| 2611 |
2020-11-05 07:48
|
https://phl-action-msq.s3.ap-s... 9c4bc837af9308a9a4a89220ed106145 |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2612 |
2020-11-05 09:26
|
http://175.208.134.150:8282/te... 6479dedf0e74ba999f637e1acb7f86b2 |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2613 |
2020-11-05 09:28
|
http://175.208.134.150:8282/te... 6479dedf0e74ba999f637e1acb7f86b2 |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2614 |
2020-11-05 09:31
|
ddrawex.exe 6ba32f1b4975398d7082203eef2503c8
VirusTotal Malware ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://192.232.229.54:7080/kBSPgBUxAHH4c/ubjyOG54e1h/ - mailcious
|
4
192.175.111.214 - suspicious
188.157.101.114 - suspicious
95.85.33.23 - suspicious
192.232.229.54 - suspicious
|
|
|
7.6 |
M |
60 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2615 |
2020-11-05 09:34
|
http://randysino.com/vxghj/udI... 2f8b305d57e157e1b74e03baa6940217
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
5
http://randysino.com/cdn-cgi/styles/cf.errors.css
http://randysino.com/cdn-cgi/images/icon-exclamation.png?1376755637
http://randysino.com/favicon.ico
http://randysino.com/vxghj/udI/
https://randysino.com/favicon.ico
|
4
randysino.com(104.26.14.164)
172.217.25.14 - suspicious
104.26.14.164
117.18.232.200 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
5.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2616 |
2020-11-05 09:37
|
http://175.208.134.150:8282/te... 6479dedf0e74ba999f637e1acb7f86b2
suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Windows DNS |
1
http://175.208.134.150:8282/test/msi.zip
|
2
172.217.25.14 - suspicious
175.208.134.150
|
1
ET INFO Dotted Quad Host ZIP Request
|
|
5.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2617 |
2020-11-05 09:40
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a
VirusTotal Malware DNS |
1
http://marceloxfoto.com/docs/ezemeneoonhandemefaicnb.djx
|
4
marceloxfoto.com(217.160.0.138)
175.208.134.150
217.160.0.138
172.217.25.14 - suspicious
|
|
|
1.8 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2618 |
2020-11-05 09:46
|
http://175.208.134.150:8282/te... 5c8e2fed189e7b7f7f1d9e756fd072f8
Code Injection RWX flags setting unpack itself Windows utilities Windows DNS |
2
http://175.208.134.150:8282/test/test.eml
http://175.208.134.150:8282/favicon.ico
|
2
172.217.25.14 - suspicious
175.208.134.150
|
|
|
2.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2619 |
2020-11-05 09:51
|
https://alapenho0221555.s3-eu-... 0d72220f2fa97baff0ce21e12e3e3de9
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows Advertising Google ComputerName DNS keylogger |
4
http://manaproducoes.com.br/site/core/xmen//?jama28nta
http://erdempetrol.com.tr/fonts/awesome/9S7D2SP/OS97RJ10S.zip
https://docs.google.com/document/d/1CHqiI-scmuRTdR3ZdzmIA0--QDfU6-L5z3cOCkEMtbQ//export?format=txt
https://alapenho0221555.s3-eu-west-1.amazonaws.com/B0002221114788885522.zip - malware
|
9
erdempetrol.com.tr(163.172.206.96)
docs.google.com(172.217.161.78) - mailcious
manaproducoes.com.br(187.45.195.61)
alapenho0221555.s3-eu-west-1.amazonaws.com(52.218.20.251) - malware
163.172.206.96
187.45.195.61 - suspicious
172.217.174.206
52.218.88.88
172.217.25.14 - suspicious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Unsupported/Fake Windows NT Version 5.0
|
|
9.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2620 |
2020-11-05 09:53
|
https://tatatertib.binainsani.... f6e9f6de099449b84d37f8c9c959c0a3
Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
3
tatatertib.binainsani.com(203.161.184.50) - malware
203.161.184.50 - suspicious
172.217.25.14 - suspicious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2621 |
2020-11-05 09:55
|
https://breeder-world.presstig... 8331bb422758855644314f06ef8b6494
Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
4
breeder-world.presstigers.dev(5.9.238.116) - malware
172.217.174.206
5.9.238.116 - suspicious
172.217.25.14 - suspicious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2622 |
2020-11-05 09:57
|
https://leavereport.teamengine... 8331bb422758855644314f06ef8b6494
Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
3
leavereport.teamengineering.co(192.185.52.144) - malware
192.185.52.144 - suspicious
172.217.25.14 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2623 |
2020-11-05 09:59
|
https://firma.osgbpro.com/nvda... 8331bb422758855644314f06ef8b6494
Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
3
firma.osgbpro.com(77.92.132.154) - malware
77.92.132.154 - suspicious
172.217.25.14 - suspicious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2624 |
2020-11-05 10:47
|
https://chrise.xpleomedia.com/... 8331bb422758855644314f06ef8b6494
VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities AppData folder Tofsee Windows DNS |
3
https://chrise.xpleomedia.com/favicon.ico
https://chrise.xpleomedia.com/m1d7zbbc.jpg - malware
https://chrise.xpleomedia.com/wp-content/uploads/2020/08/cerberus-favicon-150x149.png
|
3
chrise.xpleomedia.com(52.42.0.213) - malware
52.42.0.213 - suspicious
172.217.25.14 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2625 |
2020-11-05 10:58
|
Server.exe ad6e52e637e6265303f8dec3b5b79b66
VirusTotal Malware WriteConsoleW DNS |
|
4
4.tcp.ngrok.io(3.22.15.135)
3.138.180.119
3.131.147.49
3.133.207.110
|
1
ET POLICY DNS Query to a *.ngrok domain (ngrok.io)
|
|
3.0 |
|
53 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|