| 15436 |
2023-03-05 01:53
|
http://103.147.185.68/j/p12df/...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15437 |
2023-03-05 01:52
|
http://103.147.185.68/j/p10krt...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15438 |
2023-03-05 01:50
|
http://103.147.185.68/j/p4ds/l...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15439 |
2023-03-05 01:49
|
http://193.56.146.60:44413/GtH...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15440 |
2023-03-05 01:47
|
http://103.147.185.68/j/p20gj/...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15441 |
2023-03-05 01:46
|
http://103.147.185.68/j/p1aq/l...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15442 |
2023-03-05 01:45
|
http://103.147.185.68/j/p3rd/l...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15443 |
2023-03-05 01:44
|
http://103.147.185.68/j/p2qw/l...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
103.147.185.68 - mailcious
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15444 |
2023-03-05 01:44
|
http://orepasscg.com/hrdnation...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15445 |
2023-03-05 01:43
|
http://www.swingerxxx.com/imag...
AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://www.swingerxxx.com/images/MD.php
https://www.swingerxxx.com/images/MD.php
|
2
www.swingerxxx.com(104.21.235.134)
104.21.235.134
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15446 |
2023-03-05 01:41
|
http://gungangfam.com/.well-kn...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15447 |
2023-03-05 01:38
|
http://wenolira.top/desjardins... ee8ae4ab167c63dd6d171d38d0efe587
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
6
http://wenolira.top/desjardinsadmin/
http://www.wenolira.top/common.js
http://www.wenolira.top/tj.js
http://www.wenolira.top/desjardinsadmin/
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=ko&lo=0&rnd=2027123326&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13537&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2Fdesjardinsadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
|
7
www.wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO HTTP Request to a *.top domain
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15448 |
2023-03-05 01:37
|
http://wenolira.top/bmoadmin/ ee8ae4ab167c63dd6d171d38d0efe587
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
6
http://wenolira.top/bmoadmin/
http://www.wenolira.top/common.js
http://www.wenolira.top/tj.js
http://www.wenolira.top/bmoadmin/
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=en-us&lo=0&rnd=1426250217&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13537&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2Fbmoadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
|
7
www.wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15449 |
2023-03-05 01:36
|
http://wenolira.top/tdadmin/ ee8ae4ab167c63dd6d171d38d0efe587
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
wenolira.top(23.82.204.168)
23.82.204.168
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET DNS Query to a *.top domain - Likely Hostile
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15450 |
2023-03-05 01:36
|
http://wenolira.top/pncadmin/ ee8ae4ab167c63dd6d171d38d0efe587
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
6
http://www.wenolira.top/tj.js
http://wenolira.top/pncadmin/
http://www.wenolira.top/pncadmin/
http://www.wenolira.top/common.js
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=ko&lo=0&rnd=956046660&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13537&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2Fpncadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
|
7
www.wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|