| 2356 |
2024-07-10 09:52
|
 Update2.js 1d07102e4ad699b952201104aca88770
VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper |
1
https://wvgbc.parish.chuathuongxot.org/orderReview
|
2
wvgbc.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2357 |
2024-07-10 09:52
|
 Update.js 94a69d2789ce8db937bd23160c7cf57b
VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://pyous.parish.chuathuongxot.org/orderReview
|
2
pyous.parish.chuathuongxot.org(23.95.182.12)
23.95.182.12 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2358 |
2024-07-10 07:46
|
 wev233v22.exe f7f9d3c98351d9be736e7aafb3563561
Gen1 Generic Malware Malicious Library UPX Antivirus Malicious Packer Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself |
|
|
|
|
3.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2359 |
2024-07-10 07:41
|
 1.exe 21cccf69e6aac10cae5b938d7b6c5fd4
Lumma Stealer UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2360 |
2024-07-10 07:38
|
 200.exe 74454c0916108ed9de037798dd9fb948
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2361 |
2024-07-10 07:36
|
 2.exe 536b6b4464f2476d693267bd71d9a1ee
Lumma Stealer UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2362 |
2024-07-09 21:37
|
https://l.facebook.com/l.php?u... c896711e056cb6f0df71a7c8e0fac71c
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
13
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww
https://m.facebook.com/favicon.ico
https://l.facebook.com/l.php?u=https://jumpseller.s3.eu-west-1.amazonaws.com/store/store5/assets/0DlBptEf2ucAMWLVhICY.xml?3ZWnWh6lF7YOyvbrJnAH?3ZWnWh6lF7YOyvbrJnAH?u=https://app.alibaba.com/dynamiclink?medium_source=facebook&traffic_type=install&field=UG&schema=enalibaba://oneSight?biz=dpa&keyword=Cricket&product_id=10000002872855&pcate=202017804&from=cpm_fb&kpi=abrate&tagId=10000002872855&categoryId=202017804&categoryName=Cricket&traffic_type=install&field=UG&fbclid=IwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg&h=AT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ&medium_source=facebook&channel_url=https://staticxx.-.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=43%23cb=f2c4458ac9011a8&domain=www.-.com&origin=https://www.-.com/&h=AT01NiNROZ8p941O0N0aTu1eTEc68z48cS0k-Fomk3H3l-zlM9fzup-7MGpKVLX7ayzNVdFs6-lQLRoUAiw5DkT8cTkKxDbImOguZjIP8xADMSwjdKQf
https://fbsbx.com/security/hsts-pixel.gif
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png
https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1obHn9DopNwORveXPj0XvXlunAn_I02Q6VPiWjsC-Lnn6F-4fS3j3tzMjWWTgTEYYu6pUzLUgbLz99rBSkS9sgLPTgWyT6C_F5fR_z6EbPC8dz2fpRHA
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww&_rdr
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
10
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
l.facebook.com(157.240.215.36)
157.240.215.35
157.240.215.36
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2363 |
2024-07-09 21:37
|
https://www.facebook.com/38022... 1248cb643e2592a6bcce60711dc10617
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format icon MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
https://m.facebook.com/story.php?story_fbid=3802211850064154&id=100008261283165&_rdr
https://m.facebook.com/favicon.ico
https://fbsbx.com/security/hsts-pixel.gif
https://www.facebook.com/3802211850064154
https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fstory.php%3Fstory_fbid%3D3802211850064154%26id%3D100008261283165&refsrc=deprecated&_rdr
https://m.facebook.com/3802211850064154?_rdr
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
8
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
157.240.215.35
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2364 |
2024-07-09 21:31
|
https://l.facebook.com/l.php?u... 2bec4686337f2e399b71386575535145
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
12
https://m.facebook.com/favicon.ico
https://fbsbx.com/security/hsts-pixel.gif
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D
https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w&_rdr
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
https://fbcdn.net/security/hsts-pixel.gif?c=2
|
10
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
l.facebook.com(157.240.215.36)
157.240.215.35
157.240.215.36
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2365 |
2024-07-09 18:49
|
 DS_Store.exe 14df06539b72837adb9f8d13cfcea6db
Generic Malware Malicious Packer UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
0.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2366 |
2024-07-09 18:47
|
 DS_Store.exe 14df06539b72837adb9f8d13cfcea6db
Generic Malware Malicious Packer UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
0.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2367 |
2024-07-09 18:41
|
2aba0c4cfb95beba9ddb8208234f1b... 432230af1d59dac7dfb47e0684807240
Escalate priviledges PWS KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself DNS |
|
3
p13n.adobe.io(52.22.41.97)
3.233.129.217
104.78.72.178
|
|
|
4.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2368 |
2024-07-09 18:21
|
소명자료 목록.hwp.lnk a330b834cc2ec19c3e151f07fb4b877c
Generic Malware Antivirus AntiDebug AntiVM HWP MSOffice File Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
https://executivedaytona.com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0
|
|
|
|
6.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2369 |
2024-07-09 18:16
|
근로신청서 관련의 건.docx.lnk 21d12dc7f08752293847af6ed19df0e3
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.2 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2370 |
2024-07-09 17:10
|
 fromblueRmilxch.exe 0234bff4bd4e6dd7a80d3fde4f12fc09
Malicious Library Malicious Packer .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|