| 9256 |
2023-10-28 12:58
|
 HDV.txt.exe cb9088db397e3a4cc261a65902056464
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
4
api.ipify.org(104.237.62.212)
api.telegram.org(149.154.167.220)
64.185.227.156
149.154.167.220
|
6
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
ET HUNTING Telegram API Domain in DNS Lookup
|
|
5.2 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9257 |
2023-10-28 12:58
|
 HCR.txt.exe 910000304ded0b7d71f772a41e697d72
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
3.8 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9258 |
2023-10-28 12:58
|
 GSW.txt.exe 584252105f5f7f2ab0bad8d1cc9a1bd4
Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(104.237.62.212)
64.185.227.156
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9259 |
2023-10-28 12:54
|
HTMLIEbrowserhistory.vbs a32dfa1497c07d6c81f1c0ca839cbf03
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/qm3k3
https://uploaddeimagens.com.br/images/004/634/676/original/rumpe.jpg?1697053529
http://192.3.64.154/9080/GSW.txt
|
5
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
182.162.106.33 - malware
172.67.187.200 - mailcious
172.67.215.45 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9260 |
2023-10-28 12:51
|
HTMLIEBrowserHistorycleaner.dO... 1276da2350d722faf931038319ea6613
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9261 |
2023-10-28 12:49
|
HTMLxlaIEbrowser.dOC 2dd55c2a09a20b395c4034c934651113
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
3
http://185.254.37.174/xlaexpoittt.vbs
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/hgAnq
|
6
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
182.162.106.32
172.67.187.200 - mailcious
185.254.37.174 - mailcious
172.67.215.45 - malware
|
3
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
|
|
4.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9262 |
2023-10-28 12:47
|
HTMLIEBrowserhistory.doc f7b8200be0d768ab8fdc7ef3203267e8
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed |
|
|
|
|
2.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9263 |
2023-10-28 12:46
|
 setup.exe 9d3ff29bb3a7834ecab9d30a29f38bf4
Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Remote Code Execution Cryptographic key |
|
|
|
|
5.8 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9264 |
2023-10-28 12:46
|
 marikolock2.1.exe 1b4bc7eb054142c70e87755de845e039
NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
3
http://www.517912.com/t6tg/?9r4P2=x+Kv6xpWcNesBkKfTwjNPM0LnGFvN7+CPVZKKdjbvYvOGsJKnhF5jBVeRF44UVI4ghuUdA3c&EjU4Sz=fdMTVRIPlB
http://www.promushealth.com/t6tg/?9r4P2=7tYymCvuwOydaUuPNkovhG/t52+K0Kp+Kp8xcgM9C2uQN+XKa74YZrRvofV08ZJStB5H4sxz&EjU4Sz=fdMTVRIPlB
http://www.uzmayaqoob.com/t6tg/?9r4P2=XP7jkasqkgrWx1C3rIh2LMmDsrx9AEXuv+yJvInbJHFGDwSK0i3nVRBGHVeWBLS+d5Gq1e4Y&EjU4Sz=fdMTVRIPlB
|
7
www.promushealth.com(81.17.29.148)
www.uzmayaqoob.com(154.49.142.142)
www.517912.com(38.47.227.76)
www.ficylkghv.com()
38.47.227.76
63.141.242.46
154.49.142.142
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9265 |
2023-10-28 12:44
|
Yqmx.vbs 3575c1d07813dd220063c02c664d1827
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/WsZmE
https://uploaddeimagens.com.br/images/004/634/676/original/rumpe.jpg?1697053529
http://193.42.33.51/myn.txt
|
5
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
104.21.84.67 - malware
172.67.215.45 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9266 |
2023-10-28 12:43
|
HTMLDesginBrowserInternet.dOC c6f17e9d8c72950b1100f1ab9c3ab77d
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
2.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9267 |
2023-10-28 12:42
|
HTMLIEBrowserHistory.vbs 56238116f5d9877c000e6431306d0071VirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9268 |
2023-10-28 12:41
|
 audiodgse.exe bbf6104b2b2953e63d98daf9c6fec2b1
LokiBot UPX .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(104.237.62.212)
173.231.16.77
|
4
ET INFO TLS Handshake Failure
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9269 |
2023-10-28 12:39
|
HTMLDesginbrowser.vbs b32067242d7b194386069c8cf33741dfVirusTotal Malware buffers extracted wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9270 |
2023-10-28 12:38
|
HTMLIEbrowserHistoryClean.doc 5ad1dfb31daa5015f4fdc8af08b50ae9
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|