9556 |
2021-07-01 15:07
|
Dn2BawZf.php 10eeac6d1588d51ee5495b70b45abad2 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9557 |
2021-07-01 15:16
|
x4pq7mWBd1EoIa.php b10f6a5dc20e493d684999d006b53bbe Emotet UPX PE32 OS Processor Check PE File DNS |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9558 |
2021-07-01 15:17
|
figures.06.21.doc ea09b4c38b2e026a5e147c1801530775 VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception |
1
http://wearevansd.com/adda/7D0lKw1VWvSY9GOjnEyj3uiMaOM6bIc55Lj6k4iZReT/19645/dgYhKyf1w2JeSay9/hteL0spFkMx6mGt2FTyWmBDM1y21LXDDawJ5juclOyoTL/jaki3?time=nKcR47oHLzKlDXdqrChZonU&cid=yx48dcJjkJqZSJPuljc&time=fRl&VkT=c6G3xB1YglYDdf9&OEDK04Uu=uPRDv5b&sid=iSd4zdAJPuWCqanXcdssu7im9Oumw&Gr1=3gYAHPB7jsos82jd&ref=tLPSQufXojX3JUkBXxbBETSuV&sid=laCn22SNz&page=2O
|
2
wearevansd.com(45.84.0.215) 45.84.0.215 - mailcious
|
|
|
7.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9559 |
2021-07-01 15:19
|
file 06.30.2021.doc 991198e66f488ec0a831c31ef5c2a3f4 VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception DNS |
1
http://wearevansd.com/adda/95133/QQ10/OWb14BWJTdm/vOe8G8tetEug4efQede39qouyddeErETbrbzl3MPRDT/95347/52347/34299/Ff2Dhn/WYURhIr0nRmXO7YbHH9FCkdRFd1/44428/jaki1?user=9JW
|
2
wearevansd.com(45.84.0.215) 45.84.0.215 - mailcious
|
|
|
7.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9560 |
2021-07-01 15:19
|
Li1J9kmyK3YE.php 44cbf8e4cc5ccdbe05a7d4ddf022bf0f Emotet UPX PE32 OS Processor Check PE File Malware Malicious Traffic DNS |
1
|
1
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9561 |
2021-07-01 15:21
|
material.06.21.doc c17f947258355884f1d359e24733b92e VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory ICMP traffic RWX flags setting unpack itself suspicious process Interception DNS |
1
http://fordlogisticss.com/adda/gTr5d80ik2zQHQ1HVgFl5unJNgtk7OO7GQJyy/DlIcM/W0wEDKCm80ZnMdKUqmtFoUgSx/gcBW2fbvUZ2w7h9ymtYJSptDnq8m4mVuGAi7/91846/3HcNJNavdxB6ILtbWPeO8zSCYlRGIYaA4NfreH4PXY/rvk6oCdF49I89tjCSoYHXh9tCXQxzNuY1C4oJM4SS/jaki6?cY=VUbEaI7WSRBuB3&user=u6G3VjNszr0h7QP
|
1
fordlogisticss.com(45.84.0.211)
|
|
|
7.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9562 |
2021-07-01 15:33
|
specifics,06.21.doc 67092e0e7cae41a063ee9e7d71f0209f VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception DNS |
1
http://testmahoneyd.com/adda/enOdCKIkfAc5b77/5N/G6slDmwuaq5VZDBKkP4xUmVoV4aV7jfcIU8PodjTp4J/47873/fNjGc6TEZCpKb3brSC4HG2qYFx5fsPoZ69bafbOgWb/OQrvWoC7Uy1/xtEh4k0mmpxF85JiCbyPv4sn3yqvWZVlpfVtbDSY/Ms/50VELd34hbAQBucldfao42akDYq1TCFMj57tQ/jaki2?q=mZwEQl4nwMU5Z1oglgnTafcpybGN6M&search=gzAzmapbhNZjKQM5Z7K5HYoo7gDC&page=Qq0oGfDkcE4L1mEaczeun18eBVdlvZ&page=sN4a1t&time=Ip5QQpH2I72eFXcByWLUHvQmYC0E&user=2JVxcpyzozB5i&search=agooIX&ref=w3faij&id=kmrly&time=YvfR2vBlJpnAvkNsmQygJ3UTB
|
2
testmahoneyd.com(45.84.0.215) - mailcious 45.84.0.215 - mailcious
|
|
|
7.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9563 |
2021-07-01 15:33
|
report_06.21.doc faf4b5f0994bd6a977ecb95bfabe8c19 VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception |
1
http://wearevansd.com/adda/7D0lKw1VWvSY9GOjnEyj3uiMaOM6bIc55Lj6k4iZReT/19645/dgYhKyf1w2JeSay9/hteL0spFkMx6mGt2FTyWmBDM1y21LXDDawJ5juclOyoTL/jaki3?time=nKcR47oHLzKlDXdqrChZonU&cid=yx48dcJjkJqZSJPuljc&time=fRl&VkT=c6G3xB1YglYDdf9&OEDK04Uu=uPRDv5b&sid=iSd4zdAJPuWCqanXcdssu7im9Oumw&Gr1=3gYAHPB7jsos82jd&ref=tLPSQufXojX3JUkBXxbBETSuV&sid=laCn22SNz&page=2O
|
2
wearevansd.com(45.84.0.215) - mailcious 45.84.0.215 - mailcious
|
|
|
7.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9564 |
2021-07-01 15:35
|
require.06.30.21.doc ae17389c50df966455179ec5b5c3c75a VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception DNS |
1
http://testmahoneyd.com/adda/rrHqdi5wodVNWNVAk8kKxPPC1XE2K8wmc/66709/32889/yCi6C1ylY1jJqAbXlbehyL5oqPNvMj0mYILaPZ/IBS0twUYrdTMsFp7RkyewbUOKGB6pOc/85071/81257/jaki3?page=RU&=Ir6JGI
|
2
testmahoneyd.com(45.84.0.215) - mailcious 45.84.0.215 - mailcious
|
|
|
7.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9565 |
2021-07-01 18:09
|
WeaponGrand.exe db2f659dc03c430d809eff66e99c42f8 VMProtect PE32 PE File VirusTotal Malware Check memory unpack itself |
|
|
|
|
3.2 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9566 |
2021-07-01 18:09
|
ew.exe d0a3271d3966f4765b194b203abaf782 Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS crashed |
3
http://www.nivafitness.com/vn3b/?Vnw0_=-Z2l72s0kFHhurC&FrJd4PD=bqDBP0O9Vn3So+RBn75VdyvT/sToQzDOCpoIADkSiO14IsvETUp9boKBnXh5Ks2dUI8lKoag http://www.pibblekibble.com/vn3b/?Vnw0_=-Z2l72s0kFHhurC&FrJd4PD=7KKODc5MDsDCEzAoRYM76RaAm8zujJIqN8Cp4oN6MSU5XPOB4MX/FWfC5xEyCIoPdsXLCh3W http://www.blackbettyxt.com/vn3b/?FrJd4PD=HEEXiPM4fqncc4MMlrlRss4O3bw3kYvQfpb+dGO4B3Vuh61Wc/rFV6l7vkxAcZYhR9ZLHOlr&Vnw0_=-Z2l72s0kFHhurC
|
4
www.nivafitness.com(34.102.136.180) www.pibblekibble.com(34.102.136.180) www.blackbettyxt.com(34.102.136.180) 34.102.136.180 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9567 |
2021-07-01 18:12
|
dg.exe cf4451b3972a3a0c80ba775579c60de5 Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed |
4
http://www.vmdoctor.com/lvno/?Kzux=z5V9e9CabOAi0u4rmoa/UfEKbROekej59ljPlo8Q+nQLAKhl5cN+OI8RoEb12W3eqG/yW4Kr&p0D=AfpHLx9 http://www.hai96.com/lvno/?Kzux=k9QIkx5GCt5YvieM+yDM1rNmuWw3ZYu70gQPKUbfhMkm/Olm+/k+bmmYakDeX1iB9Dpnmtma&p0D=AfpHLx9 http://www.pizzafromsky.com/lvno/?Kzux=hrc86bj5dJczUKK4C2Z5ksFfVnrDN93+er1RK/RU41IsAR27IoSTEuryZJwxOmH1025bJtBt&p0D=AfpHLx9 http://www.karlakarony.com/lvno/?Kzux=mepXojAupUjOhnsr5OdCMMT8PCW1ujZfe8HjdU7EVlgpYioQzA85FA+noB09SNR8LwLZ9QYQ&p0D=AfpHLx9
|
8
www.hai96.com(3.223.115.185) www.pizzafromsky.com(195.110.124.133) www.karlakarony.com(162.241.61.204) www.vmdoctor.com(156.241.53.152) 3.223.115.185 - mailcious 195.110.124.133 - mailcious 156.241.53.152 162.241.61.204 - malware
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.2 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9568 |
2021-07-01 18:14
|
si.exe df75bedbb01fdfb56956fa33a46205dd Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed |
3
http://www.inspiredpractice.net/csls/?yVMpQNlP=AA0fyBWbZnHHrKdAI0jA8QbX+M95wQKAQ1+Q+mJpiVVvwFVAUEAf7+rrMKZePAKl9+bar05A&1bz=o8rLp - rule_id: 2426 http://www.refundoftaxsurplus.com/csls/?yVMpQNlP=Ym+oHoYN/xZYdl3jvUNligLhYqYCEJLDVEooMpY/m4VRQE6HUdWU47bsyLt1OssAv4HZM1oN&1bz=o8rLp http://www.decorhomestyle.info/csls/?yVMpQNlP=iSLD+1PhY73eZBKoU9CM1ShoYrO8PjamQvwnurQpI+yEMjtzsi7/Y3dvoSIc7OAlKSzo8G86&1bz=o8rLp
|
7
www.hbpro2.com() www.inspiredpractice.net(182.50.132.242) - mailcious www.refundoftaxsurplus.com(34.102.136.180) www.decorhomestyle.info(88.214.207.96) 182.50.132.242 - mailcious 34.102.136.180 - mailcious 88.214.207.96 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.inspiredpractice.net/csls/
|
9.2 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9569 |
2021-07-02 07:29
|
afjfhfdhfdhjfggh 8c19e2bf5e1868d026594605f524f724 AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself Browser Email DNS |
|
|
|
|
3.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9570 |
2021-07-02 07:35
|
afjfhfdhfdhjfggh 8c19e2bf5e1868d026594605f524f724 Antivirus powershell Check memory RWX flags setting unpack itself ComputerName DNS |
1
http://securityupdateav.com/styles.html
|
1
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|