2146 |
2020-10-19 10:54
|
Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 unpack itself |
|
|
|
|
0.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2147 |
2020-10-19 10:55
|
https://docsecure.top/xls/0051... 1857ec35df81a3cb7fe02c9382ba3be7 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00517069.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1623214863
|
3
117.18.232.200 194.36.191.177 8.209.75.30
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
7.2 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2148 |
2020-10-19 11:13
|
OperaSetup.exe ff4661ec5bef09ac7fcf479c933d2d81 Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee Remote Code Execution DNS |
5
https://autoupdate.geo.opera.com/v2/netinstaller/Stable/windows/x64 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://autoupdate.geo.opera.com/geolocation/ https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://download.opera.com/download/get/?id=51078&autoupdate=1&ni=1&stream=stable&utm_campaign=(direct)_via_opera_com_https&utm_medium=doc&utm_site=opera_com&utm_source=(direct)_via_opera_com&utm_tryagain=yes&niuid=9ff42522-a862-4912-b63e-6c2e545f3ad4 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://download.opera.com/download/get/?id=51081&autoupdate=1&ni=1 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary
|
4
107.167.110.217 107.167.119.133 23.43.9.151 82.145.216.19
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2149 |
2020-10-19 11:16
|
https://docsecure.top/111.exe ff47e6eb2602178a4306e4fcecb15b7d Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report suspicious privilege Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit ComputerName DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/111.exe
|
7
103.36.48.103 103.76.169.213 117.18.232.200 195.123.240.113 8.209.75.30 85.204.116.173 89.223.126.186
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 24 ET DNS Query to a *.top domain - Likely Hostile ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 23 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
8.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2150 |
2020-10-19 11:16
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
2
117.18.232.200 8.209.75.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2151 |
2020-10-19 13:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1951826145
|
5
docsecure.top(8.208.102.117) 117.18.232.200 164.124.101.2 194.36.191.177 8.208.102.117
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2152 |
2020-10-19 13:59
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
3.4 |
|
36 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2153 |
2020-10-19 14:18
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b VirusTotal Malware malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
2.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2154 |
2020-10-19 14:24
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself |
|
1
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2155 |
2020-10-19 15:01
|
test.html d41d8cd98f00b204e9800998ecf8427e Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 164.124.101.2
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2156 |
2020-10-19 15:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) 117.18.232.200 164.124.101.2 8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2157 |
2020-10-19 16:05
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2158 |
2020-10-19 16:12
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware |
|
1
|
|
|
1.8 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2159 |
2020-10-19 16:13
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2160 |
2020-10-19 16:23
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself |
|
1
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|