7351 |
2023-10-31 18:01
|
JDS.vbs 16c6922f713e35f485266c858eeeb038 wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious 172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7352 |
2023-10-31 17:59
|
HTMLbrowserHistoryCleanerhta.d... a5e653641362ac4e0fae2c211a6fd38d MS_RTF_Obfuscation_Objects RTF File doc RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious 45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure SURICATA Applayer Wrong direction first Data
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7353 |
2023-10-31 17:57
|
MSS.vbs 95ef971ad0bbdace8a049b8b59ddd0e8wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious 172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7354 |
2023-10-31 17:53
|
skx0IG9.exe 622018aa5fdba418e8aac635cc49a57e .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7355 |
2023-10-31 17:51
|
HRE.vbs dd68aaf78901710759406c19281e1d6bVirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious 172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7356 |
2023-10-31 17:49
|
clip.exe b19c968d8ef12e145edacf8578f3440b Themida Packer Generic Malware Malicious Library PE File PE64 VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7357 |
2023-10-31 17:47
|
lowkeeeeeFile.hta 393385547048586dc9eac0ba496b5c6a Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
2
https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg
http://185.254.37.174/droidlokiiiiiiiiiiiibase64.txt
|
3
imageupload.io(104.21.83.102) - malware 185.196.8.176 - malware
104.21.83.102 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7358 |
2023-10-31 17:47
|
pablozx.exe d1a01eb4380c0b5afecf2a8e2dc8902f Formbook AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities AppData folder Windows |
2
http://www.alkemymedia.com/o6g2/?T6hH=TcJYskQeIEqvLoDqB2cxRl9kId57yTXFVFAzbVPo9SRnnSNvkE6PeNWURLP+oM0+OEqqsFHA&wPT=mf5T http://www.maurice-paetzold.com/o6g2/?T6hH=MnMOobRyqH3XeIZSi0NOa/chdJyQ39ZlT6TVPdZ+J13HVMjUNzv4ngmdbhRoHvqCPt2c+K/j&wPT=mf5T
|
5
www.alkemymedia.com(3.33.152.147) www.maurice-paetzold.com(81.169.145.151) www.joannamulderlcpc.online() 81.169.145.151 - mailcious 3.33.152.147 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
11.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7359 |
2023-10-31 17:46
|
XLARFQ77802578790.pdf.hta 9f5447784eb960df0833273eded3324c Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
2
https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg
http://185.254.37.174/cuzinebase64bxjhgvhsj.txt
|
2
imageupload.io(104.21.83.102) - malware 104.21.83.102 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
11.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7360 |
2023-10-31 17:45
|
abd.exe b6d627dcf04d04889b1f01a14ec12405 Amadey Browser Login Data Stealer Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL PE64 JPEG Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Windows Browser ComputerName DNS Software |
4
http://185.196.8.176/7jshasdS/Plugins/clip64.dll - rule_id: 37685 http://185.196.8.176/7jshasdS/Plugins/cred64.dll - rule_id: 37684 http://185.196.8.176/7jshasdS/index.php?scr=1 - rule_id: 37683 http://185.196.8.176/7jshasdS/index.php - rule_id: 37683
|
1
|
4
ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Amadey Bot Activity (POST) M1
|
4
http://185.196.8.176/7jshasdS/Plugins/clip64.dll http://185.196.8.176/7jshasdS/Plugins/cred64.dll http://185.196.8.176/7jshasdS/index.php http://185.196.8.176/7jshasdS/index.php
|
12.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7361 |
2023-10-31 17:44
|
mtxJalD.exe fba616f5dc56b1cd9c463c0b9da86578 Hide_EXE PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows |
|
|
|
|
2.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7362 |
2023-10-31 17:43
|
ekWgHWjP3arvUq7_1698166097.jpg... 84e9da19e54082f0f5d6215d4f846c7a Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7363 |
2023-10-31 17:34
|
XLARFQ77802578790.pdf.hta 9f5447784eb960df0833273eded3324c Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
|
2
imageupload.io(172.67.222.26) - malware 104.21.83.102 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
11.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7364 |
2023-10-31 17:34
|
HTMLbrowserHistoryCleanerhta.d... a5e653641362ac4e0fae2c211a6fd38d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious 45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7365 |
2023-10-31 17:32
|
skx0IG9.exe 622018aa5fdba418e8aac635cc49a57e .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|