3016 |
2024-06-14 09:28
|
setup%E4%B8%8B%E8%BD%BD%E5%90%... 2b2690881f0030510504113baf20831b Malicious Library PE64 PE File VirusTotal Malware DNS |
|
1
|
|
|
3.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3017 |
2024-06-14 09:28
|
steal.exe 1db2c9b7cd800917493a1439dcfa8eb6 Emotet Gen1 Generic Malware ASPack Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself crashed |
|
|
|
|
2.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3018 |
2024-06-14 09:27
|
client.exe 866ad295aff7b5f29b44040b98c6994d Gen1 Generic Malware ASPack Malicious Library UPX Anti_VM PE64 ftp PE File OS Processor Check DLL ZIP Format Malware Check memory Creates executable files unpack itself Ransomware |
|
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3019 |
2024-06-14 09:27
|
ransom.exe 425a94ea0db7c1fb84b3abeaed25784b Icarus Stealer Emotet Gen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format Malware Check memory Creates executable files Ransomware DNS |
|
1
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3020 |
2024-06-14 09:27
|
onecommander.exe 55757364d854adc3fc1e5cb59532f1c3 Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll PE File OS Processor Check DNS crashed |
|
1
|
|
|
0.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3021 |
2024-06-14 09:25
|
OfferedBuilt.exe 00614852dbe5c98d84c4501702d04e93 NSIS Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName |
|
|
|
|
6.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3022 |
2024-06-14 09:24
|
sharo.doc 8b049d5e850fc75c1cef5edb8fc68feb Formbook MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself suspicious TLD Tofsee Exploit DNS crashed |
|
21
www.primeplay88.org(91.195.240.19) - mailcious covid19help.top(172.67.175.222) - mailcious www.kinkynerdspro.blog(94.23.162.163) - mailcious www.touchclean.top(67.223.117.189) www.99b6q.xyz() - mailcious www.mrart.co.kr(183.111.183.31) - mailcious www.besthomeincome24.com() - mailcious www.ibistradingco.com(191.101.228.74) www.terelprime.com(66.96.161.166) - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.86) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 67.223.117.189 54.38.220.85 - mailcious 93.127.196.69 66.96.161.166 - mailcious 172.67.175.222 - mailcious 45.33.6.223 194.9.94.85 - mailcious 183.111.183.31 - mailcious 198.12.241.35 - mailcious
|
7
ET DNS Query to a *.top domain - Likely Hostile ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1 ET INFO HTTP Request to a *.top domain ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP Request abnormal Content-Encoding header ET HUNTING Possible COVID-19 Domain in SSL Certificate M2
|
12
http://www.kinkynerdspro.blog/ufuh/ http://www.terelprime.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.primeplay88.org/ufuh/ http://www.terelprime.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.primeplay88.org/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.kinkynerdspro.blog/ufuh/
|
3.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3023 |
2024-06-14 09:24
|
sharo.scr 3935f15dafdd5edfca70895940dce681 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM .NET EXE PE32 PE File DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself AppData folder malicious URLs Browser |
|
15
www.primeplay88.org(91.195.240.19) - mailcious www.mrart.co.kr(183.111.183.31) - mailcious www.99b6q.xyz() - mailcious www.besthomeincome24.com() - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.85) - mailcious www.terelprime.com(66.96.161.166) - mailcious www.kinkynerdspro.blog(94.23.162.163) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 66.96.161.166 - mailcious 54.38.220.85 - mailcious 194.9.94.86 - mailcious 45.33.6.223 183.111.183.31 - mailcious 198.12.241.35 - mailcious
|
1
SURICATA HTTP Request abnormal Content-Encoding header
|
12
http://www.kinkynerdspro.blog/ufuh/ http://www.kinkynerdspro.blog/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.terelprime.com/ufuh/ http://www.terelprime.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.primeplay88.org/ufuh/ http://www.primeplay88.org/ufuh/ http://www.mrart.co.kr/ufuh/
|
12.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3024 |
2024-06-14 09:22
|
bin1.doc ab6398c625d0ae23c0582ad07d044581 MS_RTF_Obfuscation_Objects RTF File doc Cobalt Strike Cobalt VirusTotal Malware c&c RWX flags setting exploit crash Tofsee Exploit DNS crashed |
|
19
dukeenergyltd.top(104.21.25.202) - malware www.ekvassf.store() www.baldjourney.com(35.212.60.56) www.themirrorproject.org() www.planningexcellence.org(104.21.68.117) www.heolty.xyz(162.0.238.43) www.5597043.com(172.66.47.183) www.mildhicky.com(149.88.71.203) www.usebanq.com(198.54.117.242) www.vt0lcffi5.sbs(47.239.13.172) 47.239.13.172 35.212.60.56 172.66.44.73 198.54.117.242 - mailcious 45.33.6.223 172.67.134.136 - malware 149.88.71.203 162.0.238.43 104.21.68.117
|
4
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP Request abnormal Content-Encoding header ET Threatview.io High Confidence Cobalt Strike C2 IP group 3
|
|
3.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3025 |
2024-06-14 09:20
|
bin2.doc 118072abaca518e6ece93908a9fee1f4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash suspicious TLD Tofsee Exploit DNS crashed |
17
http://www.carolinappttery.com/q380/ http://www.ybw73.top/zfmd/?gSDpSqhg=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&zd=lHTo3CucwT http://www.aritum.top/f2qc/?gSDpSqhg=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&zd=lHTo3CucwT http://www.aritum.top/f2qc/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip http://www.ybw73.top/zfmd/ http://www.carolinappttery.com/q380/?gSDpSqhg=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&zd=lHTo3CucwT http://www.sjzsls.com/9ypd/ http://www.winnscce.com/xk70/?gSDpSqhg=E9dNAQXSau8gxD7ycO4dLfQfH5YRjq6/aXbIhWqdNKhuK+zum8oLAEgkUh6j+ec/Dsz5NNoJPY83q7uKVhR+kQSzALNmdhL2cm95N3pKuY1dSsInVS8QGD1t6OErSJExWBCOe4E=&zd=lHTo3CucwT http://www.w90dm.top/8ms4/ http://www.ay62m.top/orwn/ http://www.sjzsls.com/9ypd/?gSDpSqhg=Fp4YMLPzXpbUfY9ET0WH3a72p3fXf7YhU2uVF/1Su8SRdO97GHvogqvz+96x72oMEQq3eHyW0zw8RVfXjuFBE/DSpz5ZNszOE2hxgYcLkAt/YsxuqXlLrzOhs3BZhOu+6KXTzoA=&zd=lHTo3CucwT http://www.ay62m.top/orwn/?gSDpSqhg=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&zd=lHTo3CucwT http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.w90dm.top/8ms4/?gSDpSqhg=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&zd=lHTo3CucwT http://www.winnscce.com/xk70/ https://dukeenergyltd.top/bin2.scr
|
16
www.aritum.top(203.161.55.102) dukeenergyltd.top(172.67.134.136) - malware www.sjzsls.com(154.212.44.122) - mailcious www.carolinappttery.com(123.58.214.101) www.winnscce.com(123.58.214.101) www.ay62m.top(38.47.207.132) www.ybw73.top(38.47.232.233) www.w90dm.top(38.47.232.178) 38.47.232.178 203.161.55.102 38.47.232.233 154.212.44.122 - mailcious 38.47.207.132 45.33.6.223 172.67.134.136 - malware 123.58.214.101
|
3
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO HTTP Request to a *.top domain
|
|
4.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3026 |
2024-06-14 09:20
|
setup%E7%9B%AE%E5%BD%95%E8%A1%... b8cc81e57efd30cab09d0256f79f7098 Malicious Library PE64 PE File VirusTotal Malware DNS |
1
|
1
|
|
|
2.6 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3027 |
2024-06-14 09:17
|
setup%E7%9B%AE%E5%BD%95%E8%A1%... 7fbc6a95fc41c5bb0fecdd659d641ae9 Malicious Library PE64 PE File VirusTotal Malware DNS |
1
|
1
|
|
|
2.4 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3028 |
2024-06-14 07:51
|
lummac2.exe 6e3d83935c7a0810f75dfa9badc3f199 PE32 PE File |
|
|
|
|
0.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3029 |
2024-06-14 07:49
|
setup%E4%B8%8B%E8%BD%BD%E5%90%... 4dc6a0aa29fc47b343521af82014af0f Malicious Library PE64 PE File DNS crashed |
1
http://8.134.15.84/123.conf
|
1
|
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3030 |
2024-06-14 07:47
|
qgtplfgy2.exe 3d033b03106e5b46abde0df781c164d5 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed |
|
2
cp8nl.hyperhost.ua(185.174.175.187) 185.174.175.187
|
2
SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|