766 |
2024-08-22 15:06
|
yummycakewithbutterbunwhichver... 85485a1e88e7a07db924b5e3ac587c52 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://192.3.64.158/366/coupecakebutterbuncakecreamyyum.tIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware 192.3.64.158 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
767 |
2024-08-22 15:06
|
lOpkseAloegPhxxAcv.doc 77d04e68c46c843c399d83b858b9b46a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed |
1
http://154.216.18.222/simulators/lOpkseAloegPhxxAcv.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
4.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
768 |
2024-08-22 15:04
|
jhi_service.exe 858cf3afd18d69880a07793ad273c232 Suspicious_Script_Bin Malicious Library UPX PE File PE32 DLL Lnk Format GIF Format VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware |
|
|
|
|
6.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
769 |
2024-08-22 15:04
|
kleiseIche.exe e54c022314dfd1cc38e8994f725ba3be Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.8 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
770 |
2024-08-22 11:35
|
random.exe 34440059466824a2678e1e846f3bff3b Stealc Amadey RedLine stealer Gen1 Generic Malware Malicious Library UPX Malicious Packer Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder malicious URLs sandbox evasion VMware anti-virtualization installed browsers check Tofsee Ransomware Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin |
10
http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968 http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://31.41.244.10/Dem7kTu/index.php - rule_id: 42202 http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/0d60be0de163924d/msvcp140.dll
|
5
crash-reports.mozilla.com(34.49.45.138) 34.49.45.138 31.41.244.10 - malware 185.215.113.100 - mailcious 31.41.244.11 - mailcious
|
21
ET DROP Spamhaus DROP Listed Traffic Inbound group 2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
3
http://185.215.113.100/e2b1563c6670f193.php http://31.41.244.10/Dem7kTu/index.php http://185.215.113.100/
|
22.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
771 |
2024-08-22 11:31
|
random.exe a151cbfbefd0a8e04caa4aa5be8f388e Generic Malware Malicious Library UPX Code injection AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself malicious URLs installed browsers check Tofsee Ransomware Exploit Browser ComputerName crashed |
|
2
crash-reports.mozilla.com(34.49.45.138) 34.49.45.138
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
772 |
2024-08-22 11:30
|
f.php e6f22534386dfeabe97f646659b7820a Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key |
|
2
i.ibb.co(104.194.8.120) - mailcious 104.194.8.120
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
773 |
2024-08-22 11:28
|
downloader.exe 64f01094081e5214edde9d6d75fca1b5 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself |
|
|
|
|
1.4 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
774 |
2024-08-22 11:27
|
yummysilkybutterbuncamewithcho... ed3c59a3e67a8803a62bb3ca27c9ad31 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://192.3.111.148/xampp/kbv/yummysweetbutterbunlipsonher.tIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware 192.3.111.148
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
775 |
2024-08-22 10:46
|
https://archivecloud.dev/ b43d9021a42d173048611a17339d2c85 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
https://archivecloud.dev/
|
2
archivecloud.dev(104.21.50.142) 172.67.206.206
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
776 |
2024-08-21 21:20
|
scan_20240805144103.pdf e4f6cd4d0556d4a0841b0617f14efc92 PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
777 |
2024-08-21 15:28
|
photo.jpeg.exe 1a530b88ea994df4c9cc20d9a9470a36 Malicious Library PE File PE64 VirusTotal Malware AutoRuns PDB ICMP traffic unpack itself Windows DNS |
|
1
|
|
|
5.6 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
778 |
2024-08-21 15:21
|
Public Official Property Decla... dfc1a7f27ae2cfbcfe0cea9c1305ce80 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates shortcut unpack itself DNS |
|
|
|
|
3.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
779 |
2024-08-21 15:19
|
통일부 5월 간담회 계획안(줄리 터너대사 방한건_인권 ... 028075a00beb580aae25e2d60180889f Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
7.2 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
780 |
2024-08-21 15:17
|
newupdate.hta 800ba50354158f39366e2b4e7f96a3eb Generic Malware Antivirus AntiDebug AntiVM MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
|
1
198.12.81.252 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
12.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|