| 9481 |
2023-08-14 09:16
|
KB_20230531.chm a6136fa5e2c7d51187221e83e52b9402
Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger heapspray Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows Advertising ComputerName Cryptographic key |
3
http://bian0151.cafe24.com/member/1.html
http://75.119.136.207/config/bases/1.html
http://75.119.136.207/config/bases/config.php
|
4
bian0151.cafe24.com(183.111.174.53)
reaver.softforum.com(1.237.174.80)
183.111.174.53
1.237.174.80
|
|
|
10.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9482 |
2023-08-14 09:16
|
 1.html 136ceaa4b76934d78546271c08f51aa2
Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
2
http://75.119.136.207/config/bases/config.php
http://ableinfo.co.kr/member/1.html
|
|
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9483 |
2023-08-14 09:13
|
 1.html 136ceaa4b76934d78546271c08f51aa2
Antivirus unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9484 |
2023-08-14 09:08
|
 cred64.dll b71a9d5b854d028a6a9755d9475e5a71
Browser Login Data Stealer UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName DNS crashed |
|
1
75.119.136.207 - mailcious
|
|
|
3.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9485 |
2023-08-14 09:08
|
x-8.6.blaze 69a84378087813dcc137688a49871166
AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
4.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9486 |
2023-08-14 09:07
|
현황조사표.xlsx.lnk 0eb8db3cbde470407f942fd63afe42b8
Generic Malware Downloader Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Hide_URL AntiDebug AntiVM GIF Format Vulnerability VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://75.119.136.207/config/bases/config.php?U=TEST22-PC-test22-SH
http://bian0151.cafe24.com/admin/board/1.html
|
1
75.119.136.207 - mailcious
|
|
|
13.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9487 |
2023-08-14 08:53
|
 clip64.dll 0e5d0bba336c02519fce133196868ad4
Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 PDB Checks debugger unpack itself |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9488 |
2023-08-14 07:53
|
 32.exe fdb650f759c72c4d408a4da61096ac29
UPX Malicious Library Admin Tool (Sysinternals etc ...) PWS SMTP AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
11.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9489 |
2023-08-14 07:53
|
 wininit.exe 1188a953c9f36b374ca3714c9de1763e
Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
21
http://www.applechiofficial.com/pta7/
http://www.grmlfgsz.click/pta7/?fnA=ZUw0DE2tTfMrS/vGgTqiPtR9iLDJ7ITJFCKtS8euE2iaohDcpFUZC4QpBbwyViCfiPHxoQAr+wVp68on4xa7Qrqk1k7DdBy37sJAI4o=&kMqzI-=yuAc
http://www.playcups.life/pta7/?fnA=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&kMqzI-=yuAc - rule_id: 35250
http://www.applechiofficial.com/pta7/?fnA=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&kMqzI-=yuAc
http://www.playcups.life/pta7/ - rule_id: 35250
http://www.maytag36.com/pta7/?fnA=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&kMqzI-=yuAc - rule_id: 35246
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.workationdelsol.com/pta7/?fnA=KwcplsCPI1RgA9llBgRI7UZiW4SpOPY+6KzEsYVNfDztjut0HKme+ulBSzhiqB8GHLrJm3E5Mws5yZIdMQ67aG0FcK0zVEj9Psx/60M=&kMqzI-=yuAc
http://www.selfstorage.koeln/pta7/?fnA=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&kMqzI-=yuAc - rule_id: 35247
http://www.acdaiucdac.com/pta7/?fnA=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&kMqzI-=yuAc
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.yh66985.com/pta7/?fnA=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&kMqzI-=yuAc - rule_id: 35249
http://www.promptyum.com/pta7/
http://www.promptyum.com/pta7/?fnA=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&kMqzI-=yuAc
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.grmlfgsz.click/pta7/
http://www.cosmicearthgoddess.com/pta7/?fnA=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&kMqzI-=yuAc - rule_id: 35248
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip
http://www.acdaiucdac.com/pta7/
http://www.workationdelsol.com/pta7/
|
22
www.sisbom.online() - mailcious
www.acdaiucdac.com(165.140.70.70)
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.applechiofficial.com(217.144.104.212) - mailcious
www.grmlfgsz.click(172.67.178.188)
www.promptyum.com(52.20.84.62) - mailcious
www.workationdelsol.com(81.169.145.159)
www.playcups.life(203.161.58.192) - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
74.208.236.61 - mailcious
81.169.145.159 - mailcious
165.140.70.70
154.215.247.58 - mailcious
52.20.84.62 - mailcious
81.169.145.157 - mailcious
203.161.58.192 - mailcious
217.144.104.212 - mailcious
45.33.6.223
104.21.75.162
13.248.148.254 - mailcious
|
|
10
http://www.playcups.life/pta7/
http://www.playcups.life/pta7/
http://www.maytag36.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.yh66985.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.yh66985.com/pta7/
http://www.maytag36.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9490 |
2023-08-14 07:49
|
 file.exe 049a6d9199bd6efe409b0ab9fc4cdee6
RedLine stealer UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer FTP Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
11.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9491 |
2023-08-14 07:48
|
 file.exe 9c0492ad620a4028c2f4986a28c409f1
UPX Malicious Library OS Processor Check PE File PE32 PDB DNS |
|
1
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9492 |
2023-08-14 07:47
|
 wininit.exe cb38f35ebcddff1cb735acad8b65096e
Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
17
http://www.playcups.life/pta7/ - rule_id: 35250
http://www.promptyum.com/pta7/?C_EPEnQ=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&De=i55vP4VghF6t
http://www.applechiofficial.com/pta7/?C_EPEnQ=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&De=i55vP4VghF6t
http://www.acdaiucdac.com/pta7/?C_EPEnQ=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&De=i55vP4VghF6t
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.maytag36.com/pta7/?C_EPEnQ=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&De=i55vP4VghF6t - rule_id: 35246
http://www.applechiofficial.com/pta7/
http://www.yh66985.com/pta7/?C_EPEnQ=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&De=i55vP4VghF6t - rule_id: 35249
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.cosmicearthgoddess.com/pta7/?C_EPEnQ=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&De=i55vP4VghF6t - rule_id: 35248
http://www.promptyum.com/pta7/
http://www.selfstorage.koeln/pta7/?C_EPEnQ=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&De=i55vP4VghF6t - rule_id: 35247
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.acdaiucdac.com/pta7/
http://www.playcups.life/pta7/?C_EPEnQ=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&De=i55vP4VghF6t - rule_id: 35250
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
18
www.acdaiucdac.com(165.140.70.70)
www.sisbom.online() - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.applechiofficial.com(217.144.104.212) - mailcious
www.promptyum.com(52.20.84.62) - mailcious
www.playcups.life(203.161.58.192) - mailcious
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
74.208.236.61 - mailcious
165.140.70.70
154.215.247.58 - mailcious
52.20.84.62 - mailcious
81.169.145.157 - mailcious
13.248.148.254 - mailcious
217.144.104.212 - mailcious
45.33.6.223
203.161.58.192 - mailcious
|
|
10
http://www.playcups.life/pta7/
http://www.yh66985.com/pta7/
http://www.maytag36.com/pta7/
http://www.yh66985.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.maytag36.com/pta7/
http://www.playcups.life/pta7/
http://www.selfstorage.koeln/pta7/
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9493 |
2023-08-14 07:46
|
 blackfridaydiscount.exe 86ee347279e32641070f69e669ec98e2
UPX Malicious Library OS Processor Check PE File PE32 Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9494 |
2023-08-14 07:46
|
 djdffvj.exe c8e60225448e9cda23b291b6b16bf78b
UPX Malicious Library OS Processor Check PE File PE32 PDB Remote Code Execution DNS |
|
2
104.75.41.21 - mailcious
192.210.255.48
|
|
|
1.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9495 |
2023-08-14 07:45
|
 iii.exe 9a936fa4437b6acf28528e23094339f5
Browser Login Data Stealer Generic Malware Downloader UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50)
178.237.33.50
192.210.255.48
|
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|