6121 |
2024-01-25 13:55
|
E9DF1F28CFBC831B89A404816A0242... e5a10df3734802a63d6f10a63ff0054c HWP PS PostScript MSOffice File Lnk Format GIF Format VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself |
|
|
|
|
2.0 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6122 |
2024-01-25 13:54
|
E46907CFAF96D2FDE8DA8A0281E4E1... d6080cc6bad2a70cf21f84147c58bca1 ZIP Format Word 2007 file format(docx) PNG Format JPEG Format Malware download NetWireRC VirusTotal Malware RWX flags setting exploit crash unpack itself Konni Exploit RAT DNS crashed |
|
2
app.documentoffice.club(84.32.131.104) - mailcious 84.32.131.104 - mailcious
|
1
ET MALWARE Possible Konni RAT Domain in DNS Lookup (documentoffice .club)
|
|
4.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6123 |
2024-01-25 13:53
|
조선 시장 물가 분석(회령).hwp 54b3aa4b83e410f4bf28368d59a0711b HWP PS PostScript MSOffice File Lnk Format GIF Format VirusTotal Malware Checks debugger Creates shortcut Creates executable files |
|
|
|
|
1.6 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6124 |
2024-01-25 13:52
|
577C3A0AC66FF71D9541D983E37530... f264f6bfa09a6305865f08bde57b9fd8 ZIP Format Word 2007 file format(docx) PNG Format JPEG Format Malware download NetWireRC Vulnerability VirusTotal Malware RWX flags setting unpack itself Konni RAT DNS |
|
2
app.documentoffice.club(84.32.131.104) - mailcious 84.32.131.104 - mailcious
|
1
ET MALWARE Possible Konni RAT Domain in DNS Lookup (documentoffice .club)
|
|
4.2 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6125 |
2024-01-25 13:51
|
39C97CA820F31E7903CCB190FEE020... 28d25a4021536394fd890c4b6d9b5551 ZIP Format PNG Format JPEG Format Malware download NetWireRC VirusTotal Malware RWX flags setting exploit crash unpack itself Konni Exploit RAT DNS crashed |
|
2
app.documentoffice.club(84.32.131.104) - mailcious 84.32.131.104 - mailcious
|
1
ET MALWARE Possible Konni RAT Domain in DNS Lookup (documentoffice .club)
|
|
4.2 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6126 |
2024-01-25 13:48
|
2F78ABC001534E28EB208A73245CE5... eeadfcccb6d95dc04d81f68ae7865f8b HWP PS PostScript MSOffice File Lnk Format GIF Format VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself |
|
|
|
|
2.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6127 |
2024-01-25 11:40
|
browserupdateiongoingwithmicro... 73209cc1a6e13bbfd7365c6a103d958f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash Exploit DNS crashed |
2
http://paste.ee/d/MGi3F
http://172.232.189.7/5400/BrowserUpdate.vbs
|
3
paste.ee(104.21.84.67) - mailcious 104.21.84.67 - malware
172.232.189.7 - mailcious
|
1
ET INFO Dotted Quad Host VBS Request
|
|
4.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6128 |
2024-01-25 10:31
|
ISOturned.vbs 586060d06409eb7a7a99005cd9093be4 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://paste.ee/d/9VccP
https://paste.ee/d/9VccP
https://wallpapercave.com/uwp/uwp4241942.png
http://198.12.81.138/4312/SLN.txt
|
5
paste.ee(172.67.187.200) - mailcious
wallpapercave.com(104.22.52.71) - malware 185.94.230.135 - mailcious
104.21.84.67 - malware
104.22.52.71 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
9.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6129 |
2024-01-25 10:30
|
gold1201001.exe 6c0b848e31c8d918fa82aae9d760d821 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key crashed |
|
|
|
|
3.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6130 |
2024-01-25 10:28
|
microsoftdecentipdationinstall... b437cdb4742fbfa853685f76e28fc045 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed |
1
http://107.172.4.162/2509/conhost.exe
|
5
api.ipify.org(104.237.62.211)
mail.telefoonreparatiebovenkarspel.nl(185.94.230.135) - mailcious 185.94.230.135 - mailcious
107.172.4.162 - malware
104.237.62.211
|
10
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6131 |
2024-01-25 10:27
|
microinternalprojectcreationfo... adb0708b4a6acc72c9ab9ff10f3bd877 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
3
http://paste.ee/d/9VccP
https://paste.ee/d/9VccP
http://198.12.81.138/4312/ISOturned.vbs
|
5
paste.ee(172.67.187.200) - mailcious
wallpapercave.com(104.22.53.71) - malware 172.67.187.200 - mailcious
198.12.81.138 - malware
104.22.52.71 - malware
|
3
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request
|
|
4.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6132 |
2024-01-25 10:26
|
BrowserUpdate.vbs de5bdb19782a627822c978a99ee2d930VirusTotal Malware wscript.exe payload download |
1
|
2
paste.ee(104.21.84.67) - mailcious 104.21.84.67 - malware
|
|
|
2.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6133 |
2024-01-25 10:25
|
microsoftwindowsinstantdistanc... f71fd269414714b16001419f60e3a7ef MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
1
http://192.3.176.151/356/conhost.exe
|
1
|
5
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6134 |
2024-01-25 10:23
|
microsoftdesignedentireprocess... eb0165158626b14a85aa7b07f0289b86 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
4
http://www.theundraftd.com/he09/?GzuD=3lXeepixblc/XEtZ1EvsIqAmWL+n4YonwTDUoXUSh3HBvLHEOtNDCwwJjbttqziEicGRZpjH&AlB=O2MthllH7
http://www.fino-shop.store/he09/?GzuD=QwDeHw0h79Kv45QE1/tPkzm6xVUnXnh9QB1txwyqw8goEXZFsBWgmhQA3e7In5jI5DTaNlKF&AlB=O2MthllH7
http://www.wjr3x0d.shop/he09/?GzuD=EzmSEMWAJEAiOMoDtJcF/SEKHCHoZAUibF+EkFM3MN7/1rs2R7FLOSCnH7Xkt787xO1QWUqw&AlB=O2MthllH7
http://192.3.176.145/2356/conhost.exe
|
8
www.nighvideos.com()
www.wjr3x0d.shop(206.237.6.187)
www.fino-shop.store(162.240.81.18)
www.theundraftd.com(15.197.148.33) 154.84.24.65
3.33.130.190 - phishing
162.240.81.18 - mailcious
192.3.176.145 - malware
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6135 |
2024-01-25 10:22
|
browserupdateiongoingwithmicro... 73209cc1a6e13bbfd7365c6a103d958f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed |
|
|
|
|
3.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|