| 916 |
2020-07-23 16:36
|
test.js bbd1e04bc2f5b8bfc2ba8d651edccf7a
malicious URLs crashed |
|
|
|
|
1.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 917 |
2020-07-23 16:51
|
c926c7de61dd7fe8_name.exe 26215c779ed936ff0a62924e15602969
VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows |
|
|
|
|
6.0 |
M |
19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 918 |
2020-07-24 11:02
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed |
7
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/main.jsp
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
6
www.nalara1220.o-r.kr(35.226.40.154)
ie9cvlist.ie.microsoft.com(117.18.232.200)
ajax.googleapis.com(172.217.175.234)
117.18.232.200
216.58.221.234
35.226.40.154
|
|
|
3.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 919 |
2020-07-24 11:03
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.175.234)
172.217.161.138
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 920 |
2020-07-24 11:05
|
mes_GD5559.doc 8a772a0c761c9e8341ff2b004e98e275
Vulnerability VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 921 |
2020-07-24 14:15
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(216.58.197.138)
216.58.200.10
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 922 |
2020-07-24 14:20
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.202)
172.217.174.202
35.226.40.154
|
|
|
2.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 923 |
2020-07-24 14:25
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122
Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
6
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/main.jsp
|
4
www.nalara1220.o-r.kr(35.226.40.154)
ajax.googleapis.com(172.217.25.202)
172.217.24.74
35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 924 |
2020-07-24 17:03
|
http://3.234.249.4/nass.exe d38d581e5121cf771f9324ab15c7c29a
VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
http://3.234.249.4/nass.exe
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
1
|
3
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 925 |
2020-07-24 17:06
|
cursor.png.exe 0c84e3949e3e8908425b234112350e0f
Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself malicious URLs Kovter ComputerName DNS |
5
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
https://185.99.2.66/tot774/WIN7-PC_W617601.2BCE833F2CFCD82352C920360F3C5FD1/5/spk/
|
6
131.161.253.190
134.119.191.21
185.99.2.66
5.1.81.68
51.81.112.144
91.235.129.20
|
4
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 3
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 926 |
2020-07-24 18:36
|
FILE_3J39WXUI4VR.doc da20b2dd780f1fd677465123adfec8d6
Vulnerability VirusTotal Malware unpack itself |
4
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
|
|
|
2.8 |
M |
30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 927 |
2020-07-24 18:37
|
BAL_VYM_070120_CRY_072320.doc 57729287c932cb6e7c1224615a6870d1
Vulnerability VirusTotal Malware unpack itself |
4
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba
http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
|
|
|
|
2.6 |
M |
27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 928 |
2020-07-24 21:50
|
https://tenders-dz.com/license... 2ba9f02e8685e6d19b5386513083ce64
Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
1
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 929 |
2020-07-24 21:50
|
Letter 07-24-2020.exe ab4c1217935f026ffae7a6abd9a3ade5
VirusTotal Malware Code Injection buffers extracted unpack itself malicious URLs sandbox evasion crashed |
|
|
|
|
6.2 |
|
35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 930 |
2020-07-24 22:16
|
http://www.agarca.donaines.pt/... 6728e83545ea749e33ad6e83f90b6ba6
VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
1
http://www.agarca.donaines.pt//templates/beez3/VazBBV.exe
|
1
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|