10321 |
2021-07-22 10:23
|
Invoice_748055.xls c2d2852e6521b53d220c38d2418fc982 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://waunake.com:8088/images/SGSRZF.png
|
2
waunake.com(208.83.69.35) 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10322 |
2021-07-22 10:25
|
notepad.exe 77f2cba48c800cf3c24b14a60168158a UPX ScreenShot Http API Steal credential AntiDebug AntiVM PE32 PE File VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself Tofsee |
|
2
t.me(149.154.167.99) 149.154.167.99
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10323 |
2021-07-22 10:26
|
Invoice_55485812.xls c77cd6616dedbf3669345842f7231830 VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself suspicious process |
10
http://properlysolutionsco.com:8088/app/xDG6fC.png http://taskremindment.com:8088/img/b486Pv.png http://waunake.com:8088/css/EOIxmku.png http://paymetconfirm.com:8088/wp-theme/oQE8Qo7.png http://paymetconfirm.com:8088/tpls/OcXP6U.png http://paymetconfirm.com:8088/app/SGSRZF.png http://waunake.com:8088/js/xpt9.png http://paymetconfirm.com:8088/wp-content/FICvR.png http://payreminament.com:8088/templates/oQE8Qo7.png http://payreminament.com:8088/wp-theme/EOIxmku.png
|
7
waunake.com(208.83.69.35) properlysolutionsco.com(128.199.243.169) - mailcious payreminament.com(128.199.243.169) - malware paymetconfirm.com(128.199.243.169) - mailcious taskremindment.com(128.199.243.169) - malware 128.199.243.169 - malware 208.83.69.35 - malware
|
|
|
2.2 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10324 |
2021-07-22 10:27
|
raccon.exe 7033117dc3ecbb319aec9d5d66e4297f UPX PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10325 |
2021-07-22 10:27
|
Invoice_480219.xls f70c0885e76e57f37399d54b10f183ad Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://payreminament.com:8088/javascript/UuqDiHK.png
|
2
payreminament.com(128.199.243.169) - malware 208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10326 |
2021-07-22 10:30
|
Invoice_610034.xls 0b2f7083ce53cfa4fdd59ebeb6cc52a7 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://paymetconfirm.com:8088/uploads/oQE8Qo7.png
|
2
paymetconfirm.com(128.199.243.169) - mailcious 208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10327 |
2021-07-22 10:30
|
Invoice_796027.xls e441f6929784d724596f9fb7ec292f6e Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://payreminament.com:8088/css/0oU1n.png
|
2
payreminament.com(128.199.243.169) - malware 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10328 |
2021-07-22 10:32
|
0oU1n.png 88453945ce19bdad841603e1b449ad30 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.0 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10329 |
2021-07-22 10:32
|
Invoice_546006.xls bcd570e0e7b1498a3484ee2a66325a39 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
|
2
payreminament.com(128.199.243.169) - malware 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10330 |
2021-07-22 10:32
|
b486Pv.png fa5ec3e53520d0d4de5e26611b8cd51d Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10331 |
2021-07-22 10:33
|
Invoice_440258.xls eee3566e437c8b23918daba36b7c5518 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://properlysolutionsco.com:8088/app/m0gy97Q.png
|
2
properlysolutionsco.com(208.83.69.35) - mailcious 208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.6 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10332 |
2021-07-22 10:34
|
Invoice_7028090.xls 4ccde33da5102adc2990f49331e84b56 VBA_macro MSOffice File VirusTotal Malware unpack itself |
|
|
|
|
1.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10333 |
2021-07-22 10:34
|
Mentol.exe 3ef497d32acf7ba8bcbf6281b2e7ff7b UPX PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10334 |
2021-07-22 10:34
|
a.exe cf53febec7e1376c2e42b3857ab25424 PE32 PE File Browser Info Stealer VirusTotal Malware PDB Browser Remote Code Execution |
|
|
|
|
2.0 |
|
46 |
Kim.GS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10335 |
2021-07-22 10:34
|
biJze.png 3c2244956646acde36ff20732eb63071 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.0 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|