3421 |
2024-06-07 09:54
|
wwlib.dll 9aec2351a3966a9f854513a7b7aa5a13 Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3422 |
2024-06-07 09:54
|
obizx.doc e7b1cf4b76def016284ea19d18724961 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed |
1
https://universalmovies.top/obiz.scr
|
2
universalmovies.top(104.21.74.191) - malware 172.67.162.95 - mailcious
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3423 |
2024-06-07 09:51
|
liitletigersearchingforfoodwhi... 077e4cfa6534a69f9e8de8e5b83ba08c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/eZNju
http://172.234.221.211/34009/lionsarebeautifulcomparewithothers.bmp
|
4
paste.ee(172.67.187.200) - mailcious 172.67.187.200 - mailcious
34.192.83.212
172.234.221.211 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3424 |
2024-06-07 09:49
|
setup-lightshot.exe 42d41456f2eccff630138c1ac9d50d1f Generic Malware WinRAR Malicious Library UPX PE File PE32 OS Processor Check Lnk Format GIF Format URL Format DLL VirusTotal Malware PDB MachineGuid Creates shortcut Creates executable files unpack itself ComputerName Remote Code Execution |
|
|
|
|
3.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3425 |
2024-06-07 09:49
|
lionsarekingogthejunglewhorule... 56b4ddf6c247124f9bc633b06b169a84 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed |
1
http://67.207.166.175/T0406W/lsass.exe
|
3
www1.militarydefensenow.com(34.192.83.212) 67.207.166.175 - malware
34.192.83.212
|
9
SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious lsass.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3426 |
2024-06-07 09:47
|
lionsarekingandudfdidthekingof... 80190d1b737a846f31133525d9577514 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://107.173.143.28/90404/igcc.exe
|
3
api.ipify.org(104.26.12.205) 107.173.143.28 - malware
104.26.12.205
|
8
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3427 |
2024-06-07 09:47
|
interestedanglesayingsheismost... 2ae556f4c5d9590b352ad8d26fdee537 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://107.173.143.28/8080/IGCC.exe
|
3
api.ipify.org(172.67.74.152) 104.26.13.205
107.173.143.28 - malware
|
8
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3428 |
2024-06-07 09:45
|
sevchost.exe ce8a92812da2af7e020a136c9ffeb656 Suspicious_Script_Bin PE File PE32 VirusTotal Malware AutoRuns Creates executable files Windows DNS |
|
2
www.google.com(142.250.76.132) 42.194.196.162
|
|
|
6.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3429 |
2024-06-07 09:45
|
vidar0506.exe 277923785bb9e137228d51c5685ee0ab Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed |
|
1
|
|
|
4.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3430 |
2024-06-07 09:43
|
lionsarekingandtheyalwaysliket... f6d2ec2d490d72ee7ba25907db5da25a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/CjFLX
http://96.126.101.128/50809/lionsarekingofjungleimageswondering.bmp
|
3
paste.ee(172.67.187.200) - mailcious 104.21.84.67 - malware
96.126.101.128 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3431 |
2024-06-07 09:43
|
lsass.exe e0354350b177887076f4c89567e0af8d PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key |
|
2
www1.militarydefensenow.com(34.192.83.212) 34.192.83.212
|
3
SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3432 |
2024-06-07 09:41
|
www.ps1 b8d18d049050e1e12c378dd2c71cadc6 Generic Malware Antivirus ZIP Format VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key |
1
http://servidorwhm.shop/chrome.zip
|
2
servidorwhm.shop(199.167.147.66) 199.167.147.66 - mailcious
|
1
ET HUNTING Terse Request for Zip File (GET)
|
|
5.2 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3433 |
2024-06-07 09:41
|
DZP.exe 8cc057c58bd59166922b1a6fbf9a0ec7 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205) 172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3434 |
2024-06-07 09:39
|
IGCC.exe 29b2b081df5861fed9651766f37b7738 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed |
1
|
2
api.ipify.org(104.26.13.205) 172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3435 |
2024-06-07 09:39
|
RuntimeBroker.exe 6cf863b98e0282f50e8d5f90f611f664 XMRig Miner Generic Malware UPX Malicious Library ASPack Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Malware Check memory unpack itself Auto service Check virtual network interfaces sandbox evasion WriteConsoleW Browser ComputerName Remote Code Execution Firmware DNS |
|
1
|
|
|
7.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|