46441 |
2020-09-20 22:41
|
3kknRIqyLadKQddiLJu0.exe 8428926592a23a849523726cbb9e351b VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://162.241.41.111:7080/tI7FfrTloY/bbIrhMUE/j9knJRpXDkkYhX/6cDRKkbD99RgsttrDp/bDtLhbb99u0/
|
3
118.243.83.70 162.241.41.111 5.189.168.53
|
|
|
7.2 |
M |
43 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46442 |
2020-09-20 22:16
|
wMntZv92S.exe 5db3652509403e30eef851f02f0e24ff VirusTotal Malware RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://162.241.41.111:7080/HOfrBOo/2iETrDPNAQzEaE8fPr/MHBP7rnh/cup6SL2z13k/
|
3
162.241.41.111 190.192.39.136 5.189.168.53
|
|
|
7.0 |
M |
42 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46443 |
2020-09-20 22:14
|
Putgs3PDYl5q.exe 550a741d0fef7a52e63020c9016ea5c8 Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/b4hv/
|
3
38.88.126.202 51.38.124.206 91.105.94.200
|
|
|
6.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46444 |
2020-09-20 22:14
|
IqKmozloSxC1qJk.exe b41e414efcad408d911484e5aad13a3b VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/OUtVwBVxzPtbJhWh/
|
3
38.88.126.202 51.38.124.206 91.105.94.200
|
|
|
7.6 |
|
13 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46445 |
2020-09-20 18:53
|
Putgs3PDYl5q.exe 550a741d0fef7a52e63020c9016ea5c8 Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/eZnBHazbq/3o5UV1KDOUJnVOwUU/
|
3
38.88.126.202 51.38.124.206 91.105.94.200
|
|
|
6.8 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46446 |
2020-09-20 18:49
|
Mes-228262.doc 276ecb6b0eae11d22873e390b0a4a93d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
2
http://38.88.126.202:8080/HYKeZBudf/uSx1Oiun/g2jUk3v/k0kIjDOak1vj5/ http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
|
5
103.151.217.206 148.66.138.103 38.88.126.202 51.38.124.206 91.105.94.200
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.6 |
M |
28 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46447 |
2020-09-20 18:29
|
document_01200.doc 2588cb56a4d1f28e05f0dc5d60e7ce2f VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://66.225.194.30/zip/vbc.exe
|
1
|
6
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.4 |
|
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46448 |
2020-09-20 18:29
|
FILE_158744266936513.doc 8a7c7754300dab0670eaf86357a5463d Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
5
http://kellymorganscience.com/wp-content/SCsWM/ http://61.19.246.238:443/bxNqCIdk/HICIsMd/4PtnFo/zYXRtxzGP8zynC3OwN/gMSBsut3/ http://dandyair.com/font-awesome/rOOAL/ http://134.209.36.254:8080/lIGaoFcQwNKUibZRZy/YxKVgK1u/YbIPVTg/zRv85GXJrvAINoReLI/n6FgRlKdiHoouj8/ https://www.tekadbatam.com/wp-content/AUiw/
|
12
101.0.116.55 104.18.34.185 120.138.30.150 134.209.36.254 137.59.187.107 157.245.99.39 46.16.62.168 61.19.246.238 67.225.175.220 71.72.196.159 94.23.216.33 94.23.237.171
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 3 ET POLICY Terse Named Filename EXE Download - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 19 ET POLICY HTTP traffic on port 443 (POST)
|
|
6.8 |
|
27 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46449 |
2020-09-19 10:48
|
BAL_15920775.doc 6a336c8fcf06f49c600fa32bc3af3b0b Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS |
4
http://kellymorganscience.com/wp-content/SCsWM/ http://71.72.196.159/T7tp06rD2MtMTCG2PQH/dX5kajPPkdPjYa/ http://dandyair.com/font-awesome/rOOAL/ https://www.tekadbatam.com/wp-content/AUiw/
|
5
101.0.116.55 172.67.177.4 46.16.62.168 67.225.175.220 71.72.196.159
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
4.4 |
|
|
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46450 |
2020-09-19 10:47
|
NAY9VE4B.doc 3660ebad77e4eede41765692b03bb2ad Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS |
4
http://kellymorganscience.com/wp-content/SCsWM/ http://71.72.196.159/1ZsUG5cF7xnFn3pG/6TftK36As60GaqJ8/XHjaOG4jUoEjxj/PVFaKiapt4Lbk0eg/LA1syIcez/ http://dandyair.com/font-awesome/rOOAL/ https://www.tekadbatam.com/wp-content/AUiw/
|
5
101.0.116.55 104.18.34.185 46.16.62.168 67.225.175.220 71.72.196.159
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
4.4 |
|
20 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46451 |
2020-09-18 17:53
|
S4QSx4t9ze4.exe 0c192fbf6cb765ef8ca7d6b08d76ac48 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/nkRQhbyWnkA/Pa3JCkR/xRSobNqyRx2JabOL6a/8wcio/
|
3
38.88.126.202 51.38.124.206 91.105.94.200
|
|
|
7.6 |
|
12 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46452 |
2020-09-18 17:43
|
IqKmozloSxC1qJk.exe b41e414efcad408d911484e5aad13a3b VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://38.88.126.202:8080/vpqxW9Nu/1QOv89YoM4Qocd6/gBMO9/o6t4rNLUZtdQ/3q9rjRdkoq8m/
|
3
38.88.126.202 51.38.124.206 91.105.94.200
|
|
|
7.6 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46453 |
2020-09-18 17:24
|
wMntZv92S.exe 5db3652509403e30eef851f02f0e24ff VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://5.189.168.53:8080/dsJmNql6bOP/pykPv/yUBogouHvNw/l39gomnQfBD25jdT/LVFWgV4wB/rthsSAfkW/
|
2
190.192.39.136 5.189.168.53
|
|
|
7.2 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46454 |
2020-09-18 13:28
|
oK.exe dfbe801848516484378bc7b073de81e2 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://5.189.168.53:8080/tCms/oMFo7Wkwg/1aFH7IzGQQ/
|
2
190.192.39.136 5.189.168.53
|
|
|
7.2 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46455 |
2020-09-18 13:27
|
oK.exe dfbe801848516484378bc7b073de81e2 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key |
1
http://5.189.168.53:8080/q43Vvlv6YVgZ36S/kdNq0YC12oAF7GFdNbF/SNkwc8/MGYjkPUVMdfZXXSz9/v066/FyBDy/
|
2
190.192.39.136 5.189.168.53
|
|
|
7.2 |
|
10 |
admin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|