2536 |
2024-07-03 19:10
|
file_xgep41gp.dyp.txt.ps1 b75a49ff9b2f445e17519d2e743fe1b4 Generic Malware Antivirus Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName |
2
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
http://23.95.235.16/33011/WDF.txt
|
2
uploaddeimagens.com.br(172.67.215.45) - malware 172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2537 |
2024-07-03 19:02
|
file_ahstznsa.ob0.txt.ps1 478b1ac88592f59f8a1d4cb790120c38 Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName |
2
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
http://23.95.235.16/33011/WDF.txt
|
2
uploaddeimagens.com.br(172.67.215.45) - malware 172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
3.6 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2538 |
2024-07-03 18:50
|
poop.exe 42e52b8daf63e6e26c3aa91e7e971492 PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Creates shortcut Creates executable files Ransomware Browser |
|
|
|
|
4.6 |
M |
68 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2539 |
2024-07-03 18:47
|
uho.uouo.uououo.doc 9904916ce3549610216e99d83e7e2135 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit Java DNS crashed |
3
http://91.92.254.29/Users_API/syscore/file_xgep41gp.dyp.txt http://23.95.235.16/33011/greatideaforfollowers.gif https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 23.95.235.16 - mailcious 91.92.254.29 172.67.215.45 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET WEB_CLIENT Obfuscated Javascript // ptth
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
5.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2540 |
2024-07-03 18:46
|
client_win.exe 9f478308a636906db8c36e77ce68b4c2 Gen1 Generic Malware Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files WriteConsoleW |
|
|
|
|
1.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2541 |
2024-07-03 18:44
|
123.exe 4a24aad5274be7e1fd5e3ef95ea20f8f Gen1 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processor Che VirusTotal Malware AutoRuns PDB Code Injection Creates executable files Windows utilities WriteConsoleW Windows Remote Code Execution crashed |
|
|
|
|
6.0 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2542 |
2024-07-03 18:43
|
OPERATIONAL_MOAT.exe fe630e60d070ead8f5421d4006872435 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS |
|
1
185.208.158.176 - malware
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
|
|
4.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2543 |
2024-07-03 18:41
|
ok.exe 2a5bdb0a785762ab4982d360bd4c37e5 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS |
|
1
185.208.158.176 - malware
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
|
|
4.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2544 |
2024-07-03 18:41
|
wmi.jpg.exe 1953c97029337ec04a8d4b69911d843f UPX PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities WriteConsoleW Firewall state off IP Check Windows DNS DDNS Downloader |
5
http://118.184.169.48/dyndns/getip http://16.162.161.106:8080/api/node/ip_validate http://ssl.ftp21.cc/64.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8
|
27
gtxvdqvuweqs.com(16.162.201.176) - mailcious members.3322.org(118.184.169.48) down.ftp21.cc(107.189.29.100) - malware ipv6-api.iproyal.com() api.ipify.org(172.67.74.152) download.microsoft.com(72.247.96.197) hook.ftp21.cc(211.108.60.155) - malware api6.my-ip.io() www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.189) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(211.108.60.155) - malware 16.162.161.106 104.26.13.205 211.108.60.155 - malware 59.151.136.153 51.161.196.188 45.113.194.127 16.162.201.176 - mailcious 1.226.84.135 218.57.129.51 93.189.62.83 118.184.169.48 110.11.158.238 119.203.212.165 - malware
|
12
ET DNS Query for .cc TLD ET INFO Packed Executable Download ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
11.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2545 |
2024-07-03 18:40
|
toi.txt.exe 5de123afed9669f8abd8994820591ec7 Generic Malware PE File DLL PE64 VirusTotal Malware crashed |
|
|
|
|
1.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2546 |
2024-07-03 18:38
|
EERIE_EAVE.exe e515e4872f4891fb598b503c34036b8c Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger Check virtual network interfaces DNS |
|
1
185.208.158.176 - malware
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
|
|
4.8 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2547 |
2024-07-03 18:38
|
lumma0207.exe 168c5908924803d268d26965c32a5620 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2548 |
2024-07-03 18:27
|
IEnetCache.hta 23944bdd42dd1973f4cebc54defbccd0 Generic Malware Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key |
1
http://198.46.178.137/22033/igccu.exe
|
1
|
3
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2549 |
2024-07-03 18:12
|
강연의뢰서_ 엄구호 교수님 .docx.lnk... 52d073c181531c7f0b8b3aa764c6551d Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.4 |
|
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2550 |
2024-07-03 17:19
|
pconsnap.dll 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|