| 43681 |
2021-01-27 15:30
|
para.exe 8c04fcb936e6be3d9f302b0c4660c4ac
suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName crashed |
|
|
|
|
10.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43682 |
2021-01-27 15:20
|
o69kjc9e.rar.exe f3debc322cdac5938c03a25c7c89516f
VirusTotal Malware PDB unpack itself DNS crashed |
|
|
|
|
2.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43683 |
2021-01-27 15:19
|
p2ab9p.zip.exe 26a9b51bc3553cf98b7da27cc99c31c9
VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.2 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43684 |
2021-01-27 15:11
|
85b936960fbe5100_eternalblue-2... 8c80dd97c37525927c1e549cb59bcbf3
VirusTotal Malware |
|
|
|
|
1.2 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43685 |
2021-01-27 15:03
|
MAPE_Form.dotm fe0bf435223e2603b8deb3125a522a05
VirusTotal Malware Code Injection buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
28
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff
https://fonts.googleapis.com/css?family=YouTube+Sans:400,500
https://www.youtube.com/s/desktop/2a49de5e/cssbin/www-main-desktop-watch-page-skeleton.css
https://www.youtube.com/s/desktop/2a49de5e/jsbin/network.vflset/network.js
https://www.youtube.com/s/desktop/2a49de5e/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js
https://www.youtube.com/s/player/c6df6ed7/player_ias.vflset/ko_KR/base.js
https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg=%EA%B0%9C%EC%B2%B4%EA%B0%80%20%ED%95%84%EC%9A%94%ED%95%A9%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F2a49de5e%2Fjsbin%2Fweb-animations-next-lite.min.vflset%2Fweb-animations-next-lite.min.js&line=68
https://fonts.googleapis.com/css?family=YT%20Sans%3A300%2C500%2C700
https://www.youtube.com/s/desktop/2a49de5e/cssbin/www-onepick.css
https://www.youtube.com/s/desktop/2a49de5e/jsbin/spf.vflset/spf.js
https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg='Uint8Array'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fplayer%2Fc6df6ed7%2Fplayer_ias.vflset%2Fko_KR%2Fbase.js&line=5985
https://www.youtube.com/s/desktop/2a49de5e/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
https://www.youtube.com/s/desktop/2a49de5e/jsbin/scheduler.vflset/scheduler.js
https://www.youtube.com/s/desktop/2a49de5e/img/favicon.ico
https://www.youtube.com/s/desktop/2a49de5e/jsbin/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.js
https://r4---sn-3u-bh2l7.googlevideo.com/generate_204
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
https://r4---sn-3u-bh2l7.googlevideo.com/generate_204?conn2
https://www.youtube.com/s/player/c6df6ed7/www-player.css
https://fonts.googleapis.com/css?family=Roboto:500,300,700,400
https://www.youtube.com/s/desktop/2a49de5e/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
https://www.youtube.com/watch?v=dQw4w9WgXcQ
https://www.youtube.com/s/desktop/2a49de5e/jsbin/www-i18n-constants-ko_KR.vflset/www-i18n-constants.js
https://www.youtube.com/s/desktop/2a49de5e/cssbin/www-main-desktop-player-skeleton.css
https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg='MutationObserver'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F2a49de5e%2Fjsbin%2Fwebcomponents-lite-noPatch.vflset%2Fwebcomponents-lite-noPatch.js&line=119
https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg=%EA%B5%AC%EB%AC%B8%20%EC%98%A4%EB%A5%98&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F2a49de5e%2Fjsbin%2Fdesktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset%2Fdesktop_polymer_inlined_html_polymer_flags_legacy_browsers.js&line=4
https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=ko
|
14
ssl.gstatic.com(172.217.174.99)
www.youtube.com(172.217.175.110)
fonts.googleapis.com(172.217.25.74)
i.ytimg.com(172.217.25.86)
accounts.google.com(172.217.175.13)
fonts.gstatic.com(172.217.175.227)
r4---sn-3u-bh2l7.googlevideo.com(59.18.35.143)
64.233.188.119
74.125.203.94
108.177.97.94
108.177.97.95
59.18.35.143
64.233.189.84
74.125.204.91
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43686 |
2021-01-27 15:00
|
ns7gtza2.rar.exe 1b870dab19a3650ab790037ae327b7cb
VirusTotal Malware |
|
|
|
|
1.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43687 |
2021-01-27 14:58
|
IMG_4785.pdf.exe 25fcc01067cabbf5d1aa3a2f8b18ed50
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows DNS Cryptographic key |
4
http://www.madammomala.info/bsl/?qL3=+ZwSRmDSPXpnVU5c+38lXy4rh+WDOEOV1k/RgRyRnPpECBPi4ObUetl02V3VUCJTX3QQ/o/X&3f_X2=kpZXHlWxAfqdQXup
http://www.laceystrucking.com/bsl/?qL3=tD7KIB4YMxgNUYCNFNm15ZE2osRYXtUoOGDEj1cmF3/W/xOgZv90cabzi8TtXXUSXZqgiDno&3f_X2=kpZXHlWxAfqdQXup
http://www.joebowmanforlafayette.com/bsl/?qL3=2deXQSyIpDVQyz8fs6hVPgf3+6twg2h1etps1VHqR3p/fJdAuFWKnEVDcDkI54rWg3KKrOvq&3f_X2=kpZXHlWxAfqdQXup
https://www.google.com/
|
8
www.honeyandtuelle.com()
www.madammomala.info(34.102.136.180)
www.joebowmanforlafayette.com(34.102.136.180)
www.laceystrucking.com(34.98.99.30)
www.google.com(172.217.31.132)
74.125.203.99 - suspicious
34.102.136.180 - mailcious
34.98.99.30 - phishing
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43688 |
2021-01-27 14:56
|
IMG_00567.pdf.exe 91aea7e2009d695444eb2a370b45cc97
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
https://www.google.com/
|
7
www.google.com(172.217.31.132)
freegeoip.app(104.21.19.200)
checkip.dyndns.org(162.88.193.70)
131.186.113.70
64.233.189.147
108.177.125.103
172.67.188.154
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
16.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43689 |
2021-01-27 14:54
|
IMG_4785.pdf.exe 25fcc01067cabbf5d1aa3a2f8b18ed50
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Cryptographic key |
1
|
2
www.google.com(172.217.31.132)
64.233.189.147
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43690 |
2021-01-27 14:49
|
games.exe f36d70635deceb5f5bcaae2227834aa1
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS |
2
http://www.ideasdelvino.com/z9n/?ETUTzJn=SWaZBobMM6KZgik+Txauq59BvJutKcRkHyb7z+kHmOhp8CFMx5KjNV74FeCdUa0IB3c4Kl/f&DxoHR=VDKPcDthqx4LOr
http://www.dopegamempire.com/z9n/?DxoHR=VDKPcDthqx4LOr&ETUTzJn=OXhSzZoKjDI6x3DAn9GWb9BcokgLr8ZnZxrd8bEkbSfHCVQ9TZDgllOtsdbPkRDdkMvWxb4R
|
4
www.ideasdelvino.com(107.180.55.13)
www.dopegamempire.com(45.33.2.79)
96.126.123.244 - suspicious
107.180.55.13 - mailcious
|
|
|
10.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43691 |
2021-01-27 14:47
|
fyn3k7.rar.exe 9d41e73e80b3e6633600d32940385577
VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43692 |
2021-01-27 14:42
|
Cubebs.exe cda4ff1329d67b3028c09e07de2f6324
Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs suspicious TLD installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://188.119.112.224:81/
https://c.grinchim.ru/HoAfvEUrGfVR
https://api.ip.sb/geoip
|
9
WHOIS.APNIC.NET(172.104.77.201)
c.grinchim.ru(81.177.165.241)
whois.iana.org(192.0.32.59)
api.ip.sb(104.26.13.31)
172.104.77.201
192.0.32.59
104.26.12.31
188.119.112.224
81.177.165.241
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
14.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43693 |
2021-01-27 14:34
|
document.doc 612cbefcc52ad75af7c64823ed1ec1f6
VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://192.3.141.142/vbc/vbc.exe
|
1
192.3.141.142 - mailcious
|
6
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.8 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43694 |
2021-01-27 13:40
|
CIC.exe 695be8b55823d27ad1037784c0670231
VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed keylogger |
|
2
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu(172.111.156.41)
172.111.156.41
|
|
|
14.4 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43695 |
2021-01-27 13:38
|
5319402.jpg.exe 6db4605bfef52804e9d73a4be0a2c7fc |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|