45781 |
2024-07-04 10:12
|
new-image_j.jpg.exe f0fd5b8e5113d5a7afc164e15d732129 Malicious Library UPX PE File DLL PE32 OS Processor Check .NET DLL VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45782 |
2024-07-04 10:14
|
file_3e3wgwby.144.txt.ps1 f00fd53fc736d0735418600c428a6764 Generic Malware Antivirus Malware download VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.132/imge/new-image_j.jpg - rule_id: 40913
http://192.3.64.135/okeydookietrational.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.132/imge/new-image_j.jpg
|
5.4 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45783 |
2024-07-04 10:17
|
file_20dp34d4.orr.txt.ps1 d95ef9e08e9db08a9722d77fb91c39df Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://uploaddeimagens.com.br/images/004/807/737/original/new-image_j.jpg?1720020397 - rule_id: 40914
http://192.3.64.135/okeydookietrational.txt
|
2
uploaddeimagens.com.br(172.67.215.45) - malware 104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://uploaddeimagens.com.br/images/004/807/737/original/new-image_j.jpg
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45784 |
2024-07-04 10:21
|
file_qzz145uz.kxq.txt.ps1 3680df3b272f4f5aa465a69ddbe763ed Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45785 |
2024-07-04 10:42
|
eveningfiledatinglover.vbs e69758681e577aa06dfa9425821283b6 Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://91.92.254.14/Users_API/negrocock/file_in0kfcuh.ojw.txt
|
2
91.92.254.14 - malware
91.92.254.194 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image ET MALWARE Base64 Encoded MZ In Image ET WEB_CLIENT Obfuscated Javascript // ptth
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45786 |
2024-07-04 11:29
|
new-image_v.jpg.exe 9152c6d4256e91955c25bcdfa97fb9e0 Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
29 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45787 |
2024-07-04 11:31
|
Update.js 616eae241a26b57cf9d5efc97ff8491fVBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://shryr.fans.smalladventureguide.com/orderReview
|
2
shryr.fans.smalladventureguide.com(162.252.175.117) 162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45788 |
2024-07-04 16:52
|
QuarterR.txt.lnk 7ef9148b9dabbc71fd47c8d2e2cbf079 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://89.197.154.116/QuarterR.vbs
|
|
|
|
5.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45789 |
2024-07-04 16:52
|
Retest6.txt.lnk a21f40ab52c9bec0288b86656af166bd Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://89.197.154.116/Retest6.vbs
|
|
|
|
5.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45790 |
2024-07-04 16:57
|
UpdaterR.exe be101f8181d00ee2196fbc988d85d7d3 PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
89.197.154.116 - mailcious
|
|
|
4.8 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45791 |
2024-07-04 16:57
|
UpdaterP.exe 40094e123c89625468665c8c196c2ffd PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
89.197.154.116 - mailcious
|
|
|
4.8 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45792 |
2024-07-04 16:59
|
profilegoodforinvestreturntogo... a93733bf3912d34ee7074f64f2d93156 Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key |
3
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://91.92.254.14/Users_API/syscore/file_fdncluho.ggk.txt
http://23.95.235.16/55099/UGH.txt
|
2
91.92.254.14 - malware
91.92.254.194 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image ET WEB_CLIENT Obfuscated Javascript // ptth ET MALWARE Base64 Encoded MZ In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
9.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45793 |
2024-07-04 16:59
|
TrialR.exe e18a6528feb2a80af9a1cc435ed30bed MPRESS PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
89.197.154.116 - mailcious
|
|
|
4.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45794 |
2024-07-04 16:59
|
4444.exe 1aca2436ee8c1ef6271dfebd4312b3d7 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
|
|
|
3.6 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45795 |
2024-07-04 16:59
|
UpdaterLOC.dll d5f8785aedca631c7c8e123dc0e6e35f Swrort Malicious Library PE File DLL PE32 VirusTotal Malware |
|
|
|
|
1.2 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|