47236 |
2020-07-24 22:34
|
http://heliosphere.us/temp/ter... cfd7c1f8740ca02f97a919d1ad537a1d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit ComputerName DNS Cryptographic key crashed |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://heliosphere.us/temp/terfdcv.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
12.8 |
|
28 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47237 |
2020-07-24 22:16
|
http://www.agarca.donaines.pt/... 6728e83545ea749e33ad6e83f90b6ba6 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
1
http://www.agarca.donaines.pt//templates/beez3/VazBBV.exe
|
1
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47238 |
2020-07-24 21:50
|
Letter 07-24-2020.exe ab4c1217935f026ffae7a6abd9a3ade5 VirusTotal Malware Code Injection buffers extracted unpack itself malicious URLs sandbox evasion crashed |
|
|
|
|
6.2 |
|
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47239 |
2020-07-24 21:50
|
https://tenders-dz.com/license... 2ba9f02e8685e6d19b5386513083ce64 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47240 |
2020-07-24 18:37
|
BAL_VYM_070120_CRY_072320.doc 57729287c932cb6e7c1224615a6870d1 Vulnerability VirusTotal Malware unpack itself |
4
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
|
|
|
2.6 |
M |
27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47241 |
2020-07-24 18:36
|
FILE_3J39WXUI4VR.doc da20b2dd780f1fd677465123adfec8d6 Vulnerability VirusTotal Malware unpack itself |
4
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
|
|
|
2.8 |
M |
30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47242 |
2020-07-24 17:06
|
cursor.png.exe 0c84e3949e3e8908425b234112350e0f Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself malicious URLs Kovter ComputerName DNS |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 https://185.99.2.66/tot774/WIN7-PC_W617601.2BCE833F2CFCD82352C920360F3C5FD1/5/spk/
|
6
131.161.253.190 134.119.191.21 185.99.2.66 5.1.81.68 51.81.112.144 91.235.129.20
|
4
ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 3 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47243 |
2020-07-24 17:03
|
http://3.234.249.4/nass.exe d38d581e5121cf771f9324ab15c7c29a VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://3.234.249.4/nass.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
3
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47244 |
2020-07-24 14:25
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(172.217.25.202) 172.217.24.74 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47245 |
2020-07-24 14:20
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(172.217.25.202) 172.217.174.202 35.226.40.154
|
|
|
2.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47246 |
2020-07-24 14:15
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(216.58.197.138) 216.58.200.10 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47247 |
2020-07-24 11:05
|
mes_GD5559.doc 8a772a0c761c9e8341ff2b004e98e275 Vulnerability VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47248 |
2020-07-24 11:03
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(172.217.175.234) 172.217.161.138 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47249 |
2020-07-24 11:02
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
www.nalara1220.o-r.kr(35.226.40.154) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.175.234) 117.18.232.200 216.58.221.234 35.226.40.154
|
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47250 |
2020-07-23 16:51
|
c926c7de61dd7fe8_name.exe 26215c779ed936ff0a62924e15602969 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows |
|
|
|
|
6.0 |
M |
19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|