4096 |
2020-12-30 17:29
|
dsyyLswkDAIIRcg.dll d881de90914041df469bf0576734130b VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
2
59.21.235.119 - mailcious 173.70.61.180 - mailcious
|
|
|
8.2 |
M |
46 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4097 |
2020-12-30 17:37
|
gWXLyGJuPM4JPivizx.dll ceb2ce1bfe85ce7351be8b94de4b20ee VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://138.197.99.250:8080/j9qpqfdtlp/
|
3
138.197.99.250 93.149.120.214 - mailcious 82.208.146.142
|
|
|
8.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4098 |
2020-12-30 17:51
|
PTVqbey4bnBm.dll db3572cb1e8682908b363983da4c9fb7 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://178.153.27.12/xf5tqs6lfw3qmk/0yq6ky5fbrelnwg3nf0/90psq020/ - rule_id: 204
|
1
178.153.27.12 - mailcious
|
|
1
|
6.2 |
M |
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4099 |
2020-12-30 17:54
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/ejj58zwb/ - rule_id: 196
|
1
|
|
1
|
6.8 |
M |
52 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4100 |
2020-12-30 18:04
|
Xuddv7LiKgFEHF27FY3jB.dll b390b17bc1f032dcb370549abcb49205 VirusTotal Malware Report Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
2
24.164.79.147 - mailcious 74.58.215.226 - mailcious
|
1
ET CNC Feodo Tracker Reported CnC Server group 21
|
|
7.4 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4101 |
2020-12-30 18:05
|
ZI5536TF.doc 298892eb6a94f41c24ccba36c341a77f Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://www.adnlight.com/ https://www.adnlight.com/
|
12
thexanhmy.com(103.116.105.65) - malware www.shortnr.xyz(205.196.222.8) - mailcious www.taylordbackups.com(104.28.18.100) - mailcious www.adnlight.com(31.24.154.183) - malware nicoblogroms.com(172.67.163.254) - mailcious valenciancountry.com(151.80.40.117) - malware 151.80.40.117 - malware 31.24.154.183 - malware 172.67.163.254 104.28.19.100 - mailcious 205.196.222.8 - mailcious 103.116.105.65 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4102 |
2020-12-30 18:30
|
DZ1GPOH49JRK1.doc 5bcaee3599cf4762fd2345aac917fd8f Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.trueapparels.com/a/4k/ http://www.mypostletter.com/wp-admin/G3/
|
5
www.mypostletter.com(47.241.129.57) www.trueapparels.com(64.20.53.58) 64.20.53.58 47.241.129.57 74.58.215.226 - mailcious
|
6
ET CNC Feodo Tracker Reported CnC Server group 21 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
4.6 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4103 |
2020-12-30 18:50
|
g9fgwEaSg8NUT6X8.dll bd1fb34a45fa07357af5b379340d997c VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://93.149.120.214/6fbvj254/l1v6lswb/h1e2noz/whdm08h/5zloafbtb133e/ - rule_id: 203
|
1
93.149.120.214 - mailcious
|
|
1
|
7.0 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4104 |
2020-12-30 18:50
|
BL3997.doc 2ebac4353a881a01515150e9c1598934 Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.trueapparels.com/a/4k/ http://www.mypostletter.com/wp-admin/G3/
|
6
www.mypostletter.com(47.241.129.57) www.trueapparels.com(64.20.53.58) 64.20.53.58 47.241.129.57 24.164.79.147 - mailcious 74.58.215.226 - mailcious
|
6
ET INFO Packed Executable Download ET CNC Feodo Tracker Reported CnC Server group 21 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.0 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4105 |
2020-12-30 18:55
|
KW25AR4OpIrgIfw.dll 5388bc21fa102df9331abd7c8b32e66e VirusTotal Malware Report Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs Windows Advertising ComputerName DNS Cryptographic key |
|
2
24.164.79.147 - mailcious 74.58.215.226 - mailcious
|
1
ET CNC Feodo Tracker Reported CnC Server group 21
|
|
7.0 |
M |
24 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4106 |
2020-12-30 18:55
|
JJPX4EERMI7KC.doc 9576626f10e9f3f26788b625f9d649a0 Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://www.trueapparels.com/a/4k/ http://www.mypostletter.com/wp-admin/G3/
|
6
www.mypostletter.com(47.241.129.57) www.trueapparels.com(64.20.53.58) 74.58.215.226 - mailcious 64.20.53.58 24.164.79.147 - mailcious 47.241.129.57
|
6
ET CNC Feodo Tracker Reported CnC Server group 21 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.0 |
M |
15 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4107 |
2020-12-30 19:09
|
picture.png.exe 918a2ef3ed55b2722bb22060fb13140b Dridex TrickBot Malware suspicious privilege buffers extracted RWX flags setting unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed |
|
3
117.222.63.100 177.11.12.93 182.16.187.251
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
4.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4108 |
2020-12-30 19:14
|
JJPX4EERMI7KC.doc 9576626f10e9f3f26788b625f9d649a0 Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself Windows DNS |
|
4
www.mypostletter.com(47.241.129.57) - mailcious 47.241.129.57 - mailcious 24.164.79.147 - mailcious 74.58.215.226 - mailcious
|
5
ET CNC Feodo Tracker Reported CnC Server group 21 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.2 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4109 |
2020-12-31 09:13
|
app.exe 7fc1e0f14f99e5ecb3d66d06c4a8c580 VirusTotal Malware unpack itself malicious URLs Remote Code Execution |
|
|
|
|
3.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4110 |
2020-12-31 09:13
|
MTT5J3TPHW.doc fb755d47957eb0d56e6fcb9698f8eee6 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://75.188.107.174/8zpg0k8c2h/orx0v4569s/1oznmurxe1/ymr59b/qpmk/ http://mediatorstewart.com/service-msc/3zZLr/
|
3
mediatorstewart.com(192.169.217.36) 75.188.107.174 192.169.217.36
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
5.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|