| 9226 |
2023-10-31 07:55
|
 more_page.hta 27201c15277b2147ec45620e60e73833
Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9227 |
2023-10-31 07:48
|
 jujukhanis2.1.exe 4dca2433d6524869e26cda42d6aac35a
NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.umertazkeer.com/ju29/?0nGP-6=qL/w1+MBvm8GoMYX5IhFQmgMppJTUe9u/duKotMyUJF4p+ww3IubNw5rhrvFOtNFijYs9Y2C&JXULWR=RX0xlPZ8UPmL7V6P
http://www.glocraze.com/ju29/?0nGP-6=gDkZXs7NveHu4EW0skg7wBT+4b2V8qQlIvFf+hRei/lqZM1GklKH3GG4bPd4M6MmprPp+Vw1&JXULWR=RX0xlPZ8UPmL7V6P
http://www.gaming-chairs-vn-vi-2885437.fyi/ju29/?0nGP-6=jZmXybCgFR2uD0ejxMDWyZKNvc7QdVfFN8JL5WlE97s3Bg4Qi+fVSOqduvGFqlRkfw/fGckr&JXULWR=RX0xlPZ8UPmL7V6P
http://www.sklm888.com/ju29/?0nGP-6=n8Crfq8u97ohQJzT+GN2bIuprmrMns3qA2cyB53CLK5Nkn3ik8XJfCdpmXkpj8M2YodcTKUz&JXULWR=RX0xlPZ8UPmL7V6P
|
8
www.sklm888.com(108.186.24.175)
www.umertazkeer.com(103.224.212.216)
www.gaming-chairs-vn-vi-2885437.fyi(104.17.157.1)
www.glocraze.com(15.197.148.33)
15.197.148.33
103.224.212.216
104.17.157.1
108.186.24.175
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9228 |
2023-10-31 07:47
|
 sorta.exe 18db9adba53b6a650a413dce3dde8677
Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
5.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9229 |
2023-10-31 07:46
|
 macsilon2.1.exe acae22d54a60cda3e945eb605b2e0d79
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.ssongg13026.cfd/t6tg/?hB9=Nmqux/666XlLtJ3WEKzUk3EHj+ftlkJxJixPq7eQ/k8b2WLLehoT1axEI2nKmBLwOwlBSnRz&lN68=VTRPbxUh6tHTgV - rule_id: 37346
http://www.g7bety.com/t6tg/?hB9=tJCug8916Nk3qwpVWxazfba7U2UvaJXJwG1WTz0cOvag2M7/5zn5sibdV7VYkPm4YwuRNFZo&lN68=VTRPbxUh6tHTgV
http://www.lobby138.monster/t6tg/?hB9=3b8u1mK8VHbHBfK/UsLoDkPDaVA31KqbuvBNGor4kXVmAL21gM7ZM3KDEr8Jm2Spn741Hpzt&lN68=VTRPbxUh6tHTgV
http://www.fem-studio.com/t6tg/?hB9=wO01AVbbXSVLf6qO03SX5K+SMOPGPZyPLFmMZ0U48re65Y/5ubB6fIycEVvycH59j+ia3nP/&lN68=VTRPbxUh6tHTgV
|
9
www.ssongg13026.cfd(101.32.68.183) - mailcious
www.abstractcertify.com() - mailcious
www.lobby138.monster(91.195.240.123)
www.g7bety.com(172.67.171.189)
www.fem-studio.com(192.0.78.211)
101.32.68.183 - mailcious
91.195.240.123 - mailcious
172.67.171.189
192.0.78.185
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.ssongg13026.cfd/t6tg/
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9230 |
2023-10-31 07:44
|
 timeSync.exe fdb2e9bda9e3a6b19c2b7246b8b6eb57
Malicious Library UPX PE File PE32 OS Processor Check unpack itself |
|
|
|
|
0.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9231 |
2023-10-30 21:16
|
 0cae8683e3d3e6ba8812f8d0d3e34b... 0cae8683e3d3e6ba8812f8d0d3e34b9d
NSIS Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 MSOffice File DLL PNG Format BMP Format JPEG Format VirusTotal Malware MachineGuid Code Injection Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
|
3
dsapi.io()
download.studio(141.255.166.101)
141.255.166.101
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
7.4 |
|
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9232 |
2023-10-30 18:02
|
 uwp4098462.png.exe c07745eb39de5a4c568de93d1e264840
Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9233 |
2023-10-30 17:51
|
 사이버안전참고자료.doc 04a0505cc45d2dac4be9387768efcb7c
VBA_macro Generic Malware MSOffice File Lnk Format GIF Format Malware download Kimsuky VirusTotal Malware Campaign Creates shortcut Creates executable files exploit crash unpack itself North Korea Exploit crashed |
1
http://yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php?query=1
|
2
yanggucam.designsoup.co.kr(121.78.88.79) - mailcious
121.78.88.79 - mailcious
|
3
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
|
|
4.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9234 |
2023-10-30 17:50
|
주요도시 시장가격 조사2023.lnk d1dc2db2956803de7eef7a76a6ac5cb2
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM Lnk Format GIF Format PowerShell .NET VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Interception Windows Exploit ComputerName Cryptographic key crashed |
2
http://app.documentoffice.club/salt_view_doc_words?user=H11I75PFF0ZG53NDG00H64OE
https://dl.dropboxusercontent.com/scl/fi/h7p5aearkbq6rnb2oh633/20231028_selca.zip
|
4
dl.dropboxusercontent.com(162.125.84.15) - malware
app.documentoffice.club(84.32.131.104)
162.125.84.15 - malware
84.32.131.104
|
2
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9235 |
2023-10-30 17:50
|
 rbxfpsunlocker.exe 559e4b863c9736d6dd81b67a1c7c51e9
Gen1 Emotet Generic Malware Malicious Library UPX ASPack PE File PE64 OS Processor Check DLL DllRegisterServer dll ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself Ransomware crashed |
|
|
|
|
3.6 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9236 |
2023-10-30 17:47
|
 MAW.txt.exe edc9b4f305d1232558161d5e8d466dd5
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9237 |
2023-10-30 17:45
|
 KEW.txt.exe 2630f19eed1e2899a652c10f5edf1532
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9238 |
2023-10-30 17:45
|
 setup.exe a90f2872c6e2a825cbf315f65c530369
Malicious Library PE File PE32 WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName |
|
|
|
|
3.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9239 |
2023-10-30 17:42
|
 203.exe b4c67afbce5715b8bc9c3b652564ee22
Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware DNS |
1
|
2
guhomush.pw(172.67.129.141)
172.67.129.141 - mailcious
|
4
ET DNS Query to a *.pw domain - Likely Hostile
ET INFO HTTP Request to a *.pw domain
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
|
|
8.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9240 |
2023-10-30 17:42
|
HTMLHisotoryCleaner.dOC baf31ab5eb242de4b7deb9bc7864f08f
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Wrong direction first Data
|
|
2.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|