46066 |
2020-10-19 17:25
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46067 |
2020-10-19 17:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1790317629
|
5
docsecure.top(8.208.102.117) - mailcious 117.18.232.200 - suspicious 164.124.101.2 194.36.191.177 - suspicious 8.208.102.117
|
4
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46068 |
2020-10-19 17:11
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
3.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46069 |
2020-10-19 17:07
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46070 |
2020-10-19 16:27
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml clean https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46071 |
2020-10-19 16:23
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself |
|
1
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46072 |
2020-10-19 16:13
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46073 |
2020-10-19 16:12
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware |
|
1
|
|
|
1.8 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46074 |
2020-10-19 16:05
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls clean
|
4
docsecure.top(8.208.102.117) mailcious 117.18.232.200 suspicious 164.124.101.2 clean 8.208.102.117 clean
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46075 |
2020-10-19 15:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls
|
4
docsecure.top(8.208.102.117) 117.18.232.200 164.124.101.2 8.208.102.117
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile
|
|
7.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46076 |
2020-10-19 15:01
|
test.html d41d8cd98f00b204e9800998ecf8427e Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
2
117.18.232.200 164.124.101.2
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46077 |
2020-10-19 14:24
|
0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself |
|
1
|
|
|
2.2 |
M |
46 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46078 |
2020-10-19 14:18
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b VirusTotal Malware malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
2.4 |
M |
36 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46079 |
2020-10-19 13:59
|
1610.gif.exe d831b3b3fb3030a9f9a1e9259105e57b VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName Remote Code Execution |
|
1
|
|
|
3.4 |
|
36 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46080 |
2020-10-19 13:18
|
https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Kovter Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00999212.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1951826145
|
5
docsecure.top(8.208.102.117) 117.18.232.200 164.124.101.2 194.36.191.177 8.208.102.117
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
|
|
8.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|