4036 |
2020-12-30 09:21
|
tvstream.exe d4e8d1e4ba215265ca1fdd24c9ed3f7f VirusTotal Malware Remote Code Execution |
|
|
|
|
2.2 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4037 |
2020-12-30 09:23
|
YZ3CK00V3KVPD.doc a31982ecb88498bb30b0c1a289d82c6b Vulnerability VirusTotal Malware Report Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee DNS |
|
8
helionspharmaceutical.com(172.67.189.103) - malware memoria.od.ua(185.104.45.30) - mailcious worldcologistics.co.za(160.119.100.67) - malware 185.104.45.30 - mailcious 24.164.79.147 - mailcious 104.24.120.146 - malware 160.119.100.67 - mailcious 74.58.215.226 - mailcious
|
2
ET CNC Feodo Tracker Reported CnC Server group 21 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.2 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4038 |
2020-12-30 09:28
|
ZohNSVMSsLytj.dll aab92f304b127261a0a7f917ab4276e5 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://50.116.111.59:8080/dcydx5/ - rule_id: 193
|
3
24.231.88.85 - mailcious 191.112.178.60 50.116.111.59 - mailcious
|
|
1
http://50.116.111.59:8080/
|
8.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4039 |
2020-12-30 09:28
|
x9eS7d.dll b15dfdca9f3d7c14563949783fa4daf5 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://50.116.111.59:8080/udn1isicxwj5ksmnsz6/4elpx67pbv2l/ - rule_id: 193
|
3
24.231.88.85 - mailcious 191.112.178.60 50.116.111.59 - mailcious
|
|
1
http://50.116.111.59:8080/
|
8.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4040 |
2020-12-30 09:33
|
ERDXZJAK.doc 04c998ae7de45ea30878d569d8dea6d1 Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee DNS |
|
8
helionspharmaceutical.com(104.24.121.146) - malware memoria.od.ua(185.104.45.30) - mailcious worldcologistics.co.za(160.119.100.67) - malware 185.104.45.30 - mailcious 74.58.215.226 - mailcious 24.164.79.147 - mailcious 104.24.120.146 - malware 160.119.100.67 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 21
|
|
6.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4041 |
2020-12-30 09:33
|
09191NF.doc 04c998ae7de45ea30878d569d8dea6d1 Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee DNS |
|
8
helionspharmaceutical.com(104.24.121.146) - malware memoria.od.ua(185.104.45.30) - mailcious worldcologistics.co.za(160.119.100.67) - malware 185.104.45.30 - mailcious 74.58.215.226 - mailcious 104.24.121.146 - malware 24.164.79.147 - mailcious 160.119.100.67 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 21
|
|
6.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4042 |
2020-12-30 09:37
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 |
|
|
|
|
0.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4043 |
2020-12-30 09:39
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 Check memory unpack itself DNS crashed |
1
http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\Q76T.dll
|
1
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
2.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4044 |
2020-12-30 09:44
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 |
|
|
|
|
0.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4045 |
2020-12-30 09:46
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 Check memory unpack itself DNS crashed |
1
http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\Q76T.dll
|
1
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
2.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4046 |
2020-12-30 09:51
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 Check memory unpack itself DNS crashed |
1
http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\Q76T.dll
|
1
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
2.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4047 |
2020-12-30 10:14
|
TnkthoJMeu.dll ea5a09ad213257d2a1532abffa385d18 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
2
http://189.34.18.252:8080/a4smd04v9/95qt4u2w2a8z1p/ysqs5zhmlme/46vvh5p00h47o8auu4/ http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\TnkthoJMeu.dll
|
2
189.34.18.252 175.208.134.150
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
6.2 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4048 |
2020-12-30 10:14
|
R7.dll 6f6baaa631eeefa34d5239badb2c0d50 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
2
http://189.34.18.252:8080/1p05p8m5/0a7wscccyrj8zo/7z8x/8xic/tb75d5y2hjq2/ http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\R7.dll
|
2
189.34.18.252 175.208.134.150
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
6.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4049 |
2020-12-30 10:37
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 Check memory unpack itself DNS crashed |
1
http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\Q76T.dll
|
1
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
2.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4050 |
2020-12-30 10:43
|
Q76T.dll bf6a524f5543cde20b6fb911edb2a467 unpack itself DNS crashed |
1
http://175.208.134.150:8282/analysis/api/tasks/PEAPI/?file=C:\Users\test22\AppData\Local\Temp\Q76T.dll
|
1
|
2
ET INFO Dotted Quad Host DLL Request ET POLICY Python-urllib/ Suspicious User Agent
|
|
2.0 |
|
|
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|