| 2191 |
2020-10-20 10:52
|
signals.exe 2542beb7cd704c3c3aa6e4e20e8d29f8
VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName crashed |
|
1
|
|
|
3.8 |
M |
51 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2192 |
2020-10-20 11:02
|
test.html a55d059d5d019b679609493a378c0236
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
4
http://amarettobh.com.br/sys-cache/idPAR/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware
amarettobh.com.br(191.6.196.122) - mailcious
inkteach.com(66.235.200.146) - malware
117.18.232.200 - suspicious
164.124.101.2
191.6.196.122 - suspicious
209.58.160.178 - suspicious
66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2193 |
2020-10-20 11:15
|
test.html a55d059d5d019b679609493a378c0236
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware
studyguidewithlakshmi.com(209.58.160.178) - malware
amarettobh.com.br(191.6.196.122) - mailcious
117.18.232.200 - suspicious
164.124.101.2
191.6.196.122 - suspicious
209.58.160.178 - suspicious
66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2194 |
2020-10-20 11:19
|
test.html a55d059d5d019b679609493a378c0236
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware
inkteach.com(66.235.200.146) - malware
amarettobh.com.br(191.6.196.122) - mailcious
117.18.232.200 - suspicious
164.124.101.2
191.6.196.122 - suspicious
209.58.160.178 - suspicious
66.235.200.146 - suspicious
|
5
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2195 |
2020-10-20 11:24
|
kqgax8.gif.exe 385a727cf2627cf35f6e822bd23af7dd
VirusTotal Malware unpack itself crashed |
|
1
|
|
|
3.0 |
M |
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2196 |
2020-10-20 11:28
|
c5xfte.rar.exe 29b3fb0c606603e980e207f9739eb36b
VirusTotal Malware PDB unpack itself crashed |
|
1
|
|
|
2.8 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2197 |
2020-10-20 11:36
|
test.html 9f44b7790991fb50a33ee18ac31f31bd
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware
studyguidewithlakshmi.com(209.58.160.178) - malware
www.bestabortionpillsrx.com(89.185.234.56) - mailcious
117.18.232.200 - suspicious
164.124.101.2
209.58.160.178 - suspicious
66.235.200.146 - suspicious
89.185.234.56 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2198 |
2020-10-20 13:27
|
test.html 796af7ff315d771a7a8e1b85d02be1c3
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
http://riandutra.com/img/esp/gi3m4f-0296/ - mailcious
http://makemoneywithus.work/selfclicks - mailcious
http://mrveggy.com/erros/paclm/ - compromised
http://fairebornfilms.com/anal/img.jpg
http://blockschain.great-site.net/ - suspicious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://ym5zuxo.com/biwe_zibofyra/ripy_lani.php - mailcious
http://fairebornfilms.com/anal/hd-anal-teengirls-sex-vedeos.html
http://dp-womenbasket.com/wp-admin/Li/ - phishing
http://blockschain.great-site.net/aes.js
|
17
riandutra.com(191.6.196.95) - mailcious
dp-womenbasket.com(104.28.13.193) - phishing
www.fairebornfilms.com(192.185.138.117)
mrveggy.com(191.6.198.191) - mailcious
fairebornfilms.com(192.185.138.117)
makemoneywithus.work(188.225.75.54) - mailcious
blockschain.great-site.net(185.27.134.216) - suspicious
ym5zuxo.com(45.150.64.102) - mailcious
117.18.232.200 - suspicious
164.124.101.2
172.67.151.128 - suspicious
185.27.134.216 - suspicious
188.225.75.54 - suspicious
191.6.196.95 - suspicious
191.6.198.191 - suspicious
192.185.138.117
45.150.64.102 - suspicious
|
6
ET INFO Observed DNS Query to .work TLD
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET CURRENT_EVENTS Malicious Fake JS Lib Inject
ET INFO HTTP Request to Suspicious *.work Domain
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2199 |
2020-10-20 14:53
|
http://www.advisertours.com/08... c8bc6937ff78700cc917195d5444585e
Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
78
http://www.advisertours.com/js/core/dic.js?ver=1.2
http://www.advisertours.com/plugins/summernote/summernote.css
http://www.advisertours.com/js/core/maxisUploader.js
http://www.advisertours.com/plugins/fa/css/fa.min.css
http://www.advisertours.com/plugins/color/bootstrap-colorpicker.js
http://www.advisertours.com/plugins/jquery/jquery.cookie.js
http://www.advisertours.com/plugins/bootstrap/bootstrap.min.css
http://www.advisertours.com/Images/Settings/css/theme.css?ver=1.77
http://www.advisertours.com/plugins/summernote/summernote.js
http://www.advisertours.com/plugins/others/numeral.js
http://www.advisertours.com/plugins/fancybox/jquery.fancybox.js
http://www.advisertours.com/css/core/maxisUploader.css
http://www.advisertours.com/plugins/bootstrap/bootstrap.min.js
http://www.advisertours.com/favicon.ico
http://www.advisertours.com/plugins/fa/webfonts/fa-solid-900.eot
http://www.advisertours.com/Images/Logo/adviser.png
http://www.advisertours.com/plugins/menu/metisMenuCustom.css
http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.css
http://www.advisertours.com/css/maxis.css?ver=1.23
http://www.advisertours.com/plugins/addtoany/page.js
http://www.advisertours.com/plugins/googlefonts/fontselect.css?ver=1.0
http://www.advisertours.com/js/admin/html.js?ver=1.2
http://www.advisertours.com/js/core/maxisMenu.js?ver=1.3
http://www.advisertours.com/plugins/others/moment.js
http://www.advisertours.com/plugins/carousel/carousel.css
http://www.advisertours.com/error
http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.js
http://www.advisertours.com/plugins/notify/notify.js
http://www.advisertours.com/plugins/jquery-ui/jquery-ui.js
http://www.advisertours.com/plugins/wow/animate.css
http://www.advisertours.com/plugins/color/bootstrap-colorpicker.min.css
http://www.advisertours.com/plugins/others/form.js
http://www.advisertours.com/plugins/uploader/jquery.uploadfile.js
http://www.advisertours.com/plugins/selectize/js/selectize.min.js
http://www.advisertours.com/plugins/animate/animate.css
http://www.advisertours.com/js/core/maxisSysFun.js?ver=1.2
http://www.advisertours.com/plugins/selectize/css/selectize.default.css
http://www.advisertours.com/js/core/maxisFun.js?ver=1.2
http://www.advisertours.com/plugins/others/jredirect.js
http://www.advisertours.com/js/core/maxisForm.js?ver=1.2
http://www.advisertours.com/images/settings/cms/bar.jpg
http://www.advisertours.com/js/core/maxisGrid.js?ver=1.2
http://www.advisertours.com/plugins/jsgrid/css/jsgrid.css
http://www.advisertours.com/plugins/jsgrid/js/jsgrid.js
http://www.advisertours.com/plugins/uploader/uploadfile.css
http://www.advisertours.com/plugins/jquery/jquery.min.js
http://www.advisertours.com/plugins/jsonToXls/excelexportjs.js
http://www.advisertours.com/plugins/easyAutocomplete/easy-autocomplete.css
http://www.advisertours.com/images/AjaxLoader.gif
http://www.advisertours.com/plugins/sticky/jquery.stickme.js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.advisertours.com/plugins/fa/webfonts/fa-brands-400.eot
http://www.advisertours.com/css/core/jsgrid-custom.css?ver=1.0
http://www.advisertours.com/js/core/maxisCombo.js?ver=1.2
http://www.advisertours.com/plugins/wow/wow.min.js
http://www.advisertours.com/css/cms.css?ver=1.23
http://www.advisertours.com/plugins/googlefonts/jquery.fontselect.js
http://www.advisertours.com/plugins/carousel/owl.carousel.min.js
http://www.advisertours.com/plugins/fancybox/jquery.fancybox.css
http://www.advisertours.com/plugins/jsgrid/css/jsgrid-theme.css
http://www.advisertours.com/0810.gif - malware
http://www.advisertours.com/plugins/easyAutocomplete/jquery.easy-autocomplete.js
http://www.advisertours.com/plugins/menu/metisMenu.min.js
http://www.advisertours.com/plugins/menu/metisMenu.min.css
http://www.advisertours.com/plugins/fa/webfonts/fa-regular-400.eot
http://www.advisertours.com/js/core/maxisModal.js?ver=1.2
http://www.advisertours.com/plugins/others/readmore.js
http://www.advisertours.com/Images/Settings/css/style.css?ver=1.77
http://www.advisertours.com/js/core/maxisMap.js
http://www.advisertours.com/js/admin/errorPage.js
http://www.advisertours.com/js/admin/search.js?ver=1.2
http://www.advisertours.com/plugins/googlemaps/locationpicker.jquery.min.js
https://www.google.com/recaptcha/api.js
https://maps.google.com/maps/api/js?libraries=places&key=AIzaSyAZYkqEi7CmdGgw3sYll-sit-E8ktfqEk0
https://fonts.googleapis.com/css?family=Rubik
https://www.googletagmanager.com/gtag/js?id=UA-37099488-7
https://www.google-analytics.com/analytics.js
https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__ko.js
|
18
www.gstatic.com(172.217.26.3)
maps.google.com(172.217.27.78)
www.google.com(172.217.31.164)
www.google-analytics.com(172.217.175.78)
fonts.googleapis.com(172.217.26.10)
yotatravel.com(192.185.76.193)
www.advisertours.com(205.144.171.63) - malware
www.googletagmanager.com(172.217.175.104)
108.177.97.95
117.18.232.200 - suspicious
164.124.101.2
172.217.163.228
172.217.163.232
172.217.174.206
172.217.25.14 - suspicious
192.185.76.193
205.144.171.63
216.58.200.3
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2200 |
2020-10-20 15:16
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/1nbq5OGzwIeFu/FMvsMtXdR4S/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
5.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2201 |
2020-10-20 15:18
|
INV_75891429362122477667659.do... f30a57fa69b4a9986ecba1782f65bdc2
Vulnerability unpack itself |
|
1
|
|
|
1.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2202 |
2020-10-20 15:51
|
Mssz6xtWX5orm7o1nlYg.exe ff2ce8b5a2e8f56035f0fd2741e9d45e
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/qmDSMVoH/ - mailcious
|
2
164.124.101.2
208.180.207.205 - suspicious
|
|
|
6.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2203 |
2020-10-20 15:52
|
7Y8JPQhD02tGzQA0Yc.exe 4ce948c02be68dacf9038d42f00cd097
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/eDFLKHyb/tNE7r6JBpDSudzWxuYU/INlLnh3Eo4Bnj3VLQ/25eFDC/BCEXDtulC2mjeSnpZ/ - mailcious
|
2
164.124.101.2
208.180.207.205 - suspicious
|
|
|
6.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2204 |
2020-10-20 16:19
|
http://blockschain.great-site.... 83af9f05c497857ace30bf9077443498
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://blockschain.great-site.net/css/style.css
http://blockschain.great-site.net/?i=1
http://blockschain.great-site.net/favicon.ico
http://blockschain.great-site.net/ - suspicious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://blockschain.great-site.net/aes.js
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
https://fonts.googleapis.com/css?family=Anton
|
10
fonts.googleapis.com(172.217.25.234)
infinityfree.net(104.26.8.174)
cdnjs.cloudflare.com(104.17.78.107) - mailcious
blockschain.great-site.net(185.27.134.216) - suspicious
104.17.79.107
104.26.9.174
117.18.232.200 - suspicious
164.124.101.2
172.217.24.74
185.27.134.216 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2205 |
2020-10-20 17:13
|
7.exe c90ef4d73de6e2f66b5571ec8867b41c
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/Qtnp/KkohcK/C1QHKTNll/ - mailcious
|
2
164.124.101.2
208.180.207.205 - suspicious
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|