| 45556 |
2020-11-09 17:46
|
http://magicview.ga/webxpo/gat...
Code Injection unpack itself Windows utilities Windows DNS |
|
2
magicview.ga(46.173.214.108) - mailcious
46.173.214.108
|
1
ET INFO DNS Query for Suspicious .ga Domain
|
|
2.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45557 |
2020-11-09 16:40
|
6E9zisbO9sC0owFOL.exe f8799dca3986c7ce5a501d6c93f546d0
VirusTotal Malware Report PDB ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
7
2.58.16.86 - suspicious
91.121.87.90 - suspicious
177.130.51.198 - suspicious
188.226.165.170 - suspicious
79.133.6.236 - suspicious
125.200.20.233 - suspicious
104.131.144.215 - suspicious
|
1
ET CNC Feodo Tracker Reported CnC Server group 22
|
|
9.2 |
M |
52 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45558 |
2020-11-09 16:33
|
6E9zisbO9sC0owFOL.exe f8799dca3986c7ce5a501d6c93f546d0
VirusTotal Malware Report PDB ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
|
6
2.58.16.86 - suspicious
91.121.87.90 - suspicious
177.130.51.198 - suspicious
188.226.165.170 - suspicious
79.133.6.236 - suspicious
104.131.144.215 - suspicious
|
1
ET CNC Feodo Tracker Reported CnC Server group 22
|
|
8.2 |
M |
52 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45559 |
2020-11-09 16:22
|
http://magicview.ga/webxpo/gat...
Code Injection RWX flags setting unpack itself Windows utilities Windows DNS |
1
http://magicview.ga/webxpo/gate.php?wer=1234
|
2
magicview.ga(46.173.214.108) - mailcious
46.173.214.108
|
2
ET INFO DNS Query for Suspicious .ga Domain
ET HUNTING Suspicious GET To gate.php with no Referer
|
|
2.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45560 |
2020-11-09 16:19
|
http://magicview.ga/webxpo/gat...
VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Windows DNS |
1
http://magicview.ga/webxpo/gate.php - mailcious
|
2
magicview.ga(46.173.214.108) - mailcious
46.173.214.108
|
2
ET INFO DNS Query for Suspicious .ga Domain
ET HUNTING Suspicious GET To gate.php with no Referer
|
|
3.0 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45561 |
2020-11-09 16:12
|
http://www.westermann-shop.com... c6d5403a2bdcb74a0513fcda6bf37121
Dridex Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows |
1
http://www.westermann-shop.com/vdi/123412344 - mailcious
|
3
www.westermann-shop.com(134.119.234.55) - mailcious
www.westermann-radialbesen.de(134.119.234.55)
134.119.234.55 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
2.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45562 |
2020-11-09 14:24
|
http://www.westermann-shop.com... 95788d3dc597f3a76e892bc49b2024dd
Dridex Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows |
1
http://www.westermann-shop.com/vdi/123412344 - mailcious
|
3
www.westermann-shop.com(134.119.234.55) - mailcious
www.westermann-radialbesen.de(134.119.234.55)
134.119.234.55 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
2.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45563 |
2020-11-09 14:18
|
http://magicview.ga/webxpo/gat...
VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Windows DNS |
1
http://magicview.ga/webxpo/gate.php - mailcious
|
3
magicview.ga(46.173.218.50) - mailcious
46.173.218.50 - suspicious
172.217.25.14 - suspicious
|
2
ET INFO DNS Query for Suspicious .ga Domain
ET HUNTING Suspicious GET To gate.php with no Referer
|
|
3.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45564 |
2020-11-09 14:15
|
http://173.173.254.105/ d41d8cd98f00b204e9800998ecf8427e
VirusTotal Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
2
http://173.173.254.105/ - mailcious
http://173.173.254.105/favicon.ico - mailcious
|
2
173.173.254.105 - suspicious
117.18.232.200 - suspicious
|
|
|
4.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45565 |
2020-11-09 14:12
|
http://crestmart.ga/main/confi...
VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Windows DNS |
1
http://crestmart.ga/main/config/US/temp.php
|
2
crestmart.ga(46.173.218.50) - mailcious
46.173.218.50 - suspicious
|
1
ET INFO DNS Query for Suspicious .ga Domain
|
|
3.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45566 |
2020-11-09 14:10
|
http://www.westermann-shop.com... 86465aa7a456ee8bc24ce8cc8765e6ca
Dridex Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows |
1
http://www.westermann-shop.com/vdi/123412344 - mailcious
|
3
www.westermann-shop.com(134.119.234.55) - mailcious
www.westermann-radialbesen.de(134.119.234.55)
134.119.234.55 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
2.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45567 |
2020-11-09 11:34
|
http://www.westermann-shop.com... 63464c9eba195638ca6fb0b70df5a76f
Dridex Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows |
1
http://www.westermann-shop.com/vdi/123412344 - mailcious
|
3
www.westermann-shop.com(134.119.234.55) - mailcious
www.westermann-radialbesen.de(134.119.234.55)
134.119.234.55 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
2.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45568 |
2020-11-09 11:23
|
main.file.rtf fa2124522c6df2236b4caa635f42c77a
Malware Malicious Traffic buffers extracted exploit crash unpack itself malicious URLs Tofsee Exploit crashed |
1
https://cdn-sop.net/202/ysegNcMNng155rTlrWfYWabUyhIFdP6rRdnzMxYo/-1/13897/3573fd65 - mailcious
|
2
cdn-sop.net(172.93.188.161) - mailcious
172.93.188.161 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45569 |
2020-11-09 11:14
|
easywindow.exe f1ab1fa6d2b93ae55b448b96733ff195
VirusTotal Malware AutoRuns buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution DNS |
|
4
181.188.149.134 - suspicious
203.130.0.67
143.0.245.169
5.67.96.120
|
|
|
9.2 |
|
57 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45570 |
2020-11-09 09:29
|
IVQ4CNV7ECYIAHZ09CI0C9VSDOHU7.... 50b61fcca388517109344c7b53935f1e
VirusTotal Malware Checks debugger malicious URLs crashed |
|
|
|
|
2.4 |
|
10 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|