| 9646 |
2021-07-03 09:44
|
 ashleybinx.exe c7a592e62fb6a5741c38a31b2fcee21b
RAT Generic Malware UPX Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed |
28
http://www.waaaghstore.com/ushb/?mHIx40=d2db7vz8b4gdNrrt4qkzq0tG6Pmid53TShP84iPEhYJEnjJIFmT0kwvEdr2qbrsXJSoEJg75&_jAPiL=UfgdTxvpJHM
http://www.shopcavo.com/ushb/
http://www.jjayphoto.com/ushb/?mHIx40=l2QH2d7PUWvRkU9SKQdvN0s95WcJxjd9CPijL6arS0ynTjqyQUYKcLuVD3sUO6nj8FIa5lUc&_jAPiL=UfgdTxvpJHM
http://www.poetasamigosypensadores.com/ushb/?mHIx40=fbMAEC5I5bGZsvMeVZfdSh5kpbdGGNxOXI23Y+fwKREdh+1jMwB4L2byPtlzBsiu6rKFsHuZ&_jAPiL=UfgdTxvpJHM
http://www.m-midas.com/ushb/?mHIx40=KETTpM1456fImzG2o/HCqgJBte/IHmJz01Qx96IPJzNgkPHHpmXueOKRfDyrAPg68mjcbOiZ&_jAPiL=UfgdTxvpJHM
http://www.poetasamigosypensadores.com/ushb/
http://www.tigersonindonesia.com/ushb/?mHIx40=LS6MOTI15xEst6X5E3hLeUbVHph5If8WCZS1PbHDLcXlz/LjLfM6q15glOfELeIimIqtDGOZ&_jAPiL=UfgdTxvpJHM
http://www.ossotasarim.com/ushb/?mHIx40=Kis9qagQgFI/pgEC90LDhBb2/hkn9V+B079wctmSP192jSk/5pov+dY2uUpHLbHPLnwA/Tk/&_jAPiL=UfgdTxvpJHM
http://www.multitraditional.com/ushb/
http://www.waaaghstore.com/ushb/
http://www.shopcavo.com/ushb/?mHIx40=QYepAKqqZzG2kR/57317p6KhzVHBF5g+kyT5gGECjnJqX6eG1WlH3e963VsDQqp1ReenidM4&_jAPiL=UfgdTxvpJHM
http://www.deliciousnukes.com/ushb/
http://www.dawnjarvisltd.com/ushb/
http://www.dawnjarvisltd.com/ushb/?mHIx40=3SmC3UZByhcbL2mGDdoUlUv2kDP+K/S2WzQTgf/dbZLTYyxdpUCpCwWiKx+wC7XxiANrTe4Z&_jAPiL=UfgdTxvpJHM
http://www.m-midas.com/ushb/
http://www.seswebsite.com/ushb/?mHIx40=TZZwrrhqgDwgA3wgZEkIn+5Y0i33oms/xFRek6mxYnSgwbHptw7FsqII1T+6/LgkP21MZkXY&_jAPiL=UfgdTxvpJHM
http://www.wxsocial.net/ushb/
http://www.tigersonindonesia.com/ushb/
http://www.seswebsite.com/ushb/
http://www.wounded-deer.com/ushb/
http://www.wounded-deer.com/ushb/?mHIx40=JW6wJS/fCyqdc2JhPnJNDDubHmZuYWrni9atbTQ1vgM5IXg85tcAFndz4NRwlP6sL42SfpTd&_jAPiL=UfgdTxvpJHM
http://www.ossotasarim.com/ushb/
http://www.wxsocial.net/ushb/?mHIx40=jD+SQ9M5OhBQJ5/3QGxgtYDN3MBJME7yhC8sQwvm8GBIEkJ4Y0691HdGHFaX56NR4IeIxVKV&_jAPiL=UfgdTxvpJHM
http://www.multitraditional.com/ushb/?mHIx40=Oc4WjS4DBu5AvhP85U59EprkqoXzMyfsJMpdZ9aVqZv/kvrlgbGtP2m1bh6Ukc03AoFAKmiH&_jAPiL=UfgdTxvpJHM
http://www.deliciousnukes.com/ushb/?mHIx40=CoY64qMwiO6SnAqEo6cwd7vVtOzq42WOKh1biPKYD71bz+rRFAinell2lJMFOMTK0ellYB+l&_jAPiL=UfgdTxvpJHM
http://www.jjayphoto.com/ushb/
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E322EE0C66235D8B40A9334F1FF263B9.html - rule_id: 2406
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F6E7D76D7517CFB3E9EF1C0C7D4E0D6D.html - rule_id: 2406
|
28
www.m-midas.com(194.63.249.211)
www.wxsocial.net(184.168.131.241)
www.dawnjarvisltd.com(205.201.132.26)
www.tigersonindonesia.com(103.28.53.180)
www.waaaghstore.com(34.80.190.141)
www.poetasamigosypensadores.com(35.209.112.216)
www.jjayphoto.com(154.215.102.140)
www.templejc.space()
kakosidobrosam.gq(104.21.67.197) - mailcious
www.shopcavo.com(23.227.38.74)
www.multitraditional.com(144.168.44.250)
www.wounded-deer.com(23.227.38.74)
www.seswebsite.com(107.178.171.23)
www.deliciousnukes.com(34.102.136.180)
www.ossotasarim.com(172.67.219.157)
35.209.112.216
104.21.17.25
184.168.131.241 - mailcious
104.21.67.197
154.215.102.140
194.63.249.211
34.102.136.180 - mailcious
103.28.53.180 - malware
107.178.171.23
34.80.190.141 - mailcious
205.201.140.137
23.227.38.74 - mailcious
144.168.44.250 - mailcious
|
3
ET INFO DNS Query for Suspicious .gq Domain
ET INFO Suspicious Domain (*.gq) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://kakosidobrosam.gq/liverpool-fc-news/
https://kakosidobrosam.gq/liverpool-fc-news/
|
12.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9647 |
2021-07-03 09:48
|
 effot.exe 813d892f7d4f1ef7ae9da6a1d677887d
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
12.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9648 |
2021-07-03 09:48
|
 pal.exe 0c928623c2a0cb13d70073d17a6960bb
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.0 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9649 |
2021-07-03 09:50
|
 deck.exe 4dc9eb384017307b85f54d372bf7d0ac
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9650 |
2021-07-03 09:50
|
 booby.exe 230a844ea89950512217bd427294daac
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
11.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9651 |
2021-07-03 09:52
|
 jaspa.exe 7092ce6487d5b89554d2a87bf5afa273
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
12.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9652 |
2021-07-03 09:53
|
 wealthx.exe 9bd23005277509c6ff0e28c226715313
RAT Generic Malware UPX Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-24CE7FE78D268B93DB4AD64C9B7971DD.html - rule_id: 2406
https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-CBCFAE6F7B8D32422898307A805F1FED.html - rule_id: 2406
|
2
kakosidobrosam.gq(172.67.180.37) - mailcious
104.21.67.197
|
3
ET INFO DNS Query for Suspicious .gq Domain
ET INFO Suspicious Domain (*.gq) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://kakosidobrosam.gq/liverpool-fc-news/
https://kakosidobrosam.gq/liverpool-fc-news/
|
16.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9653 |
2021-07-03 09:55
|
 mooris.exe d33862b61cc533c23945095736b28026
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9654 |
2021-07-03 09:55
|
 father.exe d8d6d04820a117daf7babbe0b5a0d3fd
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9655 |
2021-07-03 09:57
|
 okb.exe 104adec18013b544dfbf200023630eb2
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
12.2 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9656 |
2021-07-03 09:57
|
 pop.exe 9be19a18b758c8c167a815d83fff506c
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9657 |
2021-07-03 09:59
|
 yggg.exe 64b53dc7fa2ca1ff03f6dcb19537ce78
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9658 |
2021-07-03 10:02
|
 ebaa.exe c7df3a988586b9a2d2fd027d88117237
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
12.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9659 |
2021-07-03 10:07
|
ironDOOM_ABhLqDYHF151.bin 720e88696ebf062a4f4a075dbc8c4806
AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS |
|
|
|
|
4.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9660 |
2021-07-03 10:14
|
https://0v2x.blogspot.com/p/10... c3a52061a5fe3b17ffab6fec221a17fc
Antivirus DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
23
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
https://0v2x.blogspot.com/p/10.html
https://0v2x.blogspot.com/favicon.ico
https://www.google.com/css/maia.css
https://fonts.googleapis.com/css?family=Open+Sans:300
https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff
https://www.google-analytics.com/analytics.js
https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1599313125304121436&zx=f2b04871-dcf0-4739-a1bd-fc5d5fa5bdf1
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png
https://www.blogger.com/blogin.g?blogspotURL=https://0v2x.blogspot.com/p/10.html&type=blog
https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700
https://www.blogger.com/img/blogger-logotype-color-black-1x.png
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://www.blogger.com/static/v1/widgets/4165186901-widgets.js
https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2F0v2x.blogspot.com%2Fp%2F10.html&type=blog&bpli=1
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://0v2x.blogspot.com/p/10.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://0v2x.blogspot.com/p/10.html%26type%3Dblog%26bpli%3D1&passive=true&go=true
https://www.blogger.com/static/v1/jsbin/3775400722-ieretrofit.js
https://resources.blogblog.com/img/icon18_wrench_allbkg.png
|
18
0v2x.blogspot.com(172.217.161.33)
resources.blogblog.com(172.217.25.73)
www.google.com(216.58.220.132)
www.gstatic.com(172.217.25.67)
fonts.googleapis.com(172.217.161.74)
accounts.google.com(172.217.175.13)
www.google-analytics.com(216.58.220.142)
fonts.gstatic.com(216.58.220.131)
www.blogger.com(172.217.25.73)
142.250.207.67
142.250.66.129
172.217.163.233
142.250.66.131
142.250.207.74
142.250.66.141
142.250.204.110
142.250.204.68
172.217.161.169
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|