| 7411 |
2023-10-28 12:49
|
HTMLxlaIEbrowser.dOC 2dd55c2a09a20b395c4034c934651113
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
3
http://185.254.37.174/xlaexpoittt.vbs
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/hgAnq
|
6
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
182.162.106.32
172.67.187.200 - mailcious
185.254.37.174 - mailcious
172.67.215.45 - malware
|
3
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
|
|
4.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7412 |
2023-10-28 12:47
|
HTMLIEBrowserhistory.doc f7b8200be0d768ab8fdc7ef3203267e8
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed |
|
|
|
|
2.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7413 |
2023-10-28 12:46
|
 setup.exe 9d3ff29bb3a7834ecab9d30a29f38bf4
Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Remote Code Execution Cryptographic key |
|
|
|
|
5.8 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7414 |
2023-10-28 12:46
|
 marikolock2.1.exe 1b4bc7eb054142c70e87755de845e039
NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
3
http://www.517912.com/t6tg/?9r4P2=x+Kv6xpWcNesBkKfTwjNPM0LnGFvN7+CPVZKKdjbvYvOGsJKnhF5jBVeRF44UVI4ghuUdA3c&EjU4Sz=fdMTVRIPlB
http://www.promushealth.com/t6tg/?9r4P2=7tYymCvuwOydaUuPNkovhG/t52+K0Kp+Kp8xcgM9C2uQN+XKa74YZrRvofV08ZJStB5H4sxz&EjU4Sz=fdMTVRIPlB
http://www.uzmayaqoob.com/t6tg/?9r4P2=XP7jkasqkgrWx1C3rIh2LMmDsrx9AEXuv+yJvInbJHFGDwSK0i3nVRBGHVeWBLS+d5Gq1e4Y&EjU4Sz=fdMTVRIPlB
|
7
www.promushealth.com(81.17.29.148)
www.uzmayaqoob.com(154.49.142.142)
www.517912.com(38.47.227.76)
www.ficylkghv.com()
38.47.227.76
63.141.242.46
154.49.142.142
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7415 |
2023-10-28 12:44
|
Yqmx.vbs 3575c1d07813dd220063c02c664d1827
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/WsZmE
https://uploaddeimagens.com.br/images/004/634/676/original/rumpe.jpg?1697053529
http://193.42.33.51/myn.txt
|
5
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
104.21.84.67 - malware
172.67.215.45 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7416 |
2023-10-28 12:43
|
HTMLDesginBrowserInternet.dOC c6f17e9d8c72950b1100f1ab9c3ab77d
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
2.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7417 |
2023-10-28 12:42
|
HTMLIEBrowserHistory.vbs 56238116f5d9877c000e6431306d0071VirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7418 |
2023-10-28 12:41
|
 audiodgse.exe bbf6104b2b2953e63d98daf9c6fec2b1
LokiBot UPX .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(104.237.62.212)
173.231.16.77
|
4
ET INFO TLS Handshake Failure
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7419 |
2023-10-28 12:39
|
HTMLDesginbrowser.vbs b32067242d7b194386069c8cf33741dfVirusTotal Malware buffers extracted wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7420 |
2023-10-28 12:38
|
HTMLIEbrowserHistoryClean.doc 5ad1dfb31daa5015f4fdc8af08b50ae9
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7421 |
2023-10-28 11:51
|
 timeSync.exe a666eac4d7ffb6c00bbc79b627e1c660
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.6 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7422 |
2023-10-27 19:47
|
북한최고인민회의 결과.lnk cc96ba45dd2b6a6d7aa300d77e49c095
Generic Malware Downloader Antivirus HWP PS PostScript Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM Lnk Format MSOffice VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
dl.dropboxusercontent.com(162.125.84.15) - malware
162.125.84.15 - malware
|
2
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.2 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7423 |
2023-10-27 18:04
|
 cred64.dll 1c27631e70908879e1a5a8f3686e0d46
Amadey Browser Login Data Stealer Malicious Library UPX PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion human activity check installed browsers check Windows Browser DNS Software |
2
http://185.196.8.176/7jshasdS/index.php - rule_id: 37683
http://185.196.8.176/7jshasdS/index.php
|
1
|
|
1
http://185.196.8.176/7jshasdS/index.php
|
7.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7424 |
2023-10-27 18:04
|
 clip64.dll ceffd8c6661b875b67ca5e4540950d8b
Amadey Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Malicious Traffic Checks debugger unpack itself DNS |
2
http://185.196.8.176/7jshasdS/index.php - rule_id: 37683
http://185.196.8.176/7jshasdS/index.php
|
1
|
|
1
http://185.196.8.176/7jshasdS/index.php
|
3.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7425 |
2023-10-27 17:05
|
xlammexpoittt.vbs 9595077ef106c2510f73d0132ea81155
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/Hhg3l
https://uploaddeimagens.com.br/images/004/634/676/original/rumpe.jpg?1697053529
http://185.254.37.174/mohammeddroidupdatedfilebase64.txt
|
6
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
185.196.8.176
121.254.136.9
104.21.84.67 - malware
104.21.45.138 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|