| 10321 |
2021-07-22 10:23
|
 Invoice_748055.xls c2d2852e6521b53d220c38d2418fc982
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://waunake.com:8088/images/SGSRZF.png
|
2
waunake.com(208.83.69.35)
128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10322 |
2021-07-22 10:25
|
 notepad.exe 77f2cba48c800cf3c24b14a60168158a
UPX ScreenShot Http API Steal credential AntiDebug AntiVM PE32 PE File VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself Tofsee |
|
2
t.me(149.154.167.99)
149.154.167.99
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10323 |
2021-07-22 10:26
|
 Invoice_55485812.xls c77cd6616dedbf3669345842f7231830
VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself suspicious process |
10
http://properlysolutionsco.com:8088/app/xDG6fC.png
http://taskremindment.com:8088/img/b486Pv.png
http://waunake.com:8088/css/EOIxmku.png
http://paymetconfirm.com:8088/wp-theme/oQE8Qo7.png
http://paymetconfirm.com:8088/tpls/OcXP6U.png
http://paymetconfirm.com:8088/app/SGSRZF.png
http://waunake.com:8088/js/xpt9.png
http://paymetconfirm.com:8088/wp-content/FICvR.png
http://payreminament.com:8088/templates/oQE8Qo7.png
http://payreminament.com:8088/wp-theme/EOIxmku.png
|
7
waunake.com(208.83.69.35)
properlysolutionsco.com(128.199.243.169) - mailcious
payreminament.com(128.199.243.169) - malware
paymetconfirm.com(128.199.243.169) - mailcious
taskremindment.com(128.199.243.169) - malware
128.199.243.169 - malware
208.83.69.35 - malware
|
|
|
2.2 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10324 |
2021-07-22 10:27
|
 raccon.exe 7033117dc3ecbb319aec9d5d66e4297f
UPX PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10325 |
2021-07-22 10:27
|
 Invoice_480219.xls f70c0885e76e57f37399d54b10f183ad
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://payreminament.com:8088/javascript/UuqDiHK.png
|
2
payreminament.com(128.199.243.169) - malware
208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10326 |
2021-07-22 10:30
|
 Invoice_610034.xls 0b2f7083ce53cfa4fdd59ebeb6cc52a7
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://paymetconfirm.com:8088/uploads/oQE8Qo7.png
|
2
paymetconfirm.com(128.199.243.169) - mailcious
208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10327 |
2021-07-22 10:30
|
 Invoice_796027.xls e441f6929784d724596f9fb7ec292f6e
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://payreminament.com:8088/css/0oU1n.png
|
2
payreminament.com(128.199.243.169) - malware
128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10328 |
2021-07-22 10:32
|
 0oU1n.png 88453945ce19bdad841603e1b449ad30
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.0 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10329 |
2021-07-22 10:32
|
 Invoice_546006.xls bcd570e0e7b1498a3484ee2a66325a39
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
|
2
payreminament.com(128.199.243.169) - malware
128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10330 |
2021-07-22 10:32
|
 b486Pv.png fa5ec3e53520d0d4de5e26611b8cd51d
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10331 |
2021-07-22 10:33
|
 Invoice_440258.xls eee3566e437c8b23918daba36b7c5518
Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://properlysolutionsco.com:8088/app/m0gy97Q.png
|
2
properlysolutionsco.com(208.83.69.35) - mailcious
208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.6 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10332 |
2021-07-22 10:34
|
 Invoice_7028090.xls 4ccde33da5102adc2990f49331e84b56
VBA_macro MSOffice File VirusTotal Malware unpack itself |
|
|
|
|
1.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10333 |
2021-07-22 10:34
|
 Mentol.exe 3ef497d32acf7ba8bcbf6281b2e7ff7b
UPX PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10334 |
2021-07-22 10:34
|
 a.exe cf53febec7e1376c2e42b3857ab25424
PE32 PE File Browser Info Stealer VirusTotal Malware PDB Browser Remote Code Execution |
|
|
|
|
2.0 |
|
46 |
Kim.GS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10335 |
2021-07-22 10:34
|
 biJze.png 3c2244956646acde36ff20732eb63071
Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.0 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|