| 3046 |
2020-11-16 08:28
|
http://kalpvedafoundation.com/... 0f2f74c12a0c35894841633c4a274c7a
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://kalpvedafoundation.com/amour/cjoo.exe
|
4
kalpvedafoundation.com(192.185.76.89)
172.217.25.14 - suspicious
192.185.76.89
117.18.232.200 - suspicious
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3047 |
2020-11-16 08:40
|
http://45.129.2.137/windows.ms... b10818a90e3ff2f35dd2d6cd1be5386b
Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://45.129.2.137/windows.msi
|
2
45.129.2.137 - suspicious
117.18.232.200 - suspicious
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
31 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3048 |
2020-11-16 08:53
|
bd2ac88b645f9a64_windows[1].ms... b10818a90e3ff2f35dd2d6cd1be5386b
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
3.6 |
M |
31 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3049 |
2020-11-16 09:55
|
asdf.EXE 5e1076d2b7b7ba138f08174d602bc167
VirusTotal Malware RWX flags setting unpack itself Windows crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3050 |
2020-11-16 13:00
|
asdf.EXE 5e1076d2b7b7ba138f08174d602bc167
VirusTotal Malware RWX flags setting unpack itself Windows crashed |
|
|
|
|
3.2 |
M |
57 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3051 |
2020-11-16 15:47
|
Arc_SV7257602192KT.doc 410eee98c357147776c0e926c6336db2
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
|
8
pipesplumbingltd.com(35.208.159.220) - mailcious
annabphotography.co.uk(35.214.15.47) - mailcious
35.208.159.220 - suspicious
35.214.15.47 - suspicious
173.173.254.105 - suspicious
64.207.182.168 - suspicious
102.182.145.130 - suspicious
51.89.199.141 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Terse Named Filename EXE Download - Possibly Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
7.0 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3052 |
2020-11-16 16:07
|
03e927e6cb9a1e99f7b0cf1fffaf04... 03e927e6cb9a1e99f7b0cf1fffaf04ab
VirusTotal Email Client Info Stealer Malware Checks debugger unpack itself malicious URLs Ransomware Email |
|
|
|
|
3.0 |
|
8 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3053 |
2020-11-16 16:08
|
IZ965Q89_15_01.doc e2a74e7d83a27eb49e4074a301d695d4
Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
|
8
www.hgklighting.com(104.31.72.216) - malware
pilkom.ulm.ac.id(103.195.91.180) - malware
thegioilap.vn(112.213.89.7) - malware
jelajahpulautidung.com() - malware
165.227.220.53 - suspicious
103.195.91.180 - suspicious
112.213.89.7 - suspicious
104.31.73.216
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3054 |
2020-11-16 16:15
|
6079ddee4a0bcf4778e2dc9d4c269a... 6079ddee4a0bcf4778e2dc9d4c269a4d
VirusTotal Email Client Info Stealer Malware Checks debugger unpack itself malicious URLs Ransomware Email DNS |
|
1
172.217.25.14 - suspicious
|
|
|
4.0 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3055 |
2020-11-16 16:24
|
6c9a21fbf0fb419a00d145b62a470c... 6c9a21fbf0fb419a00d145b62a470cf3
VirusTotal Email Client Info Stealer Malware Checks debugger unpack itself malicious URLs Ransomware Email DNS |
|
1
172.217.25.14 - suspicious
|
|
|
3.6 |
|
5 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3056 |
2020-11-16 16:34
|
42674ac72c128ad00644c264f303ed... 42674ac72c128ad00644c264f303edb0
Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName |
|
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3057 |
2020-11-16 16:36
|
KasperWare_BETA.exe 07c60c57ceecf8527213ea4c65739abf
VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces malicious URLs Tofsee |
3
https://cdn.discordapp.com/attachments/743750440327446570/748942494561075301/Token_Stealer.bat
https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/tokenstealer.vbs
https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/tokenstealer2.vbs
|
6
github.com(15.164.81.167) - mailcious
raw.githubusercontent.com(151.101.192.133) - malware
cdn.discordapp.com(162.159.135.233) - malware
52.78.231.108 - suspicious
151.101.76.133 - suspicious
162.159.130.233 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
|
54 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3058 |
2020-11-16 16:51
|
FILE 69108.doc 80380e507ae539fad4894d36491f513c
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
|
13
zhidong.store() - mailcious
www.meshzs.com(188.166.149.118) - malware
inbichngoc.com(104.18.62.160) - malware
dartzeel.com(35.214.163.147) - malware
www.angiathinh.com(118.71.180.39) - mailcious
nurmarkaz.org(160.153.138.219) - malware
australaqua.com(104.18.48.247) - mailcious
188.166.149.118 - suspicious
35.214.163.147 - suspicious
160.153.138.219 - suspicious
104.18.48.247
104.18.63.160
118.71.180.39
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
45 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3059 |
2020-11-16 17:05
|
ARC_TH1940084283ZO.doc 55d79fbe07c3d17f618890bd72c4efc3
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://annabphotography.co.uk/wp-includes/WdHO/ - rule_id: 99
http://64.207.182.168:8080/ynEa1jfetxWq5u/ - rule_id: 98
|
7
pipesplumbingltd.com(35.208.159.220) - mailcious
annabphotography.co.uk(35.214.15.47) - mailcious
35.208.159.220 - suspicious
35.214.15.47 - suspicious
173.173.254.105 - suspicious
64.207.182.168 - suspicious
102.182.145.130 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Terse Named Filename EXE Download - Possibly Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
2
http://annabphotography.co.uk/wp-includes/WdHO/
http://64.207.182.168:8080/
|
7.0 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3060 |
2020-11-16 18:29
|
Netflix_Leecher_3.0.exe fd94d289b3711b1d7f6111ae8047d9f4
VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName |
|
|
|
|
3.0 |
|
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|