45601 |
2020-11-05 13:43
|
bob.exe 97cb8ea6cb97811e07cf485bf4187e2f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
9.2 |
M |
41 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45602 |
2020-11-05 12:44
|
abc.doc 9c4bc837af9308a9a4a89220ed106145 VirusTotal Malware buffers extracted exploit crash unpack itself malicious URLs Tofsee Exploit DNS crashed |
3
http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092 https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.327.342.0/x86/mpas-fe.exe https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092
|
5
definitionupdates.microsoft.com(104.109.240.114) www.microsoft.com(23.212.13.232) 23.53.224.34 104.76.88.63 23.212.13.232
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
M |
31 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45603 |
2020-11-05 12:21
|
c7e640e2617d5fdaa6fc4d50d98ca3... 6400bca5e8d52210b733f79370449e3b VirusTotal Email Client Info Stealer Malware Malicious Traffic Checks debugger unpack itself malicious URLs suspicious TLD Tofsee Ransomware Email DNS |
6
http://superbetprediction.com/js/Qo/ - malware http://nguyenlieuphachehanoi.com/wp-admin/kL/ - malware http://pattanitkpark.com/gipe2h/iqt/ - malware http://huaibangchina.com/kic3kc/c/ - malware http://superbetprediction.com/js/Qo http://notesever.com/cgi-bin/Cfs/ - malware
|
14
pattanitkpark.com(122.154.56.109) - malware notesever.com(208.109.9.44) - malware www.xxdaytoy.top(8.210.23.28) - malware babyshop.webdungsan.com() - malware huaibangchina.com(39.100.15.2) - malware superbetprediction.com(185.210.145.110) - malware nguyenlieuphachehanoi.com(103.101.161.23) - malware 8.210.23.28 - suspicious 39.100.15.2 - suspicious 208.109.9.44 - suspicious 185.210.145.110 122.154.56.109 - suspicious 172.217.25.14 - suspicious 103.101.161.23 - suspicious
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
M |
29 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45604 |
2020-11-05 11:43
|
FILE_336.zip 47c75f290ec56d8450f333a4deed2494 Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
2
172.217.25.14 - suspicious 117.18.232.200 - suspicious
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45605 |
2020-11-05 11:22
|
온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs DNS |
|
1
172.217.25.14 - suspicious
|
|
|
3.8 |
M |
30 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45606 |
2020-11-05 11:11
|
Client.exe 1e5f3d37e050d773f8798da41b372984 malicious URLs WriteConsoleW |
|
|
|
|
2.2 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45607 |
2020-11-05 10:58
|
Server.exe ad6e52e637e6265303f8dec3b5b79b66 VirusTotal Malware WriteConsoleW DNS |
|
4
4.tcp.ngrok.io(3.22.15.135) 3.138.180.119 3.131.147.49 3.133.207.110
|
1
ET POLICY DNS Query to a *.ngrok domain (ngrok.io)
|
|
3.0 |
|
53 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45608 |
2020-11-05 10:47
|
https://chrise.xpleomedia.com/... 8331bb422758855644314f06ef8b6494 VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities AppData folder Tofsee Windows DNS |
3
https://chrise.xpleomedia.com/favicon.ico https://chrise.xpleomedia.com/m1d7zbbc.jpg - malware https://chrise.xpleomedia.com/wp-content/uploads/2020/08/cerberus-favicon-150x149.png
|
3
chrise.xpleomedia.com(52.42.0.213) - malware 52.42.0.213 - suspicious 172.217.25.14 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
16 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45609 |
2020-11-05 09:59
|
https://firma.osgbpro.com/nvda... 8331bb422758855644314f06ef8b6494 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
3
firma.osgbpro.com(77.92.132.154) - malware 77.92.132.154 - suspicious 172.217.25.14 - suspicious
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45610 |
2020-11-05 09:57
|
https://leavereport.teamengine... 8331bb422758855644314f06ef8b6494 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
3
leavereport.teamengineering.co(192.185.52.144) - malware 192.185.52.144 - suspicious 172.217.25.14 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45611 |
2020-11-05 09:55
|
https://breeder-world.presstig... 8331bb422758855644314f06ef8b6494 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
4
breeder-world.presstigers.dev(5.9.238.116) - malware 172.217.174.206 5.9.238.116 - suspicious 172.217.25.14 - suspicious
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45612 |
2020-11-05 09:53
|
https://tatatertib.binainsani.... f6e9f6de099449b84d37f8c9c959c0a3 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
|
3
tatatertib.binainsani.com(203.161.184.50) - malware 203.161.184.50 - suspicious 172.217.25.14 - suspicious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45613 |
2020-11-05 09:51
|
https://alapenho0221555.s3-eu-... 0d72220f2fa97baff0ce21e12e3e3de9 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows Advertising Google ComputerName DNS keylogger |
4
http://manaproducoes.com.br/site/core/xmen//?jama28nta http://erdempetrol.com.tr/fonts/awesome/9S7D2SP/OS97RJ10S.zip https://docs.google.com/document/d/1CHqiI-scmuRTdR3ZdzmIA0--QDfU6-L5z3cOCkEMtbQ//export?format=txt https://alapenho0221555.s3-eu-west-1.amazonaws.com/B0002221114788885522.zip - malware
|
9
erdempetrol.com.tr(163.172.206.96) docs.google.com(172.217.161.78) - mailcious manaproducoes.com.br(187.45.195.61) alapenho0221555.s3-eu-west-1.amazonaws.com(52.218.20.251) - malware 163.172.206.96 187.45.195.61 - suspicious 172.217.174.206 52.218.88.88 172.217.25.14 - suspicious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Unsupported/Fake Windows NT Version 5.0
|
|
9.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45614 |
2020-11-05 09:46
|
http://175.208.134.150:8282/te... 5c8e2fed189e7b7f7f1d9e756fd072f8 Code Injection RWX flags setting unpack itself Windows utilities Windows DNS |
2
http://175.208.134.150:8282/test/test.eml http://175.208.134.150:8282/favicon.ico
|
2
172.217.25.14 - suspicious 175.208.134.150
|
|
|
2.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45615 |
2020-11-05 09:40
|
msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a VirusTotal Malware DNS |
1
http://marceloxfoto.com/docs/ezemeneoonhandemefaicnb.djx
|
4
marceloxfoto.com(217.160.0.138) 175.208.134.150 217.160.0.138 172.217.25.14 - suspicious
|
|
|
1.8 |
M |
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|