| 13306 |
2021-10-08 11:41
|
 QPL_112075000351102.exe c82829f407ca969d3553bf5bb86fdb38
RAT Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(119.207.65.137)
store2.gofile.io(31.14.69.10) - mailcious
31.14.69.10 - mailcious
121.254.136.27
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13307 |
2021-10-08 11:43
|
 qpl-075091120003.exe ac6fda43023f6764756838ae94fd4582
RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(119.207.65.137)
store2.gofile.io(31.14.69.10) - mailcious
31.14.69.10 - mailcious
121.254.136.57
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13308 |
2021-10-08 11:44
|
 wap-02.exe ca7b5f2ec232fadefa0af01ae3cba9be
RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows |
6
http://www.douyinliu.com/shjn/?GVoxs=NXrH5dXVIf0JrfP3fCMohyU6UzMUuLBIs5HJamiAFJBa71zEFBe74zKYGEWK4Di7AkOyBynK&5j=UlSt
http://www.adna17.com/shjn/
http://www.giftsetswithlove.com/shjn/
http://www.adna17.com/shjn/?GVoxs=gIQVuDcRIY4XvFUAl53fICEJ91WI1iSE0AUdTXzTDGz082gomeG4pb7wdAGgUXgOeQAeJBXd&5j=UlSt
http://www.giftsetswithlove.com/shjn/?GVoxs=ZBl8lW2eJ0MwkMU4DVEyYDgbZeNgb3w7J0PjjaiKv0ZfVzSRnG8+JqNvE/biPp4NOCeClOX4&5j=UlSt
http://www.douyinliu.com/shjn/
|
6
www.douyinliu.com(103.224.212.219)
www.adna17.com(35.215.156.178)
www.giftsetswithlove.com(74.208.236.108)
35.215.156.178
74.208.236.108
103.224.212.219
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
11.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13309 |
2021-10-08 11:48
|
 vbc.exe 1e600b33bd5e1420472158c1b2e145a5
Admin Tool (Sysinternals etc ...) UPX Malicious Library PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting unpack itself Tofsee Windows Remote Code Execution crashed |
22
http://www.rosalia-pilates-angers.com/rqan/
http://www.buyinsurance24.com/rqan/
http://www.panda.wiki/rqan/
http://www.moyue27.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA - rule_id: 6094
http://www.healthychefla.com/rqan/?JzrHHFG8=/u0lPg3tD0NXN01NZLIHWrUSxah+ttp+ICIzBMCDLsLXpz/De852rL6zDjoreHfIej37Aik5&3ff82=fRmTyhAx8Z7hI8
http://www.rosalia-pilates-angers.com/rqan/?JzrHHFG8=rpp+0QkQ3qVKCMOBOGYYzv2WLoTrYDsmUwusKofq8rFyUHqdXA6Sg5y77/rj9N63Y4/bVg+k&3ff82=fRmTyhAx8Z7hI8
http://www.panda.wiki/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=gU5bSh/7CfqjrE2rpuf/eAzoAuSxVzybBMr2Pb3WbUhF/rLA2ILmBnXhSTyTcKBMivgEyoIy
http://www.apollonfitnessvrn.club/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=VaQWeC1wRDDYU4/NF2iTKwsfx5eozyAXQ0Gm/adfAr5XvoDihf8e+XMwTRN2DLyVGLBuVunR
http://www.ramashi.com/rqan/
http://www.moyue27.com/rqan/ - rule_id: 6094
http://www.apollonfitnessvrn.club/rqan/
http://www.healthychefla.com/rqan/
http://www.deliciousrecipe.xyz/rqan/?JzrHHFG8=TkYqMerVxz/XEBbc3qELjgfNr9F8Q7KtV2VQM2Jzmym+o2tqQPbvsTw8MJro3B5iUwTS7PrT&3ff82=fRmTyhAx8Z7hI8
http://www.reviewbyornex.online/rqan/
http://www.ramashi.com/rqan/?JzrHHFG8=vOTuanZ5p+2kLOFJYcpBQYvwAM9pdzvrw3jIxlWAVr8jEAhUJWM6CEHoBExo5IsFxCN4cKyY&3ff82=fRmTyhAx8Z7hI8
http://www.cardboutiqueapp.com/rqan/?JzrHHFG8=7XmFwjbCeixI2TDSYCNwr0HgHUHoiQEi/VPj3ka7wDWICz/dm8qqNJY2vVzGU6p/p2qyOoMU&3ff82=fRmTyhAx8Z7hI8
http://www.reviewbyornex.online/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+YDaRZ0OalPDBvWQzxJiu3wS+1PqAY+bKICnQ4MGVASGkx7sRjvvr1ChSauunu02Av4WswUS
http://www.deliciousrecipe.xyz/rqan/
http://www.buyinsurance24.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=IsEdVHV5NqrP52w/RLJIM650zUtDtKNfdYF6IcU+A2DjJJEAliTsmnu18VuJSk4dLK+eOU5k
http://www.cardboutiqueapp.com/rqan/
https://5wxd1a.am.files.1drv.com/y4mJal6C0wcPc5EPc39Ol16AXikXzZQsUwOSxwiu1Ka6vH42e9Jx63Tz12DoO_Kb4fWQaHwB9hUzn00kQTKgFdW5XzXrBDWMwHDp36xxREnAS1mPv1kHNe_GUZ_ZPF0z2aZCVXBB65_Tg1cI2waYhNxVxfyYY7-nM4gEtwT_MWR62mM1CAEBu4U8UQAuvqkIdMrSKTd4ZLYGeZOsPvp9f7lWA/Sgvedpwygcjxcvszutvrfzwprorsoei?download&psid=1
https://5wxd1a.am.files.1drv.com/y4mHzZ-8Zvq2RFbhxYzwYTofdoEqTb8Ea40s6OQGA-1Sk1tMrMjOZ7rAoFyUfgFnRgDxm_zDpDZsmhjzmuswZgu3M13FXlKWeGMoidEGGtV5jWCCU2HKuIqL7n1nfBOIhOYUrVuY71NXgLrL39KcbqZYyGjUCtqlPDN53hjLb2CxVa2tA-2Q2lRuPzMv81fpMRD395ch94TTC_gXYCKkK31pg/Sgvedpwygcjxcvszutvrfzwprorsoei?download&psid=1
|
25
www.panda.wiki(34.102.136.180)
www.mapara-foundation.net()
onedrive.live.com(13.107.42.13) - mailcious
www.healthychefla.com(208.91.197.91)
www.ramashi.com(79.98.25.1)
www.reviewbyornex.online(2.57.90.16)
www.buyinsurance24.com(156.67.222.73)
www.rosalia-pilates-angers.com(109.106.246.213)
www.deliciousrecipe.xyz(104.21.49.221)
www.moyue27.com(34.102.136.180)
www.cardboutiqueapp.com(185.129.100.113)
www.century21nokta.com()
www.apollonfitnessvrn.club(185.215.4.67)
5wxd1a.am.files.1drv.com(13.107.42.12)
185.215.4.67
79.98.25.1 - mailcious
13.107.42.13 - mailcious
13.107.42.12 - malware
34.102.136.180 - mailcious
185.129.100.113
109.106.246.213
2.57.90.16 - mailcious
156.67.222.73 - malware
208.91.197.91 - mailcious
104.21.49.221
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
2
http://www.moyue27.com/rqan/
http://www.moyue27.com/rqan/
|
9.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13310 |
2021-10-08 11:49
|
 HCX.exe 9e77fbb6117c67df73060a9f34bbf85c
AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2 Malware download Remcos NetWireRC VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows RAT keylogger |
|
3
www.hcns-pr.com()
gdyhjjdhbvxgsfe.gotdns.ch(37.0.10.39)
37.0.10.39
|
1
ET MALWARE Remcos RAT Checkin 23
|
|
11.6 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13311 |
2021-10-08 11:49
|
 wap.exe 6c63918b39ec12855131ee16f7806daa
NPKI Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
14
http://www.anamentor.com/shjn/?EDK8gJC=tv0gbh/H/soz9i/0EOOET4kbqB9H6LwHpkop0tG7g7gxjFABywsjhwxqrYIUZa09c3SMOexP&BZ=E2M4oNPxVLy - rule_id: 5867
http://www.axe8.club/shjn/
http://www.giftsetswithlove.com/shjn/?EDK8gJC=ZBl8lW2eJ0MwkMU4DVEyYDgbZeNgb3w7J0PjjaiKv0ZfVzSRnG8+JqNvE/biPp4NOCeClOX4&BZ=E2M4oNPxVLy
http://www.giftsetswithlove.com/shjn/
http://www.jjscryptosignals.com/shjn/
http://www.juxing666.com/shjn/ - rule_id: 5868
http://www.juxing666.com/shjn/?EDK8gJC=K/kJnCMp55Nr7CzjCMYHb2wBG0h2/00yoaONhBuwcuPCyBbSbeWE3cQd7FQe5fWs+E2NmgAC&BZ=E2M4oNPxVLy - rule_id: 5868
http://www.qumpan.com/shjn/?EDK8gJC=yig434bsPLgZicmmFft/wR3J8yL+W/NNnRsophf+nhfKexY66oSm04C+plcoMqS7GLoGxaK4&BZ=E2M4oNPxVLy
http://www.j98066.com/shjn/?EDK8gJC=hdjbmsHdtuA4QEGoB3oD94RkfqtpUesXyapBYMe8OtYPf+730hyQbFELkUIKszuSY0QpTSCu&BZ=E2M4oNPxVLy
http://www.axe8.club/shjn/?EDK8gJC=D8lTLv3byEGZ3X8JyR8BGwfscNhg+iugASITIEx2zibMgCThWO73v8U95Q8mr+wtHql5L7xB&BZ=E2M4oNPxVLy
http://www.anamentor.com/shjn/ - rule_id: 5867
http://www.j98066.com/shjn/
http://www.jjscryptosignals.com/shjn/?EDK8gJC=D6HaMHP3icv5ZLjaF3u/i50AS3uclt1c1RyeyJcwZZl5vPhH25vhHOEb8xeRwbnhcASiaWLp&BZ=E2M4oNPxVLy
http://www.qumpan.com/shjn/
|
18
www.j98066.com(159.138.153.156)
www.anamentor.com(104.21.51.95)
www.giftsetswithlove.com(74.208.236.108)
www.petscomfortgrooming.com()
www.purelol.com(185.53.178.10)
www.juxing666.com(160.124.160.202)
www.qumpan.com(46.38.243.234)
www.aksene.com()
www.axe8.club(8.210.217.3)
www.jjscryptosignals.com(45.79.131.131)
159.138.153.156
45.79.131.131
8.210.217.3
104.21.51.95 - mailcious
185.53.178.10 - mailcious
46.38.243.234
74.208.236.108
160.124.160.202
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
4
http://www.anamentor.com/shjn/
http://www.juxing666.com/shjn/
http://www.juxing666.com/shjn/
http://www.anamentor.com/shjn/
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13312 |
2021-10-08 11:50
|
 server9.exe bb5b3ca8658a2f79c23c326025d1f358
RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName |
1
https://cdn.discordapp.com/attachments/886962207051640872/892482374363918396/DAE7F351.jpg
|
2
cdn.discordapp.com(162.159.130.233) - malware
162.159.135.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13313 |
2021-10-08 11:50
|
 bin-crypting.exe 8720826b89bda1dafa5ba5468f67efa4
RAT Generic Malware AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Remote Code Execution |
9
http://www.elvasys.com/tumb/?JDK8bDY=k5PVKeVhoD8GlQwIU50ll8jj+oJB/tkUz6uph14+iE0gTdUnoJm9svHj8N68v5kiU8IyaJS+&BX=E2J4tHWxrVn
http://www.lucky-pistol.com/tumb/?JDK8bDY=yqC80hxRZMOk12j7N4VzgDGYA1O1Wd6tH2blFZZm9007RNX1xe/n+5TVPUNK5llGIfR90PpB&BX=E2J4tHWxrVn
http://www.wildlifehabitatfederation.com/tumb/?JDK8bDY=KojW6g4D4yqSoj9Hr6lHZrmmUDg1h6vAL5YoVN5EgVFUu1nQ76+Ue0IxgwRk26+P0GGM5LUs&BX=E2J4tHWxrVn
http://www.oklahomaexcavation.com/tumb/?JDK8bDY=4zPt7kWVbR8DGnInv3PPZv5m2ZyxYLCi6mBESauTdqAgwrtuVOSu6sedpUWtViEyM8os1ZEv&BX=E2J4tHWxrVn
http://www.usedmountainbikesforsale.com/tumb/?JDK8bDY=C2AAix1wq0mVooGvp2BBaV0hVH8eZTnpNBIQ8FB+8QnAfEEb13agsY4VevdTQzWzlEDxJVSZ&BX=E2J4tHWxrVn
http://www.howmuchisitper.space/tumb/?JDK8bDY=UuXyqgaxFgIYYXyangC6nUrS+XvNleW+QZJ/4GqossQJ2jSbmqNZT8yIH9+3RKTs43adVl7E&BX=E2J4tHWxrVn
http://www.btcminers.bet/tumb/?JDK8bDY=yph229/L048eYqrKBRkKNyxZ1bBm82QCxrJLkDur7+qiK6GyMMrlThAyZ/xIKtxm2NpiaSgu&BX=E2J4tHWxrVn
http://www.olympiacrownhotel.com/tumb/?JDK8bDY=FprVWbiH02mav6vX6V0QKGZcDayJRWfhy483TNZomXGqUDULZBb7A2BIpR83oGpDbo1Zhpdv&BX=E2J4tHWxrVn
http://www.agpgcproperties.net/tumb/?JDK8bDY=G1DFNCH+ntajOypbMjtBi40o3hYZMm/YOCFrUlUouBuJ1yYTTEpnZFY/Pa0kshWf7RcWgsW2&BX=E2J4tHWxrVn
|
17
www.btcminers.bet(34.102.136.180)
www.usedmountainbikesforsale.com(34.102.136.180)
www.hcns-pr.com()
www.agpgcproperties.net(192.0.78.144)
www.lucky-pistol.com(34.102.136.180)
www.howmuchisitper.space(104.21.87.153)
www.olympiacrownhotel.com(162.215.252.118)
www.oklahomaexcavation.com(3.64.163.50)
www.wildlifehabitatfederation.com(162.241.16.20)
www.elvasys.com(194.63.248.52)
192.0.78.222
34.102.136.180 - mailcious
162.241.16.20 - malware
194.63.248.52
162.215.252.118
3.64.163.50
104.21.87.153
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13314 |
2021-10-08 11:51
|
 .lsass.exe 6d76b11c350623bb258c91e084915ede
Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder WriteConsoleW VMware anti-virtualization Windows ComputerName DNS Software |
3
http://www.cisiworld.com/hs3h/?w6A=8yrHHh9+bSiZSqWo8J+KbKp5VJ9nnSbrpd5iLWOB0w/p5e+QnIfabaNSSGocLMFaFg6s3fqH&-ZS=W6O83nLhI
http://www.ericaleighjensen.com/hs3h/?w6A=xV65ikd/hi3Vj7uvEUAD5gbWGs8+QeVoNuHaI0MVrFB9Z1FE6uua4RlninifA7tr5QncnhCd&-ZS=W6O83nLhI
http://www.oyster-gal.com/hs3h/?w6A=BQdxFGsIzLpJhhsNJumaC8i1NTQ6v/gnKL4j0SDTA8mzI6I3M/hLcvQW6vgj3JSKpdGSKElg&-ZS=W6O83nLhI
|
7
www.oyster-gal.com(182.50.132.242)
www.ericaleighjensen.com(74.220.199.6)
www.cisiworld.com(154.205.199.202)
74.220.199.6 - mailcious
154.205.199.202
182.50.132.242 - mailcious
37.0.10.39
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
15.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13315 |
2021-10-08 11:53
|
 obizx.exe 5ed8f58873e6537bc9a5bd97d18425b9
NPKI Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.evcopic.xyz/fkt8/?U0DH=l51O+Y4cCKvDB3Sz1r4GeqolGx4DEwR6GImuEnTKGI0l9KX+rdpTwi+K0qPg0BpuxfSCIkO7&Ufux_8=0T0lqHm
http://www.rooferseeker.com/fkt8/?U0DH=EUKcnevpoIFYjcsRmAGwn3c0LWoZ/fq5OZCSty5/9j3SIgqd6FToqOn+bDwDAegpVR+I12Fn&Ufux_8=0T0lqHm
|
5
www.evcopic.xyz(151.101.128.119)
www.sinanbodur.com()
www.rooferseeker.com(50.87.175.234)
151.101.128.119
50.87.175.234
|
1
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
7.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13316 |
2021-10-08 11:54
|
 Code_of_Conduct_2021.doc 8d1454096bc0e82042437d911d695a2c
Malicious Packer MSOffice File Vulnerability unpack itself |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13317 |
2021-10-08 11:54
|
 fn.exe 94289a2eedf546dd9dc0624908d1dfba
UPX Malicious Library PE File PE32 VirusTotal Malware AutoRuns Creates executable files RWX flags setting unpack itself AppData folder Windows crashed |
|
|
|
|
3.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13318 |
2021-10-08 11:55
|
 vbc.exe f022b6feca056d1c00e697fdd3f32ee5
Admin Tool (Sysinternals etc ...) UPX Malicious Library PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting unpack itself Tofsee Windows Remote Code Execution crashed |
25
http://www.titanpestsolutions.com/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=Hl0ZbFK2zxDDlkE88KqFYPEEotgj7yOR92fF3K32N0U5BAddg4ZhwXy7xHpkd2waThfhMPBO
http://www.gaia32.com/scb0/
http://www.spiegelverwarming.store/scb0/?jfIhkJ=cUSYR1SequFVFGD70v0pNfY4ls0GtCYR9ZHSZEc+GCq2pJgqdS0MI1TggfbAsSiH3Z4jBV7Y&XPc=ybIHh8KX0dxHKh
http://www.pyxis.digital/scb0/
http://www.ticketpremiado.com/scb0/
http://www.helloworld.agency/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=x3z8pTmq5ZKLd9Y+EE06Kh1cgzrDkMY5iYRBxjtIcabnqyzFINVS0uylftOgfeUxt1dXwXGK
http://www.gaia32.com/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=xqFzn59cyKgRLeG9V3IG0iZJd+zA8VWjiYtamAXhuVGruAibW5S1HlhpPVh8myKX9ucwiOSY
http://www.llaa11.xyz/scb0/
http://www.karamanescortbayan.xyz/scb0/
http://www.titanpestsolutions.com/scb0/
http://www.llaa11.xyz/scb0/?jfIhkJ=LvVOqUj382vn4xaDmPdNbROBsfmX8/xJXi3b40WP3Ow6Tel98yunW6JlZzwoyviXGhVkmuQf&XPc=ybIHh8KX0dxHKh
http://www.chillrn.com/scb0/
http://www.spiegelverwarming.store/scb0/
http://www.helloworld.agency/scb0/
http://www.ticketpremiado.com/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=PDCSMCQ0AvaZhjRh8iI6y50TQBGa3HU8cBbSHHWIkjMtlZuCRUTBh2FpW8kez/hbqEei1oik
http://www.karamanescortbayan.xyz/scb0/?jfIhkJ=xyKu4d94VVYeA/Na0jT4qxWfVMc8oBq/P0SYBROb+t0ts4UIvcZ9ZOhAN4XNDceR+efw7E+W&XPc=ybIHh8KX0dxHKh
http://www.xxxpornmodels.com/scb0/
http://www.chillrn.com/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=LJa8FCg0cdGLAX6XdC9ordyHb4lIwLuOFemqcUoMYvXe3zTs8q5eVIy7RmMxU3ZN5w81kSy4
http://www.pyxis.digital/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=EuuR+ApZyBGQm7zw1XnfHO/s9gFqv7c2uJcsJYTDwanjEOkPaHv3dvVEVt19uvk30qSP343D
http://www.afroditas.online/scb0/
http://www.imaginariss.com/scb0/
http://www.imaginariss.com/scb0/?jfIhkJ=A/PTGhFOVi+CnNYz5thKQJt5EMIF46AzkvJ10i3/YHkyH6baxAGV/JVmYudQIOYXwemtb6FK&XPc=ybIHh8KX0dxHKh
http://www.afroditas.online/scb0/?XPc=ybIHh8KX0dxHKh&jfIhkJ=WuAAXbbLRPWEX6ooRp7PfdGjKFSk6Nq16qROlw7zuwXuzVrLodWnZMSDlRKKaJSlInXaduXF
http://www.xxxpornmodels.com/scb0/?jfIhkJ=9j4a+1IC6MZ+Rn1TpSq6lDTfvgdHNC15SnTuL7DtvveJI+fArlWYQrwejsBMnpGqgWrGhC/G&XPc=ybIHh8KX0dxHKh
https://cdn.discordapp.com/attachments/893140719018074156/895730239488000061/Eqdygbcavsxeiicukbzlqrcsgdfqucz
|
26
www.chillrn.com(23.23.44.201)
www.spiegelverwarming.store(81.169.145.92)
www.xxxpornmodels.com(104.21.82.238)
www.ticketpremiado.com(172.67.208.68)
cdn.discordapp.com(162.159.135.233) - malware
www.titanpestsolutions.com(75.2.115.196)
www.helloworld.agency(194.58.112.174)
www.karamanescortbayan.xyz(172.67.141.118)
www.llaa11.xyz(172.67.185.212)
www.afroditas.online(23.227.38.74)
www.deployinghigh.com()
www.gaia32.com(64.190.62.111)
www.imaginariss.com(74.220.199.6)
www.pyxis.digital(64.190.62.111)
23.23.44.201
162.159.133.233 - malware
104.21.23.10 - mailcious
104.21.59.243
75.2.115.196 - mailcious
74.220.199.6 - mailcious
81.169.145.92 - mailcious
64.190.62.111 - mailcious
194.58.112.174 - mailcious
172.67.141.118
104.21.82.238
23.227.38.74 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
9.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13319 |
2021-10-08 11:56
|
 fresh.exe e38c19075b263d583cfd967a1681dc87
RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
1.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13320 |
2021-10-08 11:57
|
 EXCEL.exe 6422332249a3e867bb8ac8f3c6fb654f
Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware MachineGuid Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|