2191 |
2020-10-20 10:52
|
signals.exe 2542beb7cd704c3c3aa6e4e20e8d29f8 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName crashed |
|
1
|
|
|
3.8 |
M |
51 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2192 |
2020-10-20 11:02
|
test.html a55d059d5d019b679609493a378c0236 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
4
http://amarettobh.com.br/sys-cache/idPAR/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware amarettobh.com.br(191.6.196.122) - mailcious inkteach.com(66.235.200.146) - malware 117.18.232.200 - suspicious 164.124.101.2 191.6.196.122 - suspicious 209.58.160.178 - suspicious 66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2193 |
2020-10-20 11:15
|
test.html a55d059d5d019b679609493a378c0236 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware studyguidewithlakshmi.com(209.58.160.178) - malware amarettobh.com.br(191.6.196.122) - mailcious 117.18.232.200 - suspicious 164.124.101.2 191.6.196.122 - suspicious 209.58.160.178 - suspicious 66.235.200.146 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2194 |
2020-10-20 11:19
|
test.html a55d059d5d019b679609493a378c0236 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
studyguidewithlakshmi.com(209.58.160.178) - malware inkteach.com(66.235.200.146) - malware amarettobh.com.br(191.6.196.122) - mailcious 117.18.232.200 - suspicious 164.124.101.2 191.6.196.122 - suspicious 209.58.160.178 - suspicious 66.235.200.146 - suspicious
|
5
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2195 |
2020-10-20 11:24
|
kqgax8.gif.exe 385a727cf2627cf35f6e822bd23af7dd VirusTotal Malware unpack itself crashed |
|
1
|
|
|
3.0 |
M |
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2196 |
2020-10-20 11:28
|
c5xfte.rar.exe 29b3fb0c606603e980e207f9739eb36b VirusTotal Malware PDB unpack itself crashed |
|
1
|
|
|
2.8 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2197 |
2020-10-20 11:36
|
test.html 9f44b7790991fb50a33ee18ac31f31bd Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware studyguidewithlakshmi.com(209.58.160.178) - malware www.bestabortionpillsrx.com(89.185.234.56) - mailcious 117.18.232.200 - suspicious 164.124.101.2 209.58.160.178 - suspicious 66.235.200.146 - suspicious 89.185.234.56 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2198 |
2020-10-20 13:27
|
test.html 796af7ff315d771a7a8e1b85d02be1c3 Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
http://riandutra.com/img/esp/gi3m4f-0296/ - mailcious http://makemoneywithus.work/selfclicks - mailcious http://mrveggy.com/erros/paclm/ - compromised http://fairebornfilms.com/anal/img.jpg http://blockschain.great-site.net/ - suspicious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://ym5zuxo.com/biwe_zibofyra/ripy_lani.php - mailcious http://fairebornfilms.com/anal/hd-anal-teengirls-sex-vedeos.html http://dp-womenbasket.com/wp-admin/Li/ - phishing http://blockschain.great-site.net/aes.js
|
17
riandutra.com(191.6.196.95) - mailcious dp-womenbasket.com(104.28.13.193) - phishing www.fairebornfilms.com(192.185.138.117) mrveggy.com(191.6.198.191) - mailcious fairebornfilms.com(192.185.138.117) makemoneywithus.work(188.225.75.54) - mailcious blockschain.great-site.net(185.27.134.216) - suspicious ym5zuxo.com(45.150.64.102) - mailcious 117.18.232.200 - suspicious 164.124.101.2 172.67.151.128 - suspicious 185.27.134.216 - suspicious 188.225.75.54 - suspicious 191.6.196.95 - suspicious 191.6.198.191 - suspicious 192.185.138.117 45.150.64.102 - suspicious
|
6
ET INFO Observed DNS Query to .work TLD SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET CURRENT_EVENTS Malicious Fake JS Lib Inject ET INFO HTTP Request to Suspicious *.work Domain
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2199 |
2020-10-20 14:53
|
http://www.advisertours.com/08... c8bc6937ff78700cc917195d5444585e Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
78
http://www.advisertours.com/js/core/dic.js?ver=1.2 http://www.advisertours.com/plugins/summernote/summernote.css http://www.advisertours.com/js/core/maxisUploader.js http://www.advisertours.com/plugins/fa/css/fa.min.css http://www.advisertours.com/plugins/color/bootstrap-colorpicker.js http://www.advisertours.com/plugins/jquery/jquery.cookie.js http://www.advisertours.com/plugins/bootstrap/bootstrap.min.css http://www.advisertours.com/Images/Settings/css/theme.css?ver=1.77 http://www.advisertours.com/plugins/summernote/summernote.js http://www.advisertours.com/plugins/others/numeral.js http://www.advisertours.com/plugins/fancybox/jquery.fancybox.js http://www.advisertours.com/css/core/maxisUploader.css http://www.advisertours.com/plugins/bootstrap/bootstrap.min.js http://www.advisertours.com/favicon.ico http://www.advisertours.com/plugins/fa/webfonts/fa-solid-900.eot http://www.advisertours.com/Images/Logo/adviser.png http://www.advisertours.com/plugins/menu/metisMenuCustom.css http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.css http://www.advisertours.com/css/maxis.css?ver=1.23 http://www.advisertours.com/plugins/addtoany/page.js http://www.advisertours.com/plugins/googlefonts/fontselect.css?ver=1.0 http://www.advisertours.com/js/admin/html.js?ver=1.2 http://www.advisertours.com/js/core/maxisMenu.js?ver=1.3 http://www.advisertours.com/plugins/others/moment.js http://www.advisertours.com/plugins/carousel/carousel.css http://www.advisertours.com/error http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.js http://www.advisertours.com/plugins/notify/notify.js http://www.advisertours.com/plugins/jquery-ui/jquery-ui.js http://www.advisertours.com/plugins/wow/animate.css http://www.advisertours.com/plugins/color/bootstrap-colorpicker.min.css http://www.advisertours.com/plugins/others/form.js http://www.advisertours.com/plugins/uploader/jquery.uploadfile.js http://www.advisertours.com/plugins/selectize/js/selectize.min.js http://www.advisertours.com/plugins/animate/animate.css http://www.advisertours.com/js/core/maxisSysFun.js?ver=1.2 http://www.advisertours.com/plugins/selectize/css/selectize.default.css http://www.advisertours.com/js/core/maxisFun.js?ver=1.2 http://www.advisertours.com/plugins/others/jredirect.js http://www.advisertours.com/js/core/maxisForm.js?ver=1.2 http://www.advisertours.com/images/settings/cms/bar.jpg http://www.advisertours.com/js/core/maxisGrid.js?ver=1.2 http://www.advisertours.com/plugins/jsgrid/css/jsgrid.css http://www.advisertours.com/plugins/jsgrid/js/jsgrid.js http://www.advisertours.com/plugins/uploader/uploadfile.css http://www.advisertours.com/plugins/jquery/jquery.min.js http://www.advisertours.com/plugins/jsonToXls/excelexportjs.js http://www.advisertours.com/plugins/easyAutocomplete/easy-autocomplete.css http://www.advisertours.com/images/AjaxLoader.gif http://www.advisertours.com/plugins/sticky/jquery.stickme.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.advisertours.com/plugins/fa/webfonts/fa-brands-400.eot http://www.advisertours.com/css/core/jsgrid-custom.css?ver=1.0 http://www.advisertours.com/js/core/maxisCombo.js?ver=1.2 http://www.advisertours.com/plugins/wow/wow.min.js http://www.advisertours.com/css/cms.css?ver=1.23 http://www.advisertours.com/plugins/googlefonts/jquery.fontselect.js http://www.advisertours.com/plugins/carousel/owl.carousel.min.js http://www.advisertours.com/plugins/fancybox/jquery.fancybox.css http://www.advisertours.com/plugins/jsgrid/css/jsgrid-theme.css http://www.advisertours.com/0810.gif - malware http://www.advisertours.com/plugins/easyAutocomplete/jquery.easy-autocomplete.js http://www.advisertours.com/plugins/menu/metisMenu.min.js http://www.advisertours.com/plugins/menu/metisMenu.min.css http://www.advisertours.com/plugins/fa/webfonts/fa-regular-400.eot http://www.advisertours.com/js/core/maxisModal.js?ver=1.2 http://www.advisertours.com/plugins/others/readmore.js http://www.advisertours.com/Images/Settings/css/style.css?ver=1.77 http://www.advisertours.com/js/core/maxisMap.js http://www.advisertours.com/js/admin/errorPage.js http://www.advisertours.com/js/admin/search.js?ver=1.2 http://www.advisertours.com/plugins/googlemaps/locationpicker.jquery.min.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/js?libraries=places&key=AIzaSyAZYkqEi7CmdGgw3sYll-sit-E8ktfqEk0 https://fonts.googleapis.com/css?family=Rubik https://www.googletagmanager.com/gtag/js?id=UA-37099488-7 https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__ko.js
|
18
www.gstatic.com(172.217.26.3) maps.google.com(172.217.27.78) www.google.com(172.217.31.164) www.google-analytics.com(172.217.175.78) fonts.googleapis.com(172.217.26.10) yotatravel.com(192.185.76.193) www.advisertours.com(205.144.171.63) - malware www.googletagmanager.com(172.217.175.104) 108.177.97.95 117.18.232.200 - suspicious 164.124.101.2 172.217.163.228 172.217.163.232 172.217.174.206 172.217.25.14 - suspicious 192.185.76.193 205.144.171.63 216.58.200.3
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2200 |
2020-10-20 15:16
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8 Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/1nbq5OGzwIeFu/FMvsMtXdR4S/ - mailcious
|
2
164.124.101.2 186.189.249.2 - suspicious
|
|
|
5.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2201 |
2020-10-20 15:18
|
INV_75891429362122477667659.do... f30a57fa69b4a9986ecba1782f65bdc2 Vulnerability unpack itself |
|
1
|
|
|
1.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2202 |
2020-10-20 15:51
|
Mssz6xtWX5orm7o1nlYg.exe ff2ce8b5a2e8f56035f0fd2741e9d45e VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/qmDSMVoH/ - mailcious
|
2
164.124.101.2 208.180.207.205 - suspicious
|
|
|
6.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2203 |
2020-10-20 15:52
|
7Y8JPQhD02tGzQA0Yc.exe 4ce948c02be68dacf9038d42f00cd097 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/eDFLKHyb/tNE7r6JBpDSudzWxuYU/INlLnh3Eo4Bnj3VLQ/25eFDC/BCEXDtulC2mjeSnpZ/ - mailcious
|
2
164.124.101.2 208.180.207.205 - suspicious
|
|
|
6.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2204 |
2020-10-20 16:19
|
http://blockschain.great-site.... 83af9f05c497857ace30bf9077443498 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://blockschain.great-site.net/css/style.css http://blockschain.great-site.net/?i=1 http://blockschain.great-site.net/favicon.ico http://blockschain.great-site.net/ - suspicious http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://blockschain.great-site.net/aes.js https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css https://fonts.googleapis.com/css?family=Anton
|
10
fonts.googleapis.com(172.217.25.234) infinityfree.net(104.26.8.174) cdnjs.cloudflare.com(104.17.78.107) - mailcious blockschain.great-site.net(185.27.134.216) - suspicious 104.17.79.107 104.26.9.174 117.18.232.200 - suspicious 164.124.101.2 172.217.24.74 185.27.134.216 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2205 |
2020-10-20 17:13
|
7.exe c90ef4d73de6e2f66b5571ec8867b41c Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/Qtnp/KkohcK/C1QHKTNll/ - mailcious
|
2
164.124.101.2 208.180.207.205 - suspicious
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|