| 15496 |
2023-03-05 01:05
|
http://hitech-india.in/export....
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15497 |
2023-03-05 01:04
|
http://www.tepevizyon.com.tr/x...
AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
91
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/banners/banner.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/menu.min.css
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/back-top.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/contact-form-7/includes/swv/js/index.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/wishlist.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/fixedHeader.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/portfolio.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/ajax-search.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.10
http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/mobile-panel.min.css
http://www.tepevizyon.com.tr/wp-includes/js/dist/i18n.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/off-canvas.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/all-departments-menu.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.10
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/mobile-menu.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/search.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/et-core-plugin/app/assets/lib/xstore-icons/css/xstore-icons.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/promoTextCarousel.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/ajaxSearch.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/woocommerce/cart-widget.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce-composite-products/assets/css/frontend/woocommerce.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/swiper.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/contact-form-7/includes/js/index.js
http://www.tepevizyon.com.tr/xx/Panel/PvqDq929BSx_A_D_M1n_a.php
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/css/prettyPhoto.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/banners/banners-global.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/toggles-by-arrow.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/404-page.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/productCategoriesWidget.min.js
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-138.css
http://www.tepevizyon.com.tr/wp-content/uploads/xstore/kirki-styles.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/etheme-scripts.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/layout/header/parts/account.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/tabs.min.js
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/global.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/mobilePanel.min.js
http://www.tepevizyon.com.tr/wp-includes/js/jquery/jquery-migrate.min.js
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-797.css
http://www.tepevizyon.com.tr/wp-content/plugins/et-core-plugin/app/assets/lib/xstore-icons/css/light.css
http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-795.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/back-top.min.css
http://www.tepevizyon.com.tr/wp-includes/js/jquery/ui/core.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js
http://www.tepevizyon.com.tr/wp-includes/js/dist/vendor/wp-polyfill.min.js
http://www.tepevizyon.com.tr/wp-includes/js/jquery/jquery.min.js
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/custom-frontend-lite.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/woocommerce.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js
http://www.tepevizyon.com.tr/?wc-ajax=get_refreshed_fragments&elementor_page_id=0
http://www.tepevizyon.com.tr/wp-content/plugins/woocommerce-composite-products/assets/css/frontend/checkout-blocks.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/all-departments-menu.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/libs/jquery.lazyload.js
http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/builders/elementor/etheme-icon-box.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/contact-form-7/includes/css/styles.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/libs/imagesLoaded.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/fonts/xstore-icons-light.ttf
http://www.tepevizyon.com.tr/wp-content/themes/xstore/xstore.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/elementor/assets/js/frontend.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/breadcrumbs.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/mobileMenu.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/elementor.min.css
http://www.tepevizyon.com.tr/wp-includes/js/dist/hooks.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/woocommerce/global.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.10
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-149.css
http://www.tepevizyon.com.tr/wp-content/uploads/elementor/css/post-136.css
http://www.tepevizyon.com.tr/wp-includes/js/dist/vendor/regenerator-runtime.min.js
http://www.tepevizyon.com.tr/wp-content/themes/xstore/js/modules/ethemeCountdown.min.js
http://www.tepevizyon.com.tr/wp-includes/css/classic-themes.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/css/font-awesome.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/contact-forms.min.css
http://www.tepevizyon.com.tr/wp-content/themes/xstore/css/modules/builders/elementor/etheme-countdown.min.css
http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js
http://www.tepevizyon.com.tr/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
https://fonts.googleapis.com/css?family=Nunito%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRaleway%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&subset=latin-ext&ver=6.1.1
|
4
www.tepevizyon.com.tr(213.238.183.171)
fonts.googleapis.com(142.250.207.106)
213.238.183.171
172.217.25.10
|
3
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15498 |
2023-03-05 01:04
|
http://safehardwareuae.com/lea...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://safehardwareuae.com/leafmailer2.8.php
https://safehardwareuae.com/leafmailer2.8.php
|
2
safehardwareuae.com(172.67.140.92)
172.67.140.92
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15499 |
2023-03-05 01:03
|
http://185.215.113.33/hBF6ds2D...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format JPEG Format MSOffice File Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://185.215.113.33/hBF6ds2D/login.php
|
1
185.215.113.33 - mailcious
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 20
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15500 |
2023-03-05 01:01
|
http://web.xmlpost.xyz/sj2vMs/...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
web.xmlpost.xyz() - mailcious
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15501 |
2023-03-05 01:01
|
http://203.159.80.93/PL341/pan...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15502 |
2023-03-05 01:01
|
http://alpha.nuts.kiev.ua/ilsf...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://alpha.nuts.kiev.ua/ilsfewhhkw.php
|
2
alpha.nuts.kiev.ua(91.239.232.40)
91.239.232.40
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
6.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15503 |
2023-03-05 01:00
|
http://serverddfd.7m.pl/webadm...
AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://serverddfd.7m.pl/webadmin/cp.php?m=login
|
2
serverddfd.7m.pl(149.202.75.212)
149.202.75.212 - mailcious
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15504 |
2023-03-05 00:58
|
http://ver.sx/boss/xleetmailer...
AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ver.sx/boss/xleetmailer-new.php
https://ver.sx/boss/xleetmailer-new.php
|
2
ver.sx(172.67.207.39)
172.67.207.39
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15505 |
2023-03-05 00:58
|
http://admission.primeuniversi...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://admission.primeuniversity.edu.bd/.well-known/pki-validation/4.php
|
2
admission.primeuniversity.edu.bd(45.114.84.162)
45.114.84.162
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15506 |
2023-03-05 00:57
|
http://afreebieempire.com/leaf... b298062e4a309acbc34829172cb2f9c5
AntiDebug AntiVM MSOffice File icon Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious TLD Tofsee Windows Exploit DNS crashed |
7
http://afreebieempire.com/leaf.php
http://afreebieempire.com/favicon.ico
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
https://leafmailer.pw/style.js
https://maxcdn.bootstrapcdn.com/bootswatch/3.3.6/fonts/glyphicons-halflings-regular.eot
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
https://maxcdn.bootstrapcdn.com/bootswatch/3.3.6/cosmo/bootstrap.min.css
|
8
leafmailer.pw(104.21.17.139)
maxcdn.bootstrapcdn.com(104.18.10.207)
fonts.googleapis.com(142.250.207.106)
afreebieempire.com(74.208.236.130)
104.18.11.207
104.21.17.139
74.208.236.130
142.250.204.74
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.pw domain - Likely Hostile
ET WEB_CLIENT Leaf PHPMailer Accessed on External Server
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15507 |
2023-03-05 00:57
|
http://legismente.pt/wp-includ...
AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
28
http://www.legismente.pt/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
http://www.legismente.pt/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=5.5.1
http://www.legismente.pt/wp-content/plugins/ddpro/js/ddp-admin.js?ver=5.9.5
http://www.legismente.pt/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
http://www.legismente.pt/wp-includes/css/dist/block-library/style.min.css?ver=5.9.5
http://www.legismente.pt/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
http://www.legismente.pt/wp-content/plugins/ddpro/include/fancybox/jquery.fancybox.pack.js?ver=5.9.5
http://www.legismente.pt/wp-content/themes/web_design_vip/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.16.1
http://www.legismente.pt/wp-content/themes/web_design_vip/core/admin/fonts/modules/base/modules.eot?
http://www.legismente.pt/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
http://www.legismente.pt/wp-content/uploads/2019/06/feito2.png
http://www.legismente.pt/wp-content/themes/web_design_vip/core/admin/js/common.js?ver=4.16.1
http://legismente.pt/wp-includes/IXR/emoji.php
http://www.legismente.pt/wp-content/uploads/useanyfont/190624110031Foro-Sans-Light.woff
http://www.legismente.pt/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
http://www.legismente.pt/wp-content/themes/web_design_vip/js/smoothscroll.js?ver=4.16.1
http://www.legismente.pt/wp-content/plugins/ddpro/js/clipboard.min.js?ver=5.9.5
http://www.legismente.pt/wp-content/plugins/ddpro/include/fancybox/jquery.fancybox.js?ver=5.9.5
http://www.legismente.pt/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.5.1
http://www.legismente.pt/wp-content/plugins/ddpro/js/jquery.alphanum.js?ver=5.9.5
http://www.legismente.pt/wp-content/plugins/ddpro/css/ddp-admin-vb.css?ver=5.9.5
http://www.legismente.pt/wp-admin/admin-ajax.php?action=ddp_get_option_wl
http://www.legismente.pt/wp-content/plugins/ddpro/include/fancybox/jquery.fancybox.css?ver=5.9.5
http://www.legismente.pt/wp-content/themes/web_design_vip/js/scripts.min.js?ver=4.16.1
http://www.legismente.pt/wp-content/uploads/useanyfont/uaf.css?ver=1677944859
http://www.legismente.pt/wp-includes/IXR/emoji.php
https://fonts.gstatic.com/s/forum/v16/6aey4Ky-Vb8Ew8IfOpc.ttf
https://fonts.gstatic.com/s/forum/v16/6aey4Ky-Vb8Ew8IfOpQ.woff
|
5
legismente.pt(81.88.53.59)
fonts.gstatic.com(142.250.207.99)
www.legismente.pt(81.88.53.59)
81.88.53.59
142.250.199.67
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15508 |
2023-03-05 00:56
|
http://arcor.runtrade.com.br/v...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
1
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15509 |
2023-03-05 00:56
|
http://lushbb.xyz/mtk2/w2/PvqD...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15510 |
2023-03-05 00:54
|
http://185.215.113.20/gb9fskvS...
PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://185.215.113.20/gb9fskvS/login.php
|
1
185.215.113.20 - mailcious
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 20
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|