| 8956 |
2021-06-17 10:18
|
 f7juhkryu4.exe 270c3859591599642bd15167765246e3
Ficker Stealer PE File PE32 VirusTotal Malware |
|
|
|
|
1.6 |
M |
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8957 |
2021-06-17 10:50
|
Document 2519711.xls c64202fc6e89fc1c49cde536894ed99d
VBA_macro MSOffice File VirusTotal Malware |
|
|
|
|
0.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8958 |
2021-06-17 10:52
|
Document 2519711.xls c64202fc6e89fc1c49cde536894ed99d
VBA_macro MSOffice File VirusTotal Malware |
|
|
|
|
0.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8959 |
2021-06-17 10:55
|
Document 2519711.xls c64202fc6e89fc1c49cde536894ed99d
VBA_macro MSOffice File VirusTotal Malware |
|
|
|
|
0.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8960 |
2021-06-17 11:16
|
Document 2519711.xls c64202fc6e89fc1c49cde536894ed99d
VBA_macro MSOffice File VirusTotal Malware |
|
|
|
|
0.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8961 |
2021-06-17 11:43
|
 lv.exe dba9d5c211d728da4b92e0064a445ecd
PE File PE32 VirusTotal Malware |
|
|
|
|
1.4 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8962 |
2021-06-17 12:05
|
Document 2519711.xls c64202fc6e89fc1c49cde536894ed99d
VBA_macro MSOffice File VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself Tofsee ComputerName DNS |
2
http://80.82.67.127/IE9CompatViewList.xml
https://dev1.whoatemylunch.org/wp-includes/js/tinymce/themes/inlite/hxXHK0N6.php
|
11
es.e-m2.net(94.124.84.11)
dev1.whoatemylunch.org(70.39.250.160)
teste.sitiodoastronauta.com.br(138.68.235.11)
fitzgeraldstreet.com(162.253.125.64)
adamjeecommodities.com(18.136.132.202)
138.68.235.11
70.39.250.160
162.253.125.64 - mailcious
94.124.84.11 - mailcious
80.82.67.127
18.136.132.202 - phishing
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.2 |
M |
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8963 |
2021-06-17 12:15
|
https://www.naver.com/ 1838b2eea5a23e5c20d4cf6a7fc3b9b3
AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
167
https://s.pstatic.net/shopping.phinf/20210616_4/8c28437a-f741-4658-afe1-28dda72c3215.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/977.png
https://s.pstatic.net/shopping.phinf/20210601_6/ed6a46fc-cb51-45bd-909b-1ff4823f3d95.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/990.png
https://s.pstatic.net/static/www/mobile/edit/2021/0616/cropImg_196x196_65777761331223160.jpeg
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/214.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/293.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/031.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/340.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/308.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0615%2Fupload_1623748408938PKKKz.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/079.png
https://ssl.pstatic.net/tveta/libs/1339/1339306/29dd972b759ea892de5e_20210517130848184.jpeg
https://ssl.pstatic.net/tveta/libs/1287/1287046/a8abf23745420444913b_20210610115236170.jpg
https://www.naver.com/include/newsstand/press_info_data.json
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0615%2Fupload_1623723530231aFfOo.jpg%22&type=nf340_228
https://s.pstatic.net/shopping.phinf/20210616_11/6fc89928-d102-49ef-8448-3b5d8ed6dae5.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/029.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/807.png
https://s.pstatic.net/static/newsstand/up/2020/0903/nsd185255316.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/962.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/144.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/934.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/108.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/241.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/008.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/018.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/376.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0617%2Fupload_1623891127793zB8QG.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/005.png
https://lcs.naver.com/m?u=https%3A%2F%2Fwww.naver.com%2F&e=&os=Win64&ln=ko&sr=1365x1024&pr=1&bw=1343&bh=899&c=24&j=Y&k=Y&i=&ls=FKMSEQ5LXMWF6&connectEnd=1623898655845&connectStart=1623898655845&domComplete=1623898663217&domContentLoadedEventEnd=1623898663215&domContentLoadedEventStart=1623898663165&domInteractive=1623898656449&domLoading=1623898656449&domainLookupEnd=1623898655845&domainLookupStart=1623898655845&fetchStart=1623898655845&loadEventEnd=1623898663329&loadEventStart=1623898663276&msFirstPaint=1623898659650&navigationStart=1623898655843&requestStart=1623898655845&responseEnd=1623898656340&responseStart=1623898655845&pan=SHOW&pid=0729de975c4ab5bfcd69240c0be16c7d&ts=1623898663526&EOU
https://s.pstatic.net/static/www/mobile/edit/2021/0616/cropImg_728x360_65777136763756528.jpeg
https://ssl.pstatic.net/sstatic/search/pc/img/sp_autocomplete_4d068feb.png
https://ssl.pstatic.net/tveta/libs/external/js/jquery-1.8.0.min.js?20170206
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/314.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/016.png
https://ssl.pstatic.net/tveta/libs/assets/css/pc/main/min/main_topic_darkmode.min.css?20200601
https://siape.veta.naver.com/fxshow?su=SU10640&nrefreshx=0
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0615%2Fupload_1623748413372klrBB.jpg%22&type=nf340_228
https://pm.pstatic.net/dist/js/nmain.ie.3da6ab3e.js?o=www
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/021.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/081.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/366.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/809.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/356.png
https://s.pstatic.net/static/newsstand/up/2020/0708/nsd94830278.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png
https://www.naver.com/
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/422.png
https://s.pstatic.net/shopping.phinf/20210616_24/4a91d728-ff4c-4424-be19-16ece9bb6adc.jpg?type=f214_292
https://ssl.pstatic.net/tveta/libs/1342/1342591/0e77ae3fc256b85da174_20210609163101578.jpg
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/956.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/011.png
https://siape.veta.naver.com/fxshow?su=SU10601&nrefreshx=0
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/953.png
https://s.pstatic.net/static/www/mobile/edit/2021/0616/cropImg_196x196_65777577471565398.jpeg
https://ssl.pstatic.net/tveta/libs/assets/js/pc/main/min/pc.veta.core.min.js?20170222
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/009.png
https://s.pstatic.net/static/newsstand/up/2020/1011/nsd205146413.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/310.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/006.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0616%2Fupload_1623802860616AkkW6.jpg%22&type=nf340_228
https://s.pstatic.net/imgshopping/static/sb/js/jquery/jquery-1.12.4.min_v1.js?v=2021060716
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/076.png
https://s.pstatic.net/shopping.phinf/20210615_20/de33d96f-1bdd-41f8-a215-1202767044f9.jpg?type=f214_292
https://pm.pstatic.net/dist/css/nmain.20210601a.css
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/991.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/326.png
https://siape.veta.naver.com/fxshow?su=SU10641&nrefreshx=0
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/329.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/014.png
https://static-whale.pstatic.net/main/sprite-20201210@2x.png
https://s.pstatic.net/shopping.phinf/20210616_16/971ed3df-4ccd-448c-8eee-964547faae5c.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/355.png
https://ssl.pstatic.net/tveta/libs/1332/1332888/e39aca9aa119a8b56138_20210616155527177.jpg
https://s.pstatic.net/shopping.phinf/20210421_21/0b765539-8442-47d8-b08b-f269cf8176f9.jpg?type=f214_292
https://siape.veta.naver.com/fxshow?su=SU10599&nrefreshx=0
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/052.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/971.png
https://s.pstatic.net/static/newsstand/up/2021/0420/nsd105139164.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/924.png
https://s.pstatic.net/imgshopping/static/sb/js/sb/shopboxS04_v1.js?v=2021060716
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/942.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/015.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/038.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/117.png
https://s.pstatic.net/shopping.phinf/20210506_8/73ec155c-b3d7-4765-9df2-bf83288c01da.jpg
https://s.pstatic.net/static/www/mobile/edit/2021/0616/cropImg_196x196_65777519353252854.jpeg
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/055.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/539.png
https://ssl.pstatic.net/tveta/libs/res/www/common/info/da_access.png
https://l.www.naver.com/l?SOU&svcOnList=&act=PC.lcs&ts=1623898663316&svr=&EOU
https://s.pstatic.net/imgshopping/static/sb/js/sb/nclkS02_v1.js?v=2021060716
https://s.pstatic.net/shopping.phinf/20210615_13/acc8fff6-464c-441b-ad27-6c8c3af47358.jpg?type=f214_292
https://castbox.shopping.naver.com/shoppingboxnew/main.nhn
https://siape.veta.naver.com/fxview?eu=EU10041892&calp=-&oj=ZagUyei1lSg7WCFdimRBaeTUESv6aiVVnzgGMQnXCF%2BHEGhVxjvVFuhDQj27VaUV6VKgREjU%2Fp3g24zZF%2BKFEA&ac=8338833&src=5113520&evtcd=P100&x_ti=1312&tb=&oid=&sid1=&sid2=&rk=e1870eb50a8dc4a183ad6ef10582ba85&eltts=hYIUruvA3AVukR0kYduGDg%3D%3D&brs=Y&&eid=V800&dummy=0.5274807114419227
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/020.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/346.png
https://s.pstatic.net/imgshopping/static/sb/css/shopboxR0014_v6.css?v=2021060716
https://ssl.pstatic.net/tveta/libs/res/www/native/sp_main_topic_darkmode.png
https://s.pstatic.net/static/www/img/uit/2021/sp_shop_bffdc9.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0616%2Fupload_1623803511750u1FEN.jpg%22&type=nf340_228
https://pm.pstatic.net/dist/js/search.ie.3388b3fe.js?o=www
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/819.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/818.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/296.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0617%2Fupload_16238911923615oTsW.jpg%22&type=nf340_228
https://ssl.pstatic.net/tveta/libs/1342/1342809/8a3d004b587ade1624f5_20210608115031363.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/806.png
https://s.pstatic.net/static/www/img/uit/2021/sp_weather_time_5f2bbb.png
https://siape.veta.naver.com/fxshow?su=SU10566&da_dom_id=p_main_show_2&tb=SHOW_1&calp=-&rui=1623898663474&main_svt=20210617115747
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/044.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/922.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/025.png
https://ssl.pstatic.net/tveta/libs/assets/js/common/min/probe.min.js
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/002.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/930.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0615%2Fupload_1623723348440gDpaP.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/964.png
https://ssl.pstatic.net/tveta/libs/assets/js/pc/main/min/pc.veta.core.min.js
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/906.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/139.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/903.png
https://ssl.pstatic.net/sstatic/search/pc/css/sp_autocomplete_210318.css
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/123.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/094.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/030.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/440.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/368.png
https://s.pstatic.net/shopping.phinf/20210512_9/b366e36d-4372-4414-a63e-54a7cabe3961.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/277.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/047.png
https://s.pstatic.net/static/www/img/uit/2021/sp_main_4efc7a.png
https://ssl.pstatic.net/tveta/libs/external/js/jquery-1.8.0.min.js?20171121
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/913.png
https://siape.veta.naver.com/fxshow?su=SU10565&da_dom_id=p_main_show_1&tb=SHOW_1&calp=-&rui=1623898663475&main_svt=20210617115747
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/057.png
https://s.pstatic.net/shopping.phinf/20210615_8/10c05db3-3eaf-4e41-bbb5-a5b3cbb0f7af.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/905.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/330.png
https://s.pstatic.net/static/newsstand/up/2020/0610/nsd151458769.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/215.png
https://s.pstatic.net/shopping.phinf/20210614_25/a606a1bf-151c-4802-b2a1-2db6c15a111e.jpg?type=f214_292
https://ssl.pstatic.net/tveta/libs/assets/css/pc/common/min/common.min.css?20181108
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/032.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/022.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/364.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/003.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/040.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/914.png
https://siape.veta.naver.com/fxshow?su=SU10642&nrefreshx=0
https://ssl.pstatic.net/tveta/libs/assets/css/pc/main/min/new_timeboard.min.css?20181108
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/092.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/361.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/804.png
https://s.pstatic.net/shopping.phinf/20210614_18/9c0321b8-1b91-4688-bbe5-cd500ce1802e.jpg
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/056.png
https://s.pstatic.net/static/newsstand/up/2021/0211/nsd02321523.png
https://ssl.pstatic.net/tveta/libs/assets/js/pc/main/min/pc.veta.core.min.js?20180423
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/904.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/327.png
https://s.pstatic.net/shopping.phinf/20210617_13/fd5efaed-7099-43ad-9b5a-09dfccbbed2c.jpg?type=f214_292
https://ssl.pstatic.net/tveta/libs/1341/1341125/9c4b5a0979c9f8caeb34_20210611112539692.jpg
https://www.naver.com/include/themecast/targetAndPanels.json
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/944.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/028.png
https://siape.veta.naver.com/fxview?eu=EU10041888&calp=-&oj=A4YjrwVVtw9x8cfS51TDuuTUESv6aiVVnzgGMQnXCF%2BHEGhVxjvVFuhDQj27VaUV6VKgREjU%2Fp3g24zZF%2BKFEA&ac=8341255&src=5121729&evtcd=P100&x_ti=1308&tb=&oid=&sid1=&sid2=&rk=a8fd8c9276439921b0b1a82ad60979fd&eltts=hYIUruvA3AVukR0kYduGDg%3D%3D&brs=Y&&eid=V800&dummy=0.34226408254480073
|
18
s.pstatic.net(104.109.240.206)
lcs.naver.com(210.89.172.40)
l.www.naver.com(223.130.193.11)
siape.veta.naver.com(23.50.3.12)
www.naver.com(23.50.3.12)
pm.pstatic.net(104.109.240.206)
ssl.pstatic.net(104.109.240.195)
static-whale.pstatic.net(211.216.46.13)
castbox.shopping.naver.com(210.89.168.33)
43.250.152.35
210.89.168.139
43.250.152.46
125.209.222.142 - mailcious
210.89.172.40
210.89.168.68
117.52.137.136
183.111.26.117
101.79.137.172
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8964 |
2021-06-17 13:20
|
 jgfz.jpg 51c10802ed8cbcb4850a602c43b691ec
PE File PE32 VirusTotal Malware DNS |
|
|
|
|
2.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8965 |
2021-06-17 13:22
|
 file.exe 09634fc320a841c03969036e6b348a2f
Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed |
|
|
|
|
3.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8966 |
2021-06-17 13:24
|
 hope.exe d43338c66b34e2d4e15b090aeb58401c
Emotet Antivirus PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process WriteConsoleW Interception ComputerName Remote Code Execution DNS crashed |
|
|
|
|
5.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8967 |
2021-06-17 13:28
|
 lv.exe 643ac999a87cb24d6e1362e1112a9ae7
Emotet Gen1 Raccoon Stealer Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiV VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed |
|
1
FPPEOCCamBGuvLAAwFRiJhA.FPPEOCCamBGuvLAAwFRiJhA()
|
|
|
8.0 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8968 |
2021-06-17 13:34
|
https://www.naver.com/ a1083e2e3bdef28aab0e42c012744d01
Http API Internet API ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Steal credential Downloader P2P persistence AntiDebug AntiVM JPEG Format PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
173
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0609%2Fupload_1623229675511UmTW1.jpg%22&type=nf464_260
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/214.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/293.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/031.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_16233864370909ND83.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/308.png
https://s.pstatic.net/static/www/mobile/edit/2021/0615/cropImg_728x360_65675052137597018.jpeg
https://lcs.naver.com/m?u=https%3A%2F%2Fwww.naver.com%2F&e=&os=Win64&ln=ko&sr=1365x1024&pr=1&bw=1343&bh=899&c=24&j=Y&k=Y&i=&ls=FKMSEQ5LXMWF6&connectEnd=1623903394830&connectStart=1623903394830&domComplete=1623903402288&domContentLoadedEventEnd=1623903402288&domContentLoadedEventStart=1623903402249&domInteractive=1623903395544&domLoading=1623903395544&domainLookupEnd=1623903394830&domainLookupStart=1623903394830&fetchStart=1623903394830&loadEventEnd=1623903402358&loadEventStart=1623903402303&msFirstPaint=1623903398689&navigationStart=1623903394828&requestStart=1623903394830&responseEnd=1623903395308&responseStart=1623903394830&pan=FARM&pid=69929ecc80d7bfd1bca459349277beb6&ts=1623903402641&EOU
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/005.png
https://s.pstatic.net/shopping.phinf/20210616_8/6e3a70bc-7191-4f70-992e-f065551d3d01.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/up/2020/0730/nsd13728808.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/079.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/979.png
https://ssl.pstatic.net/tveta/libs/1339/1339306/29dd972b759ea892de5e_20210517130848184.jpeg
https://s.pstatic.net/static/newsstand/up/2020/1228/nsd1681569.png
https://ssl.pstatic.net/tveta/libs/1287/1287046/a8abf23745420444913b_20210610115236170.jpg
https://www.naver.com/include/newsstand/press_info_data.json
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/029.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0427%2Fupload_1619485557332ZcXHs.jpg%22&type=nf464_260
https://s.pstatic.net/static/newsstand/up/2020/0903/nsd185255316.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_1623389509682SR3W3.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/241.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_1623374527599YC80V.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/018.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/376.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0610%2Fupload_16232866163974yrQy.jpg%22&type=nf464_260
https://s.pstatic.net/imgshopping/static/sb/css/shopboxR0014_v6.css?v=2021060717
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/966.png
https://s.pstatic.net/shopping.phinf/20210614_23/88f68a29-4e0c-49d9-97c0-19cb2f02a500.jpg?type=f214_292
https://ssl.pstatic.net/sstatic/search/pc/img/sp_autocomplete_4d068feb.png
https://ssl.pstatic.net/tveta/libs/external/js/jquery-1.8.0.min.js?20170206
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/314.png
https://ssl.pstatic.net/tveta/libs/assets/css/pc/main/min/main_topic_darkmode.min.css?20200601
https://s.pstatic.net/shopping.phinf/20210617_13/cdbe3dca-afb6-4693-a24b-2cb1a52a3a4b.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/814.png
https://siape.veta.naver.com/fxshow?su=SU10640&nrefreshx=0
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/328.png
https://pm.pstatic.net/dist/js/nmain.ie.3da6ab3e.js?o=www
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/021.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/081.png
https://s.pstatic.net/static/www/mobile/edit/2021/0615/cropImg_196x196_65674526845840204.jpeg
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/366.png
https://siape.veta.naver.com/fxshow?su=SU10561&da_dom_id=p_main_farm_1&tb=FARM_1&calp=-&rui=1623903402442&main_svt=20210617131646
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/016.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/951.png
https://s.pstatic.net/static/newsstand/up/2020/0708/nsd94830278.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/938.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/038.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/025.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png
https://s.pstatic.net/static/www/mobile/edit/2021/0615/cropImg_196x196_65674581452571603.jpeg
https://ssl.pstatic.net/tveta/libs/1341/1341125/0f312081cbb3c50390a6_20210607231429788.jpg
https://www.naver.com/
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/993.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/422.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/243.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/144.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/956.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/957.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/011.png
https://siape.veta.naver.com/fxshow?su=SU10601&nrefreshx=0
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/123.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_1623374750128pj30c.jpg%22&type=nf340_228
https://ssl.pstatic.net/tveta/libs/assets/js/pc/main/min/pc.veta.core.min.js?20170222
https://s.pstatic.net/static/newsstand/up/2020/0928/nsd125033437.png
https://s.pstatic.net/static/newsstand/up/2021/0211/nsd0427277.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0610%2Fupload_1623286977862Nbud0.jpg%22&type=nf464_260
https://s.pstatic.net/shopping.phinf/20210617_4/ef0c77ca-fdc5-4ffc-afe1-aee0fb4dbdea.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/310.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/006.png
https://s.pstatic.net/imgshopping/static/sb/js/jquery/jquery-1.12.4.min_v1.js?v=2021060717
https://s.pstatic.net/static/www/mobile/edit/2021/0615/cropImg_196x196_65674848978147535.png
https://l.www.naver.com/l?SOU&svcOnList=&act=PC.lcs&ts=1623903402352&svr=&EOU
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/076.png
https://pm.pstatic.net/dist/css/nmain.20210601a.css
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/326.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_1623374456980Nucr1.jpg%22&type=nf340_228
https://siape.veta.naver.com/fxshow?su=SU10641&nrefreshx=0
https://siape.veta.naver.com/fxshow?su=SU10562&da_dom_id=p_main_farm_2&tb=FARM_1&calp=-&rui=1623903402440&main_svt=20210617131646
https://s.pstatic.net/shopping.phinf/20210617_8/9c63483b-4d66-4890-8709-8c94ddfe9a35.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/014.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/941.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/940.png
https://s.pstatic.net/shopping.phinf/20210614_12/5bc618a5-370d-4898-99bd-fd05d0850424.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/988.png
https://siape.veta.naver.com/fxshow?su=SU10599&nrefreshx=0
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/052.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/981.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/311.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/925.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_1623375379762RBFiC.jpg%22&type=nf340_228
https://ssl.pstatic.net/tveta/libs/1343/1343063/4d544741b608732a14b4_20210610102447004.jpg
https://s.pstatic.net/imgshopping/static/sb/js/sb/shopboxS04_v1.js?v=2021060717
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/015.png
https://s.pstatic.net/imgshopping/static/sb/js/sb/nclkS02_v1.js?v=2021060717
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/989.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/117.png
https://s.pstatic.net/shopping.phinf/20210615_14/af56029f-9cee-4d67-9b91-a433771fc069.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/055.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/539.png
https://s.pstatic.net/shopping.phinf/20210611_26/22bb377e-2a89-405c-910c-2b8f75955611.jpg?type=f214_292
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0610%2Fupload_1623311043431tDloM.jpg%22&type=nf340_228
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/028.png
https://siape.veta.naver.com/fxview?eu=EU10041892&calp=-&oj=ZagUyei1lSg7WCFdimRBaeTUESv6aiVVnzgGMQnXCF%2BHEGhVxjvVFuhDQj27VaUVHjAH9nAgq09ky7%2BjPZBVcA&ac=8336263&src=5102743&evtcd=P100&x_ti=1312&tb=&oid=&sid1=&sid2=&rk=50420967e49075d3b06b809cd8ce7ecb&eltts=ME8vozXxvbr%2FYUZwXtZdrw%3D%3D&brs=Y&&eid=V800&dummy=0.26427351802842125
https://s.pstatic.net/shopping.phinf/20210616_24/37436d38-7acb-4a86-8b47-9e8088110922.jpg?type=f214_292
https://castbox.shopping.naver.com/shoppingboxnew/main.nhn
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/009.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/020.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0610%2Fupload_1623310271542VLc8t.jpg%22&type=nf340_228
https://s.pstatic.net/static/www/img/uit/2021/sp_shop_bffdc9.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/008.png
https://pm.pstatic.net/dist/js/search.ie.3388b3fe.js?o=www
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/819.png
https://ssl.pstatic.net/tveta/libs/1342/1342207/0e9c89a0484e434dd2ca_20210603100715356.jpg
https://s.pstatic.net/static/newsstand/up/2021/0316/nsd103953129.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/808.png
https://s.pstatic.net/static/www/img/uit/2021/sp_weather_time_5f2bbb.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/803.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/044.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/932.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/922.png
https://s.pstatic.net/shopping.phinf/20210614_16/cf7d8eeb-34e2-422e-a431-f07ce1d605db.jpg
https://ssl.pstatic.net/tveta/libs/assets/js/common/min/probe.min.js
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/002.png
https://ssl.pstatic.net/tveta/libs/assets/js/pc/main/min/pc.veta.core.min.js?20180423
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/911.png
https://s.pstatic.net/shopping.phinf/20210616_11/1d0205f2-0b3e-4dc2-8df9-efcad2c9f75b.jpg?type=f214_292
https://ssl.pstatic.net/tveta/libs/res/www/native/sp_main_topic_darkmode.png
https://ssl.pstatic.net/tveta/libs/assets/js/pc/main/min/pc.veta.core.min.js
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/139.png
https://ssl.pstatic.net/sstatic/search/pc/css/sp_autocomplete_210318.css
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/030.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/368.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/955.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/277.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/047.png
https://s.pstatic.net/static/www/img/uit/2021/sp_main_4efc7a.png
https://ssl.pstatic.net/tveta/libs/external/js/jquery-1.8.0.min.js?20171121
https://s.pstatic.net/shopping.phinf/20210607_7/b1c57fcd-6b2b-445e-bb49-7a3aff7ee8e8.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/057.png
https://s.pstatic.net/static/newsstand/up/2021/0222/nsd13325188.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/330.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/215.png
https://ssl.pstatic.net/tveta/libs/assets/css/pc/common/min/common.min.css?20181108
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/032.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/022.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0608%2Fupload_1623116896774YeJ46.jpg%22&type=nf464_260
https://siape.veta.naver.com/fxview?eu=EU10041888&calp=-&oj=A4YjrwVVtw9x8cfS51TDuuTUESv6aiVVnzgGMQnXCF%2BHEGhVxjvVFuhDQj27VaUVHjAH9nAgq09ky7%2BjPZBVcA&ac=8340497&src=5116679&evtcd=P100&x_ti=1308&tb=&oid=&sid1=&sid2=&rk=2e8486356f06eff06ce64d5b8305e13b&eltts=ME8vozXxvbr%2FYUZwXtZdrw%3D%3D&brs=Y&&eid=V800&dummy=0.334669190044085
https://ssl.pstatic.net/tveta/libs/res/www/common/info/da_access.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/003.png
https://s.pstatic.net/shopping.phinf/20210615_20/7df6ec18-f43f-4218-b477-be68bc2ef218.jpg?type=f214_292
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/122.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/970.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/913.png
https://siape.veta.naver.com/fxshow?su=SU10642&nrefreshx=0
https://ssl.pstatic.net/tveta/libs/assets/css/pc/main/min/new_timeboard.min.css?20181108
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/092.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/825.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/361.png
https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2021%2F0611%2Fupload_1623392471841nkB2n.jpg%22&type=nf464_260
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/804.png
https://s.pstatic.net/shopping.phinf/20210601_5/8ef32be0-8a7d-49c7-aede-53a124705a01.jpg
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/056.png
https://static-whale.pstatic.net/main/sprite-20201210@2x.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/930.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/904.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/327.png
https://s.pstatic.net/static/newsstand/up/2020/0610/nsd151458769.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/948.png
https://s.pstatic.net/static/newsstand/2020/logo/light/0604/959.png
https://www.naver.com/include/themecast/targetAndPanels.json
https://ssl.pstatic.net/tveta/libs/1332/1332967/68b9d02b1cd08603ce61_20210614104648347.jpg
|
18
s.pstatic.net(23.40.44.200)
lcs.naver.com(210.89.172.40)
l.www.naver.com(210.89.172.9)
siape.veta.naver.com(104.109.244.187)
www.naver.com(104.109.244.187)
pm.pstatic.net(23.40.44.200)
ssl.pstatic.net(23.40.44.189)
static-whale.pstatic.net(101.79.137.157)
castbox.shopping.naver.com(117.52.137.136)
183.111.26.25
223.130.195.200
125.209.230.238
210.89.168.70
101.79.137.169
210.89.172.9
43.250.152.62
117.52.137.136
43.250.152.22
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8969 |
2021-06-17 13:35
|
 Document%2076896654.xls 608d89a9afafdce353965d9ee16bd433
VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself Tofsee DNS crashed |
10
https://arteecaligrafia.com.br/imagens/fotos/thumbs/MupJ4cZzxoElmn.php
https://fitzgeraldstreet.com/ap-photos/themes/modus/css/fontello/1j5yZLSi4VE.php
https://blog.bitz.pe/wp-content/plugins/wpforms-lite/vendor/goodby/csv/src/Goodby/CSV/Import/Protocol/Exception/M7yde0cw.php
https://adamjeecommodities.com/wp-content/themes/adamjeecom/inc/options/kUQIZCFicsJ.php
https://limarija-das.hr/wp-content/plugins/wp-optimize/js/handlebars/CJrMovjhM.php
https://ahdmsport.com/bootstrap/scripts/_notes/Xwi4K0BrmwX6hf.php
https://courieradmin.phebsoft-team.com/svg/ot0fUe27YMmQ.php
https://tricommanagement.org/fonts/font-awesome-4.7.0/css/zhk1GWedvcwJJJ.php
https://sierraimoveis.com.br/manager/bower_components/bootstrap/less/mixins/BpZbPd8mY0.php
https://steijnborg.mobilitum.com/wp-content/themes/twentytwentyone/template-parts/content/WjovFkpG3.php
|
19
limarija-das.hr(185.58.73.16)
ahdmsport.com(104.255.169.179)
courieradmin.phebsoft-team.com(144.91.77.124)
fitzgeraldstreet.com(162.253.125.64)
steijnborg.mobilitum.com(51.68.175.88)
blog.bitz.pe(69.10.44.242)
arteecaligrafia.com.br(191.252.138.153)
sierraimoveis.com.br(191.252.106.110)
adamjeecommodities.com(18.136.132.202)
tricommanagement.org(18.136.132.202)
144.91.77.124
185.58.73.16 - mailcious
104.255.169.179 - mailcious
191.252.138.153 - mailcious
162.253.125.64 - mailcious
69.10.44.242
191.252.106.110 - mailcious
51.68.175.88
18.136.132.202 - phishing
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
5.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8970 |
2021-06-17 13:35
|
 win32.exe 983ddc2bc9503302e5ca3ff855d21763
PWS Loki[b] Loki[m] .NET framework Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software |
|
2
eyecos.ga(134.209.252.127) - mailcious
134.209.252.127
|
1
ET INFO DNS Query for Suspicious .ga Domain
|
|
14.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|