44806 |
2020-12-03 12:49
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44807 |
2020-12-03 12:47
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44808 |
2020-12-03 12:45
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44809 |
2020-12-03 12:44
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44810 |
2020-12-03 12:41
|
북한의 지역산업역량과 협력방안에 대한 전문가 의견조사서... 777a8fb3f6f6a8a555ed1a69a7366abe Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs |
|
|
|
|
2.2 |
|
|
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44811 |
2020-12-03 12:33
|
chromium.exe f20f5ad4b8d13a4fb00275480075d145 Browser Info Stealer Malware download Vidar VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser ComputerName |
|
2
web24host.com(198.23.213.114) - mailcious 198.23.213.114 - malware
|
4
ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
|
|
12.8 |
M |
57 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44812 |
2020-12-03 12:27
|
-rtmd-aobhjl9zjaaaxdocaerffwam... e98484b682e94b45c30877ee9dd2164b VirusTotal Malware unpack itself malicious URLs |
|
|
|
|
2.8 |
M |
45 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44813 |
2020-12-03 11:47
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44814 |
2020-12-03 11:46
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44815 |
2020-12-03 11:34
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download njRAT NetWireRC VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS DDNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious ddnshost-microsofts.serveftp.com(0.0.0.0) - mailcious 154.202.3.44 - malware 162.217.99.134
|
10
ET MALWARE Bladabindi/njRAT CnC Command (ll) ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY DNS Query to DynDNS Domain *.serveftp .com
|
|
10.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44816 |
2020-12-03 11:23
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download njRAT NetWireRC VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS DDNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious ddnshost-microsofts.serveftp.com(0.0.0.0) - mailcious 154.202.3.44 - malware 162.217.99.134
|
10
ET MALWARE Bladabindi/njRAT CnC Command (ll) ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY DNS Query to DynDNS Domain *.serveftp .com
|
|
10.4 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44817 |
2020-12-03 11:19
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44818 |
2020-12-03 11:13
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44819 |
2020-12-03 11:11
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44820 |
2020-12-03 11:09
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540 Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious 154.202.3.44 - malware 162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
65 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|