| 2146 |
2020-10-19 10:54
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18
unpack itself |
|
|
|
|
0.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2147 |
2020-10-19 10:55
|
https://docsecure.top/xls/0051... 1857ec35df81a3cb7fe02c9382ba3be7
Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00517069.xls
https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1623214863
|
3
117.18.232.200
194.36.191.177
8.209.75.30
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
7.2 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2148 |
2020-10-19 11:13
|
OperaSetup.exe ff4661ec5bef09ac7fcf479c933d2d81
Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee Remote Code Execution DNS |
5
https://autoupdate.geo.opera.com/v2/netinstaller/Stable/windows/x64
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://autoupdate.geo.opera.com/geolocation/
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://download.opera.com/download/get/?id=51078&autoupdate=1&ni=1&stream=stable&utm_campaign=(direct)_via_opera_com_https&utm_medium=doc&utm_site=opera_com&utm_source=(direct)_via_opera_com&utm_tryagain=yes&niuid=9ff42522-a862-4912-b63e-6c2e545f3ad4
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://download.opera.com/download/get/?id=51081&autoupdate=1&ni=1
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
|
4
107.167.110.217
107.167.119.133
23.43.9.151
82.145.216.19
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2149 |
2020-10-19 11:16
|
https://docsecure.top/111.exe ff47e6eb2602178a4306e4fcecb15b7d
Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report suspicious privilege Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit ComputerName DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/111.exe
|
7
103.36.48.103
103.76.169.213
117.18.232.200
195.123.240.113
8.209.75.30
85.204.116.173
89.223.126.186
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET CNC Feodo Tracker Reported CnC Server group 13
ET CNC Feodo Tracker Reported CnC Server group 24
ET DNS Query to a *.top domain - Likely Hostile
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 23
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
8.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2150 |
2020-10-19 11:16
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls
|
2
117.18.232.200
8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2151 |
2020-10-19 13:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23
Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls
https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1951826145
|
5
docsecure.top(8.208.102.117)
117.18.232.200
164.124.101.2
194.36.191.177
8.208.102.117
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2152 |
2020-10-19 13:59
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b
VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
3.4 |
|
36 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2153 |
2020-10-19 14:18
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b
VirusTotal Malware malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
2.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2154 |
2020-10-19 14:24
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5
VirusTotal Malware unpack itself |
|
1
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2155 |
2020-10-19 15:01
|
test.html d41d8cd98f00b204e9800998ecf8427e
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200
164.124.101.2
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2156 |
2020-10-19 15:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117)
117.18.232.200
164.124.101.2
8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2157 |
2020-10-19 16:05
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious
117.18.232.200 suspicious
164.124.101.2 clean
8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2158 |
2020-10-19 16:12
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5
VirusTotal Malware |
|
1
|
|
|
1.8 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2159 |
2020-10-19 16:13
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23
Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious
117.18.232.200 suspicious
164.124.101.2 clean
8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2160 |
2020-10-19 16:23
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5
VirusTotal Malware unpack itself |
|
1
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|