10291 |
2021-07-21 14:21
|
dmwa.jpg dc71ed81724056f7ee199d098356e155 Dbatloader Generic Malware Malicious Packer UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE32 PE Fi Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName |
1
https://76kepq.dm.files.1drv.com/y4mfYXFeTR_Ch4yMUxBhGGnwhDE7hgr_NuxbuYuPVCeHQHoWh9YKArGfacbCBDvkR9WkGyTZuAfTXvGsibWCLTCpi5ZBEJ2vWViiuzC4TRdZCCYa3RZSy_KCQvebj3xKHiDrqLp3jRaktZViQCukOnbaTxezR7YS3Q0sl7EEYxxInKAZMLwlPwzWEzwZwge7cDpF_cIkmU5Fn4epJr1NvBgJw/Ouioeespyllwrovblhytdqoivltnmwm?download&psid=1
|
4
76kepq.dm.files.1drv.com(13.107.42.12) onedrive.live.com(13.107.42.13) - mailcious 13.107.42.13 - mailcious 13.107.42.12 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10292 |
2021-07-21 14:58
|
SCSKAppLink_dll b3a8c88297daecdb9b0ac54a3c107797 Lazarus Family UPX Malicious Library PE32 OS Processor Check DLL PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.0 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10293 |
2021-07-21 16:17
|
file12.bin.exe a3cdbeb1d41c114bee6784c02ca42cd6 PE32 PE File VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
3.0 |
M |
47 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10294 |
2021-07-22 00:16
|
vitafoods.com Update.htm 20b9f99a81f6edbda4253942ad50ba17 Admin Tool (Sysinternals etc ...) AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
4
https://code.jquery.com/jquery-1.12.4.min.js https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.eot https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-regular-400.eot https://use.fontawesome.com/releases/v5.7.0/css/all.css
|
4
use.fontawesome.com(172.67.214.69) code.jquery.com(69.16.175.42) 172.67.214.69 69.16.175.42 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.6 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10295 |
2021-07-22 03:54
|
Expiry Notification July 21 20... 7d8b845525ad8e4f8450065bb2a606f7 DGA Escalate priviledges KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM MSOffice File PNG Format Email Client Info Stealer MachineGuid Checks debugger RWX flags setting unpack itself installed browsers check Windows Browser Email Cryptographic key |
|
1
outlook.linkedinlabs.com()
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10296 |
2021-07-22 03:54
|
Capture.PNG 83425938267eae3b1052b32ff82b03c8 DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10297 |
2021-07-22 03:55
|
vitafoods.com Update.htm 20b9f99a81f6edbda4253942ad50ba17 BitCoin Admin Tool (Sysinternals etc ...) DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffic Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
4
https://code.jquery.com/jquery-1.12.4.min.js https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.eot https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-regular-400.eot https://use.fontawesome.com/releases/v5.7.0/css/all.css
|
4
use.fontawesome.com(172.67.214.69) code.jquery.com(69.16.175.10) 69.16.175.10 - malware 104.21.78.7
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10298 |
2021-07-22 04:01
|
Expiry Notification July 21 20... 7d8b845525ad8e4f8450065bb2a606f7 DGA Escalate priviledges KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM MSOffice File Email Client Info Stealer MachineGuid Checks debugger RWX flags setting unpack itself installed browsers check Windows Browser Email Cryptographic key |
|
1
outlook.linkedinlabs.com()
|
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10299 |
2021-07-22 04:01
|
Capture.PNG 83425938267eae3b1052b32ff82b03c8 DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10300 |
2021-07-22 04:01
|
vitafoods.com Update.htm 20b9f99a81f6edbda4253942ad50ba17 BitCoin Admin Tool (Sysinternals etc ...) DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffic Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
5
https://code.jquery.com/jquery-1.12.4.min.js
https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.eot
https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-regular-400.eot
https://use.fontawesome.com/releases/v5.7.0/css/all.css
https://sjwo.be/wp-includes/Requests/Auth/1/hot/1/g/contact.php
|
4
use.fontawesome.com(172.67.214.69)
code.jquery.com(69.16.175.42) 172.67.214.69
69.16.175.10 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10301 |
2021-07-22 04:02
|
vitafoods.com Update.htm 20b9f99a81f6edbda4253942ad50ba17 Admin Tool (Sysinternals etc ...) AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
5
https://code.jquery.com/jquery-1.12.4.min.js
https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.eot
https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-regular-400.eot
https://use.fontawesome.com/releases/v5.7.0/css/all.css
https://sjwo.be/wp-includes/Requests/Auth/1/hot/1/g/contact.php
|
4
use.fontawesome.com(172.67.214.69)
code.jquery.com(69.16.175.10) 172.67.214.69
69.16.175.10 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10302 |
2021-07-22 04:25
|
http://www.minutoverde.cl 840006cb22684bf9760add2877ce940d DGA DNS Socket Sniff Audio KeyLogger HTTP Internet API ScreenShot Http API Downloader persistence Create Service Escalate priviledges Code injection Hijack Network FTP Steal credential P2P AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
32
http://www.minutoverde.cl/wp-content/themes/minutoverde2016/images/compra-online.png http://www.google-analytics.com/analytics.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/jquery.easing.1.3.js http://www.minutoverde.cl/wp-includes/js/wp-emoji-release.min.js?ver=5.5.5 http://www.minutoverde.cl/ http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/vendor/jquery-1.11.2.min.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/img/af.png http://www.minutoverde.cl/wp-content/themes/minutoverde2016/css/main.css?v=45789 http://www.minutoverde.cl/?wordfence_lh=1&hid=CC3BB0162C8EB8A0676E1E63E7E5C181&r=0.10756288113803386 http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/isotope.pkgd.min.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/main.js?v=77341 http://www.minutoverde.cl/wp-content/themes/minutoverde2016/img/pagoonline.png http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/jpreloader.min.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/favicon.ico http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/animatescroll.min.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/img/logo-minutoverde.png http://www.minutoverde.cl/wp-content/themes/minutoverde2016/img/100-natural.png http://www.minutoverde.cl/wp-content/themes/minutoverde2016/img/fono-consulta.png http://www.minutoverde.cl/wp-content/themes/minutoverde2016/images/buscador-recetas.png http://www.minutoverde.cl/wp-includes/css/dist/block-library/style.min.css?ver=5.5.5 http://www.minutoverde.cl/wp-content/themes/minutoverde2016/images/bx_loader.gif http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/jquery.bxslider.min.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/fancybox/jquery.fancybox.pack.js http://www.minutoverde.cl/wp-content/themes/minutoverde2016/js/jquery.color.js https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2016/03/home-seguridad.jpg https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2016/06/productos-home.png https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2016/03/home-quienes-somos.jpg https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2016/03/home-contacto2.jpg https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2019/06/mverdeg.png https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2018/04/IMAGEN-DESTACADA-HOME_-1152x609-6.jpg https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2017/12/IMAGEN-DESTACADA-HOME_-1152x609-3.jpg https://cdn-global-mr.s3-sa-east-1.amazonaws.com/minutoverde/uploads/2016/03/home-exportaciones.jpg
|
6
www.minutoverde.cl(52.67.220.192) cdn-global-mr.s3-sa-east-1.amazonaws.com(52.95.164.75) www.google-analytics.com(172.217.175.78) 52.95.164.71 142.250.199.78 52.67.220.192 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10303 |
2021-07-22 04:42
|
http://www.enjoy.cl b1ec6d63aa3afbbeb1c9a17ab586b855 Generic Malware DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffice File Code Injection Creates executable files ICMP traffic exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
11
http://www.enjoy.cl/ https://www.enjoy.cl/favicon.ico https://www.enjoy.cl/scripts.2e07a73c48ebf6087b7b.js https://www.googletagmanager.com/gtag/js?id=UA-154862677-1 https://www.enjoy.cl/runtime.8d1fe426701d3882e027.js https://www.enjoy.cl/styles.5e6a0d6057f87ea05867.css https://www.enjoy.cl/ https://www.enjoy.cl/es2015-polyfills.d1231a5a877671dfc79b.js https://www.google-analytics.com/analytics.js https://www.enjoy.cl/polyfills.ca0ff4fb5fa4b0cc2c5d.js https://www.enjoy.cl/main.02731a02abe14e963b9b.js
|
6
www.googletagmanager.com(172.217.25.104) www.enjoy.cl(201.238.194.110) www.google-analytics.com(172.217.175.78) 216.58.200.78 142.250.204.136 201.238.194.110
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10304 |
2021-07-22 08:39
|
stin.exe 31e8c459191e48965eba2e6e50f9f70c Antivirus Malicious Library PE32 OS Processor Check PE File VirusTotal Malware sandbox evasion Browser |
|
2
tanxi520.xyz(45.89.106.164) 45.89.106.164
|
|
|
3.6 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10305 |
2021-07-22 08:39
|
skin.exe 0dd3173feb2aad3ff8ea4ec119a88640 AntiDebug AntiVM PE32 PE File Malware download VirusTotal Malware AutoRuns Code Injection Malicious Traffic Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Botnet |
2
http://192.168.56.1/ipc$ http://192.168.56.1/
|
2
tanxi520.xyz(45.89.106.164) 45.89.106.164
|
1
ET MALWARE [PTsecurity] Botnet Nitol.B Checkin
|
|
9.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|