10216 |
2024-07-08 17:11
|
newbuild07.exe 9adc621f718c8e283e2b946acf914322 RedLine stealer RedlineStealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Anti_VM PE File .NET EXE PE32 OS Processor Check PE64 DllRegisterServer dll Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207
|
5
bbuseruploads.s3.amazonaws.com(52.217.138.65) - malware bitbucket.org(104.192.141.1) - malware 3.5.29.53 185.215.113.67 - mailcious 104.192.141.1 - mailcious
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10217 |
2024-07-09 10:10
|
file 4808c478a3cf9d6fae1e1dcb10f4be33 Javascript_Blob AntiDebug AntiVM ftp MSOffice File Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
5
https://www.googletagmanager.com/gtag/js?id=UA-829541-1 https://the.gatekeeperconsent.com/cmp.min.js https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T https://btloader.com/tag?o=5678961798414336&upapi=true
|
19
www.googletagmanager.com(142.250.206.232) the.gatekeeperconsent.com(172.67.199.186) translate.google.com(142.250.206.206) static.mediafire.com(104.16.114.74) cdn.amplitude.com(54.230.61.103) static.cloudflareinsights.com(104.16.80.73) www.ezojs.com(104.21.63.106) btloader.com(104.22.75.216) 142.250.207.78 172.67.199.186 172.67.170.144 104.16.113.74 - mailcious 142.251.220.46 104.16.80.73 54.230.61.127 104.16.114.74 - mailcious 104.22.75.216 142.250.76.232 104.21.63.106
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10218 |
2024-07-09 14:18
|
Update_old.js affe7c07da3776a191c69b73e50d491aVBScript wscript.exe payload download Tofsee crashed Dropper |
|
2
pkjzv.fans.smalladventureguide.com(162.252.175.117) - mailcious 162.252.175.117 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10219 |
2024-07-09 21:31
|
https://l.facebook.com/l.php?u... 2bec4686337f2e399b71386575535145 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
12
https://m.facebook.com/favicon.ico https://fbsbx.com/security/hsts-pixel.gif https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w https://facebook.com/security/hsts-pixel.gif?c=3.2 https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png https://fbcdn.net/security/hsts-pixel.gif?c=2
|
10
www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) m.facebook.com(157.240.215.35) static.xx.fbcdn.net(157.240.215.14) fbcdn.net(157.240.215.35) facebook.com(157.240.215.35) l.facebook.com(157.240.215.36) 157.240.215.35 157.240.215.36 157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10220 |
2024-07-09 21:37
|
https://www.facebook.com/38022... 1248cb643e2592a6bcce60711dc10617 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format icon MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
https://m.facebook.com/story.php?story_fbid=3802211850064154&id=100008261283165&_rdr https://m.facebook.com/favicon.ico https://fbsbx.com/security/hsts-pixel.gif https://www.facebook.com/3802211850064154 https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fstory.php%3Fstory_fbid%3D3802211850064154%26id%3D100008261283165&refsrc=deprecated&_rdr https://m.facebook.com/3802211850064154?_rdr https://facebook.com/security/hsts-pixel.gif?c=3.2 https://fbcdn.net/security/hsts-pixel.gif?c=2 https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
8
www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) m.facebook.com(157.240.215.35) static.xx.fbcdn.net(157.240.215.14) fbcdn.net(157.240.215.35) facebook.com(157.240.215.35) 157.240.215.35 157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10221 |
2024-07-09 21:37
|
https://l.facebook.com/l.php?u... c896711e056cb6f0df71a7c8e0fac71c Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
13
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww https://m.facebook.com/favicon.ico https://l.facebook.com/l.php?u=https://jumpseller.s3.eu-west-1.amazonaws.com/store/store5/assets/0DlBptEf2ucAMWLVhICY.xml?3ZWnWh6lF7YOyvbrJnAH?3ZWnWh6lF7YOyvbrJnAH?u=https://app.alibaba.com/dynamiclink?medium_source=facebook&traffic_type=install&field=UG&schema=enalibaba://oneSight?biz=dpa&keyword=Cricket&product_id=10000002872855&pcate=202017804&from=cpm_fb&kpi=abrate&tagId=10000002872855&categoryId=202017804&categoryName=Cricket&traffic_type=install&field=UG&fbclid=IwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg&h=AT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ&medium_source=facebook&channel_url=https://staticxx.-.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=43%23cb=f2c4458ac9011a8&domain=www.-.com&origin=https://www.-.com/&h=AT01NiNROZ8p941O0N0aTu1eTEc68z48cS0k-Fomk3H3l-zlM9fzup-7MGpKVLX7ayzNVdFs6-lQLRoUAiw5DkT8cTkKxDbImOguZjIP8xADMSwjdKQf https://fbsbx.com/security/hsts-pixel.gif https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1obHn9DopNwORveXPj0XvXlunAn_I02Q6VPiWjsC-Lnn6F-4fS3j3tzMjWWTgTEYYu6pUzLUgbLz99rBSkS9sgLPTgWyT6C_F5fR_z6EbPC8dz2fpRHA https://facebook.com/security/hsts-pixel.gif?c=3.2 https://fbcdn.net/security/hsts-pixel.gif?c=2 https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
10
www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) m.facebook.com(157.240.215.35) static.xx.fbcdn.net(157.240.215.14) fbcdn.net(157.240.215.35) facebook.com(157.240.215.35) l.facebook.com(157.240.215.36) 157.240.215.35 157.240.215.36 157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10222 |
2024-07-10 09:52
|
Update.js 94a69d2789ce8db937bd23160c7cf57bVBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://pyous.parish.chuathuongxot.org/orderReview
|
2
pyous.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10223 |
2024-07-10 09:52
|
Update2.js 1d07102e4ad699b952201104aca88770VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper |
1
https://wvgbc.parish.chuathuongxot.org/orderReview
|
2
wvgbc.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10224 |
2024-07-10 13:39
|
sostener.vbs af7ba7e4a9c914e8497936eb7b6ae725 Generic Malware Antivirus PowerShell VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key Dropper |
2
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
|
4
pastecode.dev(172.66.43.27)
ia803405.us.archive.org(207.241.232.195) - mailcious 172.66.40.229
207.241.232.195 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10225 |
2024-07-10 13:43
|
mg.vbs 8df76af54c38d5d4c2cd9f6d18eedf92 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
www.almrwad.com(184.171.244.231) - mailcious www.erp-royal-crown.info(148.251.114.233) 148.251.114.233 184.171.244.231 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
8.2 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10226 |
2024-07-10 13:45
|
wh.vbs 23454878fb50859c4849ac2b6e256789 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
www.almrwad.com(184.171.244.231) - mailcious www.erp-royal-crown.info(148.251.114.233) 148.251.114.233 184.171.244.231 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
8.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10227 |
2024-07-11 09:18
|
gh.gh.gh.ghghghgh.doc feb6e59fff619a84e6e391a4c95a6650 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
3
http://139.99.220.222/66266/ucancrosstheflowerbeautiytogetin.gIF
http://198.46.176.133/Upload/vbs.jpeg
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
|
4
pastecode.dev(172.66.43.27) - mailcious 172.66.40.229 - mailcious
198.46.176.133
139.99.220.222
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10228 |
2024-07-11 09:26
|
builds.exe 4022bc5f1dcdf1a90d117aa67917cc41 Generic Malware Malicious Library Antivirus UPX AntiDebug AntiVM PE File PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
2
https://steamcommunity.com/profiles/76561199735694209
https://t.me/puffclou
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.76.43.59) - mailcious 149.154.167.99 - mailcious
104.75.41.21 - mailcious
65.109.241.221
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO TLS Handshake Failure
|
|
11.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10229 |
2024-07-11 13:52
|
Update.js 20cbccdda0677598a1c4c04c6c177a19VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://yzvy.parish.chuathuongxot.org/orderReview
|
2
yzvy.parish.chuathuongxot.org(23.95.182.12) 23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10230 |
2024-07-11 18:12
|
Books_A0UJKO.pdf.url 461b3386de6d58f773233d9d5536672e AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://cbmelipilla.cl/te/test1.html - rule_id: 41189 http://cbmelipilla.cl/te/test1.html
|
2
cbmelipilla.cl(184.171.244.113) 184.171.244.113 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
1
http://cbmelipilla.cl/te/test1.html
|
4.6 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|