| 9991 |
2020-10-19 10:42
|
http://google.com 5c8e481fca1860d15244132ca413e8ea
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
10
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png
http://www.google.com/
http://www.google.com/favicon.ico
http://google.com/
http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png
https://www.google.com/images/hpp/Chrome_Owned_96x96.png
https://id.google.com/verify/AHGvNow70cKTzJ4YAiZ9bQ-bGyUfv6hsoNbwOSaa3e4cSAOdXAQTzx4UfvQpPWuCQmp-bGiRcdgi8qIkwFg0Kwf0zip6VLRqLyFEfG-W5XRBBI3VW3PX5w
https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA
https://www.google.com/gen_204?atyp=i&zx=1603071699078&ogsr=1&ei=3O6MX86NFJGS0gSGmo-QDw&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0
|
5
172.217.161.163
172.217.174.195
172.217.174.206
172.217.24.78
216.58.200.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9992 |
2020-10-19 10:40
|
http://google.com 7c5b5c860e570c3a102b9ad3b70d5250
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
14
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png
http://www.google.com/
http://www.google.com/favicon.ico
http://google.com/
http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png
https://www.google.com/images/hpp/Chrome_Owned_96x96.png
https://id.google.com/verify/AHGvNoz67299XAAw47xz8dx2N0jUdvDfJPI-xpYa0-aMA903QE7EmGdb5HLbauvbTfQrEfQmuaVNT7l8BXkflu72YB62QyZfILm_k1UFFTLGmPcwVzPOMg
https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA
https://www.google.com/gen_204?atyp=i&zx=1603071496312&ogsr=1&ei=Eu6MX7erObG2mAXImrzYDQ&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0
https://www.gstatic.com/og/_/ss/k=og.og2.PgfxfGqQF7o.L.I9.O/m=lg/excm=in,fot/d=1/ed=1/ct=zgms/rs=AA2YrTtXOZGBi97nSWVF5_lQHggN-0axqA
https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=lat/exm=in,fot,def/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA
https://ssl.gstatic.com/gb/images/a/911e3628e6.png
https://ssl.gstatic.com/gb/images/p1_e53fc7b4.png
|
6
172.217.163.228
172.217.174.195
172.217.24.78
172.217.25.3
216.58.200.67
216.58.200.78
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9993 |
2020-10-19 09:28
|
https://docsecure.top/xls/0061... 92e79228771983699fc0cfe8dfa7f407
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00613486.xls
|
2
117.18.232.200
8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9994 |
2020-10-19 07:54
|
https://docsecure.top/xls/0056... d694f94ba539e86d95c6a3671dd6b455
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00569905.xls
|
2
117.18.232.200
8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9995 |
2020-10-18 10:30
|
cmca.jpg.exe cd08d517ecfc84ccb7f41549ed7b6c12
VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
https://paste.ee/r/NCVsN
https://paste.ee/r/27WEg
https://paste.ee/r/p6mV5
|
1
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9996 |
2020-10-18 10:23
|
melo.jpg.exe ec56dfc73215179dcd26dd36e8d143d6
VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
https://paste.ee/r/BjI68
https://paste.ee/r/kwB6z
https://paste.ee/r/N1hJ9
|
2
104.18.49.20
172.67.219.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.8 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9997 |
2020-10-16 10:06
|
bob.exe 3aff71a139f4a5201d81b00a4a1d17c4
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://api.ipify.org/
|
2
184.73.247.141
91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
|
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9998 |
2020-10-15 18:40
|
https://poptateseatery.com/pic... 41e710898f863e44ab67eea0aa981289
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200
85.187.128.10
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9999 |
2020-10-15 18:34
|
https://marcussoil.com/MdF3y0f... b5daea22056dbf2a79b2249c70c5e441
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200
199.188.200.254
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10000 |
2020-10-15 14:26
|
L_35671667072801532865268.doc c641df2d18593f8b7de8c3c7b7bb49c1
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
4
http://47.36.140.164/QsTkfk3uQJ2FYi65Swc/Is85peWzcav2Xyr/
http://savetheboom.com/admin_access/xht/
https://popcornv.com/wp-includes/KHKX/
https://dusitserve.com/gethits/o3A/
|
5
103.29.215.207
104.18.61.239
119.59.125.211
205.186.175.166
47.36.140.164
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
5.2 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10001 |
2020-10-15 10:13
|
bag.exe dd5d50506fd70f80667f33296d7f45d4
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger WMI unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
1
http://checkip.dyndns.org/
|
2
131.186.113.70
192.185.100.181
|
5
SURICATA Applayer Detect protocol only one direction
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10002 |
2020-10-14 10:01
|
https://centraldispatchinc.com...
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200
199.188.205.221
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10003 |
2020-10-14 10:00
|
22S0D255S4D111D22S1D4.msi c07d74b3537c91723b2959cd0d0b3c85
Dridex VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check Tofsee ComputerName DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
17 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10004 |
2020-10-14 09:30
|
keys.exe d15cc83dd857e9652c5a2ac775590c93
VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
|
1
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
|
19 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10005 |
2020-10-14 09:11
|
rc.exe 594e5c8c28579857cead33db64e2cb5d
Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs Tofsee Interception Windows DNS |
1
https://cdn.discordapp.com/attachments/752128569169281083/764840899271852052/Uvzm123
|
3
162.159.134.233
162.159.137.232
194.5.98.95
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.4 |
|
36 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|