| 15271 |
2023-03-05 04:10
|
https://vk.com/doc10773776_660... 561634f90d2dea2ab9a08b6b54498081
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
48
https://st6-22.vk.com/dist/web/ui_common.84e2442a05004320e11f.js?6245ba39b63448019203f2729b74d21f
https://vk.com/dist/web/language.13cbd4193255cbaaab3a.js?c9e9113960ae98d68204079f43f790dd
https://st6-22.vk.com/dist/web/polyfills/canvas_to_blob.e77dcc6129127456cc4f.js?6a4a06039f2295cdc4f936f4051ae4d3
https://st6-22.vk.com/dist/web/polyfills/array_functions.5ed53e616feed60bc4e8.js?53b5630d9d361c93a7d8a918fd06d21d
https://st6-22.vk.com/dist/react.6d787991b51243317269.js?cb151ae0d77e1fe8ca23
https://st6-22.vk.com/css/al/uncommon.431a60ba5d2797d2fdb1.css
https://vk.com/js/lang17_0.js?27965938
https://st6-22.vk.com/css/al/fonts_cnt.a289ed70815ffbd082ae.css
https://st6-22.vk.com/dist/vkcom-kit.a7d2347300fcdde7314f.js?
https://st6-22.vk.com/css/al/ui_common.0a29c544720bdcf89154.css
https://st6-22.vk.com/dist/web/polyfills/other_functions.4de689b5f53cdbdebf7d.js?8c0d070969c2bdddf902
https://st6-22.vk.com/dist/web/polyfills/cookie_manager.8cfe6896e33857a19781.js?0afee3c7b5f648f55648a21de4cfaae9
https://st6-22.vk.com/dist/web/unauthorized.b7057b2c97d6727decd8.js?e26656d2ddb168519bdb1f04edf58369
https://st6-22.vk.com/dist/web/polyfills/string_functions.d2f7aff1dc899fb950c4.js?06c31459c645dd6049c4d07642d01d54
https://st6-22.vk.com/dist/common.ca1f22646967566b8a79.js?313ec3f775a31892f568f1d
https://vk.com/js/lib/px.js?ch=2
https://vk.com/js/lib/px.js?ch=1
https://st6-22.vk.com/dist/web/polyfills/resize_observer.233e96db629d43de3623.js?685418a51d9509d705d3
https://st6-22.vk.com/css/al/base.1c25eeb7ac42cd36d08a.css
https://st6-22.vk.com/dist/web/polyfills/intersection_observer.0062cad0ff26ba906a55.js?3651dae73da1d676cd37
https://st6-22.vk.com/dist/web/page_layout.5672d3fc73a320a2be06.js?f032491390251591131dd5c0659e5ead
https://st6-22.vk.com/css/al/common.a393edc4164b1b81495c.css
https://st6-22.vk.com/dist/vkcom-kit.1681489e5ef06505d479.css
https://st6-22.vk.com/dist/web/common_web.3a98749ca45868f84306.css
https://st6-22.vk.com/css/al/fonts_utf.2546d253c69649b0561c.css
https://st6-22.vk.com/dist/web/performance_observers.2498c067f2dd4f142b98.js?39ba189ff3c74982dba3105279a1e431
https://st6-22.vk.com/dist/web/polyfills/element_functions.7f6f4401ad09c642705f.js?f88d496bc9aa020bbceb949a351fa85a
https://st6-22.vk.com/dist/audioplayer.a025fbbc26f0baaf6890.js?31337e095824bcf8034a4f5
https://vk.com/badbrowser_stat.php?act=track&event=showAlert_atom
https://st6-22.vk.com/dist/web/polyfills/promise_functions.66c5719129d3a45c5b29.js?c08a609e174e79347eaf8c692cf63cf3
https://st6-22.vk.com/dist/state-management.a54b236ef99f71c730de.js?503a0b3068ebfc42423d
https://st6-22.vk.com/images/upload.gif
https://st6-22.vk.com/dist/polyfills.1881adbf36454e07c9c6.js?a69ef34dc1979f8d5126
https://st6-22.vk.com/dist/web/css_types.9345eb394b7d4d7e68a9.js?f6dbdbc1de537596e14e
https://st6-22.vk.com/dist/web/polyfills/object_functions.06c76fa223949a027bf2.js?e8b681406f943258346d7925b82e6243
https://st6-22.vk.com/images/backlink.gif?4
https://st6-22.vk.com/dist/web/common_web.c98533736ab3d5f6f60d.js?
https://st6-22.vk.com/dist/palette.28ed80ebcd89c370bca4.js?ceacf32c0417ea87ee9e
https://st6-22.vk.com/css/al/vkui.9a6b5aa7dbb00c120b74.css
https://st6-22.vk.com/dist/web/jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6.js?a73adfb8fd6e0413085d78a67df5c20f
https://st6-22.vk.com/dist/vkui.e4d670f36de4368e7b1a.js?53396daa49f4462b4a11
https://st6-22.vk.com/dist/web/docs.6d9ff04ed31e8fa804a8.js?cca036aa8769d40ddfa14e3fbd15949c
https://vk.com/js/loader_nav20746467872_17.js
https://vk.com/badbrowser_stat.php?act=nomodule
https://st6-22.vk.com/dist/web/grip.16ff158c2e1e11fd3b80.js?28c136bb922051f2f6b95a6a08ccc41f
https://vk.com/doc10773776_660112299?hash=I2VLI6zO1UlHlLAqxkcgyoPp4Hkne10esOuPGssj5tk&dl=GEYDONZTG43TM:1677317418:ZCN9zeL9nd2BautKyDoGqekAf2LqZudHP1fSmVyEffs&api=1&no_preview=1
https://vk.com/images/icons/favicons/fav_logo.ico?6
https://st6-22.vk.com/dist/web/likes.5170c24445a69da4da21.js?ec4d1f4027dfa57b38816d57a184cf8d
|
6
st6-22.vk.com(95.142.206.2)
vk.com(87.240.132.67)
login.vk.com(87.240.129.135)
95.142.206.2
87.240.129.181
87.240.132.67
|
4
ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO URL Shortening Service Domain in DNS Lookup (vk .com)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15272 |
2023-03-05 04:10
|
https://vk.com/doc139074685_65... 758c5ebd408dcdc781473d2ed51cae30
AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
48
https://st6-22.vk.com/dist/web/ui_common.84e2442a05004320e11f.js?6245ba39b63448019203f2729b74d21f
https://vk.com/dist/web/language.13cbd4193255cbaaab3a.js?c9e9113960ae98d68204079f43f790dd
https://st6-22.vk.com/dist/web/polyfills/canvas_to_blob.e77dcc6129127456cc4f.js?6a4a06039f2295cdc4f936f4051ae4d3
https://st6-22.vk.com/dist/web/polyfills/array_functions.5ed53e616feed60bc4e8.js?53b5630d9d361c93a7d8a918fd06d21d
https://st6-22.vk.com/dist/react.6d787991b51243317269.js?cb151ae0d77e1fe8ca23
https://st6-22.vk.com/css/al/uncommon.431a60ba5d2797d2fdb1.css
https://st6-22.vk.com/css/al/fonts_cnt.a289ed70815ffbd082ae.css
https://st6-22.vk.com/dist/vkcom-kit.a7d2347300fcdde7314f.js?
https://st6-22.vk.com/dist/web/polyfills/object_functions.06c76fa223949a027bf2.js?e8b681406f943258346d7925b82e6243
https://st6-22.vk.com/css/al/ui_common.0a29c544720bdcf89154.css
https://st6-22.vk.com/dist/web/polyfills/other_functions.4de689b5f53cdbdebf7d.js?8c0d070969c2bdddf902
https://st6-22.vk.com/dist/state-management.a54b236ef99f71c730de.js?503a0b3068ebfc42423d
https://st6-22.vk.com/dist/web/unauthorized.b7057b2c97d6727decd8.js?e26656d2ddb168519bdb1f04edf58369
https://st6-22.vk.com/dist/web/polyfills/string_functions.d2f7aff1dc899fb950c4.js?06c31459c645dd6049c4d07642d01d54
https://st6-22.vk.com/dist/common.ca1f22646967566b8a79.js?313ec3f775a31892f568f1d
https://vk.com/js/lib/px.js?ch=2
https://vk.com/js/lib/px.js?ch=1
https://st6-22.vk.com/dist/web/polyfills/resize_observer.233e96db629d43de3623.js?685418a51d9509d705d3
https://st6-22.vk.com/css/al/base.1c25eeb7ac42cd36d08a.css
https://st6-22.vk.com/dist/web/polyfills/intersection_observer.0062cad0ff26ba906a55.js?3651dae73da1d676cd37
https://st6-22.vk.com/dist/web/page_layout.5672d3fc73a320a2be06.js?f032491390251591131dd5c0659e5ead
https://st6-22.vk.com/css/al/common.a393edc4164b1b81495c.css
https://st6-22.vk.com/dist/vkcom-kit.1681489e5ef06505d479.css
https://st6-22.vk.com/dist/web/common_web.3a98749ca45868f84306.css
https://st6-22.vk.com/css/al/fonts_utf.2546d253c69649b0561c.css
https://st6-22.vk.com/dist/web/performance_observers.2498c067f2dd4f142b98.js?39ba189ff3c74982dba3105279a1e431
https://st6-22.vk.com/dist/web/polyfills/element_functions.7f6f4401ad09c642705f.js?f88d496bc9aa020bbceb949a351fa85a
https://st6-22.vk.com/dist/audioplayer.a025fbbc26f0baaf6890.js?31337e095824bcf8034a4f5
https://vk.com/badbrowser_stat.php?act=track&event=showAlert_atom
https://st6-22.vk.com/dist/web/polyfills/promise_functions.66c5719129d3a45c5b29.js?c08a609e174e79347eaf8c692cf63cf3
https://st6-22.vk.com/dist/web/docs.6d9ff04ed31e8fa804a8.js?cca036aa8769d40ddfa14e3fbd15949c
https://st6-22.vk.com/images/upload.gif
https://vk.com/js/lang17_0.js?27965936
https://st6-22.vk.com/dist/polyfills.1881adbf36454e07c9c6.js?a69ef34dc1979f8d5126
https://st6-22.vk.com/dist/web/css_types.9345eb394b7d4d7e68a9.js?f6dbdbc1de537596e14e
https://st6-22.vk.com/dist/web/polyfills/cookie_manager.8cfe6896e33857a19781.js?0afee3c7b5f648f55648a21de4cfaae9
https://st6-22.vk.com/images/backlink.gif?4
https://st6-22.vk.com/dist/web/common_web.c98533736ab3d5f6f60d.js?
https://st6-22.vk.com/dist/palette.28ed80ebcd89c370bca4.js?ceacf32c0417ea87ee9e
https://st6-22.vk.com/css/al/vkui.9a6b5aa7dbb00c120b74.css
https://st6-22.vk.com/dist/web/jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6.js?a73adfb8fd6e0413085d78a67df5c20f
https://st6-22.vk.com/dist/vkui.e4d670f36de4368e7b1a.js?53396daa49f4462b4a11
https://vk.com/js/loader_nav20746467872_17.js
https://vk.com/badbrowser_stat.php?act=nomodule
https://st6-22.vk.com/dist/web/grip.16ff158c2e1e11fd3b80.js?28c136bb922051f2f6b95a6a08ccc41f
https://vk.com/images/icons/favicons/fav_logo.ico?6
https://vk.com/doc139074685_656697304?hash=mPbQBWbVFzVZL0iuFz57bkKji82O8oT8CRJvThjvvas&dl=GEZTSMBXGQ3DQNI:1677252427:gJEteN8F9cU3ZQn02Rn9AJztzkqE8gcPl8kB3CTmRu4&api=1&no_preview=1
https://st6-22.vk.com/dist/web/likes.5170c24445a69da4da21.js?ec4d1f4027dfa57b38816d57a184cf8d
|
6
st6-22.vk.com(95.142.206.2)
vk.com(93.186.225.194)
login.vk.com(87.240.129.181)
87.240.137.164
87.240.129.181
95.142.206.2
|
4
ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO URL Shortening Service Domain in DNS Lookup (vk .com)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15273 |
2023-03-05 04:09
|
http://42.228.45.229:52829/bin...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15274 |
2023-03-05 04:09
|
https://serenity-act.com/wp-co...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
serenity-act.com(109.234.161.159)
109.234.161.159
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15275 |
2023-03-05 04:09
|
http://77.73.131.249/panel/upl... 7a23b092902a9e01b91b1d606c9ab555
AntiDebug AntiVM Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
|
3
ET INFO Dotted Quad Host DLL Request
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15276 |
2023-03-05 04:09
|
http://124.220.73.59:666/telne... 61c6939f56af81c0fd57930b64432c81
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
124.220.73.59 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15277 |
2023-03-05 04:07
|
http://dpc24x7.ae/bin.exe 015927a2214f580b75f8d4b88ec5f840
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed Downloader |
6
http://use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
http://dpc24x7.ae/cgi-sys/suspendedpage.cgi
http://use.fontawesome.com/releases/v5.0.6/css/all.css
http://dpc24x7.ae/bin.exe
http://dpc24x7.ae/favicon.ico
http://use.fontawesome.com/releases/v5.0.6/webfonts/fa-regular-400.eot?
|
4
dpc24x7.ae(84.16.234.35)
use.fontawesome.com(172.64.132.15)
172.64.132.15
84.16.234.35 - malware
|
4
ET MALWARE Possible MalDoc Payload Download Nov 11 2014
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15278 |
2023-03-05 04:06
|
http://respekt5568.com/aN7jD0q... f07d9977430e762b563eaadc2b94bbfa
PWS[m] Downloader Malicious Packer UPX Malicious Library Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM OS Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://respekt5568.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
|
2
respekt5568.com(185.246.221.154) - mailcious
185.246.221.154 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET POLICY PE EXE or DLL Windows file download HTTP
SURICATA HTTP unable to match response to request
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15279 |
2023-03-05 04:06
|
http://liuzhanxian.shop/metro9...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://liuzhanxian.shop/cdn-cgi/styles/main.css
http://liuzhanxian.shop/metro91/admin/1/ppptp.jpg
http://liuzhanxian.shop/cdn-cgi/images/cf-icon-ok.png
http://liuzhanxian.shop/cdn-cgi/images/cf-icon-server.png
http://liuzhanxian.shop/favicon.ico
http://liuzhanxian.shop/cdn-cgi/images/cf-icon-browser.png
http://liuzhanxian.shop/cdn-cgi/images/cf-icon-cloud.png
http://liuzhanxian.shop/cdn-cgi/images/cf-icon-error.png
|
2
liuzhanxian.shop(104.21.52.212)
172.67.204.25
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15280 |
2023-03-05 04:06
|
https://million-cloud.click/fi...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
million-cloud.click() - mailcious
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15281 |
2023-03-05 04:06
|
http://59.180.171.122:59375/i
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
59.180.171.122 - malware
195.133.40.108 - malware
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15282 |
2023-03-05 04:04
|
http://77.73.131.249/4xivMsoN0...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15283 |
2023-03-05 04:03
|
http://39.45.74.87:32930/i
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15284 |
2023-03-05 04:03
|
http://61.3.101.133:40184/bin....
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15285 |
2023-03-05 04:01
|
http://117.248.49.250:55295/i
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
5.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|