| 49921 |
2020-12-02 17:12
|
2020.11.26.doc 8a1440dbbcb5ed848de46e70005cd128
Dridex Vulnerability VirusTotal Malware AutoRuns Code Injection Check memory WMI wscript.exe payload download unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS |
|
2
documentserver.site(93.188.160.77)
93.188.160.77 - mailcious
|
4
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
12.8 |
M |
29 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49922 |
2020-12-02 17:10
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49923 |
2020-12-02 17:08
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows RCE |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49924 |
2020-12-02 17:06
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49925 |
2020-12-02 16:52
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows RCE |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49926 |
2020-12-02 16:52
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files ICMP traffic AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49927 |
2020-12-02 16:50
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files ICMP traffic AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.6 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49928 |
2020-12-02 16:46
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49929 |
2020-12-02 16:45
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49930 |
2020-12-02 16:43
|
32.exe 376f65c925a7319f88beee5075cfa944
VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows RCE |
|
|
|
|
6.8 |
M |
61 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49931 |
2020-12-02 16:41
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious
20.43.94.199
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.2 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49932 |
2020-12-02 16:39
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download njRAT NetWireRC VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS DDNS Downloader |
|
4
ddos.dnsnb8.net(162.217.99.134) - mailcious
ddnshost-microsofts.serveftp.com(0.0.0.0) - mailcious
154.202.3.44 - malware
162.217.99.134
|
10
ET POLICY DNS Query to DynDNS Domain *.serveftp .com
ET INFO Executable Download from dotted-quad Host
ET MALWARE Bladabindi/njRAT CnC Command (ll)
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.4 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49933 |
2020-12-02 16:34
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49934 |
2020-12-02 16:31
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.8 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49935 |
2020-12-02 16:27
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files ICMP traffic AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - malware
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
M |
63 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|