121 |
2020-07-23 13:33
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
iecvlist.microsoft.com(117.18.232.200) www.nalara1220.o-r.kr(35.226.40.154) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(216.58.220.138) 117.18.232.200 172.217.161.170 35.226.40.154
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
122 |
2020-07-23 14:31
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
www.nalara1220.o-r.kr(35.226.40.154) iecvlist.microsoft.com(117.18.232.200) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.25.106) 117.18.232.200 172.217.161.170 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
123 |
2020-07-24 17:06
|
cursor.png.exe 0c84e3949e3e8908425b234112350e0f Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself malicious URLs Kovter ComputerName DNS |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 https://185.99.2.66/tot774/WIN7-PC_W617601.2BCE833F2CFCD82352C920360F3C5FD1/5/spk/
|
6
131.161.253.190 134.119.191.21 185.99.2.66 5.1.81.68 51.81.112.144 91.235.129.20
|
4
ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 3 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
124 |
2020-07-24 21:50
|
https://tenders-dz.com/license... 2ba9f02e8685e6d19b5386513083ce64 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
125 |
2020-07-24 22:36
|
http://199.168.100.74/upsupx3.... 142709025a9e6d920384c011e24f83f3 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://199.168.100.74/upsupx3.exe http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
ie9cvlist.ie.microsoft.com(117.18.232.200) iecvlist.microsoft.com(117.18.232.200) 117.18.232.200 199.168.100.74
|
7
ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
6.6 |
M |
59 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
126 |
2020-07-25 12:10
|
64.exe 2258502bb5e0807e70a02fb9a39c6184 VirusTotal Malware MachineGuid Code Injection buffers extracted RWX flags setting Windows utilities suspicious process malicious URLs Tofsee Windows ComputerName |
|
4
managemen.onlinestephanie.xyz(172.67.213.155) authoritative.rogerwlaker.xyz(104.27.169.97) 104.27.168.97 172.67.213.155
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
|
18 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
127 |
2020-07-25 21:16
|
cursor.png.exe ec90ccfa53fe7d8b77ed05c6ef51a7b1 Dridex TrickBot Malware Report suspicious privilege buffers extracted RWX flags setting unpack itself malicious URLs Tofsee Kovter ComputerName DNS |
1
https://www.myexternalip.com/raw
|
2
172.217.161.147 181.129.134.18
|
4
ET CNC Feodo Tracker Reported CnC Server group 7 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
128 |
2020-07-25 21:19
|
https://tenders-dz.com/license... Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
2
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
2
172.217.161.147 51.89.6.28
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
129 |
2020-07-26 19:20
|
http://southwestlogistics.net/... 654fdcfb7334c24fff5452d60a67083c Dridex VirusTotal Malware Code Injection Malicious Traffic buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://southwestlogistics.net/3333.exe https://loadparis.casa/
|
4
104.244.42.3 139.59.56.38 162.241.217.117 23.35.220.4
|
5
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
8.0 |
|
13 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
130 |
2020-07-27 12:31
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
7
www.nalara1220.o-r.kr(35.226.40.154) iecvlist.microsoft.com(117.18.232.200) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.26.42) 117.18.232.200 216.58.221.234 35.226.40.154
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
131 |
2020-07-27 12:40
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/mainC.css
|
7
www.nalara1220.o-r.kr(35.226.40.154) iecvlist.microsoft.com(117.18.232.200) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.31.170) 117.18.232.200 172.217.26.138 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET INFO TLS Handshake Failure
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
132 |
2020-07-27 13:37
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css
|
7
www.nalara1220.o-r.kr(35.226.40.154) iecvlist.microsoft.com(117.18.232.200) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.31.170) 117.18.232.200 172.217.24.74 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
133 |
2020-07-27 14:27
|
ransom.js 6d6a0d13f1f121e62535b378f3f17a0f Dridex Malware wscript.exe payload download malicious URLs Tofsee DNS |
2
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
134 |
2020-07-27 15:11
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
www.nalara1220.o-r.kr(35.226.40.154) iecvlist.microsoft.com(117.18.232.200) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.27.74) 117.18.232.200 216.58.220.202 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
135 |
2020-07-27 16:08
|
https://liskcrypto.top/zbs.exe 0904add71c8b1b59d251c3cc8e0d3841 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
1
https://liskcrypto.top/zbs.exe
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|