7696 |
2021-04-28 16:17
|
uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger crashed |
|
|
|
|
2.0 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7697 |
2021-04-28 16:17
|
uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger DNS crashed |
|
|
|
|
2.6 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7698 |
2021-04-28 17:05
|
uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger crashed |
|
|
|
|
2.0 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7699 |
2021-04-28 17:11
|
uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f PE File DLL OS Processor Check PE64 VirusTotal Malware Checks debugger crashed |
|
|
|
|
2.0 |
|
31 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7700 |
2021-04-28 17:21
|
mazx.exe 342d651660cf2b0587d25f343aff786f AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176
|
2
ldvamlwhdpetnyn.ml(172.67.208.174) - mailcious 104.21.85.176 - mailcious
|
1
ET INFO DNS Query for Suspicious .ml Domain
|
2
http://ldvamlwhdpetnyn.ml/liverpool-fc-news/ http://ldvamlwhdpetnyn.ml/liverpool-fc-news/
|
14.6 |
M |
33 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7701 |
2021-04-28 17:33
|
cred.dll f195dbf9f3449a5434edf834e43b0ff6 PWS Loki PE File PE32 DLL FTP Client Info Stealer ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software |
1
http://185.215.113.74//4dcYcWsw3/index.php
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
5.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7702 |
2021-04-28 17:34
|
ccc.dot 5ea4015206a069481356dfda12eb2cb9 AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://23.95.122.25/ccc/vbc.exe
|
1
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7703 |
2021-04-28 17:36
|
file.exe e716d52efd4cfaa34624d374ca37b65b PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS |
|
|
|
|
3.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7704 |
2021-04-28 17:36
|
svch.exe 372f96b73c0ff71825a027aca714dc7b PWS Loki .NET framework AsyncRAT backdoor Malicious Library DNS Socket AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software |
1
http://eyecos.ga/chang/gate.php - rule_id: 1185
|
2
eyecos.ga(35.247.234.230) - mailcious 35.247.234.230 - mailcious
|
10
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://eyecos.ga/chang/gate.php
|
12.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7705 |
2021-04-28 17:38
|
svch.dot ec2c1840d5ed24b0e0a3316661e5549d AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit Trojan DNS crashed |
2
http://107.172.130.145/sa/svch.exe http://eyecos.ga/chang/gate.php - rule_id: 1185
|
3
eyecos.ga(35.247.234.230) - mailcious 107.172.130.145 - malware 35.247.234.230 - mailcious
|
15
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://eyecos.ga/chang/gate.php
|
5.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7706 |
2021-04-28 17:39
|
IvGRnMiDzgderQQteqNjNgKoIYqaLW... e301bc81ee1ef7a1bd3549865719d839 RTF File doc buffers extracted exploit crash unpack itself Exploit crashed |
3
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dat http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.doc
|
2
idmquick.xyz(45.61.136.72) 45.61.136.72
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7707 |
2021-04-28 17:40
|
cccc.dot a29a9ab928e578957fed4fb8c67b1e4d AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://23.95.122.25/cccc/vbc.exe
|
1
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7708 |
2021-04-28 17:42
|
IvGRnMiDzgderQQteqNjNgKoIYqaLW... 695774e0748701ddf713140c675003feunpack itself |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7709 |
2021-04-28 17:43
|
IvGRnMiDzgderQQteqNjNgKoIYqaLW... e301bc81ee1ef7a1bd3549865719d839 RTF File doc buffers extracted exploit crash unpack itself Exploit DNS crashed |
3
http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dat http://idmquick.xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.doc
|
2
idmquick.xyz(45.61.136.72) 45.61.136.72
|
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7710 |
2021-04-28 18:00
|
regasm.exe 4d1a1e438fee82fce40619bbb27f4209 PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software |
|
1
superomline.com() - mailcious
|
|
|
7.4 |
M |
37 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|