44416 |
2020-12-23 13:51
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/jkm4eyypp4uappkx/a0rrlyn10/ak1fug2ovhrxs/gb6rj5zmb0/o94sv/ - rule_id: 196
|
1
|
|
1
|
6.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44417 |
2020-12-23 13:48
|
f43.exe e67e2f09f38101d3682eba2af617a8c5 VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44418 |
2020-12-23 13:47
|
Diane_2018_returns.doc 07f7e97635adccf1135b253452cc47fb Vulnerability VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
3.8 |
M |
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44419 |
2020-12-23 13:44
|
CECS9YL4OC7AW8.doc f52e278d1d56ed7f0d5cd09f8e6d08d5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
3
http://amyzeng.net/content/mgms/ http://97.120.3.198/0mdm931xo0ychdl0/6cn5sxo7/p2ao2zavev7g9cjuds/jlud42nsfiiaoxg8k/uvmitufd/ - rule_id: 196 https://venuspowerbd.com/wp-includes/bLm/
|
7
datnenduanbd.com(210.245.90.208) - malware amyzeng.net(205.144.171.209) - mailcious venuspowerbd.com(104.27.181.221) 205.144.171.209 - mailcious 97.120.3.198 - mailcious 210.245.90.208 - malware 104.27.181.221
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44420 |
2020-12-23 13:42
|
build_startup.exe ae28df7eb1cddda055053dbf5cc556ce VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44421 |
2020-12-23 13:34
|
9L6NPNJB.doc 13e0972d407a347a35d44dca0080a27d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/btuehuqtkrb0ibu7/xirc1xkv/1mf5qindjg0ykvbxzh/thnl1tg9iy3mppm8n/9dej4uiq/ - rule_id: 196
|
3
datnenduanbd.com(210.245.90.208) - malware 210.245.90.208 - malware 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44422 |
2020-12-23 13:34
|
82O7XX8LP0AKG9.doc 69f970011332ae6d1b5c9b98886ebe3b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://97.120.3.198/b1ttpr1i/ - rule_id: 196
|
3
sanolifescence.com(208.91.198.172) - malware 208.91.198.172 - mailcious 97.120.3.198 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44423 |
2020-12-23 13:08
|
LINIG1Z.doc f1ed9571a969ecebf7e5e1f0768336c9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
4
http://amyzeng.net/content/mgms/ http://97.120.3.198/npzsqjlv/3h2htoqb/timo/ - rule_id: 196 http://sancydubai.com/setupconfigo/R9/ https://venuspowerbd.com/wp-includes/bLm/
|
9
venuspowerbd.com(172.67.166.190) sancydubai.com(110.4.45.160) sanolifescence.com(208.91.198.172) - malware amyzeng.net(205.144.171.209) - mailcious 205.144.171.209 - mailcious 97.120.3.198 - mailcious 104.27.180.221 110.4.45.160 - mailcious 208.91.198.172 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44424 |
2020-12-23 12:41
|
7ONWZZWVQZV7.doc de62e3ce6088a4742ac8ead8bfd71ef4 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://97.120.3.198/yynzcu3q4ocs9o0k/b6u0scoymindb/38m954s6s0c/ - rule_id: 196 http://97.120.3.198/yynzcu3q4ocs9o0k/b6u0scoymindb/38m954s6s0c/
|
3
atom.lk(175.41.138.238) - malware 97.120.3.198 175.41.138.238 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44425 |
2020-12-23 12:41
|
7YRR598JDUSY.doc 6a129baf7b95f27a985be69e4bc724c9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
2
http://97.120.3.198/ttghgpkfjr9bnyso/ - rule_id: 196 http://97.120.3.198/ttghgpkfjr9bnyso/
|
3
atom.lk(175.41.138.238) - malware 97.120.3.198 175.41.138.238 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
|
5.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44426 |
2020-12-23 12:33
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
2
http://97.120.3.198/r224zkzx/ - rule_id: 196 http://97.120.3.198/r224zkzx/
|
1
|
|
1
|
6.2 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44427 |
2020-12-23 12:32
|
w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
2.0 |
M |
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44428 |
2020-12-23 12:30
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://97.120.3.198/foeuwp3z13m2jdpv/t7j190p8ral1plmlgj/g38w/9bfifl7z1/65bhmg/
|
1
|
|
|
6.6 |
M |
13 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44429 |
2020-12-23 11:12
|
ntB.dll 4da066bbfe178014ed1042ce90b87ab0 VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44430 |
2020-12-23 10:43
|
win7.exe 58bb1a095ab728f240d716b54891470b VirusTotal Malware PDB MachineGuid Code Injection unpack itself Tofsee ComputerName DNS |
2
https://11211211212.ml/image https://11211211212.ml/r8Kh
|
2
11211211212.ml(104.31.73.187) 172.67.176.45
|
3
ET INFO DNS Query for Suspicious .ml Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Suspicious Domain (*.ml) in TLS SNI
|
|
6.0 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|