44176 |
2021-01-03 14:16
|
cred.dll 526e74e4e696af9cfd742bbd8d05889e FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software |
|
4
foflikenoiujiiik.cn() joikilloiujjtyaaa.xyz() 172.67.219.133 - mailcious 157.90.24.103 - malware
|
|
|
6.2 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44177 |
2021-01-03 14:08
|
55555555555.jpg.exe 2841c67f91561d42cdd8aca3b1150731 DNS |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44178 |
2021-01-03 14:08
|
102w.png.exe 331d3b10b6a34a95ec04b847b948d5b7 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key |
2
http://paste.ee/r/75Qgb https://paste.ee/r/75Qgb
|
2
paste.ee(172.67.219.133) - mailcious 172.67.219.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44179 |
2020-12-31 16:45
|
ZY8GA4.doc 2154178028c6e1626fc45b2c83962491 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/9ivdyj6k8wrm/ddkq4l5w5ymvfnjm/dbpmmoid33w6lf8x/ocob9bqonh/ok0dwqy5ammxv7l/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44180 |
2020-12-31 16:43
|
TX2UBEUC.doc 2154178028c6e1626fc45b2c83962491 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/leec23t/tkqbcei/zli06nbp52/pm4lus2k2vtow0j/vfyp74/nimbm9hwewjms53/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44181 |
2020-12-31 16:15
|
YczjMrrnzVVCORolbHHw.dll 17a80dcb775ebccf6f8d3441ac8ff622 VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
1
113.161.176.235 - mailcious
|
|
|
6.4 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44182 |
2020-12-31 15:59
|
NK44ITE3X.doc 2154178028c6e1626fc45b2c83962491 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/veqe5/e54wlr7z77xrhodew/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44183 |
2020-12-31 15:58
|
scr.dll f2c9485d6c488bb661d327ac959e56de VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS crashed |
1
http://157.90.24.103//hx33jnDw/index.php?scr=up
|
2
foflikenoiujiiik.cn() 157.90.24.103 - malware
|
|
|
4.8 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44184 |
2020-12-31 15:55
|
1U1F9BOcwVrRM0J.dll b7326f6246a4c5e08d90897900660900 VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://75.188.107.174/fx650zzy1zc/phzc/kxxzmhl7h8d4c9lmb5u/8crbo5dlqhgz2up/ - rule_id: 205
|
1
75.188.107.174 - mailcious
|
|
1
|
6.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44185 |
2020-12-31 15:32
|
V9QJM2C2BBM7QG7.doc 79c004a06cceb9354d0594fae694af00 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/s0yd7yp7n/wgqy6mlldi3/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44186 |
2020-12-31 15:31
|
vsoeWPBWj1JsLqYruxx.dll b8a8f73418dced6cd67b55ad24e691dc VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://152.170.79.100/s5hq9s/ - rule_id: 206
|
1
152.170.79.100 - mailcious
|
|
1
|
6.2 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44187 |
2020-12-31 15:00
|
PU6FN9INXRSX2C.doc e2aeeff4593a9dc0e95c940bb9b1181b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/xybnnef6j/v6ftcncnv2dmbg/sg2hpkhfc/8ou1vdztcg84kkn11vk/0p8dk85rlw6a7nx1jc/b7hwxulnff8y03/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44188 |
2020-12-31 14:59
|
T9j3bniXM.dll eabea1b359270f5e4f337ed4fd39860c VirusTotal Malware PDB Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://113.161.176.235/cab0vg6ka/6nf7fnrcg/v1om09gg7t667lc1u3/on6uz2ytk8/
|
1
|
|
|
6.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44189 |
2020-12-31 14:40
|
books.exe 5fe9efd4908ab33dd783f31f25eae08f VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44190 |
2020-12-31 14:14
|
JJV2WAM631N5.doc bdf9b5091abe7bae99a44f9558d756e5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://75.188.107.174/prnr3xdpqou2k/fxpnq0/acan3im7hcc/agz1jtgfuqj/ - rule_id: 205
|
3
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.4 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|