2131 |
2024-07-19 12:58
|
cno.cno.cno.cnocnocno.doc e5102c5df398cf5130a0367e6b2a37c3 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
3
http://103.161.133.121/80180/clearpicneedflowersnadimagesforhairwork.gIF http://198.46.176.133/Upload/vbs.jpeg - rule_id: 41176 https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
|
4
pastecode.dev(172.66.40.229) - mailcious 103.161.133.121 - malware 172.66.43.27 - mailcious 198.46.176.133 - mailcious
|
5
ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
2
http://198.46.176.133/Upload/vbs.jpeg https://pastecode.dev/raw/6l7qjjrz/paste1.txt
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2132 |
2024-07-19 12:55
|
Qwredfrf.vbs ee74f2659329f51927d8aa7462d6a334 Generic Malware Antivirus PowerShell VirusTotal Malware VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper |
1
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
|
4
pastecode.dev(172.66.43.27) - mailcious ia803405.us.archive.org(207.241.232.195) - mailcious 172.66.43.27 - mailcious 207.241.232.195 - mailcious
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI
|
1
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
|
10.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2133 |
2024-07-19 12:53
|
Archive.vbs 0579ce308b6dff7c66f18127103f1fd9 Generic Malware Antivirus PowerShell VirusTotal Malware VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper |
1
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
|
4
pastecode.dev(172.66.43.27) - mailcious ia803405.us.archive.org(207.241.232.195) - mailcious 172.66.43.27 - mailcious 207.241.232.195 - mailcious
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI
|
1
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
|
10.0 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2134 |
2024-07-19 12:53
|
66990947b9f24_crypted.exe#1 ae74c6d6ed392c35afafedfc9316d163 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2135 |
2024-07-18 23:00
|
FAKE BTC SENDER zip.exe 3a7da416e0ed02e02fa874f3ae09e9a2 North Korea RedLine Infostealer RedLine stealer RedlineStealer Generic Malware Malicious Library WinRAR UPX .NET framework(MSIL) Malicious Packer PE File PE32 OS Processor Check DLL .NET DLL .NET EXE VirusTotal Malware PDB Check memory Checks debugger Creates executable files RWX flags setting unpack itself Check virtual network interfaces Windows Remote Code Execution DNS Cryptographic key |
|
1
|
|
|
6.0 |
|
48 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2136 |
2024-07-18 11:18
|
66979a57f071c_otraba.exe#kisot... b00510d3aa8bebcace517ac6cf2f1138 Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
8.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2137 |
2024-07-18 11:16
|
6697dafdd90a3_crypted.exe#1 b511a938c3da1d394dadd5c5c67bb48b Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2138 |
2024-07-18 11:14
|
wdeigthseven.vbs 3013532d03b160b1e9ef47e783317580 Generic Malware Antivirus PowerShell VirusTotal Malware VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper |
2
https://pastecode.dev/raw/6l7qjjrz/paste1.txt - rule_id: 41177
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
|
4
pastecode.dev(172.66.43.27) - mailcious
ia803405.us.archive.org(207.241.232.195) - mailcious 172.66.43.27 - mailcious
207.241.232.195 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI
|
1
https://pastecode.dev/raw/6l7qjjrz/paste1.txt
|
10.0 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2139 |
2024-07-18 11:12
|
逾期发票 5453909172 Overdue Invoic... 7c828476742a70dc25a084ffe5719998 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PE File .NET EXE PE32 powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2140 |
2024-07-18 11:09
|
bin.ps1 d7f49d9cb663a5aab495beb612a8e415 Generic Malware Antivirus VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2141 |
2024-07-18 10:58
|
Joint working group.pdf.chm b445f85edab25e9216874ca8cad0efb5 AntiDebug AntiVM CHM Format VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process Windows |
|
|
|
|
4.0 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2142 |
2024-07-18 10:54
|
4c12d617aa51bb0c0108242da6aa00... 4c12d617aa51bb0c0108242da6aa0071 VBA_macro Word 2007 file format(docx) ZIP Format Vulnerability VirusTotal Malware unpack itself suspicious process WriteConsoleW |
1
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
|
|
|
|
5.6 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2143 |
2024-07-18 10:54
|
7ebfba0b98c135481c14db1c2f2da4... 7ebfba0b98c135481c14db1c2f2da484 VBA_macro AntiDebug AntiVM Word 2007 file format(docx) ZIP Format Lnk Format GIF Format VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates shortcut Creates executable files exploit crash unpack itself suspicious process Exploit DNS crashed Dropper |
1
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
|
2
koreaillmin.mypressonline.com(185.176.43.98) 185.176.43.98 - mailcious
|
1
ET INFO Observed Free Hosting Domain (mypressonline .com) in DNS Lookup
|
|
10.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2144 |
2024-07-18 10:53
|
design.docm 46b1a7d4befaf02eda1938d50ea8c488 VBA_macro AntiDebug AntiVM Word 2007 file format(docx) ZIP Format Lnk Format GIF Format VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed Dropper |
1
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
|
2
koreaillmin.mypressonline.com(185.176.43.98) 185.176.43.98 - mailcious
|
1
ET INFO Observed Free Hosting Domain (mypressonline .com) in DNS Lookup
|
|
10.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2145 |
2024-07-18 10:52
|
attachment.docm 8783d7173dbdfd95f05501fa9a20e46f VBA_macro Word 2007 file format(docx) ZIP Format Vulnerability VirusTotal Malware unpack itself suspicious process WriteConsoleW |
1
http://koreaillmin.mypressonline.com/file/upload/list.php?query=1
|
|
|
|
5.6 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|