| 10111 |
2021-07-15 17:59
|
 Invoice%20325274%20from%20Quic... ab0ba30c618d88e8a9134e0a7c43fc31
VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself suspicious process |
|
1
onlinefastsolutions.com()
|
|
|
3.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10112 |
2021-07-15 18:01
|
 mo.txt.ps1 580d0ff9258cad5f8b7f78e3ea408b56
NPKI Antivirus Malware Malicious Traffic |
3
http://tbear.mypressonline.com/ci/mo.down
http://tbear.mypressonline.com/ci/del.php?filename=mo
http://tbear.mypressonline.com/ci/post.php
|
2
tbear.mypressonline.com(185.176.43.106)
185.176.43.106
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10113 |
2021-07-15 18:03
|
 ng.txt.ps1 7edfaf4ec4273c26945ca50287210f5e
NPKI Antivirus Malware Malicious Traffic |
3
http://mantc.getenjoyment.net/ya/post.php
http://mantc.getenjoyment.net/ya/del.php?filename=ng
http://mantc.getenjoyment.net/ya/ng.down
|
2
mantc.getenjoyment.net(185.176.43.98)
185.176.43.98 - mailcious
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10114 |
2021-07-15 18:03
|
 BIO.dotm 3a0d0f6141bedffca45843ef81c73d10
NPKI VBA_macro Antivirus AntiDebug AntiVM VirusTotal Malware Malicious Traffic buffers extracted |
4
http://btige.myartsonline.com/eo/ki.txt
http://btige.myartsonline.com/eo/post.php
http://btige.myartsonline.com/eo/ki.down
http://btige.myartsonline.com/eo/del.php?filename=ki
|
2
btige.myartsonline.com(185.176.43.106)
185.176.43.106
|
|
|
3.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10115 |
2021-07-15 18:05
|
 BIO.dotm e98252b09d1eeee99ed087a3ea8668cd
VBA_macro Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://tbear.mypressonline.com/ci/mo.txt
|
2
tbear.mypressonline.com(185.176.43.106)
185.176.43.106
|
|
|
9.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10116 |
2021-07-15 18:05
|
 1Ptfo0FZUMT7hlK.exe bc302d910397e2d1092e47029d8f35df
Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
4
http://www.roof801.com/qn6g/?D8k8=J94YFqHTfHcK+WuwNfObUs5GsnBXQAcnBkbfGXvwxaAoYKTXCpifnX3RACh0KP713tngWcxe&uTxXA=Apm8lx
http://www.3lidj.net/qn6g/?D8k8=D/0dd0p8aUQ6v5qA5b48hc2XDeo7fEp7Ddb+g3CJAIjGDxTVufni1Lx4/H+ZeHFP/cvzWkZA&uTxXA=Apm8lx
http://www.olezarsen.com/qn6g/?D8k8=6KMzo6eeE1wQHJAKEG8vHn1PaC15MTR+1UD1aUzs9rMVM5MUGFbiwpZgU3YCR9aL5WWeMKdz&uTxXA=Apm8lx
http://www.mindyourbehind.com/qn6g/?D8k8=CcYCtamU8N39fY2elPEZpEWUXKJfhC7Bnsn+85gNyathZNfC9aI0N+YY5aFzw+ojq6YuecqV&uTxXA=Apm8lx
|
12
www.olezarsen.com(88.214.207.96)
www.simplebox.world(88.214.207.96)
www.lifeat6k.com()
www.roof801.com(34.102.136.180)
www.3lidj.net(132.232.80.168)
www.mindyourbehind.com(35.208.214.73)
www.farmersystemofanalysis.com()
www.sonthuduc.com()
35.208.214.73
132.232.80.168
34.102.136.180 - mailcious
88.214.207.96 - mailcious
|
|
|
8.6 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10117 |
2021-07-15 18:16
|
 BIO.dotm e98252b09d1eeee99ed087a3ea8668cd
VBA_macro Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://tbear.mypressonline.com/ci/mo.txt
|
2
tbear.mypressonline.com(185.176.43.106)
185.176.43.106
|
|
|
9.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10118 |
2021-07-15 18:25
|
 ki.txt.ps1 21a653a49317c76d6c23e9ac85b9467a
NPKI Antivirus Malware Malicious Traffic |
2
http://btige.myartsonline.com/eo/post.php - rule_id: 2809
http://btige.myartsonline.com/eo/post.php
|
2
btige.myartsonline.com(185.176.43.106)
185.176.43.106
|
|
1
http://btige.myartsonline.com/eo/post.php
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10119 |
2021-07-15 18:47
|
 file11.bin 222d9a3950c1dd4e9d659e51e46ca608
PE File PE32 VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
2.6 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10120 |
2021-07-15 20:01
|
 jun.js ceb58144b89ea3c7d42611b451e21cb7
AgentTesla browser info stealer Google Chrome User Data Antivirus ScreenShot Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName DNS Cryptographic key keylogger |
1
http://192.227.158.111/fit.jpg
|
5
google.com(142.250.196.142)
twistednerd.dvrlists.com(213.152.187.215)
213.152.187.215
192.227.158.111 - malware
142.250.204.110
|
|
|
20.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10121 |
2021-07-15 22:35
|
 000628389672_1.xlsm be08be775737dbd2ef07cd65b3c95d7e
VBA_macro VirusTotal Malware RWX flags setting unpack itself |
|
2
office15client.microsoft.com(52.109.112.104)
52.109.124.116
|
|
|
2.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10122 |
2021-07-15 22:39
|
0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db
VBA_macro MSOffice File OS Processor Check RWX flags setting unpack itself |
|
3
office15client.microsoft.com(52.109.112.104)
52.109.112.104
52.109.124.116
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10123 |
2021-07-15 23:07
|
0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db
VBA_macro MSOffice File OS Processor Check Malware Malicious Traffic Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
2
http://trictuatiove.com/8/forum.php
http://api.ipify.org/
|
4
api.ipify.org(54.235.121.178)
trictuatiove.com(194.147.115.74)
194.147.115.74
54.243.175.83
|
|
|
7.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10124 |
2021-07-15 23:09
|
 000628389672_1.xlsm be08be775737dbd2ef07cd65b3c95d7e
VBA_macro VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
2.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10125 |
2021-07-15 23:17
|
0712_1535841550.doc 116c69c018829ee0342b177523161cd4
VBA_macro MSOffice File OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
3
http://trictuatiove.com/8/forum.php - rule_id: 2851
http://trictuatiove.com/8/forum.php
http://api.ipify.org/
|
4
api.ipify.org(54.235.88.121)
trictuatiove.com(194.147.115.74)
194.147.115.74
50.19.100.233
|
|
1
http://trictuatiove.com/8/forum.php
|
9.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|