43681 |
2021-01-27 15:30
|
para.exe 8c04fcb936e6be3d9f302b0c4660c4ac suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName crashed |
|
|
|
|
10.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43682 |
2021-01-27 15:20
|
o69kjc9e.rar.exe f3debc322cdac5938c03a25c7c89516f VirusTotal Malware PDB unpack itself DNS crashed |
|
|
|
|
2.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43683 |
2021-01-27 15:19
|
p2ab9p.zip.exe 26a9b51bc3553cf98b7da27cc99c31c9 VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.2 |
M |
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43684 |
2021-01-27 15:11
|
85b936960fbe5100_eternalblue-2... 8c80dd97c37525927c1e549cb59bcbf3 VirusTotal Malware |
|
|
|
|
1.2 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43685 |
2021-01-27 15:03
|
MAPE_Form.dotm fe0bf435223e2603b8deb3125a522a05 VirusTotal Malware Code Injection buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
28
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff https://fonts.googleapis.com/css?family=YouTube+Sans:400,500 https://www.youtube.com/s/desktop/2a49de5e/cssbin/www-main-desktop-watch-page-skeleton.css https://www.youtube.com/s/desktop/2a49de5e/jsbin/network.vflset/network.js https://www.youtube.com/s/desktop/2a49de5e/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js https://www.youtube.com/s/player/c6df6ed7/player_ias.vflset/ko_KR/base.js https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg=%EA%B0%9C%EC%B2%B4%EA%B0%80%20%ED%95%84%EC%9A%94%ED%95%A9%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F2a49de5e%2Fjsbin%2Fweb-animations-next-lite.min.vflset%2Fweb-animations-next-lite.min.js&line=68 https://fonts.googleapis.com/css?family=YT%20Sans%3A300%2C500%2C700 https://www.youtube.com/s/desktop/2a49de5e/cssbin/www-onepick.css https://www.youtube.com/s/desktop/2a49de5e/jsbin/spf.vflset/spf.js https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg='Uint8Array'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fplayer%2Fc6df6ed7%2Fplayer_ias.vflset%2Fko_KR%2Fbase.js&line=5985 https://www.youtube.com/s/desktop/2a49de5e/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js https://www.youtube.com/s/desktop/2a49de5e/jsbin/scheduler.vflset/scheduler.js https://www.youtube.com/s/desktop/2a49de5e/img/favicon.ico https://www.youtube.com/s/desktop/2a49de5e/jsbin/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.js https://r4---sn-3u-bh2l7.googlevideo.com/generate_204 https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://r4---sn-3u-bh2l7.googlevideo.com/generate_204?conn2 https://www.youtube.com/s/player/c6df6ed7/www-player.css https://fonts.googleapis.com/css?family=Roboto:500,300,700,400 https://www.youtube.com/s/desktop/2a49de5e/jsbin/fetch-polyfill.vflset/fetch-polyfill.js https://www.youtube.com/watch?v=dQw4w9WgXcQ https://www.youtube.com/s/desktop/2a49de5e/jsbin/www-i18n-constants-ko_KR.vflset/www-i18n-constants.js https://www.youtube.com/s/desktop/2a49de5e/cssbin/www-main-desktop-player-skeleton.css https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg='MutationObserver'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F2a49de5e%2Fjsbin%2Fwebcomponents-lite-noPatch.vflset%2Fwebcomponents-lite-noPatch.js&line=119 https://www.youtube.com/error_204?t=jserror&level=ERROR&client.name=1&client.version=2.20210125.08.03&msg=%EA%B5%AC%EB%AC%B8%20%EC%98%A4%EB%A5%98&type=Error&client.params=unhandled%20window%20error&file=https%3A%2F%2Fwww.youtube.com%2Fs%2Fdesktop%2F2a49de5e%2Fjsbin%2Fdesktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset%2Fdesktop_polymer_inlined_html_polymer_flags_legacy_browsers.js&line=4 https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=ko
|
14
ssl.gstatic.com(172.217.174.99) www.youtube.com(172.217.175.110) fonts.googleapis.com(172.217.25.74) i.ytimg.com(172.217.25.86) accounts.google.com(172.217.175.13) fonts.gstatic.com(172.217.175.227) r4---sn-3u-bh2l7.googlevideo.com(59.18.35.143) 64.233.188.119 74.125.203.94 108.177.97.94 108.177.97.95 59.18.35.143 64.233.189.84 74.125.204.91
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43686 |
2021-01-27 15:00
|
ns7gtza2.rar.exe 1b870dab19a3650ab790037ae327b7cb VirusTotal Malware |
|
|
|
|
1.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43687 |
2021-01-27 14:58
|
IMG_4785.pdf.exe 25fcc01067cabbf5d1aa3a2f8b18ed50 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows DNS Cryptographic key |
4
http://www.madammomala.info/bsl/?qL3=+ZwSRmDSPXpnVU5c+38lXy4rh+WDOEOV1k/RgRyRnPpECBPi4ObUetl02V3VUCJTX3QQ/o/X&3f_X2=kpZXHlWxAfqdQXup http://www.laceystrucking.com/bsl/?qL3=tD7KIB4YMxgNUYCNFNm15ZE2osRYXtUoOGDEj1cmF3/W/xOgZv90cabzi8TtXXUSXZqgiDno&3f_X2=kpZXHlWxAfqdQXup http://www.joebowmanforlafayette.com/bsl/?qL3=2deXQSyIpDVQyz8fs6hVPgf3+6twg2h1etps1VHqR3p/fJdAuFWKnEVDcDkI54rWg3KKrOvq&3f_X2=kpZXHlWxAfqdQXup https://www.google.com/
|
8
www.honeyandtuelle.com() www.madammomala.info(34.102.136.180) www.joebowmanforlafayette.com(34.102.136.180) www.laceystrucking.com(34.98.99.30) www.google.com(172.217.31.132) 74.125.203.99 - suspicious 34.102.136.180 - mailcious 34.98.99.30 - phishing
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43688 |
2021-01-27 14:56
|
IMG_00567.pdf.exe 91aea7e2009d695444eb2a370b45cc97 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150 https://www.google.com/
|
7
www.google.com(172.217.31.132) freegeoip.app(104.21.19.200) checkip.dyndns.org(162.88.193.70) 131.186.113.70 64.233.189.147 108.177.125.103 172.67.188.154
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
16.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43689 |
2021-01-27 14:54
|
IMG_4785.pdf.exe 25fcc01067cabbf5d1aa3a2f8b18ed50 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Cryptographic key |
1
|
2
www.google.com(172.217.31.132) 64.233.189.147
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43690 |
2021-01-27 14:49
|
games.exe f36d70635deceb5f5bcaae2227834aa1 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS |
2
http://www.ideasdelvino.com/z9n/?ETUTzJn=SWaZBobMM6KZgik+Txauq59BvJutKcRkHyb7z+kHmOhp8CFMx5KjNV74FeCdUa0IB3c4Kl/f&DxoHR=VDKPcDthqx4LOr http://www.dopegamempire.com/z9n/?DxoHR=VDKPcDthqx4LOr&ETUTzJn=OXhSzZoKjDI6x3DAn9GWb9BcokgLr8ZnZxrd8bEkbSfHCVQ9TZDgllOtsdbPkRDdkMvWxb4R
|
4
www.ideasdelvino.com(107.180.55.13) www.dopegamempire.com(45.33.2.79) 96.126.123.244 - suspicious 107.180.55.13 - mailcious
|
|
|
10.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43691 |
2021-01-27 14:47
|
fyn3k7.rar.exe 9d41e73e80b3e6633600d32940385577 VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43692 |
2021-01-27 14:42
|
Cubebs.exe cda4ff1329d67b3028c09e07de2f6324 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs suspicious TLD installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://188.119.112.224:81/ https://c.grinchim.ru/HoAfvEUrGfVR https://api.ip.sb/geoip
|
9
WHOIS.APNIC.NET(172.104.77.201) c.grinchim.ru(81.177.165.241) whois.iana.org(192.0.32.59) api.ip.sb(104.26.13.31) 172.104.77.201 192.0.32.59 104.26.12.31 188.119.112.224 81.177.165.241
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
|
14.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43693 |
2021-01-27 14:34
|
document.doc 612cbefcc52ad75af7c64823ed1ec1f6 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader |
1
http://192.3.141.142/vbc/vbc.exe
|
1
192.3.141.142 - mailcious
|
6
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.8 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43694 |
2021-01-27 13:40
|
CIC.exe 695be8b55823d27ad1037784c0670231 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed keylogger |
|
2
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu(172.111.156.41) 172.111.156.41
|
|
|
14.4 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43695 |
2021-01-27 13:38
|
5319402.jpg.exe 6db4605bfef52804e9d73a4be0a2c7fc |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|