44446 |
2020-12-22 16:24
|
Paradox.exe 18db4025efcafb1584789e0fbdd3db2a VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
3.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44447 |
2020-12-22 16:22
|
Paradox.exe 18db4025efcafb1584789e0fbdd3db2a VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
3.0 |
|
33 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44448 |
2020-12-22 16:10
|
reg.exe c62b1e8e806ff0d93d1579721f2b2052 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Cryptographic key crashed |
|
|
|
|
11.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44449 |
2020-12-22 15:11
|
Update.exe 808e1ade2dea30a742f120a5a26d6a32 VirusTotal Malware malicious URLs WriteConsoleW |
|
2
gore.p-e.kr(125.185.111.249) 125.185.111.249
|
|
|
3.2 |
|
59 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44450 |
2020-12-22 14:31
|
X00KP2W7CTZ.doc c58f6dbd86dd09e812f520b2f72fa2af Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://50.116.111.59:8080/np8osc7cezebsbzl/gniv579yd875/ufd81we87xk5vib/ - rule_id: 193
|
9
musickidsprogram.com(107.180.20.91) - malware schooldz.co(70.32.23.73) - malware amartaka.net(104.18.54.1) - mailcious 107.180.20.91 - malware 197.87.160.216 - mailcious 78.188.225.105 - mailcious 104.18.54.1 - mailcious 70.32.23.73 - malware 50.116.111.59 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44451 |
2020-12-22 14:31
|
XZ30IV23MGAC.doc 95f5812b150c3ddf46908e4d65efa830 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://50.116.111.59:8080/b9kcyola7sbskse2/lwiehhm3ps08of/io22rg2ehwdh7s7nhz/f9uarwk51l5wl22uj/iki45m25lmdch9/ - rule_id: 193
|
5
palladium.tdmcdev.co.za(197.242.155.144) - malware 197.87.160.216 - mailcious 197.242.155.144 - malware 50.116.111.59 - mailcious 78.188.225.105 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44452 |
2020-12-22 13:30
|
L8MICS8W8.doc ab0df6e0ad74541979d7eeaf71f88c74 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://50.116.111.59:8080/lkbgvh2j/3hkkiis/k3dz5b15z/ - rule_id: 193
|
5
schooldz.co(70.32.23.73) - malware 197.87.160.216 - mailcious 78.188.225.105 - mailcious 70.32.23.73 - malware 50.116.111.59 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44453 |
2020-12-22 13:30
|
OXZ5JY.doc 4f0f77186bc4b10b8f897f0313c6cda5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://50.116.111.59:8080/au1q53vri3b5bgwn/i9ctnnaupsppu1/y4msoks89pdgoaff6d/37efkvoe55gygohun/t3f0lb516v51y6/ - rule_id: 193
|
7
enableinfosolutions.com(166.62.45.30) - malware nguyenphuchn.com(45.32.124.178) - malware 197.87.160.216 - mailcious 166.62.45.30 - malware 78.188.225.105 - mailcious 45.32.124.178 - malware 50.116.111.59 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44454 |
2020-12-22 12:24
|
HM68DCU.doc 4f0f77186bc4b10b8f897f0313c6cda5 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://50.116.111.59:8080/27chhoguocutamup/5imql7bgzmxb27gdx5w/u9fj1w7wwkbo8bxsv/ - rule_id: 193
|
9
enableinfosolutions.com(166.62.45.30) - malware amartaka.net(104.18.55.1) - mailcious nguyenphuchn.com(45.32.124.178) - malware 197.87.160.216 - mailcious 166.62.45.30 - malware 78.188.225.105 - mailcious 104.18.55.1 45.32.124.178 - malware 50.116.111.59 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44455 |
2020-12-22 12:22
|
DE4GKQWD8CA.doc a6e82e49f8fac750dea41d36e926f4d9 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://50.116.111.59:8080/bz7nnk/ - rule_id: 193 https://update.googleapis.com/service/update2?cup2key=10:308671038&cup2hreq=3e3441fd0f40a06388e518ef6b977f6a1da78bd764227383e475bc0c5cb30b88
|
7
palladium.tdmcdev.co.za(197.242.155.144) - malware musickidsprogram.com(107.180.20.91) - malware 107.180.20.91 - malware 197.87.160.216 - mailcious 78.188.225.105 - mailcious 50.116.111.59 - mailcious 197.242.155.144 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44456 |
2020-12-22 12:20
|
file.exe 6d048030d31349665bb357ad55cd79b1 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44457 |
2020-12-22 11:40
|
ANC1QRIZ0X.doc 989c3a50ecfe2a54f97e739eee3154bf Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
1
http://50.116.111.59:8080/l5a5l1op6fchimox/ - rule_id: 193
|
7
palladium.tdmcdev.co.za(197.242.155.144) - malware musickidsprogram.com(107.180.20.91) - malware 107.180.20.91 - malware 197.87.160.216 - mailcious 78.188.225.105 - mailcious 50.116.111.59 - mailcious 197.242.155.144 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://50.116.111.59:8080/
|
6.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44458 |
2020-12-22 11:39
|
config2.json.exe 062f86194f7d3281a7eac6238c635237 VirusTotal Malware unpack itself malicious URLs DNS crashed |
|
|
|
|
3.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44459 |
2020-12-22 11:21
|
78983-4.xlsm e8fecc39968a9add2d38560e88d3c07a Malware download Dridex TrickBot VirusTotal Malware suspicious privilege Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces malicious URLs Kovter Windows ComputerName DNS crashed Downloader |
1
http://www.orthogen.com.tr/properties.png
|
7
www.orthogen.com.tr(5.180.184.204) 5.180.184.204 196.45.140.146 103.87.25.220 103.126.185.7 41.243.29.182 103.65.196.44
|
7
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex SURICATA Applayer Mismatch protocol both directions ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
10.0 |
|
2 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44460 |
2020-12-22 11:12
|
1WMZPO6LD84.doc c4a740227ca940d4bd157716f2c9f0e0 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://50.116.111.59:8080/up2bvtk2k3m5i88p/8xb0u79bai58/1robzvbdpq7sbc2/
|
5
swallow.tdmcdev.co.za(197.242.155.144) - malware 197.87.160.216 78.188.225.105 50.116.111.59 197.242.155.144 - malware
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|