| 13981 |
2023-04-08 06:31
|
 Comcast_HotSpot_NextGenPeopleS... 4d8dc60169d7caa641d0ae52053405ff
PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13982 |
2023-04-08 05:51
|
 JoSetp.exe ed59308f9e2b59ec4195a99788cee8ee
Confuser .NET .NET EXE PE32 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Ransomware DNS |
|
3
topnewsdesign.xyz() - mailcious
iplogger.org(148.251.234.83) - mailcious
148.251.234.83
|
3
ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
ET POLICY IP Check Domain (iplogger .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
57 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13983 |
2023-04-07 18:25
|
 VoiceControlEngine.exe aa57f0d7a099773175006624cc891b29
PWS .NET framework RAT Generic Malware UPX Antivirus HTTP Http API Internet API AntiDebug AntiVM .NET EXE PE32 PE File Malware download VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key crashed |
2
http://45.159.189.105/bot/online?guid=TEST22-PC\\test22&key=6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0 - rule_id: 26212
http://45.159.189.105/bot/regex - rule_id: 26211
|
1
45.159.189.105 - mailcious
|
1
ET MALWARE Laplas Clipper - SetOnline CnC Checkin
|
2
http://45.159.189.105/bot/online
http://45.159.189.105/bot/regex
|
14.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13984 |
2023-04-07 18:24
|
 Updater.exe 6fa2a8de3fc30b9c80d12c2ac4ad2e3f
PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner |
|
4
pastebin.com(104.20.68.143) - mailcious
xmr.2miners.com(162.19.139.184) - mailcious
162.19.139.184
104.20.68.143 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)
|
|
1.6 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13985 |
2023-04-07 18:02
|
 Impulse.exe 951ac38437711fc0c4fc6268250a823d
Gen1 UPX Malicious Library OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files crashed |
|
|
|
|
1.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13986 |
2023-04-07 17:59
|
 auz.jar fe4b915fc460a3efc2475946a62bc86a
ZIP Format AutoRuns suspicious privilege Check memory WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process Windows Java ComputerName crashed |
1
http://www.geoplugin.net/json.gp?ip=175.208.134.152
|
6
checkmybones.dns.army(185.91.69.172)
carrozzeriabalestra.it(46.16.95.61)
www.geoplugin.net(178.237.33.50)
185.91.69.172
178.237.33.50
46.16.95.61 - mailcious
|
2
ET INFO DYNAMIC_DNS Query to a *.dns .army Domain
ET POLICY Vulnerable Java Version 1.8.x Detected
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13987 |
2023-04-07 17:57
|
 1004234865.exe 8d2f112db11626030db59b4177770991
PE64 PE File VirusTotal Malware crashed |
|
|
|
|
2.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13988 |
2023-04-07 17:57
|
 CC.exe 0abca5a76379dc774f4c133a177cde59
NPKI Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware crashed |
|
|
|
|
1.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13989 |
2023-04-07 17:45
|
 20230406.exe 7875c200c4659e920e9c5091a34bc10e
Gen2 Downloader UPX Malicious Library Antivirus ASPack ScreenShot AntiDebug AntiVM OS Processor Check PE32 PE File JPEG Format DLL PE64 VirusTotal Malware Code Injection Check memory Creates executable files unpack itself Windows utilities AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows |
|
|
|
|
4.8 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13990 |
2023-04-07 16:40
|
 server.exe bb8563b2aa2335abe99a45888e2a47d1
UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE32 PE File VirusTotal Malware Check memory suspicious TLD sandbox evasion Browser DNS |
|
2
www.jz3366.top(111.173.117.71)
111.173.117.71 - malware
|
1
ET DNS Query to a *.top domain - Likely Hostile
|
|
2.8 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13991 |
2023-04-07 13:08
|
document.wflow e4bf82ac50b2927b6cf58157f3533173
AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13992 |
2023-04-07 09:29
|
 Kcx.wsf 09aa1bb82cf6ef97e2ae293771003980
Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
10
https://medano355condominio.com/Tt7l/5Xw6adU3NwN
https://antoinettegabriel.com/YuUE/Z13Oi
https://choicefaz.com.br/w1W2/4vqbzC8bnMPA
https://seicas.com/KvtM0/kEyvOkIm09G
http://milleniuninformatica.com.br/Le9/tYwCvKRlFhBi
https://alzheimersdigest.net/ZKpva/bLIjjmIOqXF
https://t-lows.com/ggAJ2m/tRKRnFP71
https://stealingexcellence.com/rVR9r/jteAn
https://qassimnews.com/yweNej/69FKiaRgsx
https://farmfutures.in/tlUtBc/B8ohS3sJsg9
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13993 |
2023-04-07 09:29
|
 RP_April_pJ(8037).wsf 37f6eccdb016d869bf3b87e6a8e0cf90
Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
6
http://94.131.117.30/5YoYZySa.dat
http://206.53.48.21/Ibw005EeYW.dat
http://91.199.147.177/ISj2rv7.dat
http://45.63.69.116/h4nMzAPe06.dat
http://193.200.17.207/VKVe0ex.dat
http://45.59.170.48/1LAVq.dat
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13994 |
2023-04-07 09:28
|
 RP_April_Ahw(92).wsf 94716ca9675a68da4e7fd4d9a878767f
Generic Malware Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
6
http://94.131.117.30/roSOd.dat
http://91.199.147.177/oXjkDguKZPws.dat
http://45.59.170.48/MSe3jMg.dat
http://45.63.69.116/JQRBOsig.dat
http://206.53.48.21/Zxm0OMCs7.dat
http://193.200.17.207/zxJdllRKlJG.dat
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13995 |
2023-04-07 09:12
|
 crypt.exe 2936c28076b8434601dba5322b3bef97
UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://david1234.duckdns.org:38369/
https://api.ip.sb/geoip
|
4
david1234.duckdns.org(193.47.61.37)
api.ip.sb(104.26.12.31)
104.26.13.31
193.47.61.37
|
6
ET INFO HTTP POST Request to DuckDNS Domain
ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
10.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|