| 7381 |
2023-10-30 21:16
|
 0cae8683e3d3e6ba8812f8d0d3e34b... 0cae8683e3d3e6ba8812f8d0d3e34b9d
NSIS Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 MSOffice File DLL PNG Format BMP Format JPEG Format VirusTotal Malware MachineGuid Code Injection Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
|
3
dsapi.io()
download.studio(141.255.166.101)
141.255.166.101
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
7.4 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7382 |
2023-10-30 18:02
|
 uwp4098462.png.exe c07745eb39de5a4c568de93d1e264840
Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7383 |
2023-10-30 17:51
|
 사이버안전참고자료.doc 04a0505cc45d2dac4be9387768efcb7c
VBA_macro Generic Malware MSOffice File Lnk Format GIF Format Malware download Kimsuky VirusTotal Malware Campaign Creates shortcut Creates executable files exploit crash unpack itself North Korea Exploit crashed |
1
http://yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php?query=1
|
2
yanggucam.designsoup.co.kr(121.78.88.79) - mailcious
121.78.88.79 - mailcious
|
3
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
|
|
4.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7384 |
2023-10-30 17:50
|
주요도시 시장가격 조사2023.lnk d1dc2db2956803de7eef7a76a6ac5cb2
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM Lnk Format GIF Format PowerShell .NET VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Interception Windows Exploit ComputerName Cryptographic key crashed |
2
http://app.documentoffice.club/salt_view_doc_words?user=H11I75PFF0ZG53NDG00H64OE
https://dl.dropboxusercontent.com/scl/fi/h7p5aearkbq6rnb2oh633/20231028_selca.zip
|
4
dl.dropboxusercontent.com(162.125.84.15) - malware
app.documentoffice.club(84.32.131.104)
162.125.84.15 - malware
84.32.131.104
|
2
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7385 |
2023-10-30 17:50
|
 rbxfpsunlocker.exe 559e4b863c9736d6dd81b67a1c7c51e9
Gen1 Emotet Generic Malware Malicious Library UPX ASPack PE File PE64 OS Processor Check DLL DllRegisterServer dll ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself Ransomware crashed |
|
|
|
|
3.6 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7386 |
2023-10-30 17:47
|
 MAW.txt.exe edc9b4f305d1232558161d5e8d466dd5
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7387 |
2023-10-30 17:45
|
 KEW.txt.exe 2630f19eed1e2899a652c10f5edf1532
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7388 |
2023-10-30 17:45
|
 setup.exe a90f2872c6e2a825cbf315f65c530369
Malicious Library PE File PE32 WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName |
|
|
|
|
3.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7389 |
2023-10-30 17:42
|
 203.exe b4c67afbce5715b8bc9c3b652564ee22
Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware DNS |
1
|
2
guhomush.pw(172.67.129.141)
172.67.129.141 - mailcious
|
4
ET DNS Query to a *.pw domain - Likely Hostile
ET INFO HTTP Request to a *.pw domain
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
|
|
8.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7390 |
2023-10-30 17:42
|
HTMLHisotoryCleaner.dOC baf31ab5eb242de4b7deb9bc7864f08f
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Wrong direction first Data
|
|
2.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7391 |
2023-10-30 17:41
|
HTMLIEcontentHistory.vbs 329ec572360f8e6cdddd1d7304e77001VirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7392 |
2023-10-30 17:40
|
HTMLhistoryClearner.dOC ab5d39905d80955d987393bd55dc63af
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
2.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7393 |
2023-10-30 17:40
|
HTMLIEsearchHistory.vbs c3331ba028e5bac96943a698e5147891
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
https://paste.ee/d/AXiiR
https://wallpapercave.com/uwp/uwp4098462.png
http://141.98.6.91/1903/1/KEW.txt
|
4
paste.ee(104.21.84.67) - mailcious
wallpapercave.com(172.67.29.26) - malware
172.67.187.200 - mailcious
104.22.52.71
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
9.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7394 |
2023-10-30 17:38
|
 trafico.exe 317c1da3d49d534fdde575395da84879
Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
171.22.28.239 - mailcious
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer Activity (Response)
|
|
6.4 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7395 |
2023-10-30 17:36
|
 timeSync.exe 6b8fb6abd4fe5a7d07dec0810d2419f6
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|