3046 |
2020-11-16 08:28
|
http://kalpvedafoundation.com/... 0f2f74c12a0c35894841633c4a274c7a VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
1
http://kalpvedafoundation.com/amour/cjoo.exe
|
4
kalpvedafoundation.com(192.185.76.89) 172.217.25.14 - suspicious 192.185.76.89 117.18.232.200 - suspicious
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3047 |
2020-11-16 08:40
|
http://45.129.2.137/windows.ms... b10818a90e3ff2f35dd2d6cd1be5386b Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://45.129.2.137/windows.msi
|
2
45.129.2.137 - suspicious 117.18.232.200 - suspicious
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
31 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3048 |
2020-11-16 08:53
|
bd2ac88b645f9a64_windows[1].ms... b10818a90e3ff2f35dd2d6cd1be5386b VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
3.6 |
M |
31 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3049 |
2020-11-16 09:55
|
asdf.EXE 5e1076d2b7b7ba138f08174d602bc167 VirusTotal Malware RWX flags setting unpack itself Windows crashed |
|
|
|
|
3.2 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3050 |
2020-11-16 13:00
|
asdf.EXE 5e1076d2b7b7ba138f08174d602bc167 VirusTotal Malware RWX flags setting unpack itself Windows crashed |
|
|
|
|
3.2 |
M |
57 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3051 |
2020-11-16 15:47
|
Arc_SV7257602192KT.doc 410eee98c357147776c0e926c6336db2 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
|
8
pipesplumbingltd.com(35.208.159.220) - mailcious annabphotography.co.uk(35.214.15.47) - mailcious 35.208.159.220 - suspicious 35.214.15.47 - suspicious 173.173.254.105 - suspicious 64.207.182.168 - suspicious 102.182.145.130 - suspicious 51.89.199.141 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
7.0 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3052 |
2020-11-16 16:07
|
03e927e6cb9a1e99f7b0cf1fffaf04... 03e927e6cb9a1e99f7b0cf1fffaf04ab VirusTotal Email Client Info Stealer Malware Checks debugger unpack itself malicious URLs Ransomware Email |
|
|
|
|
3.0 |
|
8 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3053 |
2020-11-16 16:08
|
IZ965Q89_15_01.doc e2a74e7d83a27eb49e4074a301d695d4 Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
|
8
www.hgklighting.com(104.31.72.216) - malware pilkom.ulm.ac.id(103.195.91.180) - malware thegioilap.vn(112.213.89.7) - malware jelajahpulautidung.com() - malware 165.227.220.53 - suspicious 103.195.91.180 - suspicious 112.213.89.7 - suspicious 104.31.73.216
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3054 |
2020-11-16 16:15
|
6079ddee4a0bcf4778e2dc9d4c269a... 6079ddee4a0bcf4778e2dc9d4c269a4d VirusTotal Email Client Info Stealer Malware Checks debugger unpack itself malicious URLs Ransomware Email DNS |
|
1
172.217.25.14 - suspicious
|
|
|
4.0 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3055 |
2020-11-16 16:24
|
6c9a21fbf0fb419a00d145b62a470c... 6c9a21fbf0fb419a00d145b62a470cf3 VirusTotal Email Client Info Stealer Malware Checks debugger unpack itself malicious URLs Ransomware Email DNS |
|
1
172.217.25.14 - suspicious
|
|
|
3.6 |
|
5 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3056 |
2020-11-16 16:34
|
42674ac72c128ad00644c264f303ed... 42674ac72c128ad00644c264f303edb0 Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName |
|
|
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3057 |
2020-11-16 16:36
|
KasperWare_BETA.exe 07c60c57ceecf8527213ea4c65739abf VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces malicious URLs Tofsee |
3
https://cdn.discordapp.com/attachments/743750440327446570/748942494561075301/Token_Stealer.bat https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/tokenstealer.vbs https://raw.githubusercontent.com/Itroublve/Token-Browser-Password-Stealer-Creator/master/AVOID%20ME/tokenstealer2.vbs
|
6
github.com(15.164.81.167) - mailcious raw.githubusercontent.com(151.101.192.133) - malware cdn.discordapp.com(162.159.135.233) - malware 52.78.231.108 - suspicious 151.101.76.133 - suspicious 162.159.130.233 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
|
54 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3058 |
2020-11-16 16:51
|
FILE 69108.doc 80380e507ae539fad4894d36491f513c Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
|
13
zhidong.store() - mailcious www.meshzs.com(188.166.149.118) - malware inbichngoc.com(104.18.62.160) - malware dartzeel.com(35.214.163.147) - malware www.angiathinh.com(118.71.180.39) - mailcious nurmarkaz.org(160.153.138.219) - malware australaqua.com(104.18.48.247) - mailcious 188.166.149.118 - suspicious 35.214.163.147 - suspicious 160.153.138.219 - suspicious 104.18.48.247 104.18.63.160 118.71.180.39
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
45 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3059 |
2020-11-16 17:05
|
ARC_TH1940084283ZO.doc 55d79fbe07c3d17f618890bd72c4efc3 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://annabphotography.co.uk/wp-includes/WdHO/ - rule_id: 99 http://64.207.182.168:8080/ynEa1jfetxWq5u/ - rule_id: 98
|
7
pipesplumbingltd.com(35.208.159.220) - mailcious annabphotography.co.uk(35.214.15.47) - mailcious 35.208.159.220 - suspicious 35.214.15.47 - suspicious 173.173.254.105 - suspicious 64.207.182.168 - suspicious 102.182.145.130 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
2
http://annabphotography.co.uk/wp-includes/WdHO/ http://64.207.182.168:8080/
|
7.0 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3060 |
2020-11-16 18:29
|
Netflix_Leecher_3.0.exe fd94d289b3711b1d7f6111ae8047d9f4 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName |
|
|
|
|
3.0 |
|
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|