| 10216 |
2024-07-08 17:11
|
 newbuild07.exe 9adc621f718c8e283e2b946acf914322
RedLine stealer RedlineStealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Anti_VM PE File .NET EXE PE32 OS Processor Check PE64 DllRegisterServer dll Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe
https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207
|
5
bbuseruploads.s3.amazonaws.com(52.217.138.65) - malware
bitbucket.org(104.192.141.1) - malware
3.5.29.53
185.215.113.67 - mailcious
104.192.141.1 - mailcious
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10217 |
2024-07-09 10:10
|
 file 4808c478a3cf9d6fae1e1dcb10f4be33
Javascript_Blob AntiDebug AntiVM ftp MSOffice File Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
5
https://www.googletagmanager.com/gtag/js?id=UA-829541-1
https://the.gatekeeperconsent.com/cmp.min.js
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T
https://btloader.com/tag?o=5678961798414336&upapi=true
|
19
www.googletagmanager.com(142.250.206.232)
the.gatekeeperconsent.com(172.67.199.186)
translate.google.com(142.250.206.206)
static.mediafire.com(104.16.114.74)
cdn.amplitude.com(54.230.61.103)
static.cloudflareinsights.com(104.16.80.73)
www.ezojs.com(104.21.63.106)
btloader.com(104.22.75.216)
142.250.207.78
172.67.199.186
172.67.170.144
104.16.113.74 - mailcious
142.251.220.46
104.16.80.73
54.230.61.127
104.16.114.74 - mailcious
104.22.75.216
142.250.76.232
104.21.63.106
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10218 |
2024-07-09 14:18
|
 Update_old.js affe7c07da3776a191c69b73e50d491aVBScript wscript.exe payload download Tofsee crashed Dropper |
|
2
pkjzv.fans.smalladventureguide.com(162.252.175.117) - mailcious
162.252.175.117 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10219 |
2024-07-09 21:31
|
https://l.facebook.com/l.php?u... 2bec4686337f2e399b71386575535145
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
12
https://m.facebook.com/favicon.ico
https://fbsbx.com/security/hsts-pixel.gif
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D
https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w&_rdr
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
https://fbcdn.net/security/hsts-pixel.gif?c=2
|
10
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
l.facebook.com(157.240.215.36)
157.240.215.35
157.240.215.36
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10220 |
2024-07-09 21:37
|
https://www.facebook.com/38022... 1248cb643e2592a6bcce60711dc10617
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format icon MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
https://m.facebook.com/story.php?story_fbid=3802211850064154&id=100008261283165&_rdr
https://m.facebook.com/favicon.ico
https://fbsbx.com/security/hsts-pixel.gif
https://www.facebook.com/3802211850064154
https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fstory.php%3Fstory_fbid%3D3802211850064154%26id%3D100008261283165&refsrc=deprecated&_rdr
https://m.facebook.com/3802211850064154?_rdr
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
8
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
157.240.215.35
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10221 |
2024-07-09 21:37
|
https://l.facebook.com/l.php?u... c896711e056cb6f0df71a7c8e0fac71c
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
13
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww
https://m.facebook.com/favicon.ico
https://l.facebook.com/l.php?u=https://jumpseller.s3.eu-west-1.amazonaws.com/store/store5/assets/0DlBptEf2ucAMWLVhICY.xml?3ZWnWh6lF7YOyvbrJnAH?3ZWnWh6lF7YOyvbrJnAH?u=https://app.alibaba.com/dynamiclink?medium_source=facebook&traffic_type=install&field=UG&schema=enalibaba://oneSight?biz=dpa&keyword=Cricket&product_id=10000002872855&pcate=202017804&from=cpm_fb&kpi=abrate&tagId=10000002872855&categoryId=202017804&categoryName=Cricket&traffic_type=install&field=UG&fbclid=IwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg&h=AT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ&medium_source=facebook&channel_url=https://staticxx.-.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=43%23cb=f2c4458ac9011a8&domain=www.-.com&origin=https://www.-.com/&h=AT01NiNROZ8p941O0N0aTu1eTEc68z48cS0k-Fomk3H3l-zlM9fzup-7MGpKVLX7ayzNVdFs6-lQLRoUAiw5DkT8cTkKxDbImOguZjIP8xADMSwjdKQf
https://fbsbx.com/security/hsts-pixel.gif
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png
https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1obHn9DopNwORveXPj0XvXlunAn_I02Q6VPiWjsC-Lnn6F-4fS3j3tzMjWWTgTEYYu6pUzLUgbLz99rBSkS9sgLPTgWyT6C_F5fR_z6EbPC8dz2fpRHA
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww&_rdr
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
10
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
l.facebook.com(157.240.215.36)
157.240.215.35
157.240.215.36
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10222 |
2024-07-10 09:52
|
 Update.js 94a69d2789ce8db937bd23160c7cf57bVBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://pyous.parish.chuathuongxot.org/orderReview
|
2
pyous.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10223 |
2024-07-10 09:52
|
 Update2.js 1d07102e4ad699b952201104aca88770VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper |
1
https://wvgbc.parish.chuathuongxot.org/orderReview
|
2
wvgbc.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10224 |
2024-07-10 13:39
|
sostener.vbs af7ba7e4a9c914e8497936eb7b6ae725
Generic Malware Antivirus PowerShell VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key Dropper |
2
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
|
4
pastecode.dev(172.66.43.27)
ia803405.us.archive.org(207.241.232.195) - mailcious
172.66.40.229
207.241.232.195 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10225 |
2024-07-10 13:43
|
 mg.vbs 8df76af54c38d5d4c2cd9f6d18eedf92
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
8.2 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10226 |
2024-07-10 13:45
|
 wh.vbs 23454878fb50859c4849ac2b6e256789
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
www.almrwad.com(184.171.244.231) - mailcious
www.erp-royal-crown.info(148.251.114.233)
148.251.114.233
184.171.244.231 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
8.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10227 |
2024-07-11 09:18
|
gh.gh.gh.ghghghgh.doc feb6e59fff619a84e6e391a4c95a6650
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
3
http://139.99.220.222/66266/ucancrosstheflowerbeautiytogetin.gIF
http://198.46.176.133/Upload/vbs.jpeg
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
|
4
pastecode.dev(172.66.43.27) - mailcious
172.66.40.229 - mailcious
198.46.176.133
139.99.220.222
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10228 |
2024-07-11 09:26
|
 builds.exe 4022bc5f1dcdf1a90d117aa67917cc41
Generic Malware Malicious Library Antivirus UPX AntiDebug AntiVM PE File PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
2
https://steamcommunity.com/profiles/76561199735694209
https://t.me/puffclou
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.76.43.59) - mailcious
149.154.167.99 - mailcious
104.75.41.21 - mailcious
65.109.241.221
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET INFO TLS Handshake Failure
|
|
11.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10229 |
2024-07-11 13:52
|
 Update.js 20cbccdda0677598a1c4c04c6c177a19VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://yzvy.parish.chuathuongxot.org/orderReview
|
2
yzvy.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10230 |
2024-07-11 18:12
|
 Books_A0UJKO.pdf.url 461b3386de6d58f773233d9d5536672e
AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://cbmelipilla.cl/te/test1.html - rule_id: 41189
http://cbmelipilla.cl/te/test1.html
|
2
cbmelipilla.cl(184.171.244.113)
184.171.244.113 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
1
http://cbmelipilla.cl/te/test1.html
|
4.6 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|