| 49801 |
2020-06-25 16:26
|
http://37.49.230.204/ABU.exe 72c311a40dbcb3fb6bdd70df9b6be8be
VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://37.49.230.204/ABU.exe
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://37.49.230.204/ABU.exe
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
5
ie9cvlist.ie.microsoft.com(117.18.232.200)
watson.microsoft.com(52.184.220.162)
117.18.232.200
37.49.230.204
51.143.111.81
|
|
|
6.0 |
|
4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49802 |
2020-06-25 16:18
|
http://37.49.230.204/ABU.exe 72c311a40dbcb3fb6bdd70df9b6be8be
VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
4
http://37.49.230.204/ABU.exe
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://37.49.230.204/ABU.exe
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
5
ie9cvlist.ie.microsoft.com(117.18.232.200)
watson.microsoft.com(52.184.220.162)
117.18.232.200
37.49.230.204
51.143.111.81
|
|
|
6.0 |
|
4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49803 |
2020-06-25 15:55
|
온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c
VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself |
|
|
|
|
1.8 |
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49804 |
2020-06-25 15:32
|
http://hzhuafengdq.cn/content/... e443b6913685380f9b2716cbb9d2ed60
Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
34
http://hzhuafengdq.cn/inc/checkcode.asp
http://hzhuafengdq.cn/content/?200.html
http://hzhuafengdq.cn/Templates/sky/html/style/images/bg.jpg
http://hzhuafengdq.cn/Templates/sky/html/style/images/sprite.png
http://hzhuafengdq.cn/Templates/sky/html/style/l10n.js
http://hzhuafengdq.cn/Templates/sky/html/style/images/top.png
http://hzhuafengdq.cn/favicon.ico
http://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
http://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://hzhuafengdq.cn/inc/AspCms_VisitsAdd.asp?id=200
http://hzhuafengdq.cn/Templates/sky/html/style/jquery.js
http://hzhuafengdq.cn/Templates/sky/html/style/style.css
http://hzhuafengdq.cn/plug/comment/comment.asp?id=[content:id]
http://hzhuafengdq.cn/js/comm.js
http://hzhuafengdq.cn/Templates/sky/html/style/styles.css
http://hzhuafengdq.cn/Templates/sky/html/style/images/logo.png
http://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
https://hzhuafengdq.cn/content/?200.html
https://hzhuafengdq.cn/Templates/sky/html/style/style.css
https://hzhuafengdq.cn/Templates/sky/html/style/jquery.js
https://hzhuafengdq.cn/Templates/sky/html/style/styles.css
https://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
https://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
https://hzhuafengdq.cn/Templates/sky/html/style/style.css
https://hzhuafengdq.cn/Templates/sky/html/style/jquery.js
https://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
https://hzhuafengdq.cn/Templates/sky/html/style/styles.css
https://hzhuafengdq.cn/Templates/sky/html/style/l10n.js
https://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
https://hzhuafengdq.cn/js/comm.js
https://hzhuafengdq.cn/Templates/sky/html/style/images/bg.jpg
https://hzhuafengdq.cn/Templates/sky/html/style/images/sprite.png
https://hzhuafengdq.cn/Templates/sky/html/style/images/top.png
https://hzhuafengdq.cn/Templates/sky/html/style/images/logo.png
https://hzhuafengdq.cn/inc/AspCms_VisitsAdd.asp?id=200
https://hzhuafengdq.cn/plug/comment/comment.asp?id=[content:id]
https://hzhuafengdq.cn/inc/checkcode.asp
https://hzhuafengdq.cn/favicon.ico
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
hzhuafengdq.cn(125.141.63.107)
watson.microsoft.com(52.158.209.219)
ie9cvlist.ie.microsoft.com(117.18.232.200)
117.18.232.200
125.141.63.107
52.158.209.219
|
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49805 |
2020-06-25 15:30
|
온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c
VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself |
|
|
|
|
1.8 |
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49806 |
2020-06-25 15:24
|
http://hzhuafengdq.cn/content/... e443b6913685380f9b2716cbb9d2ed60
Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
34
http://hzhuafengdq.cn/js/comm.js
http://hzhuafengdq.cn/content/?200.html
http://hzhuafengdq.cn/favicon.ico
http://hzhuafengdq.cn/inc/AspCms_VisitsAdd.asp?id=200
http://hzhuafengdq.cn/Templates/sky/html/style/jquery.js
http://hzhuafengdq.cn/inc/checkcode.asp
http://hzhuafengdq.cn/plug/comment/comment.asp?id=[content:id]
http://hzhuafengdq.cn/Templates/sky/html/style/styles.css
http://hzhuafengdq.cn/Templates/sky/html/style/style.css
http://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://hzhuafengdq.cn/Templates/sky/html/style/style.css
http://hzhuafengdq.cn/Templates/sky/html/style/images/sprite.png
http://hzhuafengdq.cn/Templates/sky/html/style/l10n.js
http://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
http://hzhuafengdq.cn/Templates/sky/html/style/images/bg.jpg
http://hzhuafengdq.cn/Templates/sky/html/style/images/logo.png
http://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
http://hzhuafengdq.cn/Templates/sky/html/style/styles.css
http://hzhuafengdq.cn/Templates/sky/html/style/images/top.png
https://hzhuafengdq.cn/content/?200.html
https://hzhuafengdq.cn/Templates/sky/html/style/style.css
https://hzhuafengdq.cn/Templates/sky/html/style/jquery.js
https://hzhuafengdq.cn/Templates/sky/html/style/styles.css
https://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
https://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
https://hzhuafengdq.cn/Templates/sky/html/style/style.css
https://hzhuafengdq.cn/Templates/sky/html/style/jquery.js
https://hzhuafengdq.cn/Templates/sky/html/style/wpyou.js
https://hzhuafengdq.cn/Templates/sky/html/style/styles.css
https://hzhuafengdq.cn/Templates/sky/html/style/l10n.js
https://hzhuafengdq.cn/Templates/sky/html/style/jquery(1).js
https://hzhuafengdq.cn/js/comm.js
https://hzhuafengdq.cn/Templates/sky/html/style/images/bg.jpg
https://hzhuafengdq.cn/Templates/sky/html/style/images/sprite.png
https://hzhuafengdq.cn/Templates/sky/html/style/images/top.png
https://hzhuafengdq.cn/Templates/sky/html/style/images/logo.png
https://hzhuafengdq.cn/inc/AspCms_VisitsAdd.asp?id=200
https://hzhuafengdq.cn/plug/comment/comment.asp?id=[content:id]
https://hzhuafengdq.cn/inc/checkcode.asp
https://hzhuafengdq.cn/favicon.ico
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
hzhuafengdq.cn(125.141.63.107)
watson.microsoft.com(52.184.220.162)
ie9cvlist.ie.microsoft.com(117.18.232.200)
117.18.232.200
125.141.63.107
52.158.209.219
|
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49807 |
2020-06-25 15:11
|
202006091658_c90a72e11f1ff6cad... 71743b62964b6634da810d13b413501f
Checks debugger unpack itself Remote Code Execution |
|
|
|
|
1.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49808 |
2020-06-25 15:08
|
202006091658_c90a72e11f1ff6cad... 71743b62964b6634da810d13b413501f
Checks debugger unpack itself Remote Code Execution |
|
|
|
|
1.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49809 |
2020-06-25 15:08
|
http://office-services-sec.com... 3fe1e1b56b127dd61ebf330b827a458d
VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
6
http://office-services-sec.com/favicon.ico
http://office-services-sec.com/crimea.ps1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://office-services-sec.com/crimea.ps1
https://office-services-sec.com/favicon.ico
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
office-services-sec.com(195.22.153.135)
watson.microsoft.com(51.143.111.81)
ie9cvlist.ie.microsoft.com(117.18.232.200)
117.18.232.200
195.22.153.135
52.184.220.162
|
|
|
5.2 |
|
13 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49810 |
2020-06-25 15:01
|
b37cdeed56f98ddb4a507ff7d273fa... 71743b62964b6634da810d13b413501f
Checks debugger unpack itself malicious URLs Remote Code Execution |
|
|
|
|
2.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49811 |
2020-06-25 14:58
|
crimea.ps1 b07c04d53312dd24935701ac700cc8a5
VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key |
2
http://paste.ee/r/5q92D
https://paste.ee/r/5q92D
|
2
paste.ee(172.67.219.133)
104.18.49.20
|
|
|
9.0 |
|
9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49812 |
2020-06-25 14:56
|
crimea.ps1 b07c04d53312dd24935701ac700cc8a5
VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key |
2
http://paste.ee/r/5q92D
https://paste.ee/r/5q92D
|
2
paste.ee(104.18.49.20)
104.18.48.20
|
|
|
9.0 |
|
9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49813 |
2020-06-25 14:40
|
http://office-services-sec.com... a87a313263697c3f81881defa55b269c
VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
6
http://office-services-sec.com/favicon.ico
http://office-services-sec.com/crimea.ps1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://office-services-sec.com/crimea.ps1
https://office-services-sec.com/favicon.ico
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
office-services-sec.com(195.22.153.135)
watson.microsoft.com(52.158.209.219)
ie9cvlist.ie.microsoft.com(117.18.232.200)
117.18.232.200
52.184.220.162
95.181.198.68
|
|
|
5.2 |
|
13 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49814 |
2020-06-25 14:33
|
http://office-services-sec.com... 1d0e1d24ad35a2357af094b32e1cb25a
VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
6
http://office-services-sec.com/favicon.ico
http://office-services-sec.com/crimea.ps1
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://office-services-sec.com/crimea.ps1
https://office-services-sec.com/favicon.ico
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
office-services-sec.com(95.181.198.68)
watson.microsoft.com(51.143.111.81)
ie9cvlist.ie.microsoft.com(117.18.232.200)
117.18.232.200
195.22.153.135
52.184.220.162
|
|
|
5.2 |
|
13 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49815 |
2020-06-25 14:03
|
https://cdn1.estsecurity.com/s... 599168bde854ae6d22a9cc5df5a3c0e2
Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed |
2
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
7
cdn1.estsecurity.com(13.225.112.13)
watson.microsoft.com(52.184.220.162)
ie9cvlist.ie.microsoft.com(117.18.232.200)
iecvlist.microsoft.com(117.18.232.200)
117.18.232.200
13.225.112.13
52.184.220.162
|
|
|
5.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|