44101 |
2021-01-06 10:21
|
003982.xls 1d97c6cb50c4107498e4f0e76f539f0c Dridex VirusTotal Malware Creates executable files unpack itself malicious URLs Tofsee DNS |
|
2
www.penrithdentalimplants.com.au(160.153.76.195) - malware 160.153.76.195 - malware
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44102 |
2021-01-06 10:19
|
BavwKzfNo6hxk.dll 9d7b87ffd95d99fd6116b9903905ed5d VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44103 |
2021-01-06 10:12
|
5bYDAStoeJnLmro.exe 1c1bdd57483bbfbb497b4596be12b053 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows ComputerName DNS keylogger |
1
http://gtp.bg/opkl/fioli/zplk/apo/5DVxvgK9jn5gaBl.exe
|
3
gtp.bg(195.191.149.103) - malware 195.191.149.103 - malware 185.157.162.81 - mailcious
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
14.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44104 |
2021-01-06 10:12
|
9B6B5MH2MQOSO7G.doc 03f2d43afd5248f0c4a7e34089da69c5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://90.160.138.175/sky0n/x2nus7gtmp8t8a/mxtaujyzlcbjeezftz/03iu2y3/6ipl/8pefrtd31dtd390/ - rule_id: 207
|
5
www.dirgantaratuba.com(202.67.13.163) - mailcious astrologiaexistencial.com(31.22.4.141) - malware 90.160.138.175 - mailcious 202.67.13.163 - mailcious 31.22.4.141 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
|
5.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44105 |
2021-01-06 10:06
|
gfers.exe 46c84e26e75238c5c743e1e4a7f51291 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
3.2 |
M |
44 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44106 |
2021-01-06 10:01
|
ZyItXvsE7HAYNVDosaf9.dll 54137e29f5a9215a5149a8a500713bb7 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
21 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44107 |
2021-01-06 09:14
|
VUF3IMQ.doc 649f2a420a81de4b4ad455ad108ebcde Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://90.160.138.175/gmmgswaxcvsnd/0spw699n9j9/ - rule_id: 207 https://slimfitcaps.com/wp-content/iLkG5/
|
5
slimfitcaps.com(172.67.189.241) singaedental.vn(202.92.7.113) - malware 202.92.7.113 - malware 104.28.2.144 90.160.138.175 - mailcious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
|
5.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44108 |
2021-01-06 09:11
|
ZyItXvsE7HAYNVDosaf9.dll 54137e29f5a9215a5149a8a500713bb7 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44109 |
2021-01-05 18:00
|
Ko13uJi9Bl72A.dll baa3b73eb44661d2344fa8937abb80b6 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44110 |
2021-01-05 17:46
|
gfers.exe 46c84e26e75238c5c743e1e4a7f51291 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
3.0 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44111 |
2021-01-05 17:45
|
Ko13uJi9Bl72A.dll baa3b73eb44661d2344fa8937abb80b6 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44112 |
2021-01-05 17:23
|
7tehkFO89i.dll cb30d172ddbb89fba055752fbe2a1c40 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44113 |
2021-01-05 17:23
|
bQMEU4cxOsvWqLu.dll 10da945d47add24cb0a8772a6d377cfa VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44114 |
2021-01-05 16:12
|
6VT6V4ZZKLI.doc 9ee696912dd9b1abc7eac2bd9b7cd801 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://90.160.138.175/oqt97jtx/5rmr8fds69ow/dqe04z8lmj/5a3gk5d9qz8305/df0q28hhkzen3/ - rule_id: 207
|
3
etbnaman.com(103.237.147.16) - malware 103.237.147.16 - malware 90.160.138.175 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
|
5.2 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44115 |
2021-01-05 16:12
|
OXT1RTQ220SEKO8.doc 270cd0aeb2ee2dd4d04ebe2d03b64d47 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://90.160.138.175/58wgslo95s3gq3sv/ygfsd3jry7mcsqw/3o7ozd0s9824s0/55zg/r9png/ - rule_id: 207
|
3
etbnaman.com(103.237.147.16) - malware 103.237.147.16 - malware 90.160.138.175 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
|
5.2 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|