| 46021 |
2020-10-20 17:37
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/ms47DPwej1mNU/2wmbw/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46022 |
2020-10-20 17:31
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/RbSCF5bx/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
6.2 |
M |
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46023 |
2020-10-20 17:27
|
6E9zisbO9sC0owFOL.exe f8799dca3986c7ce5a501d6c93f546d0
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://91.121.87.90:8080/arNoljnh0f5/4nPhA3vv2/cbp1CkHTnRbrDplE/U1Qn0OFyTz/OlMlRR2Tj7XObl/pGG8dwHq/ - mailcious
|
3
164.124.101.2
177.130.51.198 - suspicious
91.121.87.90 - suspicious
|
|
|
8.0 |
M |
11 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46024 |
2020-10-20 17:21
|
Gj14N5aW.exe 4a8a93cfff1ea3c4251d2d12705c9a2a
VirusTotal Malware Report Malicious Traffic ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://62.30.7.67:443/V4R69jWC6/ILZyVeUJ4CAKnS/21IApr/Nqwx72WZINKGmQwJ/ - mailcious
http://162.241.242.173:8080/dTKsPQmI/ILxNeO/NLogweu/ - mailcious
|
7
142.44.137.67 - suspicious
162.241.242.173 - suspicious
164.124.101.2
192.158.216.73 - suspicious
62.30.7.67 - suspicious
85.152.162.105 - suspicious
85.214.28.226 - suspicious
|
5
ET CNC Feodo Tracker Reported CnC Server group 23
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 20
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET POLICY HTTP traffic on port 443 (POST)
|
|
9.8 |
M |
59 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46025 |
2020-10-20 17:17
|
aisbLsiE.exe 3ed2826a1e5d25a48f0d2e92c687317f
Emotet Malware download VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
2
http://38.111.46.46:8080/eCpqxVDnTlwS42B1/GTqT0LRs/lMc6gOg6WdcY/ALUPbzO4r7EC5Br/dM6LEmhyxWRJafHh7v/ - mailcious
http://162.241.242.173:8080/AQxg26M27Hd20/qvJ8JL/97OsKqRed0RX/DGRZkQlxpR4oc9bRGB/JBJW/If1ZL4psik/ - mailcious
|
6
134.209.36.254 - suspicious
162.241.242.173 - suspicious
164.124.101.2
2.84.135.163 - suspicious
38.111.46.46 - suspicious
67.10.155.92 - suspicious
|
5
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 17
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 5
ET MALWARE Win32/Emotet CnC Activity (POST) M10
|
|
9.0 |
M |
40 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46026 |
2020-10-20 17:13
|
7.exe c90ef4d73de6e2f66b5571ec8867b41c
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/Qtnp/KkohcK/C1QHKTNll/ - mailcious
|
2
164.124.101.2
208.180.207.205 - suspicious
|
|
|
5.8 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46027 |
2020-10-20 16:19
|
http://blockschain.great-site.... 83af9f05c497857ace30bf9077443498
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
8
http://blockschain.great-site.net/css/style.css
http://blockschain.great-site.net/?i=1
http://blockschain.great-site.net/favicon.ico
http://blockschain.great-site.net/ - suspicious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://blockschain.great-site.net/aes.js
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
https://fonts.googleapis.com/css?family=Anton
|
10
fonts.googleapis.com(172.217.25.234)
infinityfree.net(104.26.8.174)
cdnjs.cloudflare.com(104.17.78.107) - mailcious
blockschain.great-site.net(185.27.134.216) - suspicious
104.17.79.107
104.26.9.174
117.18.232.200 - suspicious
164.124.101.2
172.217.24.74
185.27.134.216 - suspicious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46028 |
2020-10-20 15:52
|
7Y8JPQhD02tGzQA0Yc.exe 4ce948c02be68dacf9038d42f00cd097
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/eDFLKHyb/tNE7r6JBpDSudzWxuYU/INlLnh3Eo4Bnj3VLQ/25eFDC/BCEXDtulC2mjeSnpZ/ - mailcious
|
2
164.124.101.2
208.180.207.205 - suspicious
|
|
|
6.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46029 |
2020-10-20 15:51
|
Mssz6xtWX5orm7o1nlYg.exe ff2ce8b5a2e8f56035f0fd2741e9d45e
VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://208.180.207.205/qmDSMVoH/ - mailcious
|
2
164.124.101.2
208.180.207.205 - suspicious
|
|
|
6.6 |
M |
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46030 |
2020-10-20 15:18
|
INV_75891429362122477667659.do... f30a57fa69b4a9986ecba1782f65bdc2
Vulnerability unpack itself |
|
1
|
|
|
1.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46031 |
2020-10-20 15:16
|
teFvuWWdnMn.exe 6e690c449d8a5c5d4056cb8af10d6ec8
Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
1
http://186.189.249.2/1nbq5OGzwIeFu/FMvsMtXdR4S/ - mailcious
|
2
164.124.101.2
186.189.249.2 - suspicious
|
|
|
5.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46032 |
2020-10-20 14:53
|
http://www.advisertours.com/08... c8bc6937ff78700cc917195d5444585e
Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
78
http://www.advisertours.com/js/core/dic.js?ver=1.2
http://www.advisertours.com/plugins/summernote/summernote.css
http://www.advisertours.com/js/core/maxisUploader.js
http://www.advisertours.com/plugins/fa/css/fa.min.css
http://www.advisertours.com/plugins/color/bootstrap-colorpicker.js
http://www.advisertours.com/plugins/jquery/jquery.cookie.js
http://www.advisertours.com/plugins/bootstrap/bootstrap.min.css
http://www.advisertours.com/Images/Settings/css/theme.css?ver=1.77
http://www.advisertours.com/plugins/summernote/summernote.js
http://www.advisertours.com/plugins/others/numeral.js
http://www.advisertours.com/plugins/fancybox/jquery.fancybox.js
http://www.advisertours.com/css/core/maxisUploader.css
http://www.advisertours.com/plugins/bootstrap/bootstrap.min.js
http://www.advisertours.com/favicon.ico
http://www.advisertours.com/plugins/fa/webfonts/fa-solid-900.eot
http://www.advisertours.com/Images/Logo/adviser.png
http://www.advisertours.com/plugins/menu/metisMenuCustom.css
http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.css
http://www.advisertours.com/css/maxis.css?ver=1.23
http://www.advisertours.com/plugins/addtoany/page.js
http://www.advisertours.com/plugins/googlefonts/fontselect.css?ver=1.0
http://www.advisertours.com/js/admin/html.js?ver=1.2
http://www.advisertours.com/js/core/maxisMenu.js?ver=1.3
http://www.advisertours.com/plugins/others/moment.js
http://www.advisertours.com/plugins/carousel/carousel.css
http://www.advisertours.com/error
http://www.advisertours.com/plugins/daterangepicker/dateRangePicker.js
http://www.advisertours.com/plugins/notify/notify.js
http://www.advisertours.com/plugins/jquery-ui/jquery-ui.js
http://www.advisertours.com/plugins/wow/animate.css
http://www.advisertours.com/plugins/color/bootstrap-colorpicker.min.css
http://www.advisertours.com/plugins/others/form.js
http://www.advisertours.com/plugins/uploader/jquery.uploadfile.js
http://www.advisertours.com/plugins/selectize/js/selectize.min.js
http://www.advisertours.com/plugins/animate/animate.css
http://www.advisertours.com/js/core/maxisSysFun.js?ver=1.2
http://www.advisertours.com/plugins/selectize/css/selectize.default.css
http://www.advisertours.com/js/core/maxisFun.js?ver=1.2
http://www.advisertours.com/plugins/others/jredirect.js
http://www.advisertours.com/js/core/maxisForm.js?ver=1.2
http://www.advisertours.com/images/settings/cms/bar.jpg
http://www.advisertours.com/js/core/maxisGrid.js?ver=1.2
http://www.advisertours.com/plugins/jsgrid/css/jsgrid.css
http://www.advisertours.com/plugins/jsgrid/js/jsgrid.js
http://www.advisertours.com/plugins/uploader/uploadfile.css
http://www.advisertours.com/plugins/jquery/jquery.min.js
http://www.advisertours.com/plugins/jsonToXls/excelexportjs.js
http://www.advisertours.com/plugins/easyAutocomplete/easy-autocomplete.css
http://www.advisertours.com/images/AjaxLoader.gif
http://www.advisertours.com/plugins/sticky/jquery.stickme.js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.advisertours.com/plugins/fa/webfonts/fa-brands-400.eot
http://www.advisertours.com/css/core/jsgrid-custom.css?ver=1.0
http://www.advisertours.com/js/core/maxisCombo.js?ver=1.2
http://www.advisertours.com/plugins/wow/wow.min.js
http://www.advisertours.com/css/cms.css?ver=1.23
http://www.advisertours.com/plugins/googlefonts/jquery.fontselect.js
http://www.advisertours.com/plugins/carousel/owl.carousel.min.js
http://www.advisertours.com/plugins/fancybox/jquery.fancybox.css
http://www.advisertours.com/plugins/jsgrid/css/jsgrid-theme.css
http://www.advisertours.com/0810.gif - malware
http://www.advisertours.com/plugins/easyAutocomplete/jquery.easy-autocomplete.js
http://www.advisertours.com/plugins/menu/metisMenu.min.js
http://www.advisertours.com/plugins/menu/metisMenu.min.css
http://www.advisertours.com/plugins/fa/webfonts/fa-regular-400.eot
http://www.advisertours.com/js/core/maxisModal.js?ver=1.2
http://www.advisertours.com/plugins/others/readmore.js
http://www.advisertours.com/Images/Settings/css/style.css?ver=1.77
http://www.advisertours.com/js/core/maxisMap.js
http://www.advisertours.com/js/admin/errorPage.js
http://www.advisertours.com/js/admin/search.js?ver=1.2
http://www.advisertours.com/plugins/googlemaps/locationpicker.jquery.min.js
https://www.google.com/recaptcha/api.js
https://maps.google.com/maps/api/js?libraries=places&key=AIzaSyAZYkqEi7CmdGgw3sYll-sit-E8ktfqEk0
https://fonts.googleapis.com/css?family=Rubik
https://www.googletagmanager.com/gtag/js?id=UA-37099488-7
https://www.google-analytics.com/analytics.js
https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__ko.js
|
18
www.gstatic.com(172.217.26.3)
maps.google.com(172.217.27.78)
www.google.com(172.217.31.164)
www.google-analytics.com(172.217.175.78)
fonts.googleapis.com(172.217.26.10)
yotatravel.com(192.185.76.193)
www.advisertours.com(205.144.171.63) - malware
www.googletagmanager.com(172.217.175.104)
108.177.97.95
117.18.232.200 - suspicious
164.124.101.2
172.217.163.228
172.217.163.232
172.217.174.206
172.217.25.14 - suspicious
192.185.76.193
205.144.171.63
216.58.200.3
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46033 |
2020-10-20 13:27
|
test.html 796af7ff315d771a7a8e1b85d02be1c3
Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
http://riandutra.com/img/esp/gi3m4f-0296/ - mailcious
http://makemoneywithus.work/selfclicks - mailcious
http://mrveggy.com/erros/paclm/ - compromised
http://fairebornfilms.com/anal/img.jpg
http://blockschain.great-site.net/ - suspicious
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://ym5zuxo.com/biwe_zibofyra/ripy_lani.php - mailcious
http://fairebornfilms.com/anal/hd-anal-teengirls-sex-vedeos.html
http://dp-womenbasket.com/wp-admin/Li/ - phishing
http://blockschain.great-site.net/aes.js
|
17
riandutra.com(191.6.196.95) - mailcious
dp-womenbasket.com(104.28.13.193) - phishing
www.fairebornfilms.com(192.185.138.117)
mrveggy.com(191.6.198.191) - mailcious
fairebornfilms.com(192.185.138.117)
makemoneywithus.work(188.225.75.54) - mailcious
blockschain.great-site.net(185.27.134.216) - suspicious
ym5zuxo.com(45.150.64.102) - mailcious
117.18.232.200 - suspicious
164.124.101.2
172.67.151.128 - suspicious
185.27.134.216 - suspicious
188.225.75.54 - suspicious
191.6.196.95 - suspicious
191.6.198.191 - suspicious
192.185.138.117
45.150.64.102 - suspicious
|
6
ET INFO Observed DNS Query to .work TLD
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET CURRENT_EVENTS Malicious Fake JS Lib Inject
ET INFO HTTP Request to Suspicious *.work Domain
|
|
4.6 |
M |
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46034 |
2020-10-20 11:36
|
test.html 9f44b7790991fb50a33ee18ac31f31bd
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://studyguidewithlakshmi.com/directory/v982c9VH5c/ - malware
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://inkteach.com/cgi-bin/oArjP/ - malware
|
8
inkteach.com(66.235.200.146) - malware
studyguidewithlakshmi.com(209.58.160.178) - malware
www.bestabortionpillsrx.com(89.185.234.56) - mailcious
117.18.232.200 - suspicious
164.124.101.2
209.58.160.178 - suspicious
66.235.200.146 - suspicious
89.185.234.56 - suspicious
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
5.0 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46035 |
2020-10-20 11:28
|
c5xfte.rar.exe 29b3fb0c606603e980e207f9739eb36b
VirusTotal Malware PDB unpack itself crashed |
|
1
|
|
|
2.8 |
|
49 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|