2161 |
2020-10-19 16:27
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml clean https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2162 |
2020-10-19 17:07
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2163 |
2020-10-19 17:11
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
3.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2164 |
2020-10-19 17:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1790317629
|
5
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 194.36.191.177 - suspicious 8.208.102.117
|
4
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2165 |
2020-10-19 17:25
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2166 |
2020-10-19 17:55
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls - mailcious
|
4
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 8.208.102.117
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2167 |
2020-10-20 07:56
|
http://websiteoptimizationcana... 3892c8008b86ae8b40b7d62741278cba MachineGuid Code Injection Check memory Checks debugger exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
2
http://websiteoptimizationcanada.ca/wp-admin/browse/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
websiteoptimizationcanada.ca(64.69.95.129) 117.18.232.200 - suspicious 164.124.101.2 64.69.95.129
|
|
|
6.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2168 |
2020-10-20 08:01
|
https://raumfuerneues.eu/error... 5c6a8a35ba48ae1fa55d367d622aaa34 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
raumfuerneues.eu(81.19.159.73) 117.18.232.200 - suspicious 164.124.101.2 81.19.159.73
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2169 |
2020-10-20 08:23
|
http://websiteoptimizationcana... 6e6faa71eca93e02991376ab23606f69 Vulnerability MachineGuid Code Injection Check memory Checks debugger RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
2
http://websiteoptimizationcanada.ca/wp-admin/browse/ - mailcious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
websiteoptimizationcanada.ca(64.69.95.129) - mailcious 117.18.232.200 - suspicious 164.124.101.2 64.69.95.129 - suspicious
|
|
|
7.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2170 |
2020-10-20 09:23
|
3415201.png.exe d9b41eaf18125c5cbec11f9c85bb1860 unpack itself malicious URLs WriteConsoleW ComputerName |
|
1
|
|
|
1.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2171 |
2020-10-20 09:34
|
3415201.png.exe 776fcd00ba7f22c656384a89537c492a unpack itself malicious URLs WriteConsoleW ComputerName |
|
1
|
|
|
1.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2172 |
2020-10-20 09:34
|
19.gif.exe ed5dd05ba0bd0a4df788f50535cdf9a6 unpack itself malicious URLs WriteConsoleW ComputerName |
|
1
|
|
|
2.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2173 |
2020-10-20 09:37
|
R_17104511.doc 257b978c9d35f68343844343a104be30 Vulnerability VirusTotal Malware unpack itself |
|
1
|
|
|
2.6 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2174 |
2020-10-20 09:37
|
OrcusRAT.exe ec5949944c365fa50c40831db3f54aff VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious process AppData folder malicious URLs anti-virtualization human activity check Windows ComputerName DNS Cryptographic key crashed keylogger |
|
2
164.124.101.2 88.123.12.74
|
|
|
12.6 |
|
48 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2175 |
2020-10-20 09:38
|
3415201.png.exe d9b41eaf18125c5cbec11f9c85bb1860 unpack itself malicious URLs WriteConsoleW ComputerName |
|
1
|
|
|
1.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|