| 33016 |
2022-03-29 18:15
|
 vbc.exe 6b348f9bfa46990cff38dfe9ba3adbda
Malicious Library UPX PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://sempersim.su/ge13/fre.php
|
2
sempersim.su(193.124.118.77) - mailcious
193.124.118.77
|
9
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
10.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33017 |
2022-03-29 18:15
|
 Sexnamz.exe 976f76ebeda1d3bb4c28e66aa9afea51
RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName |
|
2
rbmimport.com(192.185.96.179) - malware
192.185.96.179 - malware
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33018 |
2022-03-29 18:13
|
 data64_6.exe 546e3319cfb508ace94e05e61269feed
Malicious Library UPX OS Processor Check PE32 PE File DLL VirusTotal Malware PDB unpack itself AppData folder RCE |
|
|
|
|
2.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33019 |
2022-03-29 18:13
|
 data64_4.exe ab432b2f52c18153165a9a06494151e7
Obsidium protector UPX .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Collect installed applications sandbox evasion installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.215.113.20 - mailcious
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 21
|
|
11.2 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33020 |
2022-03-29 18:01
|
1. [Walter Jennings] Personal ... b274a86e2acedf8865ee95edc4f3f47d
MSOffice File |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33021 |
2022-03-29 17:59
|
Password.txt.lnk 36e0d86d3f4200b532abbf11fee58926
PWS[m] Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Escalate priviledges FTP Http API AntiDebug AntiVM GIF Format VirusTotal Malware Code Injection Check memory Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Interception DNS |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://cdn.onlinedocview.biz/8orFaRkD8yM5hUXCngKhpXaNWdt8aYpUd/99Y43R2FQ=
|
4
cdn.onlinedocview.biz(162.33.179.165)
apps.identrust.com(119.207.65.153)
162.33.179.165
121.254.136.57
|
2
ET INFO Observed DNS Query to .biz TLD
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33022 |
2022-03-29 15:04
|
 13541207303175.xls b930948a5a4d40f0a930e4be34cd25aa
PWS[m] Excel with Emotet MS_Excel_Hidden_Macro_Sheet ScreenShot KeyLogger AntiDebug AntiVM MSOffice File Code Injection unpack itself |
|
|
|
|
2.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33023 |
2022-03-29 14:59
|
 83643725299106680614.xls 740c2fd49ffd35f90ee0b03d1040a28a
emotet Excel with Emotet MS_Excel_Hidden_Macro_Sheet Malicious Packer Malicious Library UPX MSOffice File OS Processor Check PE32 DLL PE File Malware download Dridex TrickBot VirusTotal Malware Report AutoRuns Creates executable files RWX flags setting unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS |
1
http://med.devsrm.com/wp-content/gtOOTHi3zkUbn8U6/ - rule_id: 15330
|
26
med.devsrm.com(143.95.229.88) - malware
131.100.24.231 - mailcious
212.24.98.99 - mailcious
58.227.42.236 - mailcious
185.8.212.130 - mailcious
5.9.116.246 - mailcious
138.185.72.26 - mailcious
195.201.151.129 - mailcious
103.75.201.2 - mailcious
197.242.150.244 - mailcious
216.120.236.62 - mailcious
153.126.146.25 - mailcious
119.193.124.41 - mailcious
189.232.46.161 - mailcious
143.95.229.88 - malware
158.69.222.101 - mailcious
164.68.99.3 - mailcious
217.182.25.250 - mailcious
107.182.225.142 - mailcious
159.8.59.82 - mailcious
51.91.76.89 - malware
188.44.20.25 - mailcious
212.237.17.99 - mailcious
45.118.135.203 - mailcious
50.116.54.215 - mailcious
192.99.251.50 - mailcious
|
13
ET CNC Feodo Tracker Reported CnC Server group 19
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 15
ET CNC Feodo Tracker Reported CnC Server group 4
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 20
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 14
|
1
http://med.devsrm.com/wp-content/gtOOTHi3zkUbn8U6/
|
8.2 |
M |
16 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33024 |
2022-03-29 14:55
|
 83643725299106680614.xls 740c2fd49ffd35f90ee0b03d1040a28a
emotet Excel with Emotet Malicious Packer Malicious Library UPX MSOffice File OS Processor Check DLL PE File PE32 Malware download Dridex TrickBot VirusTotal Malware Report AutoRuns Creates executable files RWX flags setting unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS |
1
http://med.devsrm.com/wp-content/gtOOTHi3zkUbn8U6/ - rule_id: 15330
|
26
med.devsrm.com(143.95.229.88) - malware
131.100.24.231 - mailcious
212.24.98.99 - mailcious
58.227.42.236 - mailcious
185.8.212.130 - mailcious
5.9.116.246 - mailcious
138.185.72.26 - mailcious
195.201.151.129 - mailcious
103.75.201.2 - mailcious
197.242.150.244 - mailcious
216.120.236.62 - mailcious
153.126.146.25 - mailcious
119.193.124.41 - mailcious
189.232.46.161 - mailcious
143.95.229.88 - malware
158.69.222.101 - mailcious
164.68.99.3 - mailcious
217.182.25.250 - mailcious
107.182.225.142 - mailcious
159.8.59.82 - mailcious
51.91.76.89 - malware
188.44.20.25 - mailcious
212.237.17.99 - mailcious
45.118.135.203 - mailcious
50.116.54.215 - mailcious
192.99.251.50 - mailcious
|
13
ET CNC Feodo Tracker Reported CnC Server group 19
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 15
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 2
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
|
1
http://med.devsrm.com/wp-content/gtOOTHi3zkUbn8U6/
|
8.2 |
M |
16 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33025 |
2022-03-29 13:58
|
 83643725299106680614.xls 740c2fd49ffd35f90ee0b03d1040a28a
Malicious Packer Malicious Library UPX MSOffice File OS Processor Check DLL PE File PE32 Malware download Dridex TrickBot VirusTotal Malware Report AutoRuns Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows Exploit ComputerName DNS crashed |
6
http://med.devsrm.com/wp-content/gtOOTHi3zkUbn8U6/
http://izytalab.com/includes/1mafAX0kOa/
https://pcsolutionss.com/zSlT4HR92TiOpw5NM/
http://www.doctorcasenave.com/wp-content/O2Z1HMebIXiHYBBS/
https://wpl28.realtyna.com/wp-content/0b0ny5cPM/
http://www.efcballjoint.com/Template/AxEZPOfAa9/
|
26
med.devsrm.com(143.95.229.88) - malware
131.100.24.231 - mailcious
212.24.98.99 - mailcious
58.227.42.236 - mailcious
185.8.212.130 - mailcious
5.9.116.246 - mailcious
138.185.72.26 - mailcious
195.201.151.129 - mailcious
103.75.201.2 - mailcious
197.242.150.244 - mailcious
216.120.236.62 - mailcious
153.126.146.25 - mailcious
119.193.124.41 - mailcious
189.232.46.161 - mailcious
143.95.229.88 - malware
158.69.222.101 - mailcious
164.68.99.3 - mailcious
217.182.25.250 - mailcious
107.182.225.142 - mailcious
159.8.59.82 - mailcious
51.91.76.89 - malware
188.44.20.25 - mailcious
212.237.17.99 - mailcious
45.118.135.203 - mailcious
50.116.54.215 - mailcious
192.99.251.50 - mailcious
|
13
ET CNC Feodo Tracker Reported CnC Server group 19
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 15
ET CNC Feodo Tracker Reported CnC Server group 2
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 14
|
|
9.6 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33026 |
2022-03-29 13:56
|
 aM099L ea0c35e43ddf4445527be47eeaf30791
Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS |
|
24
131.100.24.231 - mailcious
212.24.98.99 - mailcious
58.227.42.236 - mailcious
185.8.212.130 - mailcious
138.185.72.26 - mailcious
195.201.151.129 - mailcious
103.75.201.2 - mailcious
197.242.150.244 - mailcious
216.120.236.62 - mailcious
212.237.17.99 - mailcious
119.193.124.41 - mailcious
5.9.116.246 - mailcious
158.69.222.101 - mailcious
189.232.46.161 - mailcious
164.68.99.3 - mailcious
217.182.25.250 - mailcious
107.182.225.142 - mailcious
159.8.59.82 - mailcious
51.91.76.89 - malware
188.44.20.25 - mailcious
153.126.146.25 - mailcious
45.118.135.203 - mailcious
50.116.54.215 - mailcious
192.99.251.50 - mailcious
|
10
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 19
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 15
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 14
|
|
5.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33027 |
2022-03-29 13:49
|
 setup.exe 3ee6ee71af56cf7112b4a5540e2368d3
PE File PE32 unpack itself crashed |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33028 |
2022-03-29 10:16
|
 WW14.bmp 5546c1ab6768292b78c746d9ea627f4a
Gen2 HermeticWiper Emotet Malicious Library UPX Malicious Packer OS Processor Check PE File PE32 DLL PE64 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Disables Windows Security Checks Bios Check virtual network interfaces AppData folder suspicious TLD sandbox evasion anti-virtualization IP Check Tofsee Windows Discord Browser ComputerName DNS crashed |
12
http://45.144.225.57/server.txt
http://oneservercubo.xyz/setup.exe
http://212.193.30.21/base/api/getData.php
http://apps.identrust.com/roots/dstrootcax3.p7c
http://212.193.30.21/base/api/statistics.php
http://212.193.30.45/proxies.txt - rule_id: 8524
https://i.xyzgamei.com/gamexyz/22/random.exe
https://cdn.discordapp.com/attachments/935134897893425285/956971282770042900/PL_Client.bmp
https://cdn.discordapp.com/attachments/935134897893425285/954316072859873320/utube1801.bmp
https://cdn.discordapp.com/attachments/935134897893425285/956875508195409920/mixmite2501.bmp
https://ipinfo.io/widget
https://cdn.discordapp.com/attachments/935134897893425285/950318446455975956/search_hyperfs_310.bmp
|
21
oneservercubo.xyz(172.67.148.222)
j.xyzgamej.com(104.21.75.107) - malware
iplis.ru(148.251.234.93) - mailcious
v.xyzgamev.com(172.67.188.70)
wetuspost.xyz(198.54.116.238) - malware
ipinfo.io(34.117.59.81)
cdn.discordapp.com(162.159.129.233) - malware
apps.identrust.com(119.207.65.74)
i.xyzgamei.com(104.21.86.228)
148.251.234.93
162.159.134.233 - malware
198.54.116.238 - malware
104.21.75.107 - malware
23.32.56.144
212.193.30.45 - mailcious
172.67.188.70
45.144.225.57 - malware
34.117.59.81
172.67.148.222
212.193.30.21
104.21.86.228
|
13
ET ADWARE_PUP User-Agent (???)
SURICATA Applayer Mismatch protocol both directions
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO TLS Handshake Failure
SURICATA HTTP unable to match response to request
|
1
http://212.193.30.45/proxies.txt
|
13.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33029 |
2022-03-29 10:11
|
 fixtool.exe 181257a9a48b6d3ba1b58ca7cd857916
RAT Emotet Gen2 Gen1 Formbook PWS .NET framework Trojan_PWS_Stealer Generic Malware Credential User Data Downloader Malicious Library UPX VMProtect Malicious Packer Anti_VM Admin Tool (Sysinternals etc ...) Obsidium protector SQLite Cookie AntiDebug Anti Browser Info Stealer NetWireRC VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Interception Windows Browser RAT ComputerName Firmware DNS crashed |
11
http://get.udontsay.xyz/udontsay.xyz.exe
http://udontsay.xyz/landing/getfile?id=pet
http://www.google-analytics.com/collect
http://apps.identrust.com/roots/dstrootcax3.p7c
http://152.32.193.91/seemorebty/il.php?e=note6060
http://royalyo.com/81_1.exe
http://103.136.40.167/seemorebty/il.php?e=jg7_7wjg
http://152.32.193.91/seemorebty/poe.php?e=note6060
http://download.studymathlive.com/normal/da_1648136254601.exe
https://www.icodeps.com/ - rule_id: 14280
https://files.fastbestapp.com/si/Routes%20Installation_Silent.exe
|
29
udontsay.xyz(172.67.186.55)
get.udontsay.xyz(172.67.186.55)
download.studymathlive.com(106.75.17.243) - malware
v.xyzgamev.com(104.21.40.196)
www.icodeps.com(149.28.253.196) - mailcious
files.fastbestapp.com(172.67.192.181)
iplogger.org(148.251.234.83) - mailcious
paybiz.herokuapp.com(54.208.186.182)
www.google-analytics.com(172.217.175.238)
royalyo.com(93.189.42.152)
apps.identrust.com(119.207.65.81)
148.251.234.83
61.111.58.35 - malware
104.21.60.62
172.67.186.55
104.21.40.196
54.243.129.215
172.67.188.70
103.136.40.167
119.207.65.81 - suspicious
93.189.42.152
149.28.253.196 - mailcious
106.75.17.243 - malware
172.217.175.14 - mailcious
119.207.65.9
152.32.193.91
104.215.84.159 - mailcious
172.217.161.46 - phishing
104.21.88.165
|
7
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
ET INFO EXE - Served Attached HTTP
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
|
1
|
23.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33030 |
2022-03-29 10:10
|
 XRwzF.exe d351703bda08a7ecedd5dc0567b2686c
Formbook PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic ICMP traffic unpack itself DNS |
11
http://www.adorango.com/eoww/?MJBD=Pld4RFhj3kAfRgSCZmm9eynbR8O+F7DPkY3DyDMQJjPEZ3R0bYR66yZJaI3ey0Nh4oFGe9NF&UDHT=9rGDXTW0fRoXqpL
http://www.calgarypublishing.com/eoww/?MJBD=6UPPXF/wbIa79CJUkA5MXQlh0QOHRxjc9wXkcoIXDEJlZ5syUy/HFD1Ugc/srBLQ1Ev8/sG4&UDHT=9rGDXTW0fRoXqpL
http://www.lambangquangcao.net/eoww/?MJBD=h6Rj4tvsGX016tf8C7hq48nAzIsWOiaPjYaUx+q8w+8miVpl0g04DVrnftQAbMSsURC/7+v6&UDHT=9rGDXTW0fRoXqpL
http://www.investgreenlabs.com/eoww/?MJBD=jkuXInap9L4bOq+vReJvt3i5nN51ILOGDK8CpyaucW9PXaankt6W1/8NXcgBmljSv0NGj2WX&UDHT=9rGDXTW0fRoXqpL
http://www.qiaopidh.xyz/eoww/?MJBD=rVhug9fppIYxIhZT8ATSn2VBnRSyGiXNmCBJV5V09M/Wmzh8o2I1EewqdS2T7q17SJSt6Vxo&UDHT=9rGDXTW0fRoXqpL
http://www.budistx.com/eoww/?MJBD=buCpd/qtAqS/L443R23hX9E/2dtjKTy6HdCt4irWDfivbZ7PT8kWzrGf3Y/SnPikIVtMukUO&UDHT=9rGDXTW0fRoXqpL
http://www.discountaquarium.com/eoww/?MJBD=697YKMkdXaBRF/RfVTKON0D2Sa3rS3O46zNu6UbjVZQslxQzBZLaTBW0iMRRNKJvk1eHP5gm&jL30vv=afhhur9
http://www.chadordigital.com/eoww/?MJBD=C6Z3DhlPpczGrs4vv40q2wD2UeSnS2FlX5IN2Hkfp6cN5/N3aeWq8S66G49tWX6TUoUJqMT2&UDHT=9rGDXTW0fRoXqpL
http://www.nftflamingos.com/eoww/?MJBD=y3QHR1x//2j6AJlkSoc4EBj4/yyxr2A18rwHYpffTs8vv1w+CXFdZqEWon3U/XtnxnQOsltj&UDHT=9rGDXTW0fRoXqpL
http://www.empiredigitalweednews.com/eoww/?MJBD=Lf70ZScqES/YrqxG5AnwZjYFvqzcKVsrfYmsJBlElrNLf2kejAAZeuIXDzhC0hVNchRUGIPP&UDHT=9rGDXTW0fRoXqpL
http://www.mallpay168.com/eoww/?MJBD=+lh5oD+12gkwJxa8aEWq/sIWXxuVVaLOlO7sCvmkBbM272AjckxmRL4vZI6w1AsYXqkHoHjs&UDHT=9rGDXTW0fRoXqpL
|
28
www.discountaquarium.com(209.99.64.43)
www.empiredigitalweednews.com(162.214.103.239)
www.yeticenter.club()
www.weiduapi.com()
www.adorango.com(162.241.85.94)
www.thefinancialfamilyreunion.com()
www.lambangquangcao.net(222.255.46.12)
www.investgreenlabs.com(34.102.136.180)
www.budistx.com(199.192.30.202)
www.qiaopidh.xyz(160.119.66.79)
www.chadordigital.com(52.212.68.12)
www.weihlin.com()
www.nftflamingos.com(185.104.29.36)
www.calgarypublishing.com(3.64.163.50)
www.mallpay168.com(199.33.112.228)
www.agileator.com()
162.241.85.94 - malware
209.99.64.43 - mailcious
54.77.19.84
5.255.255.5
222.255.46.12
34.102.136.180 - mailcious
3.64.163.50 - mailcious
185.104.29.36 - mailcious
199.33.112.228 - malware
199.192.30.202 - mailcious
162.214.103.239
160.119.66.79 - mailcious
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
4.6 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|