| 7951 |
2024-07-10 07:36
|
 2.exe 536b6b4464f2476d693267bd71d9a1ee
Lumma Stealer UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7952 |
2024-07-09 21:37
|
https://l.facebook.com/l.php?u... c896711e056cb6f0df71a7c8e0fac71c
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
13
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww
https://m.facebook.com/favicon.ico
https://l.facebook.com/l.php?u=https://jumpseller.s3.eu-west-1.amazonaws.com/store/store5/assets/0DlBptEf2ucAMWLVhICY.xml?3ZWnWh6lF7YOyvbrJnAH?3ZWnWh6lF7YOyvbrJnAH?u=https://app.alibaba.com/dynamiclink?medium_source=facebook&traffic_type=install&field=UG&schema=enalibaba://oneSight?biz=dpa&keyword=Cricket&product_id=10000002872855&pcate=202017804&from=cpm_fb&kpi=abrate&tagId=10000002872855&categoryId=202017804&categoryName=Cricket&traffic_type=install&field=UG&fbclid=IwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg&h=AT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ&medium_source=facebook&channel_url=https://staticxx.-.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=43%23cb=f2c4458ac9011a8&domain=www.-.com&origin=https://www.-.com/&h=AT01NiNROZ8p941O0N0aTu1eTEc68z48cS0k-Fomk3H3l-zlM9fzup-7MGpKVLX7ayzNVdFs6-lQLRoUAiw5DkT8cTkKxDbImOguZjIP8xADMSwjdKQf
https://fbsbx.com/security/hsts-pixel.gif
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png
https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1obHn9DopNwORveXPj0XvXlunAn_I02Q6VPiWjsC-Lnn6F-4fS3j3tzMjWWTgTEYYu6pUzLUgbLz99rBSkS9sgLPTgWyT6C_F5fR_z6EbPC8dz2fpRHA
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%3F3ZWnWh6lF7YOyvbrJnAH%3Fu%3Dhttps%3A%2F%2Fapp.alibaba.com%2Fdynamiclink%3Fmedium_source%3Dfacebook&h=AT1cKE7-ZeDsubK_dW8Y2XclCpIAD-hQSnRkfS5MsfMKzKqNxNUljBNN9BwQ_kj9GSxg2YBhKU_9WPKUPy5CnzMDLM0sEflP0jQyEFdeqdH99uFTS3c_Ww&_rdr
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
10
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
l.facebook.com(157.240.215.36)
157.240.215.35
157.240.215.36
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7953 |
2024-07-09 21:37
|
https://www.facebook.com/38022... 1248cb643e2592a6bcce60711dc10617
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format icon MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
10
https://m.facebook.com/story.php?story_fbid=3802211850064154&id=100008261283165&_rdr
https://m.facebook.com/favicon.ico
https://fbsbx.com/security/hsts-pixel.gif
https://www.facebook.com/3802211850064154
https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fstory.php%3Fstory_fbid%3D3802211850064154%26id%3D100008261283165&refsrc=deprecated&_rdr
https://m.facebook.com/3802211850064154?_rdr
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
|
8
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
157.240.215.35
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7954 |
2024-07-09 21:31
|
https://l.facebook.com/l.php?u... 2bec4686337f2e399b71386575535145
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File icon Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
12
https://m.facebook.com/favicon.ico
https://fbsbx.com/security/hsts-pixel.gif
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/nUs9RS26D1m.png
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/l7jFXMc3gVH.png
https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/Sku_Kc8l2qU.png
https://www.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w
https://facebook.com/security/hsts-pixel.gif?c=3.2
https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/ZXwOcP9E7mM.png
https://l.facebook.com/l.php?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D
https://m.facebook.com/flx/warn/?u=https%3A%2F%2Fjumpseller.s3.eu-west-1.amazonaws.com%2Fstore%2Fstore5%2Fassets%2F0DlBptEf2ucAMWLVhICY.xml%3F3ZWnWh6lF7YOyvbrJnAH%253F3ZWnWh6lF7YOyvbrJnAH%253Fu%3Dhttps%253A%252F%252Fapp.alibaba.com%252Fdynamiclink%253Fmedium_source%253Dfacebook%2526traffic_type%253Dinstall%2526field%253DUG%2526schema%253Denalibaba%25253A%25252F%25252FoneSight%25253Fbiz%25253Ddpa%252526keyword%25253DCricket%252526product_id%25253D10000002872855%252526pcate%25253D202017804%252526from%25253Dcpm_fb%252526kpi%25253Dabrate%252526tagId%25253D10000002872855%252526categoryId%25253D202017804%252526categoryName%25253DCricket%252526traffic_type%25253Dinstall%252526field%25253DUG%2526fbclid%253DIwAR0FLnSeScwkIjojGGpbgrP8Nb8rCjOxC_Bw_9e4HNK9YZUQ-mmn4qNfTcg%26h%3DAT2sib1bjmYXmw0YZ7em-OROLzWKd3Cwg1n4p716uPjxfW28kE1xSaJOhB1Ki5L0jpTi9EoEFVqUTsDfbrHDqnTg1TsTQFZDFzoCEH-46GQgXIOoZ6Wno_wFX65Fw_pMqWD_v5sAr43_rtlgkvuqKQ%26medium_source%3Dfacebook%26amp%253Bchannel_url%3D&h=AT2lhNd3WVLc1jMK7gNOzzIgRe8dRoSUFaVmm5tCk999Eu8Gshn7HOF69sj6AwN4pbEkt26wCz4z6QvzQt8w7OQ9LaPxbAF198ysDfoHZhGVXt5Lf33H_w&_rdr
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png
https://fbcdn.net/security/hsts-pixel.gif?c=2
|
10
www.facebook.com(157.240.215.35)
fbsbx.com(157.240.215.35)
m.facebook.com(157.240.215.35)
static.xx.fbcdn.net(157.240.215.14)
fbcdn.net(157.240.215.35)
facebook.com(157.240.215.35)
l.facebook.com(157.240.215.36)
157.240.215.35
157.240.215.36
157.240.215.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7955 |
2024-07-09 18:49
|
 DS_Store.exe 14df06539b72837adb9f8d13cfcea6db
Generic Malware Malicious Packer UPX PE File PE32 VirusTotal Malware PDB RCE |
|
|
|
|
0.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7956 |
2024-07-09 18:47
|
 DS_Store.exe 14df06539b72837adb9f8d13cfcea6db
Generic Malware Malicious Packer UPX PE File PE32 VirusTotal Malware PDB RCE |
|
|
|
|
0.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7957 |
2024-07-09 18:41
|
2aba0c4cfb95beba9ddb8208234f1b... 432230af1d59dac7dfb47e0684807240
Escalate priviledges PWS KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself DNS |
|
3
p13n.adobe.io(52.22.41.97)
3.233.129.217
104.78.72.178
|
|
|
4.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7958 |
2024-07-09 18:21
|
소명자료 목록.hwp.lnk a330b834cc2ec19c3e151f07fb4b877c
Generic Malware Antivirus AntiDebug AntiVM HWP MSOffice File Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
https://executivedaytona.com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0
|
|
|
|
6.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7959 |
2024-07-09 18:16
|
근로신청서 관련의 건.docx.lnk 21d12dc7f08752293847af6ed19df0e3
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.2 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7960 |
2024-07-09 17:10
|
 fromblueRmilxch.exe 0234bff4bd4e6dd7a80d3fde4f12fc09
Malicious Library Malicious Packer .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7961 |
2024-07-09 17:08
|
 trc.exe 74758f61067ea9fa0e2a4593920ed0f2
Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7962 |
2024-07-09 17:06
|
 runerdata.exe 99c919281e619f24edc578e427433f7b
Malicious Library Malicious Packer .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7963 |
2024-07-09 17:06
|
 build1111.exe dea351e95b2d5b0a6b3911d531315550
Generic Malware Malicious Library PE File PE64 VirusTotal Malware Check memory unpack itself |
|
|
|
|
1.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7964 |
2024-07-09 14:18
|
 Update_old.js affe7c07da3776a191c69b73e50d491aVBScript wscript.exe payload download Tofsee crashed Dropper |
|
2
pkjzv.fans.smalladventureguide.com(162.252.175.117) - mailcious
162.252.175.117 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7965 |
2024-07-09 12:06
|
 download.php 019defe59b733d4d86a895702873ff07
Malicious Library PE File PE32 VirusTotal Malware RCE |
|
|
|
|
2.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|