1891 |
2020-09-25 09:12
|
REP 2020_09_25 3194.doc 3a49fcefd6c99f69b2155be8b3c3c7a9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/NtyAfs/ http://transfersuvan.com/wp-admin/1J/
|
2
12.163.208.58 186.64.117.145
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1892 |
2020-09-25 09:15
|
OA.exe 29b5cc17485d16ea6f070ceea579e1e0 VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://104.236.246.93:8080/qRBg/ http://173.249.6.108:443/EYlWUhAj/
|
6
104.236.246.93 137.59.187.107 159.203.116.47 173.249.6.108 174.106.122.139 174.45.13.118
|
3
ET POLICY HTTP traffic on port 443 (POST) ET CNC Feodo Tracker Reported CnC Server group 3 ET CNC Feodo Tracker Reported CnC Server group 5
|
|
8.4 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1893 |
2020-09-25 09:29
|
Wa3j.exe 613a7e20b550f35969a79250c5cc0868 Report RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
5
157.245.138.101 162.144.42.60 162.241.41.111 190.85.46.52 49.243.9.118
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
6.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1894 |
2020-09-25 09:29
|
3196288-2020_09_24-7609.doc bb2741248b19b165380971e05fa62d6c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/xkMtaIHR68S/NHiDIlU1qpWXZh0JxtX/wyeFPXCodIGsN/bKsPJtf/VtR1Z6YQItOxM2kkQ/yKMsptr0Lia/ http://pagearrow.com/wordpress/xF/
|
2
12.163.208.58 23.225.152.164
|
4
ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1895 |
2020-09-25 09:33
|
rockdo.exe 8a15c8a728a55af5c246c7bea63b643f VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.2 |
|
16 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1896 |
2020-09-25 09:36
|
DAT_20200925_866.doc 480d54fb2e42340e62b8f550dcc8e5f9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/VQbLXqp47U5LQA6wwF/B1mlDH/b3a1C9r/aPnQsROWJyUzp3H/eXFn/ http://transfersuvan.com/wp-admin/1J/
|
2
12.163.208.58 186.64.117.145
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.0 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1897 |
2020-09-25 12:21
|
FILE_07306859.doc 169136d627042f3812e95267eb2f20cb Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
3
http://104.236.246.93:8080/UNpU2BxSYUWkBydQmL/KaGkit0Qm70mKQp7g/6kRZAopn4c84ZcDti5/ http://fulfillmententertainment.com/cgi-bin/WrD/ http://173.249.6.108:443/sPNVpqWEZPSoxOvF/8y8SyFK/tVZRnMloZsPkbS3s/5aPePev1BKswsh2DATe/TegYoC/
|
7
104.236.246.93 137.59.187.107 159.203.116.47 173.249.6.108 174.106.122.139 174.45.13.118 208.91.199.181
|
6
ET CNC Feodo Tracker Reported CnC Server group 3 ET POLICY HTTP traffic on port 443 (POST) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 5
|
|
6.8 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1898 |
2020-09-25 14:03
|
https://www.sanambakshi.com/wp... 5c50a1af9fe8c9136fc5738a3154b3ec Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 209.205.123.182
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1899 |
2020-09-25 14:54
|
linkercre.exe acc9728c11b4de0ed1bd7c45bafad61f VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.8 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1900 |
2020-09-25 15:09
|
3517 20200924 7939892.doc c6e1a560d13267285359ff54b78cbb7c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://12.163.208.58/w1G9/ http://h2a1.com/uf8vu/U/
|
2
12.163.208.58 195.201.163.40
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.4 |
|
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1901 |
2020-09-26 09:30
|
372813350864526504319.doc 169136d627042f3812e95267eb2f20cb Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://174.106.122.139/OrJwtE/ http://fulfillmententertainment.com/cgi-bin/WrD/
|
2
174.106.122.139 208.91.199.181
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.4 |
M |
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1902 |
2020-09-26 09:31
|
fReqf9Fu8CQ4VUp.exe 2139e1f1f06d263e13ea57637d7ace2a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization Ransomware Windows Tor ComputerName Software crashed keylogger |
|
|
|
|
17.0 |
|
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1903 |
2020-09-26 09:34
|
cjwe.exe 88bb74f36b0640b2c521ce68d0100e14 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization |
|
|
|
|
2.8 |
|
51 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1904 |
2020-09-26 09:39
|
kbsjwHYV.exe 85200f081372c8451249dd6d8792c5f9 Report PDB RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
5
157.245.138.101 162.144.42.60 162.241.41.111 190.85.46.52 49.243.9.118
|
1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
6.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1905 |
2020-09-26 09:39
|
3.exe 6cfd9e4c91e40289c1336092f523fbb9 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.6 |
M |
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|