9991 |
2020-10-19 10:42
|
http://google.com 5c8e481fca1860d15244132ca413e8ea Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
10
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png http://www.google.com/ http://www.google.com/favicon.ico http://google.com/ http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://id.google.com/verify/AHGvNow70cKTzJ4YAiZ9bQ-bGyUfv6hsoNbwOSaa3e4cSAOdXAQTzx4UfvQpPWuCQmp-bGiRcdgi8qIkwFg0Kwf0zip6VLRqLyFEfG-W5XRBBI3VW3PX5w https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://www.google.com/gen_204?atyp=i&zx=1603071699078&ogsr=1&ei=3O6MX86NFJGS0gSGmo-QDw&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0
|
5
172.217.161.163 172.217.174.195 172.217.174.206 172.217.24.78 216.58.200.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9992 |
2020-10-19 10:40
|
http://google.com 7c5b5c860e570c3a102b9ad3b70d5250 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
14
http://ssl.gstatic.com/gb/images/i1_1967ca6a.png http://www.google.com/ http://www.google.com/favicon.ico http://google.com/ http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://id.google.com/verify/AHGvNoz67299XAAw47xz8dx2N0jUdvDfJPI-xpYa0-aMA903QE7EmGdb5HLbauvbTfQrEfQmuaVNT7l8BXkflu72YB62QyZfILm_k1UFFTLGmPcwVzPOMg https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://www.google.com/gen_204?atyp=i&zx=1603071496312&ogsr=1&ei=Eu6MX7erObG2mAXImrzYDQ&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0 https://www.gstatic.com/og/_/ss/k=og.og2.PgfxfGqQF7o.L.I9.O/m=lg/excm=in,fot/d=1/ed=1/ct=zgms/rs=AA2YrTtXOZGBi97nSWVF5_lQHggN-0axqA https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=lat/exm=in,fot,def/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://ssl.gstatic.com/gb/images/a/911e3628e6.png https://ssl.gstatic.com/gb/images/p1_e53fc7b4.png
|
6
172.217.163.228 172.217.174.195 172.217.24.78 172.217.25.3 216.58.200.67 216.58.200.78
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9993 |
2020-10-19 09:28
|
https://docsecure.top/xls/0061... 92e79228771983699fc0cfe8dfa7f407 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00613486.xls
|
2
117.18.232.200 8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9994 |
2020-10-19 07:54
|
https://docsecure.top/xls/0056... d694f94ba539e86d95c6a3671dd6b455 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00569905.xls
|
2
117.18.232.200 8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9995 |
2020-10-18 10:30
|
cmca.jpg.exe cd08d517ecfc84ccb7f41549ed7b6c12 VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
https://paste.ee/r/NCVsN https://paste.ee/r/27WEg https://paste.ee/r/p6mV5
|
1
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9996 |
2020-10-18 10:23
|
melo.jpg.exe ec56dfc73215179dcd26dd36e8d143d6 VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
https://paste.ee/r/BjI68 https://paste.ee/r/kwB6z https://paste.ee/r/N1hJ9
|
2
104.18.49.20 172.67.219.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.8 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9997 |
2020-10-16 10:06
|
bob.exe 3aff71a139f4a5201d81b00a4a1d17c4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
2
184.73.247.141 91.199.212.52
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
|
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9998 |
2020-10-15 18:40
|
https://poptateseatery.com/pic... 41e710898f863e44ab67eea0aa981289 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 85.187.128.10
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9999 |
2020-10-15 18:34
|
https://marcussoil.com/MdF3y0f... b5daea22056dbf2a79b2249c70c5e441 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 199.188.200.254
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10000 |
2020-10-15 14:26
|
L_35671667072801532865268.doc c641df2d18593f8b7de8c3c7b7bb49c1 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
4
http://47.36.140.164/QsTkfk3uQJ2FYi65Swc/Is85peWzcav2Xyr/ http://savetheboom.com/admin_access/xht/ https://popcornv.com/wp-includes/KHKX/ https://dusitserve.com/gethits/o3A/
|
5
103.29.215.207 104.18.61.239 119.59.125.211 205.186.175.166 47.36.140.164
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
5.2 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10001 |
2020-10-15 10:13
|
bag.exe dd5d50506fd70f80667f33296d7f45d4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger WMI unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
1
http://checkip.dyndns.org/
|
2
131.186.113.70 192.185.100.181
|
5
SURICATA Applayer Detect protocol only one direction ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10002 |
2020-10-14 10:01
|
https://centraldispatchinc.com... Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 199.188.205.221
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10003 |
2020-10-14 10:00
|
22S0D255S4D111D22S1D4.msi c07d74b3537c91723b2959cd0d0b3c85 Dridex VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check Tofsee ComputerName DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
17 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10004 |
2020-10-14 09:30
|
keys.exe d15cc83dd857e9652c5a2ac775590c93 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
|
1
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
|
19 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10005 |
2020-10-14 09:11
|
rc.exe 594e5c8c28579857cead33db64e2cb5d Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs Tofsee Interception Windows DNS |
1
https://cdn.discordapp.com/attachments/752128569169281083/764840899271852052/Uvzm123
|
3
162.159.134.233 162.159.137.232 194.5.98.95
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.4 |
|
36 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|