| 2206 |
2020-10-20 17:17
|
aisbLsiE.exe 3ed2826a1e5d25a48f0d2e92c687317f
Emotet Malware download VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://38.111.46.46:8080/eCpqxVDnTlwS42B1/GTqT0LRs/lMc6gOg6WdcY/ALUPbzO4r7EC5Br/dM6LEmhyxWRJafHh7v/ - mailcious
http://162.241.242.173:8080/AQxg26M27Hd20/qvJ8JL/97OsKqRed0RX/DGRZkQlxpR4oc9bRGB/JBJW/If1ZL4psik/ - mailcious
|
6
134.209.36.254 - suspicious
162.241.242.173 - suspicious
164.124.101.2
2.84.135.163 - suspicious
38.111.46.46 - suspicious
67.10.155.92 - suspicious
|
5
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 17
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 5
ET MALWARE Win32/Emotet CnC Activity (POST) M10
|
|
9.0 |
M |
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2207 |
2020-10-20 17:21
|
Gj14N5aW.exe 4a8a93cfff1ea3c4251d2d12705c9a2a
VirusTotal Malware Report Malicious Traffic ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://62.30.7.67:443/V4R69jWC6/ILZyVeUJ4CAKnS/21IApr/Nqwx72WZINKGmQwJ/ - mailcious
http://162.241.242.173:8080/dTKsPQmI/ILxNeO/NLogweu/ - mailcious
|
7
142.44.137.67 - suspicious
162.241.242.173 - suspicious
164.124.101.2
192.158.216.73 - suspicious
62.30.7.67 - suspicious
85.152.162.105 - suspicious
85.214.28.226 - suspicious
|
5
ET CNC Feodo Tracker Reported CnC Server group 23
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 20
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET POLICY HTTP traffic on port 443 (POST)
|
|
9.8 |
M |
59 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2208 |
2020-10-20 17:27
|
6E9zisbO9sC0owFOL.exe f8799dca3986c7ce5a501d6c93f546d0
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://91.121.87.90:8080/arNoljnh0f5/4nPhA3vv2/cbp1CkHTnRbrDplE/U1Qn0OFyTz/OlMlRR2Tj7XObl/pGG8dwHq/ - mailcious
|
3
164.124.101.2
177.130.51.198 - suspicious
91.121.87.90 - suspicious
|
|
|
8.0 |
M |
11 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2209 |
2020-10-20 17:31
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/RbSCF5bx/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2210 |
2020-10-20 17:37
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/ms47DPwej1mNU/2wmbw/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2211 |
2020-10-20 17:40
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/VX91Fabh/ffz9uON9sxZa0vRKH/0JaFLhCiuOKAmNfyQ/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2212 |
2020-10-20 17:50
|
fUV0qtOHs8f1V.exe 1899797eec0cff367f4c2b7974dae71d
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://24.230.141.169/ab89dkwa/PPODsD2XAF2u22sH/jjjsvnn8sJbbAE8/ - mailcious
|
2
164.124.101.2
24.230.141.169 - suspicious
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2213 |
2020-10-20 17:50
|
WBXwh.exe f340e14bdf91c3f76734b4d10599fc75
VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
|
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2214 |
2020-10-20 18:20
|
KX6b46h61WpcxYvibEeK.exe 9c18bf05c04cb7c5a423a4e74fb20c16
VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
M |
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2215 |
2020-10-20 18:20
|
CFcnwUfBBk3KTkEW.exe 851aca30c0e2ad6b6158ca755fb74688
VirusTotal Malware Check memory RWX flags setting unpack itself |
|
1
|
|
|
1.8 |
|
8 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2216 |
2020-10-21 07:46
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81)
117.18.232.200 - suspicious
164.124.101.2
198.54.126.81
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2217 |
2020-10-21 07:53
|
https://globaltechealthy.com/x... b42bdc5e32b4c255ddcaf88eb84487ab
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
4
globaltechealthy.com(198.54.126.81) - malware
117.18.232.200 - suspicious
164.124.101.2
198.54.126.81 - suspicious
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2218 |
2020-10-21 07:55
|
http://kyleesbirthdaybash.com/... 1ac2d51d0c9f165943065eab1ace3f67
VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed |
3
http://59.148.253.194:8080/ILcOXckigoY/HMRI8PC1Q6/VTaCG3Zu8HfwyU/VM4UltpElsAzUMzkD/3LBuQBzN6bwROG/4UceHa1lWVbY6fi/ - mailcious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://kyleesbirthdaybash.com/wp-includes/Sco/
|
6
kyleesbirthdaybash.com(148.72.3.169)
117.18.232.200 - suspicious
148.72.3.169
164.124.101.2
173.68.199.157
59.148.253.194 - suspicious
|
2
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
13.6 |
M |
9 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2219 |
2020-10-21 08:11
|
http://wearenursesvip.com/wp-i... a097f280746cd6ddaa694b849007e87f
VirusTotal Malware AutoRuns Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Windows Exploit Advertising ComputerName DNS Cryptographic key crashed keylogger |
3
http://75.188.96.231/vFwkaiFNWobTM7/
http://wearenursesvip.com/wp-includes/ZbcC/
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
5
wearenursesvip.com(148.72.3.169)
117.18.232.200 - suspicious
148.72.3.169
164.124.101.2
75.188.96.231
|
2
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
12.6 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2220 |
2020-10-21 09:19
|
Copy invoice #1252.doc 3210c2965e9284197cb5618b2492ae1c
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
1
http://188.226.165.170:8080/OCuKMuQWW/GfkvVful050/KKbOKeF/wLHRvJQjkFppvzHCC/X9XNNYF0ISWHQKLqf/EjggGXx/ - mailcious
|
7
luofox.com(106.54.225.198)
104.131.144.215 - suspicious
106.54.225.198
164.124.101.2
188.226.165.170 - suspicious
5.2.246.108
91.121.87.90 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.8 |
M |
25 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|