| 10306 |
2021-07-22 08:47
|
 suntogether.png 23058318c8080fe49fe723765f748141
UPX PE32 OS Processor Check PE File Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed |
1
https://60.51.47.65/rob110/TEST22-PC_W617601.069B970E33206BB7EEBB7361338F377D/5/file/
|
7
185.56.76.28 - mailcious
60.51.47.65 - mailcious
204.138.26.60 - mailcious
74.85.157.139 - mailcious
38.110.103.136 - mailcious
97.83.40.67
38.110.103.18 - mailcious
|
4
ET CNC Feodo Tracker Reported CnC Server group 22
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 25
|
|
6.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10307 |
2021-07-22 10:15
|
 Invoice_961423.xls 8939f905920f2c23d01ae9dfd3ac653a
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://taskremindment.com:8088/wp-theme/h8f6.png
|
2
taskremindment.com(208.83.69.35) - malware
208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10308 |
2021-07-22 10:15
|
 oQE8Qo7.png adb1d947f0901a4f3cb0b8ad1a6ee385
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10309 |
2021-07-22 10:16
|
 xDG6fC.png e92d48a038b4208fafd89f2ed6c630fb
Dridex PE32 DLL PE File |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10310 |
2021-07-22 10:16
|
 OcXP6U.png 0b1a2653ee163b6138a01b38b8f6d22a
Dridex PE32 DLL PE File |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10311 |
2021-07-22 10:16
|
 xpt9.png 8b8ec117d4cc2eb8cb246433c1090dec
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10312 |
2021-07-22 10:17
|
 P4GlorySetp.exe 3f6b84ccd4292674328ab4754f4a5ba2
RAT Generic Malware PE32 .NET EXE PE File OS Processor Check Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key crashed |
10
http://kalamaivig.xyz/
https://music-s.xyz/?user=p4_6
https://music-s.xyz/?user=p4_4
https://music-s.xyz/?user=p4_5
https://music-s.xyz/?user=p4_2
https://music-s.xyz/?user=p4_3
https://music-s.xyz/?user=p4_1
https://iplogger.org/1XqVr7
https://api.ip.sb/geoip
https://iplogger.org/1DSJe7
|
8
iplogger.org(88.99.66.31) - mailcious
api.ip.sb(104.26.13.31)
music-s.xyz(172.67.130.27)
kalamaivig.xyz(212.224.105.79)
88.99.66.31 - mailcious
172.67.75.172
212.224.105.79
104.21.7.102
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10313 |
2021-07-22 10:18
|
 Invoice_76421482.xls 0340ceae3de84b3968aee6c555fda030
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://paymetconfirm.com:8088/uploads/h8f6.png
|
2
paymetconfirm.com(208.83.69.35) - mailcious
128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10314 |
2021-07-22 10:18
|
 FICvR.png 56c09545b796f22000b20c84bf6b505b
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10315 |
2021-07-22 10:18
|
 m0gy97Q.png 86a93f39f3390d3c284b99e81e8b1a7d
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10316 |
2021-07-22 10:19
|
 Invoice_4415840.xls e14a0a927e2e4f5492df393e7cb9633c
Dridex VBA_macro MSOffice File PE32 DLL PE File Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://waunake.com:8088/js/xpt9.png
|
2
waunake.com(128.199.243.169)
128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10317 |
2021-07-22 10:20
|
 Invoice_730621.xls 15d1252024d046b76737f80017b31b5e
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://taskremindment.com:8088/css/b486Pv.png
|
2
taskremindment.com(128.199.243.169) - malware
128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10318 |
2021-07-22 10:20
|
 1d6vP.png dc8803148639b547891db02a455575bb
Dridex PE32 DLL PE File |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10319 |
2021-07-22 10:21
|
 Invoice_46470539.xls 5d15ccd61fa8f1488c26d0d4e39904dd
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows DNS |
1
http://taskremindment.com:8088/tpls/h8f6.png
|
3
taskremindment.com(208.83.69.35) - malware
128.199.243.169 - malware
20.43.94.199
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.2 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10320 |
2021-07-22 10:23
|
 Red.exe d21abe71ba2abf923b575299dc17854f
UPX PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|