916 |
2020-07-23 16:36
|
test.js bbd1e04bc2f5b8bfc2ba8d651edccf7a malicious URLs crashed |
|
|
|
|
1.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
917 |
2020-07-23 16:51
|
c926c7de61dd7fe8_name.exe 26215c779ed936ff0a62924e15602969 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows |
|
|
|
|
6.0 |
M |
19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
918 |
2020-07-24 11:02
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
www.nalara1220.o-r.kr(35.226.40.154) ie9cvlist.ie.microsoft.com(117.18.232.200) ajax.googleapis.com(172.217.175.234) 117.18.232.200 216.58.221.234 35.226.40.154
|
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
919 |
2020-07-24 11:03
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(172.217.175.234) 172.217.161.138 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
920 |
2020-07-24 11:05
|
mes_GD5559.doc 8a772a0c761c9e8341ff2b004e98e275 Vulnerability VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
921 |
2020-07-24 14:15
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(216.58.197.138) 216.58.200.10 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
922 |
2020-07-24 14:20
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(172.217.25.202) 172.217.174.202 35.226.40.154
|
|
|
2.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
923 |
2020-07-24 14:25
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(172.217.25.202) 172.217.24.74 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
924 |
2020-07-24 17:03
|
http://3.234.249.4/nass.exe d38d581e5121cf771f9324ab15c7c29a VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://3.234.249.4/nass.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
3
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
925 |
2020-07-24 17:06
|
cursor.png.exe 0c84e3949e3e8908425b234112350e0f Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself malicious URLs Kovter ComputerName DNS |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 https://185.99.2.66/tot774/WIN7-PC_W617601.2BCE833F2CFCD82352C920360F3C5FD1/5/spk/
|
6
131.161.253.190 134.119.191.21 185.99.2.66 5.1.81.68 51.81.112.144 91.235.129.20
|
4
ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 3 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
926 |
2020-07-24 18:36
|
FILE_3J39WXUI4VR.doc da20b2dd780f1fd677465123adfec8d6 Vulnerability VirusTotal Malware unpack itself |
4
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
|
|
|
2.8 |
M |
30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
927 |
2020-07-24 18:37
|
BAL_VYM_070120_CRY_072320.doc 57729287c932cb6e7c1224615a6870d1 Vulnerability VirusTotal Malware unpack itself |
4
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
|
|
|
2.6 |
M |
27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
928 |
2020-07-24 21:50
|
https://tenders-dz.com/license... 2ba9f02e8685e6d19b5386513083ce64 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
929 |
2020-07-24 21:50
|
Letter 07-24-2020.exe ab4c1217935f026ffae7a6abd9a3ade5 VirusTotal Malware Code Injection buffers extracted unpack itself malicious URLs sandbox evasion crashed |
|
|
|
|
6.2 |
|
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
930 |
2020-07-24 22:16
|
http://www.agarca.donaines.pt/... 6728e83545ea749e33ad6e83f90b6ba6 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
1
http://www.agarca.donaines.pt//templates/beez3/VazBBV.exe
|
1
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|