10366 |
2021-07-22 11:14
|
4.exe 8d4f45dd9a5b28f07fd1e3b1067de4b0 PWS .NET framework Generic Malware Malicious Packer UPX AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows DNS |
|
1
|
|
|
9.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10367 |
2021-07-22 11:16
|
Invoice_22334840.xls b44b877cd497d2e932b11d3bbdb0b425 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://paymetconfirm.com:8088/wp-content/xDG6fC.png
|
2
paymetconfirm.com(128.199.243.169) - mailcious 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10368 |
2021-07-22 11:17
|
Invoice_27943880.xls b24e46b73441f06294548c8dcfea1b9a Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows DNS |
|
3
payreminament.com(208.83.69.35) - malware 128.199.243.169 - malware 172.67.188.154
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.2 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10369 |
2021-07-22 11:18
|
h8f6.png 65638d179046f7caec06dc03e508b040 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10370 |
2021-07-22 11:19
|
.wininit.exe 6c15b3de8c54e5e3339a446af50fc48a PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
12
http://www.qlitepower.com/u6bi/?Qzr=1k4Zbtr5qJsM5vb+nCc1RtqLNSlEV56rdwHsyrYsdWuxAHujsE+/kqYHwWFZMjg//PxuK5F/&MJBx=FdCtDF7XaZvxp8w0 http://www.hoteldeleauvive.com/u6bi/?Qzr=Nyc2YhozQKXVlLlciX6kLgdl8bU+GCN9h1lDz3eb9lIErelo3CPDQuRTyPJW5nuLHOoSx63O&MJBx=FdCtDF7XaZvxp8w0 http://www.xn--ikkonentra-3ib.com/u6bi/ http://www.qlitepower.com/u6bi/ http://www.xn--ikkonentra-3ib.com/u6bi/?Qzr=Alb+31RER827oJKoAZKtUC9xLgeRVXG2/R2lPNHxrVsvQtPyk+XkiQN5cD2ULkeVDBFpF8xG&MJBx=FdCtDF7XaZvxp8w0 http://www.metal1sa.com/u6bi/?Qzr=pwS+IOf2u60nfctfqEFv+iNeCGM+l9BfCMtvUdwL9Vl671ZMadWIrQKirylOtDOqThJQIFy0&MJBx=FdCtDF7XaZvxp8w0 http://www.hoteldeleauvive.com/u6bi/ http://www.mengyaheng.com/u6bi/?Qzr=0xmfmt3sRYbRTTwLNNT9pAsQsaQjFpYmJYNce8vZzSwwLJY04f0sfVw2rmpH+c5OwJtf8Ejk&MJBx=FdCtDF7XaZvxp8w0 http://www.metal1sa.com/u6bi/ http://www.semmedodigital.com/u6bi/ http://www.mengyaheng.com/u6bi/ http://www.semmedodigital.com/u6bi/?Qzr=+lGwzqC1WP7o9kCJnS3226ITQ/a7dx3yrGIoMrvEoA3kol03AZo96bUrtB6X6HqR0nBL3NXL&MJBx=FdCtDF7XaZvxp8w0
|
12
www.mengyaheng.com(13.59.53.244) www.metal1sa.com(156.226.119.180) www.semmedodigital.com(108.179.252.34) www.hoteldeleauvive.com(212.32.237.92) www.qlitepower.com(198.38.88.88) www.xn--ikkonentra-3ib.com(34.102.136.180) 108.179.252.34 18.119.87.32 34.102.136.180 - mailcious 23.82.12.29 - suspicious 198.38.88.88 - mailcious 156.226.119.180
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.6 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10371 |
2021-07-22 11:21
|
1TonerRecoverSetup.exe b00c3cae96c60f581ccdf896dabb6bb9 Emotet Generic Malware UPX PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Browser ComputerName DNS |
7
http://google.com/ http://www.google.com/ https://www.google.com/favicon.ico https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/?gws_rd=ssl https://iplogger.org/2LBCU6
|
8
iplogger.org(88.99.66.31) - mailcious google.com(216.58.197.238) ssl.gstatic.com(172.217.161.35) www.google.com(216.58.220.100) 142.250.204.35 88.99.66.31 - mailcious 172.217.174.206 172.217.26.132
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
6.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10372 |
2021-07-22 13:11
|
MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10373 |
2021-07-22 13:14
|
MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10374 |
2021-07-22 13:15
|
MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10375 |
2021-07-22 13:18
|
MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10376 |
2021-07-22 13:18
|
MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10377 |
2021-07-22 13:57
|
12.bin f07a2b61edd48c6d6c310cf9b7e4882e Gen2 Gen1 VMProtect UPX Malicious Packer PE32 PE File DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Malware IoC Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Ransomware Zeus Windows Browser Advertising ComputerName DNS Software |
5
http://134.209.203.126/hornycock/gate.php?type=settings http://134.209.203.126/hornycock/gate.php?type=loader&tag=traffer1 http://134.209.203.126/hornycock/gate.php?type=ip http://134.209.203.126/hornycock/gate.php?type=report&tag=traffer1&uid=39B06D4D868D1303186797&passwords=0&cookies=2&autofill=0&cc=0&wallets=0&steam=0&battlenet=0&telegram=1&discord=0&jabber=0&vpn=0&ftp=1 http://134.209.203.126/hornycock/system/assets/bundle.bin
|
1
|
7
ET MALWARE Generic .bin download from Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Generic gate[.].php GET with minimal headers ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad ET HUNTING Suspicious GET To gate.php with no Referer SURICATA HTTP unable to match response to request
|
|
11.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10378 |
2021-07-22 13:58
|
sefile.exe 61aebacc57db53ca2f2a2861fb34744d UPX PE32 PE File PDB unpack itself |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10379 |
2021-07-22 14:00
|
lovemetertok.exe ea252a83f501a1fd293d4a649cce274a Emotet Gen1 UPX PE32 OS Processor Check DLL PE File Dridex TrickBot VirusTotal Malware Report suspicious privilege MachineGuid Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed |
4
https://138.34.28.219/login.cgi?uri=/index.html - rule_id: 2674 https://38.110.100.142/index.html https://38.110.100.142/cookiechecker?uri=/rob109/TEST22-PC_W617601.033D15E7FF3E0057948BB374FD3A56B7/5/file/ https://184.74.99.214/rob109/TEST22-PC_W617601.033D15E7FF3E0057948BB374FD3A56B7/5/file/
|
12
38.110.103.113 - mailcious 68.69.26.182 - mailcious 154.58.23.192 - mailcious 204.138.26.60 - mailcious 74.85.157.139 - mailcious 184.74.99.214 217.115.240.248 - mailcious 38.110.103.124 - mailcious 185.56.76.108 - mailcious 185.56.76.94 - mailcious 138.34.28.219 - mailcious 38.110.100.142
|
4
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 22 ET CNC Feodo Tracker Reported CnC Server group 10 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
1
https://138.34.28.219/login.cgi
|
8.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10380 |
2021-07-22 14:02
|
【至急】東京オリンピック開催に伴うサイバー攻撃等発生に関する... 8edf0aa789d976df0c80fd8d62734ded PE32 PE File VirusTotal Malware |
|
|
|
|
2.4 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|