3886 |
2020-12-23 09:16
|
uwyoiynmmqopx.exe e7e96c9207162499c8a9ab553d8855e9 VirusTotal Malware |
|
|
|
|
2.0 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3887 |
2020-12-23 09:18
|
LP39W4L.doc 9f6785612b0ce7efbc9558ba9f51c043 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://50.116.111.59:8080/588upizw9mn4bjd3/ - rule_id: 193
|
7
infosisconsultancy.com(166.62.27.186) - malware heaventoearth.com(50.62.198.97) - malware 166.62.27.186 - malware 197.87.160.216 - mailcious 78.188.225.105 - mailcious 50.62.198.97 - malware 50.116.111.59 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
http://50.116.111.59:8080/
|
7.6 |
M |
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3888 |
2020-12-23 09:29
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3889 |
2020-12-23 09:31
|
vbc.exe db542dfd79175f5c8c0ab1f20a8fe1d1 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
10.8 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3890 |
2020-12-23 10:40
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3891 |
2020-12-23 10:43
|
win7.exe 58bb1a095ab728f240d716b54891470b VirusTotal Malware PDB MachineGuid Code Injection unpack itself Tofsee ComputerName DNS |
2
https://11211211212.ml/image https://11211211212.ml/r8Kh
|
2
11211211212.ml(104.31.73.187) 172.67.176.45
|
3
ET INFO DNS Query for Suspicious .ml Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Suspicious Domain (*.ml) in TLS SNI
|
|
6.0 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3892 |
2020-12-23 11:12
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3893 |
2020-12-23 12:30
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/foeuwp3z13m2jdpv/t7j190p8ral1plmlgj/g38w/9bfifl7z1/65bhmg/
|
1
|
|
|
6.6 |
M |
13 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3894 |
2020-12-23 12:32
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3895 |
2020-12-23 12:33
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
2
http://97.120.3.198/r224zkzx/ - rule_id: 196 http://97.120.3.198/r224zkzx/
|
1
|
|
1
|
6.2 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3896 |
2020-12-23 12:41
|
7YRR598JDUSY.doc 6a129baf7b95f27a985be69e4bc724c9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://97.120.3.198/ttghgpkfjr9bnyso/ - rule_id: 196 http://97.120.3.198/ttghgpkfjr9bnyso/
|
3
atom.lk(175.41.138.238) - malware 97.120.3.198 175.41.138.238 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3897 |
2020-12-23 12:41
|
7ONWZZWVQZV7.doc de62e3ce6088a4742ac8ead8bfd71ef4 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://97.120.3.198/yynzcu3q4ocs9o0k/b6u0scoymindb/38m954s6s0c/ - rule_id: 196 http://97.120.3.198/yynzcu3q4ocs9o0k/b6u0scoymindb/38m954s6s0c/
|
3
atom.lk(175.41.138.238) - malware 97.120.3.198 175.41.138.238 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3898 |
2020-12-23 13:08
|
LINIG1Z.doc f1ed9571a969ecebf7e5e1f0768336c9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
4
http://amyzeng.net/content/mgms/ http://97.120.3.198/npzsqjlv/3h2htoqb/timo/ - rule_id: 196 http://sancydubai.com/setupconfigo/R9/ https://venuspowerbd.com/wp-includes/bLm/
|
9
venuspowerbd.com(172.67.166.190) sancydubai.com(110.4.45.160) sanolifescence.com(208.91.198.172) - malware amyzeng.net(205.144.171.209) - mailcious 205.144.171.209 - mailcious 97.120.3.198 - mailcious 104.27.180.221 110.4.45.160 - mailcious 208.91.198.172 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3899 |
2020-12-23 13:34
|
82O7XX8LP0AKG9.doc 69f970011332ae6d1b5c9b98886ebe3b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/b1ttpr1i/ - rule_id: 196
|
3
sanolifescence.com(208.91.198.172) - malware 208.91.198.172 - mailcious 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3900 |
2020-12-23 13:34
|
9L6NPNJB.doc 13e0972d407a347a35d44dca0080a27d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/btuehuqtkrb0ibu7/xirc1xkv/1mf5qindjg0ykvbxzh/thnl1tg9iy3mppm8n/9dej4uiq/ - rule_id: 196
|
3
datnenduanbd.com(210.245.90.208) - malware 210.245.90.208 - malware 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|