| 3421 |
2024-06-07 09:54
|
 wwlib.dll 9aec2351a3966a9f854513a7b7aa5a13
Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3422 |
2024-06-07 09:54
|
obizx.doc e7b1cf4b76def016284ea19d18724961
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed |
1
https://universalmovies.top/obiz.scr
|
2
universalmovies.top(104.21.74.191) - malware
172.67.162.95 - mailcious
|
2
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3423 |
2024-06-07 09:51
|
 liitletigersearchingforfoodwhi... 077e4cfa6534a69f9e8de8e5b83ba08c
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/eZNju
http://172.234.221.211/34009/lionsarebeautifulcomparewithothers.bmp
|
4
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
34.192.83.212
172.234.221.211 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3424 |
2024-06-07 09:49
|
 setup-lightshot.exe 42d41456f2eccff630138c1ac9d50d1f
Generic Malware WinRAR Malicious Library UPX PE File PE32 OS Processor Check Lnk Format GIF Format URL Format DLL VirusTotal Malware PDB MachineGuid Creates shortcut Creates executable files unpack itself ComputerName Remote Code Execution |
|
|
|
|
3.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3425 |
2024-06-07 09:49
|
lionsarekingogthejunglewhorule... 56b4ddf6c247124f9bc633b06b169a84
MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed |
1
http://67.207.166.175/T0406W/lsass.exe
|
3
www1.militarydefensenow.com(34.192.83.212)
67.207.166.175 - malware
34.192.83.212
|
9
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET HUNTING Suspicious lsass.exe in URI
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3426 |
2024-06-07 09:47
|
lionsarekingandudfdidthekingof... 80190d1b737a846f31133525d9577514
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://107.173.143.28/90404/igcc.exe
|
3
api.ipify.org(104.26.12.205)
107.173.143.28 - malware
104.26.12.205
|
8
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3427 |
2024-06-07 09:47
|
interestedanglesayingsheismost... 2ae556f4c5d9590b352ad8d26fdee537
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://107.173.143.28/8080/IGCC.exe
|
3
api.ipify.org(172.67.74.152)
104.26.13.205
107.173.143.28 - malware
|
8
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3428 |
2024-06-07 09:45
|
 sevchost.exe ce8a92812da2af7e020a136c9ffeb656
Suspicious_Script_Bin PE File PE32 VirusTotal Malware AutoRuns Creates executable files Windows DNS |
|
2
www.google.com(142.250.76.132)
42.194.196.162
|
|
|
6.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3429 |
2024-06-07 09:45
|
 vidar0506.exe 277923785bb9e137228d51c5685ee0ab
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed |
|
1
|
|
|
4.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3430 |
2024-06-07 09:43
|
lionsarekingandtheyalwaysliket... f6d2ec2d490d72ee7ba25907db5da25a
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/CjFLX
http://96.126.101.128/50809/lionsarekingofjungleimageswondering.bmp
|
3
paste.ee(172.67.187.200) - mailcious
104.21.84.67 - malware
96.126.101.128 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3431 |
2024-06-07 09:43
|
 lsass.exe e0354350b177887076f4c89567e0af8d
PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key |
|
2
www1.militarydefensenow.com(34.192.83.212)
34.192.83.212
|
3
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3432 |
2024-06-07 09:41
|
 www.ps1 b8d18d049050e1e12c378dd2c71cadc6
Generic Malware Antivirus ZIP Format VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key |
1
http://servidorwhm.shop/chrome.zip
|
2
servidorwhm.shop(199.167.147.66)
199.167.147.66 - mailcious
|
1
ET HUNTING Terse Request for Zip File (GET)
|
|
5.2 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3433 |
2024-06-07 09:41
|
 DZP.exe 8cc057c58bd59166922b1a6fbf9a0ec7
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205)
172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3434 |
2024-06-07 09:39
|
 IGCC.exe 29b2b081df5861fed9651766f37b7738
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed |
1
|
2
api.ipify.org(104.26.13.205)
172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3435 |
2024-06-07 09:39
|
 RuntimeBroker.exe 6cf863b98e0282f50e8d5f90f611f664
XMRig Miner Generic Malware UPX Malicious Library ASPack Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Malware Check memory unpack itself Auto service Check virtual network interfaces sandbox evasion WriteConsoleW Browser ComputerName Remote Code Execution Firmware DNS |
|
1
|
|
|
7.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|