47326 |
2020-07-21 18:29
|
http://t-lawadvisors.com/aviso... 7159a277e9012d98d6877c5efe6c4ba7 VirusTotal Malware suspicious privilege Code Injection buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit ComputerName DNS crashed |
1
http://t-lawadvisors.com/avisors.exe
|
2
172.67.160.249 85.204.116.100
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
9.0 |
|
39 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47327 |
2020-07-21 18:27
|
https://class.britishonline.co... 02032a73a8b1788cdcc567b749812444 Dridex VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
2
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3707306346&cup2hreq=c6650cc85daddb70cb5a15cc5b595ca756623b68fd207a5b82b48c27753b4697
|
3
162.214.20.225 172.217.161.46 172.217.31.163
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47328 |
2020-07-21 18:18
|
F_UUW_070120_VNF_072120.doc 0cd06145a71c3f2bab7722fd5788579d Emotet Malware download Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS |
4
http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ http://fijipiscinas.com/wp-admin/ympm/ http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3085698260&cup2hreq=36dd01ca863135a0fcc19a814c372b19579f151cdf003292659415797bbe952c
|
5
123.254.105.242 124.45.106.173 172.217.161.46 216.58.220.99 68.183.113.209
|
6
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET POLICY HTTP traffic on port 443 (POST) ET MALWARE Win32/Emotet CnC Activity (POST) M8
|
|
5.4 |
|
20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47329 |
2020-07-21 18:18
|
https://bloomcareltd.co.uk/wp-... 85321df51c43c38d4bc6927ee7cea7a9 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47330 |
2020-07-21 18:17
|
FILE-2020_07_21-195317.doc 589ee490769a1737f7365d7c5655008e Vulnerability Malware Malicious Traffic unpack itself Tofsee Windows DNS |
4
http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4039676881&cup2hreq=00ab76e6bd8dbeb018fa1aa7d74b24303a0f5bcc3abe6436c03ac71ae149bf77
|
4
172.217.175.35 172.217.175.46 172.217.25.238 211.114.65.19
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47331 |
2020-07-21 14:29
|
doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware unpack itself |
|
|
|
|
1.2 |
M |
20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47332 |
2020-07-21 14:28
|
doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS |
2
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:655737552&cup2hreq=002ee30e1176121f00b9eb338c474169f91320cfd3f0e9a4d5fee500a87a838a
|
2
172.217.161.46 172.217.175.35
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
|
20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47333 |
2020-07-21 14:23
|
doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS |
2
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:2387805627&cup2hreq=5454ed19c95f66fa17bec024b06636f6045cc341c7a2dd617f379c96e2f6a971
|
2
172.217.161.46 172.217.25.227
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
|
20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47334 |
2020-07-21 14:19
|
qes48.exe 9c6cfc58709751f6e90b4c9be2d7aef2 Emotet Malware download VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Tofsee Windows Advertising ComputerName DNS Cryptographic key |
3
http://74.207.230.187:8080/aC2ofMcBWgbLj6/ecV8/teBZyacEeGNOPK7/jv6Vrenj/2egZ/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4273442666&cup2hreq=5d322bd6b1dc761e2a73a0527f95aed928ce885b06ee206898c16e86a29303ff
|
4
172.217.161.46 172.217.31.131 201.212.78.182 74.207.230.187
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Emotet CnC Activity (POST) M8
|
|
8.0 |
M |
26 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47335 |
2020-07-21 14:01
|
mikex.exe 88df89231db91e888c971e8f9d9dd4e5 VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion crashed |
|
|
|
|
5.8 |
|
32 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47336 |
2020-07-21 13:38
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
3
117.18.232.200 172.217.31.138 35.226.40.154
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47337 |
2020-07-21 13:09
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jsp
|
3
117.18.232.200 172.217.26.10 35.226.40.154
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47338 |
2020-07-21 12:53
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
3
117.18.232.200 172.217.31.138 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47339 |
2020-07-21 11:39
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
3
117.18.232.200 172.217.26.42 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47340 |
2020-07-21 11:35
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
7
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
8
www.nalara1220.o-r.kr(35.226.40.154) iecvlist.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.26.10) ie9cvlist.ie.microsoft.com(117.18.232.200) 117.18.232.200 1.1.1.1 172.217.25.234 35.226.40.154
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|