| 9391 |
2023-08-16 07:40
|
 yugozx.exe d78d90977bd9addab19038a3367f7804
SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
2
cp5ua.hyperhost.ua(91.235.128.141)
91.235.128.141
|
|
|
13.0 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9392 |
2023-08-16 07:40
|
 chromium.exe 013a719564fee962f64473767b1e8cd8
Formbook AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD |
2
http://www.sarthaksrishticreation.com/sy22/?MZkp=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&U4kp=Ntx0ULS8PBu8xJ0
http://www.91967.net/sy22/?MZkp=uE9wR2Y3PY1yx307bieK+o21csjZIE3yfcLUSuw3Fyc4r02fwZ9qroRs52d1jBHfNCAz8DHk&U4kp=Ntx0ULS8PBu8xJ0
|
5
www.91967.net(20.205.142.141)
www.sofbks.top() - mailcious
www.sarthaksrishticreation.com(119.18.49.69)
20.205.142.141
119.18.49.69
|
|
|
9.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9393 |
2023-08-16 07:39
|
 Chromium.exe 6072355596f3a49926f9bffbaae67427
NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder |
20
http://www.vevo-verify.com/nfgh/?_ey6Y7KV=K2yRc8H61Fizziot+wAaIGReuben20woAXUbiL8kC1tHPZYiaT1bhCfTY68DJv8+vkAbSwoSWI++U5y8GrEWGoZVK+ah/BLoDqBCf84=&7j8ats=kq1V4
http://www.janus.news/nfgh/?_ey6Y7KV=om21+9jlNdVwizWKMyOwOcgZTTVPx7AW+kpYxaNLA/51OQzY8EK0dwCcOoJ5oU77kuc3Er/HpfN1MIi/ygtUQ6dJNUVMleWKxtrZk3Q=&7j8ats=kq1V4
http://www.blackgrow.info/nfgh/?_ey6Y7KV=Fdilm9Fv0i/sQbEB7FQsun2pvS5yrk/XwEUgJP4nxAf8zgeVWa0p8A3ZL9mAyR8s5o5tYV2/Oq1RaQhwyiqrWgliD70OCf03aFyMOxw=&7j8ats=kq1V4
http://www.janus.news/nfgh/
http://www.transportlogistcs.com/nfgh/
http://www.ui-un.com/nfgh/
http://www.doonc.xyz/nfgh/
http://www.farmacianovapiel.com/nfgh/
http://www.75788yh.com/nfgh/
http://www.blackgrow.info/nfgh/
http://www.rogerstrong.com/nfgh/
http://www.ui-un.com/nfgh/?_ey6Y7KV=AmGpwKuRxc8bHHe15LwrRZt1edDRh3/ZLr96RZEqFjC4vHfo0qPpVxDqqHKNJ4qb1mwHI/rYmgFv2V7cfI6bzvW/dqX3rTf9oN4JjQ8=&7j8ats=kq1V4
http://www.vevo-verify.com/nfgh/
http://www.transportlogistcs.com/nfgh/?_ey6Y7KV=I48GN28e5qahG4y85G7DM8qXZEpR7sT7s3p5IQi4xDWe9wNW5KItcrjWcTW27plcky8SnyoaJjmylDwHZRNeyBg4XGcOfWyBkwysn2s=&7j8ats=kq1V4
http://www.mydesigneredge.com/nfgh/?_ey6Y7KV=GRA49mVw8wTEHKukCy1MrvlPh5GXYKobPtHMU9EtIyL4NcFiD3dnRJ3ByPGmOHHNj1Cl7OvRHo6aJePyF3kLZg+l25KlUfGJwCmvXqk=&7j8ats=kq1V4
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
http://www.farmacianovapiel.com/nfgh/?_ey6Y7KV=aQ2+wXrFsT4PKb6IUbXxF91jc1vzz4V2VBOM//J2h+z49C7t0zsVYUB/PdXB1WXlbWV5WKs0ErGv8ZmkfHPk2yX6aUdn7ZJiZP+tUAI=&7j8ats=kq1V4
http://www.doonc.xyz/nfgh/?_ey6Y7KV=dTE0BQEHkFGG/SkWGN28vyxRNefs0id9vmFhGAhfs/R6ub5t9yre8RwDlrIoZnIbNffRia0Oqvkl/9i4946Fj4WMQnbXR3O3qhWOTas=&7j8ats=kq1V4
http://www.mydesigneredge.com/nfgh/
http://www.rogerstrong.com/nfgh/?_ey6Y7KV=Q5K08CeCEMvQeVdfBBxVFxMyMADfi+FGnpnIu5dQASurcnI8MumSrOOau8MPYF/qUbcRxwJxSFoDUB9kN0FsuB/toKK+h+v4kytl8fQ=&7j8ats=kq1V4
|
22
www.bitinu.tech()
www.vevo-verify.com(142.44.226.116)
www.janus.news(52.202.168.65)
www.farmacianovapiel.com(162.144.239.6)
www.75788yh.com(154.215.247.76)
www.transportlogistcs.com(216.246.46.167)
www.rogerstrong.com(154.80.136.151)
www.doonc.xyz(91.195.240.123)
www.ui-un.com(95.216.242.245)
www.mydesigneredge.com(162.144.13.104)
www.blackgrow.info(203.161.53.83)
45.33.6.223
54.161.241.46
216.246.46.167
95.216.242.245
154.80.136.151
142.44.226.116
91.195.240.123 - mailcious
162.144.13.104
154.215.247.76
203.161.53.83 - mailcious
162.144.239.6
|
|
|
4.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9394 |
2023-08-16 07:38
|
 wininit.exe b3fc98596e410ebebb2c1f39007abaf5
Generic Malware UPX Malicious Library PE File PE32 DLL PE64 PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9395 |
2023-08-16 07:37
|
 chromium.exe c1ac31ebcbfb8dc95d4eea6d4c95a474
.NET framework(MSIL) Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9396 |
2023-08-16 07:36
|
 wininit.exe 7f162aac8d8d2af6c52e87a85a1547e5
Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
17
http://www.acdaiucdac.com/pta7/ - rule_id: 35847
http://www.playcups.life/pta7/ - rule_id: 35250
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
http://www.promptyum.com/pta7/?3KQc7=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35845
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.acdaiucdac.com/pta7/?3KQc7=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35847
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.maytag36.com/pta7/?3KQc7=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35246
http://www.selfstorage.koeln/pta7/?3KQc7=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35247
http://www.applechiofficial.com/pta7/ - rule_id: 35846
http://www.applechiofficial.com/pta7/?3KQc7=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35846
http://www.promptyum.com/pta7/ - rule_id: 35845
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.playcups.life/pta7/?3KQc7=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35250
http://www.cosmicearthgoddess.com/pta7/?3KQc7=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35248
http://www.yh66985.com/pta7/?3KQc7=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35249
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
18
www.acdaiucdac.com(165.140.70.70) - mailcious
www.sisbom.online() - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.applechiofficial.com(217.144.104.212) - mailcious
www.promptyum.com(52.20.84.62) - mailcious
www.playcups.life(203.161.58.192) - mailcious
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
74.208.236.61 - mailcious
165.140.70.70 - mailcious
154.215.247.58 - mailcious
52.20.84.62 - mailcious
81.169.145.157 - mailcious
13.248.148.254 - mailcious
217.144.104.212 - mailcious
45.33.6.223
203.161.58.192 - mailcious
|
|
16
http://www.acdaiucdac.com/pta7/
http://www.playcups.life/pta7/
http://www.promptyum.com/pta7/
http://www.yh66985.com/pta7/
http://www.acdaiucdac.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.maytag36.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.applechiofficial.com/pta7/
http://www.applechiofficial.com/pta7/
http://www.promptyum.com/pta7/
http://www.maytag36.com/pta7/
http://www.playcups.life/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.yh66985.com/pta7/
http://www.selfstorage.koeln/pta7/
|
8.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9397 |
2023-08-16 07:36
|
 wininit.exe 64870ba5b0e92b05dc383959e02782ce
Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD |
22
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
http://www.cosmicearthgoddess.com/pta7/?aHip=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&15=_oc9 - rule_id: 35248
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
http://www.selfstorage.koeln/pta7/?aHip=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&15=_oc9 - rule_id: 35247
http://www.promptyum.com/pta7/?aHip=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&15=_oc9 - rule_id: 35845
http://www.maytag36.com/pta7/?aHip=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&15=_oc9 - rule_id: 35246
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.playcups.life/pta7/?aHip=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&15=_oc9 - rule_id: 35250
http://www.promptyum.com/pta7/ - rule_id: 35845
http://www.acdaiucdac.com/pta7/?aHip=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&15=_oc9 - rule_id: 35847
http://www.playcups.life/pta7/ - rule_id: 35250
http://www.applechiofficial.com/pta7/ - rule_id: 35846
http://www.grmlfgsz.click/pta7/?aHip=ZUw0DE2tTfMrS/vGgTqiPtR9iLDJ7ITJFCKtS8euE2iaohDcpFUZC4QpBbwyViCfiPHxoQAr+wVp68on4xa7Qrqk1k7DdBy37sJAI4o=&15=_oc9 - rule_id: 35857
http://www.grmlfgsz.click/pta7/ - rule_id: 35857
http://www.acdaiucdac.com/pta7/ - rule_id: 35847
http://www.yh66985.com/pta7/?aHip=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&15=_oc9 - rule_id: 35249
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.workationdelsol.com/pta7/?aHip=KwcplsCPI1RgA9llBgRI7UZiW4SpOPY+6KzEsYVNfDztjut0HKme+ulBSzhiqB8GHLrJm3E5Mws5yZIdMQ67aG0FcK0zVEj9Psx/60M=&15=_oc9 - rule_id: 35856
http://www.applechiofficial.com/pta7/?aHip=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&15=_oc9 - rule_id: 35846
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.workationdelsol.com/pta7/ - rule_id: 35856
|
24
www.workationdelsol.com(81.169.145.159) - mailcious
www.applechiofficial.com(217.144.104.212) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.grmlfgsz.click(172.67.178.188) - mailcious
www.s7ve7.top(107.148.23.45)
www.acdaiucdac.com(165.140.70.70) - mailcious
www.promptyum.com(52.20.84.62) - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.playcups.life(203.161.58.192) - mailcious
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
www.sisbom.online() - mailcious
81.169.145.159 - mailcious
107.148.23.45
172.67.178.188
74.208.236.61 - mailcious
52.20.84.62 - mailcious
81.169.145.157 - mailcious
13.248.148.254 - mailcious
203.161.58.192 - mailcious
165.140.70.70 - mailcious
217.144.104.212 - mailcious
45.33.6.223
154.215.247.58 - mailcious
|
|
20
http://www.cosmicearthgoddess.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.selfstorage.koeln/pta7/
http://www.promptyum.com/pta7/
http://www.maytag36.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.playcups.life/pta7/
http://www.promptyum.com/pta7/
http://www.acdaiucdac.com/pta7/
http://www.playcups.life/pta7/
http://www.applechiofficial.com/pta7/
http://www.grmlfgsz.click/pta7/
http://www.grmlfgsz.click/pta7/
http://www.acdaiucdac.com/pta7/
http://www.yh66985.com/pta7/
http://www.yh66985.com/pta7/
http://www.workationdelsol.com/pta7/
http://www.applechiofficial.com/pta7/
http://www.maytag36.com/pta7/
http://www.workationdelsol.com/pta7/
|
9.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9398 |
2023-08-16 07:36
|
 chromium.exe 3333fe1aabfb8bdfd7ad0453b532976a
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9399 |
2023-08-15 19:16
|
 builsrtdd.exe 3656380b872547ff69f460c90328d257
UPX Malicious Library Anti_VM OS Processor Check PE File PE32 VirusTotal Malware MachineGuid Malicious Traffic Creates executable files unpack itself ComputerName DNS crashed |
4
http://95.216.183.42/pack.zip
http://95.216.183.42/980843ac508a7fe8f556d42e4c5cfb54
https://steamcommunity.com/profiles/76561199541261200
https://t.me/odyssey_tg
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.111.197) - mailcious
149.154.167.99 - mailcious
23.34.107.26
95.216.183.42
|
|
|
4.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9400 |
2023-08-15 19:13
|
 hunresgytv.hta 4e0111996bd46a5eadce11ea29ebae3c
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9401 |
2023-08-15 19:12
|
 upd-download(st-ct).url bad6f985683173fbda122d222a10e010
AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
3
http://94.156.253.17/Downloads/build-new.lnk
http://94.156.253.17/
http://94.156.253.17/Downloads
|
1
94.156.253.17 - mailcious
|
|
|
5.0 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9402 |
2023-08-15 19:12
|
 build1234.exe 5fb59ec46fd6a15ac0856e37fe226573
RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
6.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9403 |
2023-08-15 16:15
|
 PNe5J9o1XCKpHYk.exe 40be18ff344e38f80cec056f5bd97f21
UPX .NET framework(MSIL) Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
15.4 |
M |
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9404 |
2023-08-15 10:44
|
 wininit.exe 866092635503625027bd65cacbeb3abd
Formbook Generic Malware Antivirus PWS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
6
http://www.royaltotojp.life/gs22/?tZi0=XqGT28VuwgR0tHIWJ12GlexZBkdeEH2omtvxSMlxLbtL0z8j7vfoLf8TYWqqB6Qy1HltMte6&Unt48=GTd0sn7PmjlLKfx&sql=1
http://www.czcblzky.click/gs22/
http://www.royaltotojp.life/gs22/
http://www.wtd6e.buzz/gs22/
http://www.wtd6e.buzz/gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1
http://www.czcblzky.click/gs22/?tZi0=J8uqsMNsS5Yn0BkrkL7ZAY4qgjZ7ppo07do+1ANX1PvbNDE/4Q/w494tyz+wglG6mRixLfnE&Unt48=GTd0sn7PmjlLKfx&sql=1
|
6
www.royaltotojp.life(104.21.47.213)
www.wtd6e.buzz(104.21.41.43)
www.czcblzky.click(43.154.67.170)
104.21.47.213
172.67.159.243
43.154.67.170 - mailcious
|
|
|
11.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9405 |
2023-08-15 10:41
|
000000000000000%23%23%23%23%23... 856951e629035c756ed107835a218653
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
5
http://www.xc14265.com/gs22/?J6A=SuVcmOAn2xRPN/PRwV8ysuHDkHc3DBMicxYHYVuZpNjcYi1EwU9TL0jT8CMJ1e4bcGmvv8cy&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/?J6A=Pq7DZlSzFefC8E+AEVaPt7VRxf8NJwnXcTNfiZeG3B/taPM2i2unT71hL8hyN6OHJcS/jyoU&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/
http://www.xc14265.com/gs22/
http://103.6.248.9/S138M/wininit.exe
|
6
www.xc14265.com(20.210.252.134)
www.cafesmood.store()
www.carnivoroussnacks.com(142.250.207.115)
103.6.248.9 - malware
142.250.204.83
20.210.252.27
|
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|