9151 |
2023-08-24 03:41
|
11-21-1183-04-00bi-device-fing... a5d5c45e3bd16c3507e766a6df7592f0 ZIP Format unpack itself |
|
|
|
|
0.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9152 |
2023-08-23 18:46
|
000000000000000000000000000%23... dcbcfd6de58204d8a29f0d173e88e34d MS_RTF_Obfuscation_Objects RTF File doc exploit crash Exploit DNS crashed |
|
1
107.172.148.208 - mailcious
|
|
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9153 |
2023-08-23 18:12
|
000000000000000000000000000%23... dcbcfd6de58204d8a29f0d173e88e34d MS_RTF_Obfuscation_Objects RTF File doc exploit crash unpack itself Exploit DNS crashed |
|
1
107.172.148.208 - mailcious
|
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9154 |
2023-08-23 17:31
|
x.vbs 3f6bf228afaad7e9e49b3502801f3b40 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://192.3.216.144/test/ChromeSetup.exe
|
|
|
|
5.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9155 |
2023-08-23 17:27
|
idex.vbs 184a8350f23b2b74fc1877165fd75dbb Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/idesh.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 121.254.136.27
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9156 |
2023-08-23 17:27
|
afk.vbs 394cb016b49972ef3d60a438b0ba7600 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/afrique.txt
|
4
uploaddeimagens.com.br(172.67.215.45) - malware 121.254.136.27
104.21.45.138 - malware
45.33.6.223
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9157 |
2023-08-23 17:25
|
CompPkgSrv.exe b21b7a7c3470ec539fbfb187a361c894 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
files.catbox.moe(108.181.20.35) - malware 108.181.20.35 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9158 |
2023-08-23 17:25
|
receipt_231123.vbs 5209552db61b19cc3dcffe60168f4359 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://192.210.175.4/lime/ivr/update.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 121.254.136.27
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9159 |
2023-08-23 17:23
|
smito.vbs 731185eac99c29852de43d3bd7c1a79f Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/smit.txt
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 61.111.58.35 - malware
108.181.20.35 - mailcious
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9160 |
2023-08-23 17:23
|
smss.exe 6611d09b189022dc685a871698f02144 .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9161 |
2023-08-23 17:21
|
hueyzx.exe 4a6361df182ee84fb216f44262105ddc .NET framework(MSIL) PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious TLD ComputerName DNS |
3
http://www.dyeraoriginal.com/tiam/?yV=x1j5fowc2y49z3JbUDsRqHv/cgZtdqPsKlNbPf5hyBW/p+SgUw8W4oDxxiKg/GFR4snRjr8Qj2JspeU29wx74WMq4daUCC2QZAthNUw=&6q6=D-rLjrPtPOSzf http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip http://www.dyeraoriginal.com/tiam/
|
5
www.miyekc.top(38.181.22.138) www.dyeraoriginal.com(93.184.77.58) 38.181.22.138 93.184.77.58 45.33.6.223
|
1
ET DNS Query to a *.top domain - Likely Hostile
|
|
10.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9162 |
2023-08-23 17:21
|
CompPkgSrv.exe 9b3c1edaa709d4ab07401fae17223b60 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
files.catbox.moe(108.181.20.35) - malware 108.181.20.35 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9163 |
2023-08-23 17:19
|
soman.exe 25ea22fd38b4c9529f7443250622e910 Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 DLL VirusTotal Malware PDB Code Injection Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution |
|
|
|
|
4.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9164 |
2023-08-23 17:18
|
pee.vbs 70473f7851537bd689bab2ac33325091 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://185.216.71.134/pee.txt
|
4
uploaddeimagens.com.br(172.67.215.45) - malware 156.236.72.121 - mailcious
61.111.58.34 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9165 |
2023-08-23 17:16
|
weobmaaaa.vbs 9103ec9c65ba23dc4ff1dbe225475806 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://94.156.253.236/obmaa.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 61.111.58.34 - malware
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|