| 3886 |
2020-12-23 09:16
|
uwyoiynmmqopx.exe e7e96c9207162499c8a9ab553d8855e9
VirusTotal Malware |
|
|
|
|
2.0 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3887 |
2020-12-23 09:18
|
LP39W4L.doc 9f6785612b0ce7efbc9558ba9f51c043
Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://50.116.111.59:8080/588upizw9mn4bjd3/ - rule_id: 193
|
7
infosisconsultancy.com(166.62.27.186) - malware
heaventoearth.com(50.62.198.97) - malware
166.62.27.186 - malware
197.87.160.216 - mailcious
78.188.225.105 - mailcious
50.62.198.97 - malware
50.116.111.59 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
http://50.116.111.59:8080/
|
7.6 |
M |
32 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3888 |
2020-12-23 09:29
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8
VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3889 |
2020-12-23 09:31
|
vbc.exe db542dfd79175f5c8c0ab1f20a8fe1d1
VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
10.8 |
M |
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3890 |
2020-12-23 10:40
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8
VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3891 |
2020-12-23 10:43
|
win7.exe 58bb1a095ab728f240d716b54891470b
VirusTotal Malware PDB MachineGuid Code Injection unpack itself Tofsee ComputerName DNS |
2
https://11211211212.ml/image
https://11211211212.ml/r8Kh
|
2
11211211212.ml(104.31.73.187)
172.67.176.45
|
3
ET INFO DNS Query for Suspicious .ml Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Suspicious Domain (*.ml) in TLS SNI
|
|
6.0 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3892 |
2020-12-23 11:12
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3893 |
2020-12-23 12:30
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/foeuwp3z13m2jdpv/t7j190p8ral1plmlgj/g38w/9bfifl7z1/65bhmg/
|
1
|
|
|
6.6 |
M |
13 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3894 |
2020-12-23 12:32
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8
VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3895 |
2020-12-23 12:33
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0
VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
2
http://97.120.3.198/r224zkzx/ - rule_id: 196
http://97.120.3.198/r224zkzx/
|
1
|
|
1
|
6.2 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3896 |
2020-12-23 12:41
|
7YRR598JDUSY.doc 6a129baf7b95f27a985be69e4bc724c9
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://97.120.3.198/ttghgpkfjr9bnyso/ - rule_id: 196
http://97.120.3.198/ttghgpkfjr9bnyso/
|
3
atom.lk(175.41.138.238) - malware
97.120.3.198
175.41.138.238 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3897 |
2020-12-23 12:41
|
7ONWZZWVQZV7.doc de62e3ce6088a4742ac8ead8bfd71ef4
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://97.120.3.198/yynzcu3q4ocs9o0k/b6u0scoymindb/38m954s6s0c/ - rule_id: 196
http://97.120.3.198/yynzcu3q4ocs9o0k/b6u0scoymindb/38m954s6s0c/
|
3
atom.lk(175.41.138.238) - malware
97.120.3.198
175.41.138.238 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3898 |
2020-12-23 13:08
|
LINIG1Z.doc f1ed9571a969ecebf7e5e1f0768336c9
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
4
http://amyzeng.net/content/mgms/
http://97.120.3.198/npzsqjlv/3h2htoqb/timo/ - rule_id: 196
http://sancydubai.com/setupconfigo/R9/
https://venuspowerbd.com/wp-includes/bLm/
|
9
venuspowerbd.com(172.67.166.190)
sancydubai.com(110.4.45.160)
sanolifescence.com(208.91.198.172) - malware
amyzeng.net(205.144.171.209) - mailcious
205.144.171.209 - mailcious
97.120.3.198 - mailcious
104.27.180.221
110.4.45.160 - mailcious
208.91.198.172 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3899 |
2020-12-23 13:34
|
82O7XX8LP0AKG9.doc 69f970011332ae6d1b5c9b98886ebe3b
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/b1ttpr1i/ - rule_id: 196
|
3
sanolifescence.com(208.91.198.172) - malware
208.91.198.172 - mailcious
97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3900 |
2020-12-23 13:34
|
9L6NPNJB.doc 13e0972d407a347a35d44dca0080a27d
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/btuehuqtkrb0ibu7/xirc1xkv/1mf5qindjg0ykvbxzh/thnl1tg9iy3mppm8n/9dej4uiq/ - rule_id: 196
|
3
datnenduanbd.com(210.245.90.208) - malware
210.245.90.208 - malware
97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|