| 15451 |
2023-03-05 01:35
|
http://wenolira.top/rbcadmin/ ee8ae4ab167c63dd6d171d38d0efe587
AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
6
http://www.wenolira.top/rbcadmin/
http://wenolira.top/rbcadmin/
http://www.wenolira.top/tj.js
http://www.wenolira.top/common.js
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=en-us&lo=0&rnd=238913685&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13540&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2Frbcadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
|
7
www.wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
ET INFO TLS Handshake Failure
ET INFO HTTP Request to a *.top domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
5.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15452 |
2023-03-05 01:35
|
http://wenolira.top/cibcadmin/ ee8ae4ab167c63dd6d171d38d0efe587
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
6
http://wenolira.top/cibcadmin/
http://www.wenolira.top/cibcadmin/
http://www.wenolira.top/tj.js
http://www.wenolira.top/common.js
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=ko&lo=0&rnd=1407757706&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13539&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2Fcibcadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
|
7
www.wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO HTTP Request to a *.top domain
ET INFO TLS Handshake Failure
ET DNS Query to a *.top domain - Likely Hostile
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15453 |
2023-03-05 01:34
|
http://wenolira.top/53repadmin... ee8ae4ab167c63dd6d171d38d0efe587
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
6
http://www.wenolira.top/53repadmin/
http://www.wenolira.top/common.js
http://www.wenolira.top/tj.js
http://wenolira.top/53repadmin/
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=en-us&lo=0&rnd=1946420551&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13537&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2F53repadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
|
7
www.wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
ET DNS Query to a *.top domain - Likely Hostile
ET INFO TLS Handshake Failure
ET INFO HTTP Request to a *.top domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15454 |
2023-03-05 01:33
|
http://vormax.link/bcadmin/
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15455 |
2023-03-05 01:32
|
http://www.westtrek.com/wp-adm...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://www.westtrek.com/wp-admin/alexus1kc.php
|
2
www.westtrek.com(104.196.31.58)
104.196.31.58
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15456 |
2023-03-05 01:32
|
http://vormax.link/nccvbv/
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15457 |
2023-03-05 01:31
|
http://74f26d34ffff049368a6cff...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://74f26d34ffff049368a6cff8812f86ee.ml/favicon.ico
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/PvqDq929BSx_A_D_M1n_a.php
|
2
74f26d34ffff049368a6cff8812f86ee.ml(195.20.51.81) - mailcious
195.20.51.81
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO HTTP Request to a *.ml domain
ET INFO DNS Query for Suspicious .ml Domain
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15458 |
2023-03-05 01:30
|
http://checkvim.com/ga12/PvqDq...
AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
checkvim.com() - mailcious
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15459 |
2023-03-05 01:29
|
http://foxydownloader.com/hBF6...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15460 |
2023-03-05 01:29
|
http://74f26d34ffff049368a6cff...
AntiDebug AntiVM MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
2
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/PvqDq929BSx_A_D_M1n_a.php
http://74f26d34ffff049368a6cff8812f86ee.gq/favicon.ico
|
2
74f26d34ffff049368a6cff8812f86ee.gq(195.20.50.205) - mailcious
195.20.50.205
|
2
ET INFO DNS Query for Suspicious .gq Domain
ET INFO HTTP Request to a *.gq domain
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15461 |
2023-03-05 01:28
|
http://185.215.113.45/g4MbvE/l...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 20
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15462 |
2023-03-05 01:27
|
http://wenolira.top/scotiaadmi... ee8ae4ab167c63dd6d171d38d0efe587
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
6
http://wenolira.top/scotiaadmin/
http://www.wenolira.top/tj.js
http://www.wenolira.top/scotiaadmin/
http://www.wenolira.top/common.js
https://hm.baidu.com/hm.js?9053860856a19b8bcc9f5a5d26bf4859
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1365x1024&vl=893&et=0&ja=1&ln=ko&lo=0&rnd=675370281&si=9053860856a19b8bcc9f5a5d26bf4859&v=1.3.0&lv=1&sn=13537&r=0&ww=1365&u=http%3A%2F%2Fwww.wenolira.top%2Fscotiaadmin%2F&tt=%E4%B8%83%E5%8F%B0%E6%B2%B3%E7%9A%86%E6%9D%82%E7%A7%9F%E5%94%AE%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
|
7
www.wenolira.top(23.82.204.168)
hm.baidu.com(103.235.46.191) - mailcious
wenolira.top(23.82.204.168)
www.668810.top(103.43.11.126)
103.235.46.191 - mailcious
23.82.204.168
103.43.11.126
|
4
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15463 |
2023-03-05 01:27
|
http://lb096418.justinstalledp...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
lb096418.justinstalledpanel.com()
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15464 |
2023-03-05 01:27
|
http://l094b2d2.justinstalledp...
AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
l094b2d2.justinstalledpanel.com()
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15465 |
2023-03-05 01:25
|
http://depressionk1d.ug/k8FppT...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
depressionk1d.ug() - mailcious
|
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|