| 9556 |
2021-07-01 15:07
|
Dn2BawZf.php 10eeac6d1588d51ee5495b70b45abad2
AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9557 |
2021-07-01 15:16
|
 x4pq7mWBd1EoIa.php b10f6a5dc20e493d684999d006b53bbe
Emotet UPX PE32 OS Processor Check PE File DNS |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9558 |
2021-07-01 15:17
|
 figures.06.21.doc ea09b4c38b2e026a5e147c1801530775
VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception |
1
http://wearevansd.com/adda/7D0lKw1VWvSY9GOjnEyj3uiMaOM6bIc55Lj6k4iZReT/19645/dgYhKyf1w2JeSay9/hteL0spFkMx6mGt2FTyWmBDM1y21LXDDawJ5juclOyoTL/jaki3?time=nKcR47oHLzKlDXdqrChZonU&cid=yx48dcJjkJqZSJPuljc&time=fRl&VkT=c6G3xB1YglYDdf9&OEDK04Uu=uPRDv5b&sid=iSd4zdAJPuWCqanXcdssu7im9Oumw&Gr1=3gYAHPB7jsos82jd&ref=tLPSQufXojX3JUkBXxbBETSuV&sid=laCn22SNz&page=2O
|
2
wearevansd.com(45.84.0.215)
45.84.0.215 - mailcious
|
|
|
7.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9559 |
2021-07-01 15:19
|
file 06.30.2021.doc 991198e66f488ec0a831c31ef5c2a3f4
VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception DNS |
1
http://wearevansd.com/adda/95133/QQ10/OWb14BWJTdm/vOe8G8tetEug4efQede39qouyddeErETbrbzl3MPRDT/95347/52347/34299/Ff2Dhn/WYURhIr0nRmXO7YbHH9FCkdRFd1/44428/jaki1?user=9JW
|
2
wearevansd.com(45.84.0.215)
45.84.0.215 - mailcious
|
|
|
7.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9560 |
2021-07-01 15:19
|
 Li1J9kmyK3YE.php 44cbf8e4cc5ccdbe05a7d4ddf022bf0f
Emotet UPX PE32 OS Processor Check PE File Malware Malicious Traffic DNS |
1
|
1
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9561 |
2021-07-01 15:21
|
 material.06.21.doc c17f947258355884f1d359e24733b92e
VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory ICMP traffic RWX flags setting unpack itself suspicious process Interception DNS |
1
http://fordlogisticss.com/adda/gTr5d80ik2zQHQ1HVgFl5unJNgtk7OO7GQJyy/DlIcM/W0wEDKCm80ZnMdKUqmtFoUgSx/gcBW2fbvUZ2w7h9ymtYJSptDnq8m4mVuGAi7/91846/3HcNJNavdxB6ILtbWPeO8zSCYlRGIYaA4NfreH4PXY/rvk6oCdF49I89tjCSoYHXh9tCXQxzNuY1C4oJM4SS/jaki6?cY=VUbEaI7WSRBuB3&user=u6G3VjNszr0h7QP
|
1
fordlogisticss.com(45.84.0.211)
|
|
|
7.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9562 |
2021-07-01 15:33
|
 specifics,06.21.doc 67092e0e7cae41a063ee9e7d71f0209f
VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception DNS |
1
http://testmahoneyd.com/adda/enOdCKIkfAc5b77/5N/G6slDmwuaq5VZDBKkP4xUmVoV4aV7jfcIU8PodjTp4J/47873/fNjGc6TEZCpKb3brSC4HG2qYFx5fsPoZ69bafbOgWb/OQrvWoC7Uy1/xtEh4k0mmpxF85JiCbyPv4sn3yqvWZVlpfVtbDSY/Ms/50VELd34hbAQBucldfao42akDYq1TCFMj57tQ/jaki2?q=mZwEQl4nwMU5Z1oglgnTafcpybGN6M&search=gzAzmapbhNZjKQM5Z7K5HYoo7gDC&page=Qq0oGfDkcE4L1mEaczeun18eBVdlvZ&page=sN4a1t&time=Ip5QQpH2I72eFXcByWLUHvQmYC0E&user=2JVxcpyzozB5i&search=agooIX&ref=w3faij&id=kmrly&time=YvfR2vBlJpnAvkNsmQygJ3UTB
|
2
testmahoneyd.com(45.84.0.215) - mailcious
45.84.0.215 - mailcious
|
|
|
7.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9563 |
2021-07-01 15:33
|
 report_06.21.doc faf4b5f0994bd6a977ecb95bfabe8c19
VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception |
1
http://wearevansd.com/adda/7D0lKw1VWvSY9GOjnEyj3uiMaOM6bIc55Lj6k4iZReT/19645/dgYhKyf1w2JeSay9/hteL0spFkMx6mGt2FTyWmBDM1y21LXDDawJ5juclOyoTL/jaki3?time=nKcR47oHLzKlDXdqrChZonU&cid=yx48dcJjkJqZSJPuljc&time=fRl&VkT=c6G3xB1YglYDdf9&OEDK04Uu=uPRDv5b&sid=iSd4zdAJPuWCqanXcdssu7im9Oumw&Gr1=3gYAHPB7jsos82jd&ref=tLPSQufXojX3JUkBXxbBETSuV&sid=laCn22SNz&page=2O
|
2
wearevansd.com(45.84.0.215) - mailcious
45.84.0.215 - mailcious
|
|
|
7.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9564 |
2021-07-01 15:35
|
 require.06.30.21.doc ae17389c50df966455179ec5b5c3c75a
VBA_macro AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception DNS |
1
http://testmahoneyd.com/adda/rrHqdi5wodVNWNVAk8kKxPPC1XE2K8wmc/66709/32889/yCi6C1ylY1jJqAbXlbehyL5oqPNvMj0mYILaPZ/IBS0twUYrdTMsFp7RkyewbUOKGB6pOc/85071/81257/jaki3?page=RU&=Ir6JGI
|
2
testmahoneyd.com(45.84.0.215) - mailcious
45.84.0.215 - mailcious
|
|
|
7.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9565 |
2021-07-01 18:09
|
 WeaponGrand.exe db2f659dc03c430d809eff66e99c42f8
VMProtect PE32 PE File VirusTotal Malware Check memory unpack itself |
|
|
|
|
3.2 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9566 |
2021-07-01 18:09
|
 ew.exe d0a3271d3966f4765b194b203abaf782
Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS crashed |
3
http://www.nivafitness.com/vn3b/?Vnw0_=-Z2l72s0kFHhurC&FrJd4PD=bqDBP0O9Vn3So+RBn75VdyvT/sToQzDOCpoIADkSiO14IsvETUp9boKBnXh5Ks2dUI8lKoag
http://www.pibblekibble.com/vn3b/?Vnw0_=-Z2l72s0kFHhurC&FrJd4PD=7KKODc5MDsDCEzAoRYM76RaAm8zujJIqN8Cp4oN6MSU5XPOB4MX/FWfC5xEyCIoPdsXLCh3W
http://www.blackbettyxt.com/vn3b/?FrJd4PD=HEEXiPM4fqncc4MMlrlRss4O3bw3kYvQfpb+dGO4B3Vuh61Wc/rFV6l7vkxAcZYhR9ZLHOlr&Vnw0_=-Z2l72s0kFHhurC
|
4
www.nivafitness.com(34.102.136.180)
www.pibblekibble.com(34.102.136.180)
www.blackbettyxt.com(34.102.136.180)
34.102.136.180 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9567 |
2021-07-01 18:12
|
 dg.exe cf4451b3972a3a0c80ba775579c60de5
Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed |
4
http://www.vmdoctor.com/lvno/?Kzux=z5V9e9CabOAi0u4rmoa/UfEKbROekej59ljPlo8Q+nQLAKhl5cN+OI8RoEb12W3eqG/yW4Kr&p0D=AfpHLx9
http://www.hai96.com/lvno/?Kzux=k9QIkx5GCt5YvieM+yDM1rNmuWw3ZYu70gQPKUbfhMkm/Olm+/k+bmmYakDeX1iB9Dpnmtma&p0D=AfpHLx9
http://www.pizzafromsky.com/lvno/?Kzux=hrc86bj5dJczUKK4C2Z5ksFfVnrDN93+er1RK/RU41IsAR27IoSTEuryZJwxOmH1025bJtBt&p0D=AfpHLx9
http://www.karlakarony.com/lvno/?Kzux=mepXojAupUjOhnsr5OdCMMT8PCW1ujZfe8HjdU7EVlgpYioQzA85FA+noB09SNR8LwLZ9QYQ&p0D=AfpHLx9
|
8
www.hai96.com(3.223.115.185)
www.pizzafromsky.com(195.110.124.133)
www.karlakarony.com(162.241.61.204)
www.vmdoctor.com(156.241.53.152)
3.223.115.185 - mailcious
195.110.124.133 - mailcious
156.241.53.152
162.241.61.204 - malware
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.2 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9568 |
2021-07-01 18:14
|
 si.exe df75bedbb01fdfb56956fa33a46205dd
Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed |
3
http://www.inspiredpractice.net/csls/?yVMpQNlP=AA0fyBWbZnHHrKdAI0jA8QbX+M95wQKAQ1+Q+mJpiVVvwFVAUEAf7+rrMKZePAKl9+bar05A&1bz=o8rLp - rule_id: 2426
http://www.refundoftaxsurplus.com/csls/?yVMpQNlP=Ym+oHoYN/xZYdl3jvUNligLhYqYCEJLDVEooMpY/m4VRQE6HUdWU47bsyLt1OssAv4HZM1oN&1bz=o8rLp
http://www.decorhomestyle.info/csls/?yVMpQNlP=iSLD+1PhY73eZBKoU9CM1ShoYrO8PjamQvwnurQpI+yEMjtzsi7/Y3dvoSIc7OAlKSzo8G86&1bz=o8rLp
|
7
www.hbpro2.com()
www.inspiredpractice.net(182.50.132.242) - mailcious
www.refundoftaxsurplus.com(34.102.136.180)
www.decorhomestyle.info(88.214.207.96)
182.50.132.242 - mailcious
34.102.136.180 - mailcious
88.214.207.96 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.inspiredpractice.net/csls/
|
9.2 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9569 |
2021-07-02 07:29
|
 afjfhfdhfdhjfggh 8c19e2bf5e1868d026594605f524f724
AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself Browser Email DNS |
|
|
|
|
3.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9570 |
2021-07-02 07:35
|
 afjfhfdhfdhjfggh 8c19e2bf5e1868d026594605f524f724
Antivirus powershell Check memory RWX flags setting unpack itself ComputerName DNS |
1
http://securityupdateav.com/styles.html
|
1
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|