| 3436 |
2020-12-02 17:10
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3437 |
2020-12-02 17:12
|
2020.11.26.doc 8a1440dbbcb5ed848de46e70005cd128
Dridex Vulnerability VirusTotal Malware AutoRuns Code Injection Check memory WMI wscript.exe payload download unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS |
|
2
documentserver.site(93.188.160.77)
93.188.160.77 - mailcious
|
4
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
12.8 |
M |
29 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3438 |
2020-12-02 17:22
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.2 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3439 |
2020-12-02 17:24
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.2 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3440 |
2020-12-02 17:26
|
5.exe dfd2019e03fb7ffe537b7b631b67a441
VirusTotal Malware unpack itself malicious URLs |
|
2
oilusnew2020.live(47.91.89.204)
47.91.89.204
|
|
|
3.6 |
M |
58 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3441 |
2020-12-02 17:27
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3442 |
2020-12-02 17:28
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Remote Code Execution |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3443 |
2020-12-02 17:30
|
vbc.exe 4717a017f79ee99297bcd249b8a0b9f1
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Checks Bios Detects VirtualBox malicious URLs VMware anti-virtualization Windows ComputerName Software |
|
|
|
|
8.2 |
M |
46 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3444 |
2020-12-02 17:35
|
web.exe bf613fe70f790d4b932601daa60a8797
VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs |
|
|
|
|
5.2 |
M |
40 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3445 |
2020-12-02 17:45
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious
20.43.94.199
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3446 |
2020-12-02 17:47
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3447 |
2020-12-02 17:50
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3448 |
2020-12-02 17:58
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3449 |
2020-12-02 17:59
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3450 |
2020-12-02 22:40
|
904400.jpg.exe 71158e0c6dcdafa3e724a20195f4db4c
Check memory unpack itself crashed |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|