| 7696 |
2021-04-28 16:17
|
uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f
PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger crashed |
|
|
|
|
2.0 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7697 |
2021-04-28 16:17
|
uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f
PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger DNS crashed |
|
|
|
|
2.6 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7698 |
2021-04-28 17:05
|
 uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f
PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger crashed |
|
|
|
|
2.0 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7699 |
2021-04-28 17:11
|
 uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f
PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger crashed |
|
|
|
|
2.0 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7700 |
2021-04-28 17:21
|
 mazx.exe 342d651660cf2b0587d25f343aff786f
AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176
|
2
ldvamlwhdpetnyn.ml(172.67.208.174) - mailcious
104.21.85.176 - mailcious
|
1
ET INFO DNS Query for Suspicious .ml Domain
|
2
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/
|
14.6 |
M |
33 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7701 |
2021-04-28 17:33
|
 cred.dll f195dbf9f3449a5434edf834e43b0ff6
PWS Loki PE File PE32 DLL FTP Client Info Stealer ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software |
1
http://185.215.113.74//4dcYcWsw3/index.php
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
5.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7702 |
2021-04-28 17:34
|
ccc.dot 5ea4015206a069481356dfda12eb2cb9
AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://23.95.122.25/ccc/vbc.exe
|
1
|
6
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7703 |
2021-04-28 17:36
|
 file.exe e716d52efd4cfaa34624d374ca37b65b
PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS |
|
|
|
|
3.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7704 |
2021-04-28 17:36
|
 svch.exe 372f96b73c0ff71825a027aca714dc7b
PWS Loki .NET framework AsyncRAT backdoor Malicious Library DNS Socket AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software |
1
http://eyecos.ga/chang/gate.php - rule_id: 1185
|
2
eyecos.ga(35.247.234.230) - mailcious
35.247.234.230 - mailcious
|
10
ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://eyecos.ga/chang/gate.php
|
12.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7705 |
2021-04-28 17:38
|
svch.dot ec2c1840d5ed24b0e0a3316661e5549d
AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit Trojan DNS crashed |
2
http://107.172.130.145/sa/svch.exe
http://eyecos.ga/chang/gate.php - rule_id: 1185
|
3
eyecos.ga(35.247.234.230) - mailcious
107.172.130.145 - malware
35.247.234.230 - mailcious
|
15
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://eyecos.ga/chang/gate.php
|
5.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7706 |
2021-04-28 17:39
|
IvGRnMiDzgderQQteqNjNgKoIYqaLW... e301bc81ee1ef7a1bd3549865719d839
RTF File doc buffers extracted exploit crash unpack itself Exploit crashed |
3
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dat
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.doc
|
2
idmquick.xyz(45.61.136.72)
45.61.136.72
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7707 |
2021-04-28 17:40
|
cccc.dot a29a9ab928e578957fed4fb8c67b1e4d
AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://23.95.122.25/cccc/vbc.exe
|
1
|
6
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7708 |
2021-04-28 17:42
|
IvGRnMiDzgderQQteqNjNgKoIYqaLW... 695774e0748701ddf713140c675003feunpack itself |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7709 |
2021-04-28 17:43
|
IvGRnMiDzgderQQteqNjNgKoIYqaLW... e301bc81ee1ef7a1bd3549865719d839
RTF File doc buffers extracted exploit crash unpack itself Exploit DNS crashed |
3
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dat
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.doc
|
2
idmquick.xyz(45.61.136.72)
45.61.136.72
|
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7710 |
2021-04-28 18:00
|
 regasm.exe 4d1a1e438fee82fce40619bbb27f4209
PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software |
|
1
superomline.com() - mailcious
|
|
|
7.4 |
M |
37 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|