9391 |
2023-08-16 07:40
|
yugozx.exe d78d90977bd9addab19038a3367f7804 SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
2
cp5ua.hyperhost.ua(91.235.128.141) 91.235.128.141
|
|
|
13.0 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9392 |
2023-08-16 07:40
|
chromium.exe 013a719564fee962f64473767b1e8cd8 Formbook AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD |
2
http://www.sarthaksrishticreation.com/sy22/?MZkp=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&U4kp=Ntx0ULS8PBu8xJ0 http://www.91967.net/sy22/?MZkp=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&U4kp=Ntx0ULS8PBu8xJ0
|
5
www.91967.net(20.205.142.141) www.sofbks.top() - mailcious www.sarthaksrishticreation.com(119.18.49.69) 20.205.142.141 119.18.49.69
|
|
|
9.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9393 |
2023-08-16 07:39
|
Chromium.exe 6072355596f3a49926f9bffbaae67427 NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder |
20
http://www.vevo-verify.com/nfgh/?_ey6Y7KV=K2yRc8H61Fizziot+wAaIGReuben20woAXUbiL8kC1tHPZYiaT1bhCfTY68DJv8+vkAbSwoSWI++U5y8GrEWGoZVK+ah/BLoDqBCf84=&7j8ats=kq1V4 http://www.janus.news/nfgh/?_ey6Y7KV=om21+9jlNdVwizWKMyOwOcgZTTVPx7AW+kpYxaNLA/51OQzY8EK0dwCcOoJ5oU77kuc3Er/HpfN1MIi/ygtUQ6dJNUVMleWKxtrZk3Q=&7j8ats=kq1V4 http://www.blackgrow.info/nfgh/?_ey6Y7KV=Fdilm9Fv0i/sQbEB7FQsun2pvS5yrk/XwEUgJP4nxAf8zgeVWa0p8A3ZL9mAyR8s5o5tYV2/Oq1RaQhwyiqrWgliD70OCf03aFyMOxw=&7j8ats=kq1V4 http://www.janus.news/nfgh/ http://www.transportlogistcs.com/nfgh/ http://www.ui-un.com/nfgh/ http://www.doonc.xyz/nfgh/ http://www.farmacianovapiel.com/nfgh/ http://www.75788yh.com/nfgh/ http://www.blackgrow.info/nfgh/ http://www.rogerstrong.com/nfgh/ http://www.ui-un.com/nfgh/?_ey6Y7KV=AmGpwKuRxc8bHHe15LwrRZt1edDRh3/ZLr96RZEqFjC4vHfo0qPpVxDqqHKNJ4qb1mwHI/rYmgFv2V7cfI6bzvW/dqX3rTf9oN4JjQ8=&7j8ats=kq1V4 http://www.vevo-verify.com/nfgh/ http://www.transportlogistcs.com/nfgh/?_ey6Y7KV=I48GN28e5qahG4y85G7DM8qXZEpR7sT7s3p5IQi4xDWe9wNW5KItcrjWcTW27plcky8SnyoaJjmylDwHZRNeyBg4XGcOfWyBkwysn2s=&7j8ats=kq1V4 http://www.mydesigneredge.com/nfgh/?_ey6Y7KV=GRA49mVw8wTEHKukCy1MrvlPh5GXYKobPtHMU9EtIyL4NcFiD3dnRJ3ByPGmOHHNj1Cl7OvRHo6aJePyF3kLZg+l25KlUfGJwCmvXqk=&7j8ats=kq1V4 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.farmacianovapiel.com/nfgh/?_ey6Y7KV=aQ2+wXrFsT4PKb6IUbXxF91jc1vzz4V2VBOM//J2h+z49C7t0zsVYUB/PdXB1WXlbWV5WKs0ErGv8ZmkfHPk2yX6aUdn7ZJiZP+tUAI=&7j8ats=kq1V4 http://www.doonc.xyz/nfgh/?_ey6Y7KV=dTE0BQEHkFGG/SkWGN28vyxRNefs0id9vmFhGAhfs/R6ub5t9yre8RwDlrIoZnIbNffRia0Oqvkl/9i4946Fj4WMQnbXR3O3qhWOTas=&7j8ats=kq1V4 http://www.mydesigneredge.com/nfgh/ http://www.rogerstrong.com/nfgh/?_ey6Y7KV=Q5K08CeCEMvQeVdfBBxVFxMyMADfi+FGnpnIu5dQASurcnI8MumSrOOau8MPYF/qUbcRxwJxSFoDUB9kN0FsuB/toKK+h+v4kytl8fQ=&7j8ats=kq1V4
|
22
www.bitinu.tech() www.vevo-verify.com(142.44.226.116) www.janus.news(52.202.168.65) www.farmacianovapiel.com(162.144.239.6) www.75788yh.com(154.215.247.76) www.transportlogistcs.com(216.246.46.167) www.rogerstrong.com(154.80.136.151) www.doonc.xyz(91.195.240.123) www.ui-un.com(95.216.242.245) www.mydesigneredge.com(162.144.13.104) www.blackgrow.info(203.161.53.83) 45.33.6.223 54.161.241.46 216.246.46.167 95.216.242.245 154.80.136.151 142.44.226.116 91.195.240.123 - mailcious 162.144.13.104 154.215.247.76 203.161.53.83 - mailcious 162.144.239.6
|
|
|
4.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9394 |
2023-08-16 07:38
|
wininit.exe b3fc98596e410ebebb2c1f39007abaf5 Generic Malware UPX Malicious Library PE File PE32 DLL PE64 PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9395 |
2023-08-16 07:37
|
chromium.exe c1ac31ebcbfb8dc95d4eea6d4c95a474 .NET framework(MSIL) Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9396 |
2023-08-16 07:36
|
wininit.exe 7f162aac8d8d2af6c52e87a85a1547e5 Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
17
http://www.acdaiucdac.com/pta7/ - rule_id: 35847 http://www.playcups.life/pta7/ - rule_id: 35250 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip http://www.promptyum.com/pta7/?3KQc7=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35845 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.acdaiucdac.com/pta7/?3KQc7=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35847 http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.maytag36.com/pta7/?3KQc7=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35246 http://www.selfstorage.koeln/pta7/?3KQc7=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35247 http://www.applechiofficial.com/pta7/ - rule_id: 35846 http://www.applechiofficial.com/pta7/?3KQc7=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35846 http://www.promptyum.com/pta7/ - rule_id: 35845 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.playcups.life/pta7/?3KQc7=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35250 http://www.cosmicearthgoddess.com/pta7/?3KQc7=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35248 http://www.yh66985.com/pta7/?3KQc7=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35249 http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
18
www.acdaiucdac.com(165.140.70.70) - mailcious www.sisbom.online() - mailcious www.yh66985.com(154.215.247.58) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.maytag36.com(76.223.26.96) - mailcious 74.208.236.61 - mailcious 165.140.70.70 - mailcious 154.215.247.58 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 13.248.148.254 - mailcious 217.144.104.212 - mailcious 45.33.6.223 203.161.58.192 - mailcious
|
|
16
http://www.acdaiucdac.com/pta7/ http://www.playcups.life/pta7/ http://www.promptyum.com/pta7/ http://www.yh66985.com/pta7/ http://www.acdaiucdac.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.applechiofficial.com/pta7/ http://www.applechiofficial.com/pta7/ http://www.promptyum.com/pta7/ http://www.maytag36.com/pta7/ http://www.playcups.life/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.yh66985.com/pta7/ http://www.selfstorage.koeln/pta7/
|
8.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9397 |
2023-08-16 07:36
|
wininit.exe 64870ba5b0e92b05dc383959e02782ce Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD |
22
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip http://www.cosmicearthgoddess.com/pta7/?aHip=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&15=_oc9 - rule_id: 35248 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.selfstorage.koeln/pta7/ - rule_id: 35247 http://www.selfstorage.koeln/pta7/?aHip=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&15=_oc9 - rule_id: 35247 http://www.promptyum.com/pta7/?aHip=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&15=_oc9 - rule_id: 35845 http://www.maytag36.com/pta7/?aHip=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&15=_oc9 - rule_id: 35246 http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.playcups.life/pta7/?aHip=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&15=_oc9 - rule_id: 35250 http://www.promptyum.com/pta7/ - rule_id: 35845 http://www.acdaiucdac.com/pta7/?aHip=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&15=_oc9 - rule_id: 35847 http://www.playcups.life/pta7/ - rule_id: 35250 http://www.applechiofficial.com/pta7/ - rule_id: 35846 http://www.grmlfgsz.click/pta7/?aHip=ZUw0DE2tTfMrS/vGgTqiPtR9iLDJ7ITJFCKtS8euE2iaohDcpFUZC4QpBbwyViCfiPHxoQAr+wVp68on4xa7Qrqk1k7DdBy37sJAI4o=&15=_oc9 - rule_id: 35857 http://www.grmlfgsz.click/pta7/ - rule_id: 35857 http://www.acdaiucdac.com/pta7/ - rule_id: 35847 http://www.yh66985.com/pta7/?aHip=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&15=_oc9 - rule_id: 35249 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.workationdelsol.com/pta7/?aHip=KwcplsCPI1RgA9llBgRI7UZiW4SpOPY+6KzEsYVNfDztjut0HKme+ulBSzhiqB8GHLrJm3E5Mws5yZIdMQ67aG0FcK0zVEj9Psx/60M=&15=_oc9 - rule_id: 35856 http://www.applechiofficial.com/pta7/?aHip=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&15=_oc9 - rule_id: 35846 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.workationdelsol.com/pta7/ - rule_id: 35856
|
24
www.workationdelsol.com(81.169.145.159) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.grmlfgsz.click(172.67.178.188) - mailcious www.s7ve7.top(107.148.23.45) www.acdaiucdac.com(165.140.70.70) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.yh66985.com(154.215.247.58) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.maytag36.com(76.223.26.96) - mailcious www.sisbom.online() - mailcious 81.169.145.159 - mailcious 107.148.23.45 172.67.178.188 74.208.236.61 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 13.248.148.254 - mailcious 203.161.58.192 - mailcious 165.140.70.70 - mailcious 217.144.104.212 - mailcious 45.33.6.223 154.215.247.58 - mailcious
|
|
20
http://www.cosmicearthgoddess.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.selfstorage.koeln/pta7/ http://www.promptyum.com/pta7/ http://www.maytag36.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.playcups.life/pta7/ http://www.promptyum.com/pta7/ http://www.acdaiucdac.com/pta7/ http://www.playcups.life/pta7/ http://www.applechiofficial.com/pta7/ http://www.grmlfgsz.click/pta7/ http://www.grmlfgsz.click/pta7/ http://www.acdaiucdac.com/pta7/ http://www.yh66985.com/pta7/ http://www.yh66985.com/pta7/ http://www.workationdelsol.com/pta7/ http://www.applechiofficial.com/pta7/ http://www.maytag36.com/pta7/ http://www.workationdelsol.com/pta7/
|
9.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9398 |
2023-08-16 07:36
|
chromium.exe 3333fe1aabfb8bdfd7ad0453b532976a UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9399 |
2023-08-15 19:16
|
builsrtdd.exe 3656380b872547ff69f460c90328d257 UPX Malicious Library Anti_VM OS Processor Check PE File PE32 VirusTotal Malware MachineGuid Malicious Traffic Creates executable files unpack itself ComputerName DNS crashed |
4
http://95.216.183.42/pack.zip
http://95.216.183.42/980843ac508a7fe8f556d42e4c5cfb54
https://steamcommunity.com/profiles/76561199541261200
https://t.me/odyssey_tg
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.111.197) - mailcious 149.154.167.99 - mailcious
23.34.107.26
95.216.183.42
|
|
|
4.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9400 |
2023-08-15 19:13
|
hunresgytv.hta 4e0111996bd46a5eadce11ea29ebae3c Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9401 |
2023-08-15 19:12
|
upd-download(st-ct).url bad6f985683173fbda122d222a10e010 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
3
http://94.156.253.17/Downloads/build-new.lnk http://94.156.253.17/ http://94.156.253.17/Downloads
|
1
94.156.253.17 - mailcious
|
|
|
5.0 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9402 |
2023-08-15 19:12
|
build1234.exe 5fb59ec46fd6a15ac0856e37fe226573 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
6.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9403 |
2023-08-15 16:15
|
PNe5J9o1XCKpHYk.exe 40be18ff344e38f80cec056f5bd97f21 UPX .NET framework(MSIL) Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
15.4 |
M |
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9404 |
2023-08-15 10:44
|
wininit.exe 866092635503625027bd65cacbeb3abd Formbook Generic Malware Antivirus PWS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
6
http://www.royaltotojp.life/gs22/?tZi0=XqGT28VuwgR0tHIWJ12GlexZBkdeEH2omtvxSMlxLbtL0z8j7vfoLf8TYWqqB6Qy1HltMte6&Unt48=GTd0sn7PmjlLKfx&sql=1 http://www.czcblzky.click/gs22/ http://www.royaltotojp.life/gs22/ http://www.wtd6e.buzz/gs22/ http://www.wtd6e.buzz/gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1 http://www.czcblzky.click/gs22/?tZi0=J8uqsMNsS5Yn0BkrkL7ZAY4qgjZ7ppo07do+1ANX1PvbNDE/4Q/w494tyz+wglG6mRixLfnE&Unt48=GTd0sn7PmjlLKfx&sql=1
|
6
www.royaltotojp.life(104.21.47.213) www.wtd6e.buzz(104.21.41.43) www.czcblzky.click(43.154.67.170) 104.21.47.213 172.67.159.243 43.154.67.170 - mailcious
|
|
|
11.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9405 |
2023-08-15 10:41
|
000000000000000%23%23%23%23%23... 856951e629035c756ed107835a218653 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
5
http://www.xc14265.com/gs22/?J6A=SuVcmOAn2xRPN/PRwV8ysuHDkHc3DBMicxYHYVuZpNjcYi1EwU9TL0jT8CMJ1e4bcGmvv8cy&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/?J6A=Pq7DZlSzFefC8E+AEVaPt7VRxf8NJwnXcTNfiZeG3B/taPM2i2unT71hL8hyN6OHJcS/jyoU&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/
http://www.xc14265.com/gs22/
http://103.6.248.9/S138M/wininit.exe
|
6
www.xc14265.com(20.210.252.134)
www.cafesmood.store()
www.carnivoroussnacks.com(142.250.207.115) 103.6.248.9 - malware
142.250.204.83
20.210.252.27
|
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|