| 9166 |
2023-11-02 10:30
|
 WJveX71agmOQ6Gw_1698762642.jpg... 83c130bed712ef7ac4297b9c9d5f70e9
Generic Malware Antivirus .NET DLL PE File DLL PE32 VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9167 |
2023-11-02 10:30
|
PuttyVbs-File0008765.vbs bb57207b20e143102f4256a708c71fd7
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523
http://107.175.113.212/file/PuttyLinks.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9168 |
2023-11-02 10:30
|
 Limebase.txt.exe 22df9b6c3a71b8dbbdef5d5bd09e445f
UPX PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key crashed |
1
https://pastebin.com/raw/LJe9sUk5
|
3
pastebin.com(104.20.68.143) - mailcious
91.92.247.146
172.67.34.170 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9169 |
2023-11-02 10:28
|
 segun.txt.exe 35ebe9d6053db0a6fdb348068e27ef7f
Malicious Packer PE File PE32 .NET EXE |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9170 |
2023-11-02 10:12
|
 Klv-sailor-warzone123456.txt.e... 57c76226a25c44ea73d0ffd2b8258a56
Ave Maria WARZONE RAT Generic Malware Malicious Library UPX Malicious Packer Downloader PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Code Injection Check memory unpack itself suspicious process WriteConsoleW Windows Remote Code Execution DNS DDNS |
|
2
segun.ddns.net(185.106.123.197)
185.106.123.197
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
7.2 |
|
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9171 |
2023-11-02 10:11
|
Firefoxwzexefile.vbs 0b7f2e1c70bb997a5b6f1b0072c23679
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523
http://107.175.113.212/file/12345Warzone.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9172 |
2023-11-02 10:11
|
 12345Warzone.txt.exe 168457c869ff329fb895e314d1d8d61c
Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Remote Code Execution |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9173 |
2023-11-02 10:09
|
1stANzasWQA435786990Mqa9.js f757a1a6ca3595f7219e80540bcbbf52
Generic Malware Antivirus ActiveXObject PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://paste.ee/d/10dsb
https://imageupload.io/ib/WJveX71agmOQ6Gw_1698762642.jpg
|
4
paste.ee(104.21.84.67) - mailcious
imageupload.io(172.67.222.26) - malware
172.67.222.26 - malware
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9174 |
2023-11-02 10:09
|
 goblin.txt.exe faac5d3f56e2a6a204161fb0d29f49a6
Malicious Packer PE File PE32 .NET EXE |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9175 |
2023-11-02 10:08
|
 cred64.dll 0111e5a2a49918b9c34cbfbf6380f3f3
Malicious Library UPX Anti_VM PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion installed browsers check Windows Browser DNS Software |
1
http://167.235.20.126/bjdm32DP/index.php
|
1
|
|
|
7.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9176 |
2023-11-02 10:07
|
 clip64.dll 8da053f9830880089891b615436ae761
Amadey Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Malicious Traffic Checks debugger unpack itself DNS |
1
http://167.235.20.126/bjdm32DP/index.php
|
1
|
|
|
3.6 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9177 |
2023-11-02 10:05
|
HTMLIEbrowserHistorycache.vbs 857f884bf745995ea1ccd1275446201fVirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9178 |
2023-11-02 07:51
|
 IGCC.exe b559f853c534c533f75d09966aec1a81
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
5
http://www.vandistreet.com/sy22/?JjUdE2=ebYri2VV/sCK3b5rVJ3RboTDPGX+2LyTyMxHYnpzeShqSQ1cgB3Zd9ZvGXgE+e2ljlV5J+6Q&lzul=z8oHnHih3L
http://www.mysonisgaythemovie.com/sy22/?JjUdE2=baQ1Jiu1kKGnkWcWqUZaFlU8q1reSZBP3QoqfGarl6ST99PuZCC+LuBenV9+EE94CjhJ8idN&lzul=z8oHnHih3L
http://www.wb7mnp.com/sy22/?JjUdE2=D765QqECgZPQlxJkhVef5s22w98dFSb9s5LwarIZ8ZJKYWlk4eMvJUUamlKIenzgBZVLBjbY&lzul=z8oHnHih3L
http://www.apneabirmingham.info/sy22/?JjUdE2=4HdrVjvyCAjpwzRQohtfN1+WvaRYgcN/d2hMNM296+jHjR54/eGnykfMDUW9i7A7oyCaMEwY&lzul=z8oHnHih3L
http://www.sunspotplumbing.com/sy22/?JjUdE2=d6AqkGJ7bunbgmizHHRyxSnS+cE7N+DoqWC4nPxnpUsdFYm3pr534s62tX1C6jkDEl4YnzCY&lzul=z8oHnHih3L - rule_id: 36914
|
9
www.vandistreet.com(23.227.38.74)
www.apneabirmingham.info(109.68.33.25)
www.wb7mnp.com(15.197.148.33)
www.mysonisgaythemovie.com(154.220.76.62)
www.sunspotplumbing.com(15.197.148.33) - mailcious
23.227.38.74 - mailcious
3.33.130.190 - phishing
154.220.76.62 - mailcious
109.68.33.25 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.sunspotplumbing.com/sy22/
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9179 |
2023-11-02 07:48
|
 strakonaj2.1.exe 4cb44bd5d786a7f2b53fd6d9602a2b8c
NSIS Malicious Library UPX PE File PE32 OS Processor Check Check memory Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9180 |
2023-11-02 07:48
|
 hussanzx.exe 83cdb597d20acd75dd60840276ca77b1
.NET framework(MSIL) PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|