| 3466 |
2020-12-02 23:41
|
Frankfileee.exe 4bf6a72dfeb47a08fd656b57205bae3e
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName crashed |
|
|
|
|
13.4 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3467 |
2020-12-02 23:42
|
IMDBClone.exe 2b8f8048d7b6e0694a443e20eaff6326
VirusTotal Malware PDB malicious URLs DNS |
|
|
|
|
3.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3468 |
2020-12-02 23:43
|
Injector.exe 52108b87a9b819f460dd0aae8134e27c
VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs DNS |
|
|
|
|
4.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3469 |
2020-12-02 23:45
|
light.exe 9c24236805923bf199c77f2a9a7dc114
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
12.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3470 |
2020-12-03 09:17
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3471 |
2020-12-03 09:21
|
light.exe 9c24236805923bf199c77f2a9a7dc114
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3472 |
2020-12-03 09:24
|
lv.exe 772209f2e26b222a3e808b4e91a5aae1
ENERGETIC BEAR VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows Browser Tor ComputerName DNS crashed |
|
13
ip-api.com(208.95.112.1)
Nipan.hk(95.215.206.133)
2no.co(88.99.66.31) - mailcious
85.25.213.211
81.7.16.182
88.99.66.31 - mailcious
185.177.127.34
46.166.161.21
95.215.206.133
208.95.112.1
163.172.194.53
45.9.148.41
87.118.122.120
|
10
ET POLICY External IP Lookup ip-api.com
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 610
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 742
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 614
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 769
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY TLS possible TOR SSL traffic
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 319
ET POLICY Cryptocurrency Miner Checkin
|
|
16.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3473 |
2020-12-03 09:24
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious
20.43.94.199
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3474 |
2020-12-03 09:26
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3475 |
2020-12-03 09:29
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3476 |
2020-12-03 09:43
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious
20.43.94.199
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3477 |
2020-12-03 09:49
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3478 |
2020-12-03 09:50
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3479 |
2020-12-03 09:56
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3480 |
2020-12-03 09:59
|
http://leesangku.com/pruboard/... 1e40837d001c3e9583f1089c17174b6b
Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
16
static.zerochan.net(51.83.237.80)
fonts.googleapis.com(172.217.25.106)
img00.deviantart.net(52.35.10.101)
fonts.gstatic.com(172.217.26.35)
w.soundcloud.com(52.84.166.85)
leesangku.com(119.207.79.151) - phishing
cdnjs.cloudflare.com(104.16.18.94) - mailcious
images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com(34.96.91.138)
52.37.173.24
99.86.144.66
51.83.237.80
216.58.197.106
172.217.24.35
104.16.18.94
34.96.91.138
119.207.79.151 - deface
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SURICATA Applayer Detect protocol only one direction
|
|
5.0 |
M |
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|