| 121 |
2020-07-23 13:33
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
iecvlist.microsoft.com(117.18.232.200)
www.nalara1220.o-r.kr(35.226.40.154)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(216.58.220.138)
117.18.232.200
172.217.161.170
35.226.40.154
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 122 |
2020-07-23 14:31
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.25.106)
117.18.232.200
172.217.161.170
35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 123 |
2020-07-24 17:06
|
cursor.png.exe 0c84e3949e3e8908425b234112350e0f
Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself malicious URLs Kovter ComputerName DNS |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
https://185.99.2.66/tot774/WIN7-PC_W617601.2BCE833F2CFCD82352C920360F3C5FD1/5/spk/
|
6
131.161.253.190
134.119.191.21
185.99.2.66
5.1.81.68
51.81.112.144
91.235.129.20
|
4
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 3
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 124 |
2020-07-24 21:50
|
https://tenders-dz.com/license... 2ba9f02e8685e6d19b5386513083ce64
Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 125 |
2020-07-24 22:36
|
http://199.168.100.74/upsupx3.... 142709025a9e6d920384c011e24f83f3
Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://199.168.100.74/upsupx3.exe
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
ie9cvlist.ie.microsoft.com(117.18.232.200)
iecvlist.microsoft.com(117.18.232.200)
117.18.232.200
199.168.100.74
|
7
ET INFO Executable Download from dotted-quad Host
ET INFO Packed Executable Download
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
6.6 |
M |
59 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 126 |
2020-07-25 12:10
|
64.exe 2258502bb5e0807e70a02fb9a39c6184
VirusTotal Malware MachineGuid Code Injection buffers extracted RWX flags setting Windows utilities suspicious process malicious URLs Tofsee Windows ComputerName |
|
4
managemen.onlinestephanie.xyz(172.67.213.155)
authoritative.rogerwlaker.xyz(104.27.169.97)
104.27.168.97
172.67.213.155
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
|
18 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 127 |
2020-07-25 21:16
|
cursor.png.exe ec90ccfa53fe7d8b77ed05c6ef51a7b1
Dridex TrickBot Malware Report suspicious privilege buffers extracted RWX flags setting unpack itself malicious URLs Tofsee Kovter ComputerName DNS |
1
https://www.myexternalip.com/raw
|
2
172.217.161.147
181.129.134.18
|
4
ET CNC Feodo Tracker Reported CnC Server group 7
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 128 |
2020-07-25 21:19
|
https://tenders-dz.com/license...
Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
2
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
2
172.217.161.147
51.89.6.28
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 129 |
2020-07-26 19:20
|
http://southwestlogistics.net/... 654fdcfb7334c24fff5452d60a67083c
Dridex VirusTotal Malware Code Injection Malicious Traffic buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://southwestlogistics.net/3333.exe
https://loadparis.casa/
|
4
104.244.42.3
139.59.56.38
162.241.217.117
23.35.220.4
|
5
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
8.0 |
|
13 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 130 |
2020-07-27 12:31
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.26.42)
117.18.232.200
216.58.221.234
35.226.40.154
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 131 |
2020-07-27 12:40
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/main.jsp
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.31.170)
117.18.232.200
172.217.26.138
35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET INFO TLS Handshake Failure
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 132 |
2020-07-27 13:37
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.31.170)
117.18.232.200
172.217.24.74
35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 |
2020-07-27 14:27
|
ransom.js 6d6a0d13f1f121e62535b378f3f17a0f
Dridex Malware wscript.exe payload download malicious URLs Tofsee DNS |
2
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 134 |
2020-07-27 15:11
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.27.74)
117.18.232.200
216.58.220.202
35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 135 |
2020-07-27 16:08
|
https://liskcrypto.top/zbs.exe 0904add71c8b1b59d251c3cc8e0d3841
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
1
https://liskcrypto.top/zbs.exe
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|