1141 |
2020-07-29 23:38
|
invoice_25225.doc 994c751f8ecc657be98920365929f4cf Vulnerability VirusTotal Malware buffers extracted exploit crash unpack itself Exploit DNS crashed |
1
http://www.reallylong.link/rll/x0ujLn/Ac7Ov1og34qTvUTmtYZwI3VnZMmA9xnQoL2nw8LVl3ki04m7tRILnEIjlORRzLGSancoeZn6hbRixtdQL9bcDTKZQA6CQQDALvBuwo9x/oLm0ZWJU_ZTaxcjKvXRFzkzXI/36kYcrIDgZH145JEBfp6G8r9KAnnNapt9rU8lQykyp4FmAQ131SV6nI1s_WYqP4oumrMLYHXs0j4ej5poLtrjnr72LBSdNRSlMOAsDVGzbNn9NbaHJL1SQYeGeLT91ENx4SRpwbn0ITNP3MvpczN5Eq8tUAHiRj41hdW5HBTZL/BULQCfC9R_mE1lFAX3SK8SHuuItE_VyI5b7X_yq0n2cqQmxbVDn5iuo5xvPKSz5HCJt11FN_HmFS_I71IHj1hlkKXTjqTJ6UuupzTU8eRqnVWbWD2ivr8P98JMo9w41sSdDQab71_VhuhiOd8Yg9g9BfKl1X8G8iHjkVtSX6_5WdBi/FiLKw/LM296LW9ryDevgg99uEY77_w2Rls5P5QOrURwSUglG0eR23dgPKx90iJxjeBrJAtt7mXoZYb2v9NWWLvyMeqznGC9eOcpgAGJXbYADKpVH59SUaMX8Aq5TMf0BwlOLtvKbnG4iH73P_0vIgmR3/scMp2UfTuzJZ6Nn24Qxw6t0ajTxQ9SM94Yv1Xg7ebnUgCnALpGwd9O1cwcFT51tgFq6Cj5b1BO9uKHV7raurtdbRMRBvi5/i0OW5ZpHZjs5EuezR5DygO0JQBGudqLZopLvyczEbZo/GDp9DoSXTT965KSCg2AEniv1yDPvw9lG3mrrSi1Ng7U7VnqQ/RhH_eWlvNz7DQAt8mXnZc5fWiCenIzyw3UiLLb34IEa42p_qqAp9xKkLOnJAvB8fkOWyFGteP4xXzmmRevXOBAp3Eeua_78OiDfclnAXcfw9KstzBi/vuK4pUJAHWYu04kDYHnmJz15VKq6_0RcNttZ4r5ZUiSgfWx5l7MiQpxBsc2BpVgBSiw/HboDLeL_A0CvetpRYcU4G8LHGd5HXzXUvAoqVCY/o02GgDd3h3dUDGehgf5LrHBru6aQiHioIl6q/a5N4_oLHKQ3kDicHLxDWqNiuYL_H20szYSIveqY1i3WfoZJCkvf9v2LgbyDMgueyGbeWKa3Kob8QYs3eVVRFSBBwnRKNGsCyDvUbG_QU3dKguW7qevFOXkQYpy79vpU2eZKyarQWxLDFlTRWTG_nL8ZYysqcI3gdgjZcPNj/bg87MtA/LzLumQrcDBdt_2CCPRoI9V3d9nrt3QMCCjxM3JtgPWYFGyxPeroCvMc4lh5w8oshciWfO269SNYUMZj4xquhO_gqKsZ7xnEIZpzKPf8NHmzrmXautjW8d_ZCE6HAuWrIrIR5IyTxxrQQrsurQwDJ2YuDMNdcMdIbhkR9yLHT4gEeaVu6zT3OHBkV3qD4AkMTlBmUcfK/W96Yk3yiSW_kUWTnpmDovWNJ8_n_CQzEgHaHNIbworup3i4I0KNfFTdWuRRoJaw4tlsCNPpmfoCjCKo9mguCBAX_CdgouO_8L4dGqbUvVvfNnwrwWyTQqSUQIDTWam_RmGILb80Gs/8IzX3Fa8rgWWFbFX8/fa396nkk3Yj6QtiLo2egR5opzB9QixP_eh7mBNYA3LTrFG2H8CbWceBjc_VJ1A80gwPbtIBrfVoSZAXD3IiLO6NeUuzpWaKC19qAZ0nZkptsEARpS7/zL8KJrr95SCKOH_vj/OYSE2zrQCudU1PX1zScSyAuCsr__ZCDTd5D6z9OG4/pmTdjVLsI0H7p71AT9Wmjxp8GtTlHQ_aZSEZtzVOSoI3BbXtDrbEW88o60CjGCu8bKr/wjqKO63QGiA/5ETdMBaaERRUl9giYK7/d0_zSESiSc1_AOAP7iN3NpC7YeEy9bnFrHCkFWBSo0NUXMu/opY3uB8xxDVCBAw6e3uaYTbVS5j
|
1
|
|
|
5.0 |
|
23 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1142 |
2020-07-29 23:40
|
tpriv.ps1 422390f87f4c83bb435dfeaa0db7bd9b VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Auto service powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization Ransomware Windows Tor ComputerName DNS Cryptographic key |
11
http://185.10.68.147/win/val/ichigo.bin http://185.10.68.147/win/del.ps1 http://185.10.68.147/win/sasd.bat http://www.royerconseil-finances.ch/js/tiny_mce/temp/l.exe http://185.10.68.147/mssql https://www.royerconseil-finances.ch/js/tiny_mce/temp/r.exe https://185.10.68.147/win/min/32.exe https://185.10.68.147/win/3p/ichigo-lite.ps1 https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-PowerDump.ps1 https://raw.githubusercontent.com/Kevin-Robertson/Invoke-TheHash/master/Invoke-WMIExec.ps1 https://raw.githubusercontent.com/Kevin-Robertson/Invoke-TheHash/master/Invoke-TheHash.ps1
|
7
151.101.76.133 185.10.68.147 185.10.68.220 188.92.73.19 188.92.74.70 194.135.88.153 51.91.236.193
|
|
|
24.2 |
M |
9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1143 |
2020-07-29 23:59
|
wop.exe 301f883fe5145bad9b1e5044c691a7ba Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed keylogger |
1
http://checkip.amazonaws.com/
|
3
151.101.76.133 209.99.40.223 50.19.206.143
|
|
|
12.0 |
M |
36 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1144 |
2020-07-29 23:59
|
winlog.exe 33d28d8be1d957a58d32a2100393d696 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
4.0 |
M |
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1145 |
2020-07-30 00:11
|
Doc_20200729_OYO975.doc 43e0305c2cc8aaf8b50bb2e2c24e6efa Vulnerability VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1146 |
2020-07-30 00:15
|
harl.exe 603a9d172499974f5dce0a3ce6365cd9 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs crashed |
|
|
|
|
3.4 |
M |
14 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1147 |
2020-07-30 09:39
|
http://factorialk.pp.ua/wp-adm... Code Injection unpack itself Windows utilities Windows |
1
http://factorialk.pp.ua/wp-admin/gGQxSh/qes48.exe
|
2
factorialk.pp.ua(89.184.73.25) 89.184.73.25
|
|
|
2.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1148 |
2020-07-30 09:42
|
https://cdn1.estsecurity.com/s... de15c8aea224b9c0f6e81d5a0431b461 Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed |
1
https://cdn1.estsecurity.com/setup/ALYac/ALYac25.exe
|
1
|
|
|
4.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1149 |
2020-07-30 09:47
|
http://www.viportal.co/shoock/... a156f22115cbe7dece3bbc5ad71389c9 VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Windows DNS |
1
http://www.viportal.co/shoock/FILE/
|
1
|
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1150 |
2020-07-30 10:22
|
http://www.viportal.co/shoock/... f2f4df4d498ec04a644a72490978a355 Vulnerability VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger exploit crash unpack itself Windows utilities malicious URLs Windows Exploit crashed |
2
http://www.viportal.co/shoock/FILE/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
|
5
www.viportal.co(209.250.225.52) iecvlist.microsoft.com(117.18.232.200) ie9cvlist.ie.microsoft.com(117.18.232.200) 117.18.232.200 209.250.225.52
|
|
|
7.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1151 |
2020-07-30 11:03
|
http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files unpack itself Windows utilities Windows DNS |
6
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
2
172.217.31.234 35.226.40.154
|
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1152 |
2020-07-30 11:15
|
INVOICE 2716-300397.doc bcc2fc9203b0b000565ce197db22a503 Vulnerability VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
28 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1153 |
2020-07-30 11:15
|
BAL_SL7895839983PH.doc d485d3df948c1ca2ac7ae5e9916cd704 Vulnerability VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
28 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1154 |
2020-07-30 11:32
|
http://www.nalara1220.o-r.kr/m... 543d9bb195c2df50e3dc076b6fdf95ef Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows |
5
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/main.jsp http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css
|
4
www.nalara1220.o-r.kr(35.226.40.154) ajax.googleapis.com(216.58.220.106) 172.217.25.10 35.226.40.154
|
|
|
3.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1155 |
2020-07-30 11:34
|
http://www.nalara1220.o-r.kr/m... 543d9bb195c2df50e3dc076b6fdf95ef Code Injection Creates executable files unpack itself Windows utilities Windows DNS |
5
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
|
2
216.58.200.10 35.226.40.154
|
|
|
3.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|