45751 |
2024-07-03 18:47
|
uho.uouo.uououo.doc 9904916ce3549610216e99d83e7e2135 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit Java DNS crashed |
3
http://91.92.254.29/Users_API/syscore/file_xgep41gp.dyp.txt http://23.95.235.16/33011/greatideaforfollowers.gif https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 23.95.235.16 - mailcious 91.92.254.29 172.67.215.45 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET WEB_CLIENT Obfuscated Javascript // ptth
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
5.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45752 |
2024-07-03 18:50
|
poop.exe 42e52b8daf63e6e26c3aa91e7e971492 PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Creates shortcut Creates executable files Ransomware Browser |
|
|
|
|
4.6 |
M |
68 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45753 |
2024-07-03 19:02
|
file_ahstznsa.ob0.txt.ps1 478b1ac88592f59f8a1d4cb790120c38 Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName |
2
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
http://23.95.235.16/33011/WDF.txt
|
2
uploaddeimagens.com.br(172.67.215.45) - malware 172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
3.6 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45754 |
2024-07-03 19:10
|
file_xgep41gp.dyp.txt.ps1 b75a49ff9b2f445e17519d2e743fe1b4 Generic Malware Antivirus Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName |
2
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
http://23.95.235.16/33011/WDF.txt
|
2
uploaddeimagens.com.br(172.67.215.45) - malware 172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45755 |
2024-07-04 02:39
|
http://py.pl/I7mIC 6cb7e9e8e7161d8a30c49a4228aafaaf Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
|
2
py.pl(151.101.66.133) 151.101.194.133 - phishing
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45756 |
2024-07-04 07:36
|
injector.exe 509c110ee54d73c3398140a5eb78c45a NSIS Malicious Library UPX Confuser .NET PE File PE32 .NET EXE VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName DNS crashed |
|
1
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 15 ET INFO Microsoft net.tcp Connection Initialization Activity
|
|
5.2 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45757 |
2024-07-04 07:38
|
ABC.exe 2808310786effc87a4359c778a73a7ee UPX PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.8 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45758 |
2024-07-04 07:40
|
38.exe 40ecc726bee273961d09301c0316af6e Malicious Library UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.4 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45759 |
2024-07-04 07:43
|
loader.exe edc8dc2a71af650c1c6272efa564adc3 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check PE32 VirusTotal Malware PDB Creates executable files unpack itself AppData folder Remote Code Execution crashed |
|
|
|
|
3.8 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45760 |
2024-07-04 07:45
|
csrss.exe a2dcc2e9dd81e3a5f6440ed7027a86da PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45761 |
2024-07-04 09:36
|
SWSS.txt.exe cd385c30936cf9cf395b32ba14cfac70 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory ICMP traffic DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) authurremcsupdate.duckdns.org() 192.3.101.18 178.237.33.50
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
4.0 |
|
68 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45762 |
2024-07-04 09:38
|
CNO.txt.exe cf6bd97368f587fc689f0cc96702e02e Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Windows DNS keylogger |
|
1
|
|
|
4.0 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45763 |
2024-07-04 09:39
|
systemd.exe da4b6f39fc024d2383d4bfe7f67f1ee1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Tofsee crashed |
1
https://bitbucket.org/fcsdcvscvc/sadcasdv/raw/62af221cbc4d137cf4e95f7d66f3ced90597b434/kupee
|
2
bitbucket.org(43.202.69.9) - malware 104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45764 |
2024-07-04 09:41
|
Bitwarden-Installer-2024.6.3.e... 06e9439beabd1813ff13295adbba48ff Generic Malware Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File ftp PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Software |
2
https://steamcommunity.com/profiles/76561199730044335
https://t.me/bu77un
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.75.41.21) - mailcious 104.87.193.17
149.154.167.99 - mailcious
95.217.241.48
|
3
ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
10.8 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45765 |
2024-07-04 09:43
|
realtekdriver.exe 662404ed188bfab5386fc73a0a7732d4 Malicious Library PE File .NET EXE PE32 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
3.8 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|