3436 |
2020-12-02 17:10
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3437 |
2020-12-02 17:12
|
2020.11.26.doc 8a1440dbbcb5ed848de46e70005cd128 Dridex Vulnerability VirusTotal Malware AutoRuns Code Injection Check memory WMI wscript.exe payload download unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS |
|
2
documentserver.site(93.188.160.77) 93.188.160.77 - mailcious
|
4
SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
12.8 |
M |
29 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3438 |
2020-12-02 17:22
|
32.exe 376f65c925a7319f88beee5075cfa944 VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.2 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3439 |
2020-12-02 17:24
|
32.exe 376f65c925a7319f88beee5075cfa944 VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.2 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3440 |
2020-12-02 17:26
|
5.exe dfd2019e03fb7ffe537b7b631b67a441 VirusTotal Malware unpack itself malicious URLs |
|
2
oilusnew2020.live(47.91.89.204) 47.91.89.204
|
|
|
3.6 |
M |
58 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3441 |
2020-12-02 17:27
|
32.exe 376f65c925a7319f88beee5075cfa944 VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3442 |
2020-12-02 17:28
|
32.exe 376f65c925a7319f88beee5075cfa944 VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3443 |
2020-12-02 17:30
|
vbc.exe 4717a017f79ee99297bcd249b8a0b9f1 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Checks Bios Detects VirtualBox malicious URLs VMware anti-virtualization Windows ComputerName Software |
|
|
|
|
8.2 |
M |
46 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3444 |
2020-12-02 17:35
|
web.exe bf613fe70f790d4b932601daa60a8797 VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs |
|
|
|
|
5.2 |
M |
40 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3445 |
2020-12-02 17:45
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious 20.43.94.199 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3446 |
2020-12-02 17:47
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3447 |
2020-12-02 17:50
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3448 |
2020-12-02 17:58
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3449 |
2020-12-02 17:59
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3450 |
2020-12-02 22:40
|
904400.jpg.exe 71158e0c6dcdafa3e724a20195f4db4c Check memory unpack itself crashed |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|