| 47206 |
2020-07-27 16:26
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.202)
172.217.26.138
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47207 |
2020-07-27 16:25
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.202)
216.58.200.74
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47208 |
2020-07-27 16:24
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.202)
216.58.199.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47209 |
2020-07-27 16:23
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.202)
172.217.161.138
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47210 |
2020-07-27 16:14
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/main.jsp
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(216.58.220.138)
117.18.232.200
172.217.161.170
35.226.40.154
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47211 |
2020-07-27 16:12
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(216.58.220.138)
172.217.161.170
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47212 |
2020-07-27 16:11
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(216.58.220.138)
172.217.161.170
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47213 |
2020-07-27 16:08
|
https://liskcrypto.top/zbs.exe 0904add71c8b1b59d251c3cc8e0d3841
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
1
https://liskcrypto.top/zbs.exe
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47214 |
2020-07-27 15:23
|
UniSignCRSV3Setup.exe 3bc8fa98ea99c1d05756ab42799a8ba0
VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VirtualBox Detects VMWare AppData folder malicious URLs AntiVM_Disk sandbox evasion VMware anti-virtualization VM Disk Size Check Windows ComputerName crashed |
|
|
|
|
10.4 |
|
5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47215 |
2020-07-27 15:19
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.106)
216.58.197.106
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47216 |
2020-07-27 15:17
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.106)
216.58.197.106
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47217 |
2020-07-27 15:11
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit crashed |
7
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
www.nalara1220.o-r.kr(35.226.40.154)
iecvlist.microsoft.com(117.18.232.200)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.27.74)
117.18.232.200
216.58.220.202
35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47218 |
2020-07-27 15:03
|
http://southwestlogistics.net/... 48aea5530bfb2891a6f8bc32df2bb1ce
VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Windows |
6
http://southwestlogistics.net/3333.exe
http://southwestlogistics.net/cgi-sys/suspendedpage.cgi
http://use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
http://southwestlogistics.net/cgi-sys/suspendedpage.cgi
http://use.fontawesome.com/releases/v5.0.6/css/all.css
http://use.fontawesome.com/releases/v5.0.6/webfonts/fa-regular-400.eot?
http://use.fontawesome.com/releases/v5.0.6/webfonts/fa-brands-400.eot?
|
4
southwestlogistics.net(162.241.217.117)
use.fontawesome.com(23.111.9.35)
162.241.217.117
23.111.9.35
|
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47219 |
2020-07-27 15:02
|
http://communicationideadedica... 97a89604b4c0d510465ed27e88d81d48
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities Windows Exploit DNS crashed Downloader |
1
http://communicationideadedicatedserversystem.duckdns.org/bgm/vbc.exe
|
1
|
3
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.2 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47220 |
2020-07-27 14:58
|
UniSignCRSV3Setup.exe 3bc8fa98ea99c1d05756ab42799a8ba0
VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VirtualBox Detects VMWare AppData folder malicious URLs AntiVM_Disk sandbox evasion VMware anti-virtualization VM Disk Size Check Windows ComputerName crashed |
|
|
|
|
10.4 |
|
5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|