10-19 16:27
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml clean https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9981 |
2020-10-19 16:13
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9982 |
2020-10-19 16:05
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9983 |
2020-10-19 15:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) 117.18.232.200 164.124.101.2 8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9984 |
2020-10-19 15:01
|
test.html d41d8cd98f00b204e9800998ecf8427e Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 164.124.101.2
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9985 |
2020-10-19 13:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1951826145
|
5
docsecure.top(8.208.102.117) 117.18.232.200 164.124.101.2 194.36.191.177 8.208.102.117
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9986 |
2020-10-19 11:16
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
2
117.18.232.200 8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9987 |
2020-10-19 11:16
|
https://docsecure.top/111.exe ff47e6eb2602178a4306e4fcecb15b7d Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report suspicious privilege Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit ComputerName DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/111.exe
|
7
103.36.48.103 103.76.169.213 117.18.232.200 195.123.240.113 8.209.75.30 85.204.116.173 89.223.126.186
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 24 ET DNS Query to a *.top domain - Likely Hostile ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 23 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
8.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9988 |
2020-10-19 11:13
|
OperaSetup.exe ff4661ec5bef09ac7fcf479c933d2d81 Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee Remote Code Execution DNS |
5
https://autoupdate.geo.opera.com/v2/netinstaller/Stable/windows/x64 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://autoupdate.geo.opera.com/geolocation/ https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://download.opera.com/download/get/?id=51078&autoupdate=1&ni=1&stream=stable&utm_campaign=(direct)_via_opera_com_https&utm_medium=doc&utm_site=opera_com&utm_source=(direct)_via_opera_com&utm_tryagain=yes&niuid=9ff42522-a862-4912-b63e-6c2e545f3ad4 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://download.opera.com/download/get/?id=51081&autoupdate=1&ni=1 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary
|
4
107.167.110.217 107.167.119.133 23.43.9.151 82.145.216.19
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9989 |
2020-10-19 10:55
|
https://docsecure.top/xls/0051... 1857ec35df81a3cb7fe02c9382ba3be7 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00517069.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1623214863
|
3
117.18.232.200 194.36.191.177 8.209.75.30
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
7.2 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9990 |
2020-10-19 10:53
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 Dridex Malware Creates executable files unpack itself malicious URLs Tofsee DNS |
1
http://solosur.com/1610.gif
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|