| 32896 |
2022-03-31 18:54
|
 ZwQLepW 2d2777ee535f76e20293d2d69d80520e
UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS |
|
20
1.234.2.232 - mailcious
72.15.201.15 - mailcious
134.122.66.193 - mailcious
160.16.142.56 - mailcious
164.68.99.3 - mailcious
107.182.225.142 - mailcious
159.65.88.10 - mailcious
45.118.115.99 - mailcious
209.250.246.206 - mailcious
138.197.109.175 - mailcious
206.189.28.199 - mailcious
103.43.46.182 - mailcious
183.111.227.137 - mailcious
104.131.11.205 - mailcious
189.232.46.161 - mailcious
79.143.187.147 - mailcious
187.84.80.182 - mailcious
51.91.76.89 - malware
209.126.98.206 - mailcious
45.176.232.124 - mailcious
|
5
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 19
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 14
|
|
5.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32897 |
2022-03-31 18:27
|
 LunaFarm.exe 21ccad42f936524b311a8bc102b16752
RAT UPX Malicious Library OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces crashed |
|
|
|
|
3.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32898 |
2022-03-31 18:25
|
 .win32.exe 6033d817aa38339d88d4b5525fdccfa3
UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
1.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32899 |
2022-03-31 18:23
|
 6051378510.exe f9dde4ccddbdc3adc098af11173e53f9
PWS[m] RAT SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://31.210.20.150/sientifi/inc/38e5788e36faeb.php
http://18.193.102.232/12A/loader/uploads/6051378510_Nlfyfqoo.jpg
|
2
31.210.20.150
18.193.102.232 - malware
|
1
ET MALWARE AgentTesla Communicating with CnC Server
|
|
15.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32900 |
2022-03-31 17:23
|
 PO#03202230_pdf.exe a8acec14b81be1e8ad7bd0cb1d632f35
RAT PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32901 |
2022-03-31 14:51
|
 NFT 분할.docx ce00749c908de017010055a83ac0654f
Doc XML Downloader Word 2007 file format(docx) Vulnerability VirusTotal Malware unpack itself |
5
http://naveicoipd.tech/ACMS/ - rule_id: 15540
http://naveicoipd.tech/ACMS
http://naveicoipd.tech/ACMS/0lvNAK1t/ - rule_id: 15540
http://naveicoipd.tech/ACMS/0lvNAK1t/accountsTemplate?uid=bslkhglk - rule_id: 15540
http://naveicoipd.tech/ACMS/0lvNAK1t - rule_id: 15540
|
2
naveicoipd.tech(209.126.83.186) - mailcious
209.126.83.186 - mailcious
|
|
4
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
|
3.0 |
M |
26 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32902 |
2022-03-31 14:40
|
 202203 BTCETH 추가계정정보.docx... 2677f9871cb340750e582cb677d40e81
Doc XML Downloader Word 2007 file format(docx) Vulnerability VirusTotal Malware unpack itself |
5
http://naveicoipd.tech/ACMS/ - rule_id: 15540
http://naveicoipd.tech/ACMS
http://naveicoipd.tech/ACMS/018ueCdS/ - rule_id: 15540
http://naveicoipd.tech/ACMS/018ueCdS/blockchainTemplate - rule_id: 15537
http://naveicoipd.tech/ACMS/018ueCdS - rule_id: 15540
|
2
naveicoipd.tech(209.126.83.186) - mailcious
209.126.83.186 - mailcious
|
|
4
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/018ueCdS/blockchainTemplate
http://naveicoipd.tech/ACMS/
|
3.0 |
M |
23 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32903 |
2022-03-31 14:37
|
 NFT 분할.docx ce00749c908de017010055a83ac0654f
Doc XML Downloader Word 2007 file format(docx) Vulnerability VirusTotal Malware unpack itself |
5
http://naveicoipd.tech/ACMS/ - rule_id: 15540
http://naveicoipd.tech/ACMS
http://naveicoipd.tech/ACMS/0lvNAK1t/ - rule_id: 15540
http://naveicoipd.tech/ACMS/0lvNAK1t/accountsTemplate?uid=bslkhglk - rule_id: 15540
http://naveicoipd.tech/ACMS/0lvNAK1t - rule_id: 15540
|
2
naveicoipd.tech(209.126.83.186) - mailcious
209.126.83.186 - mailcious
|
|
4
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS/
|
3.0 |
M |
26 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32904 |
2022-03-31 13:55
|
 accountTemplate0330.zip.doc 1559aeb8e464759247e4588cb6a09877
VBA_macro Word 2007 file format(docx) VirusTotal Malware unpack itself |
|
|
|
|
2.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32905 |
2022-03-31 13:50
|
 wwwTemplate.zip.doc 6df608342938f0d30a058c48bb9d8d4d
VBA_macro Word 2007 file format(docx) VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32906 |
2022-03-31 13:47
|
 accountTemplate0330.zip.doc 1559aeb8e464759247e4588cb6a09877
VBA_macro Word 2007 file format(docx) VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32907 |
2022-03-31 13:46
|
 NFT 분할.docx ce00749c908de017010055a83ac0654f
Word 2007 file format(docx) Vulnerability VirusTotal Malware unpack itself |
5
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS
http://naveicoipd.tech/ACMS/0lvNAK1t/
http://naveicoipd.tech/ACMS/0lvNAK1t/accountsTemplate?uid=bslkhglk
http://naveicoipd.tech/ACMS/0lvNAK1t
|
2
naveicoipd.tech(209.126.83.186)
209.126.83.186 - mailcious
|
|
|
3.0 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32908 |
2022-03-31 13:45
|
 202203 BTCETH 추가계정정보.docx... 2677f9871cb340750e582cb677d40e81
Word 2007 file format(docx) VirusTotal Malware unpack itself |
5
http://naveicoipd.tech/ACMS/
http://naveicoipd.tech/ACMS
http://naveicoipd.tech/ACMS/018ueCdS/
http://naveicoipd.tech/ACMS/018ueCdS/blockchainTemplate
http://naveicoipd.tech/ACMS/018ueCdS
|
2
naveicoipd.tech(209.126.83.186)
209.126.83.186 - mailcious
|
|
|
2.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32909 |
2022-03-31 13:42
|
vbaProject.bin.doc 4520cad706d5dfc7df2250b487dcf020
VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32910 |
2022-03-31 13:39
|
 accountTemplate0330.zip.docx 1559aeb8e464759247e4588cb6a09877
VBA_macro Word 2007 file format(docx) VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|