10111 |
2021-07-15 17:59
|
Invoice%20325274%20from%20Quic... ab0ba30c618d88e8a9134e0a7c43fc31 VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself suspicious process |
|
1
onlinefastsolutions.com()
|
|
|
3.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10112 |
2021-07-15 18:01
|
mo.txt.ps1 580d0ff9258cad5f8b7f78e3ea408b56 NPKI Antivirus Malware Malicious Traffic |
3
http://tbear.mypressonline.com/ci/mo.down http://tbear.mypressonline.com/ci/del.php?filename=mo http://tbear.mypressonline.com/ci/post.php
|
2
tbear.mypressonline.com(185.176.43.106) 185.176.43.106
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10113 |
2021-07-15 18:03
|
ng.txt.ps1 7edfaf4ec4273c26945ca50287210f5e NPKI Antivirus Malware Malicious Traffic |
3
http://mantc.getenjoyment.net/ya/post.php http://mantc.getenjoyment.net/ya/del.php?filename=ng http://mantc.getenjoyment.net/ya/ng.down
|
2
mantc.getenjoyment.net(185.176.43.98) 185.176.43.98 - mailcious
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10114 |
2021-07-15 18:03
|
BIO.dotm 3a0d0f6141bedffca45843ef81c73d10 NPKI VBA_macro Antivirus AntiDebug AntiVM VirusTotal Malware Malicious Traffic buffers extracted |
4
http://btige.myartsonline.com/eo/ki.txt http://btige.myartsonline.com/eo/post.php http://btige.myartsonline.com/eo/ki.down http://btige.myartsonline.com/eo/del.php?filename=ki
|
2
btige.myartsonline.com(185.176.43.106) 185.176.43.106
|
|
|
3.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10115 |
2021-07-15 18:05
|
BIO.dotm e98252b09d1eeee99ed087a3ea8668cd VBA_macro Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://tbear.mypressonline.com/ci/mo.txt
|
2
tbear.mypressonline.com(185.176.43.106) 185.176.43.106
|
|
|
9.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10116 |
2021-07-15 18:05
|
1Ptfo0FZUMT7hlK.exe bc302d910397e2d1092e47029d8f35df Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
4
http://www.roof801.com/qn6g/?D8k8=J94YFqHTfHcK+WuwNfObUs5GsnBXQAcnBkbfGXvwxaAoYKTXCpifnX3RACh0KP713tngWcxe&uTxXA=Apm8lx http://www.3lidj.net/qn6g/?D8k8=D/0dd0p8aUQ6v5qA5b48hc2XDeo7fEp7Ddb+g3CJAIjGDxTVufni1Lx4/H+ZeHFP/cvzWkZA&uTxXA=Apm8lx http://www.olezarsen.com/qn6g/?D8k8=6KMzo6eeE1wQHJAKEG8vHn1PaC15MTR+1UD1aUzs9rMVM5MUGFbiwpZgU3YCR9aL5WWeMKdz&uTxXA=Apm8lx http://www.mindyourbehind.com/qn6g/?D8k8=CcYCtamU8N39fY2elPEZpEWUXKJfhC7Bnsn+85gNyathZNfC9aI0N+YY5aFzw+ojq6YuecqV&uTxXA=Apm8lx
|
12
www.olezarsen.com(88.214.207.96) www.simplebox.world(88.214.207.96) www.lifeat6k.com() www.roof801.com(34.102.136.180) www.3lidj.net(132.232.80.168) www.mindyourbehind.com(35.208.214.73) www.farmersystemofanalysis.com() www.sonthuduc.com() 35.208.214.73 132.232.80.168 34.102.136.180 - mailcious 88.214.207.96 - mailcious
|
|
|
8.6 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10117 |
2021-07-15 18:16
|
BIO.dotm e98252b09d1eeee99ed087a3ea8668cd VBA_macro Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://tbear.mypressonline.com/ci/mo.txt
|
2
tbear.mypressonline.com(185.176.43.106) 185.176.43.106
|
|
|
9.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10118 |
2021-07-15 18:25
|
ki.txt.ps1 21a653a49317c76d6c23e9ac85b9467a NPKI Antivirus Malware Malicious Traffic |
2
http://btige.myartsonline.com/eo/post.php - rule_id: 2809 http://btige.myartsonline.com/eo/post.php
|
2
btige.myartsonline.com(185.176.43.106) 185.176.43.106
|
|
1
http://btige.myartsonline.com/eo/post.php
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10119 |
2021-07-15 18:47
|
file11.bin 222d9a3950c1dd4e9d659e51e46ca608 PE File PE32 VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
2.6 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10120 |
2021-07-15 20:01
|
jun.js ceb58144b89ea3c7d42611b451e21cb7 AgentTesla browser info stealer Google Chrome User Data Antivirus ScreenShot Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName DNS Cryptographic key keylogger |
1
http://192.227.158.111/fit.jpg
|
5
google.com(142.250.196.142) twistednerd.dvrlists.com(213.152.187.215) 213.152.187.215 192.227.158.111 - malware 142.250.204.110
|
|
|
20.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10121 |
2021-07-15 22:35
|
000628389672_1.xlsm be08be775737dbd2ef07cd65b3c95d7e VBA_macro VirusTotal Malware RWX flags setting unpack itself |
|
2
office15client.microsoft.com(52.109.112.104) 52.109.124.116
|
|
|
2.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10122 |
2021-07-15 22:39
|
0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db VBA_macro MSOffice File OS Processor Check RWX flags setting unpack itself |
|
3
office15client.microsoft.com(52.109.112.104) 52.109.112.104 52.109.124.116
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10123 |
2021-07-15 23:07
|
0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db VBA_macro MSOffice File OS Processor Check Malware Malicious Traffic Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
2
http://trictuatiove.com/8/forum.php http://api.ipify.org/
|
4
api.ipify.org(54.235.121.178) trictuatiove.com(194.147.115.74) 194.147.115.74 54.243.175.83
|
|
|
7.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10124 |
2021-07-15 23:09
|
000628389672_1.xlsm be08be775737dbd2ef07cd65b3c95d7e VBA_macro VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
2.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10125 |
2021-07-15 23:17
|
0712_1535841550.doc 116c69c018829ee0342b177523161cd4 VBA_macro MSOffice File OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
3
http://trictuatiove.com/8/forum.php - rule_id: 2851 http://trictuatiove.com/8/forum.php http://api.ipify.org/
|
4
api.ipify.org(54.235.88.121) trictuatiove.com(194.147.115.74) 194.147.115.74 50.19.100.233
|
|
1
http://trictuatiove.com/8/forum.php
|
9.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|