14581 |
2023-03-23 09:26
|
atom.xml 0fcb9115095928eaf98f18f0f65accd1 Hide_EXE PowerShell Script MZ AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
https://bakc2000.blogspot.com/atom.xml
https://backuphotelall.blogspot.com/atom.xml
|
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14582 |
2023-03-23 09:26
|
atom.xml a7d44a32fcf911de0dae1b535ca3fa1a AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14583 |
2023-03-22 18:23
|
96.exe 9faea65cff61ad64e4bc4c3913c336be Cutwail Mali Malware download VirusTotal Malware Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process sandbox evasion Tofsee Windows Backdoor ComputerName Remote Code Execution DNS Cryptographic key |
259
http://www.xaicom.es/ - rule_id: 24556 http://juso-gr.ch/ - rule_id: 24645 http://pccj.net/ - rule_id: 24646 http://www.spanesi.com/ - rule_id: 26024 http://cyclad.pl/ - rule_id: 26025 http://www.pb-games.com/ - rule_id: 26029 http://www.abart.pl/ - rule_id: 23208 http://orlyhotel.com/ - rule_id: 24651 http://www.sclover3.com/ - rule_id: 24652 http://vivastay.com/ - rule_id: 24694 http://envogen.com/ - rule_id: 24701 http://www.stnic.co.uk/ - rule_id: 26026 http://www.fnsds.org/ - rule_id: 24655 http://www.railbook.net/ - rule_id: 26023 http://epc.com.au/ - rule_id: 24656 http://keio-web.com/ - rule_id: 24648 http://msl-lock.com/ - rule_id: 24957 http://www.snugpak.com/ - rule_id: 23198 http://bible.org/ - rule_id: 24918 http://www.valdal.com/ - rule_id: 23188 http://gbmfg.com/ http://ramkome.com/ - rule_id: 24657 http://arowines.com/ - rule_id: 24919 http://www.11tochi.net/ - rule_id: 24659 http://jsaps.com/ - rule_id: 24660 http://isom.org/ - rule_id: 24740 http://www.pohlfood.com/ - rule_id: 26027 http://clinicasanluis.com.co/ - rule_id: 24662 http://www.myropcb.com/ - rule_id: 24663 http://apcotex.com/ http://www.depalo.com/ - rule_id: 23191 http://webavant.com/ - rule_id: 24921 http://www.fe-bauer.de/ - rule_id: 24738 http://fifa-ews.com/ - rule_id: 24665 http://www.fink.com/ - rule_id: 26028 http://www.quadlock.com/ - rule_id: 23184 http://kumaden.com/ - rule_id: 24739 http://zugseil.com/ - rule_id: 24772 http://www.findbc.com/ - rule_id: 24562 http://www.ka-mo-me.com/ - rule_id: 26050 http://deckoviny.cz/ - rule_id: 24670 http://uhsa.edu.ag/ - rule_id: 24671 http://www.aevga.com/ - rule_id: 26030 http://www.holleman.us/ - rule_id: 23213 http://ikulani.com/ http://roewer.de/ - rule_id: 24923 http://www.ex-olive.com/ - rule_id: 23224 http://portoccd.org/ - rule_id: 24924 http://metaforacom.com/ - rule_id: 24673 http://ludomemo.com/ - rule_id: 26031 http://dzm.cz/ - rule_id: 24925 http://angework.com/ http://siongann.com/ - rule_id: 24966 http://kevyt.net/ - rule_id: 24674 http://www.wifi4all.nl/ - rule_id: 23195 http://pers.com/ - rule_id: 24927 http://icd-host.com/ - rule_id: 26191 http://ruzee.com/ - rule_id: 24928 http://www.cel-cpa.com/ - rule_id: 26032 http://4locals.net/ - rule_id: 24676 http://tabbles.net/ - rule_id: 24677 http://hbfuels.com/ - rule_id: 24929 http://magicomm.co.uk/ - rule_id: 24678 http://mackusick.de/ - rule_id: 24769 http://htsmx.net/ - rule_id: 26204 http://wanoa.com/ - rule_id: 26198 http://ossir.org/ - rule_id: 24733 http://www.jchysk.com/ - rule_id: 24561 http://kavram.com/ - rule_id: 24932 http://sgk.home.pl/ - rule_id: 24933 http://tozzhin.com/ - rule_id: 26035 http://www.vazir.se/ - rule_id: 23203 http://refintl.org/ - rule_id: 24684 http://skgm.ru/ http://amic.at/ - rule_id: 24685 http://beafin.com/ - rule_id: 24686 http://noblesse.be/ - rule_id: 24687 http://www.domon.com/ - rule_id: 24688 http://kustnara.com/ http://aba.org.eg/ - rule_id: 24935 http://ascc.org.au/ - rule_id: 24936 http://missnue.com/ - rule_id: 24937 http://cutchie.com/ - rule_id: 24693 http://www.yocinc.org/ - rule_id: 23202 http://t-trust.jp/ - rule_id: 24654 http://host.do/ - rule_id: 24696 http://www.jenco.co.uk/ - rule_id: 23179 http://aoinko.net/ - rule_id: 24940 http://mondopp.net/ - rule_id: 26195 http://nekono.net/ - rule_id: 24941 http://www.photo4b.com/ - rule_id: 23201 http://www.gpthink.com/ - rule_id: 23215 http://btsi.com.ph/ - rule_id: 24748 http://www.kernsafe.com/ - rule_id: 23218 http://ccssinc.com/ - rule_id: 24698 http://mackusick.com/ - rule_id: 24699 http://www.vitaindu.com/ - rule_id: 23210 http://listel.co.jp/ - rule_id: 24700 http://wvs-net.de/ - rule_id: 26196 http://nts-web.net/ - rule_id: 24749 http://bigzz.by/ - rule_id: 24946 http://mikihan.com/ - rule_id: 26047 http://softizer.com/ - rule_id: 26052 http://midap.com/ - rule_id: 24704 http://www.transsib.com/ - rule_id: 23204 http://shteeble.com/ - rule_id: 24947 http://www.medius.si/ - rule_id: 26038 http://www.crcsi.org/ - rule_id: 23206 http://www.nelipak.nl/ - rule_id: 23217 http://www.pdqhomes.com/ - rule_id: 23183 http://shenhgts.net/ - rule_id: 24949 http://biosolve.com/ - rule_id: 24950 http://www.iamdirt.com/ - rule_id: 23192 http://impexnc.com/ - rule_id: 24706 http://oozkranj.com/ - rule_id: 24951 http://nlcv.bas.bg/ - rule_id: 24675 http://gydrozo.ru/ - rule_id: 24952 http://bosado.com/ - rule_id: 24707 http://com-edit.fr/ - rule_id: 24708 http://stopllc.com/ - rule_id: 24954 http://www.t-tre.com/ - rule_id: 23214 http://www.yoruksut.com/ - rule_id: 26042 http://scip.org.uk/ http://atb-lit.com/ http://www.edimart.hu/ - rule_id: 23221 http://kursavto.ru/ - rule_id: 26043 http://jnf.at/ - rule_id: 24948 http://uster.com/ - rule_id: 24956 http://t-mould.com/ - rule_id: 24711 http://assideum.com/ http://workplus.hu/ - rule_id: 24712 http://valselit.com/ - rule_id: 26197 http://www.pcgrate.com/ - rule_id: 24560 http://komie.com/ - rule_id: 26044 http://dayvo.com/ - rule_id: 24917 http://www.valselit.com/ - rule_id: 23216 http://ncn.de/ - rule_id: 24713 http://unicus.jp/ - rule_id: 24715 http://www.com-sit.com/ - rule_id: 26045 http://www.x0c.com/ - rule_id: 23225 http://coxkitchensandbaths.com/ - rule_id: 24716 http://cjcagent.com/ - rule_id: 24717 http://www.fcwcvt.org/ - rule_id: 23196 http://shanks.co.uk/ - rule_id: 24943 http://adventist.ro/ - rule_id: 24959 http://kayoaiba.com/ - rule_id: 24718 http://absblast.com/ - rule_id: 24719 http://www.maktraxx.com/ - rule_id: 24720 http://dhh.la.gov/ - rule_id: 24721 http://insia.com/ - rule_id: 24722 http://www.credo.edu.pl/ - rule_id: 23190 http://nrsi.com/ - rule_id: 26199 http://rokoron.com/ - rule_id: 24723 http://agulatex.com/ - rule_id: 26200 http://zupraha.cz/ - rule_id: 26046 http://www.evcpa.com/ - rule_id: 24550 http://sjbmw.com/ - rule_id: 24725 http://www.dgmna.com/ - rule_id: 23187 http://pertex.com/ - rule_id: 24962 http://www.dayvo.com/ - rule_id: 24724 http://www.speelhal.net/ - rule_id: 23228 http://www.ottospm.com/ - rule_id: 24727 http://akr.co.id/ - rule_id: 24679 http://www.mobilnic.net/ - rule_id: 24643 http://www.naoi-a.com/ - rule_id: 23209 http://dspears.com/ - rule_id: 24683 http://www.2print.com/ - rule_id: 23222 http://notis.ru/ - rule_id: 24992 http://www.petsfan.com/ - rule_id: 23194 http://muhr-soehne.de/ - rule_id: 24732 http://www.mqs.com.br/ - rule_id: 23205 http://www.rs-ag.com/ - rule_id: 23199 http://www.olras.com/ - rule_id: 23186 http://www.item-pr.com/ - rule_id: 24680 http://sinwal.com/ - rule_id: 24734 http://avse.hu/ - rule_id: 26193 http://www.lrsuk.com/ - rule_id: 23223 http://hamaker.net/ - rule_id: 24695 http://diamir.de/ - rule_id: 24736 http://www.alteor.cl/ - rule_id: 23182 http://oh28ya.com/ - rule_id: 26049 http://alexpope.biz/ - rule_id: 24968 http://www.baijaku.com/ - rule_id: 23181 http://top1oil.com/ - rule_id: 26202 http://www.pwd.org/ - rule_id: 24741 http://touchfam.ca/ - rule_id: 24975 http://sigtoa.com/ - rule_id: 24742 http://hyab.se/ - rule_id: 24743 http://duiops.net/ - rule_id: 24976 http://www.tc17.com/ - rule_id: 24745 http://gujarat.com/ - rule_id: 24746 http://rast.se/ - rule_id: 24747 http://www.sjbs.org/ - rule_id: 24664 http://cpmteam.com/ - rule_id: 24971 http://www.ora.ecnet.jp/ - rule_id: 23212 http://www.c9dd.com/ - rule_id: 26051 http://pcoyuncu.com/ - rule_id: 24737 http://ssm.ch/ - rule_id: 24973 http://rappich.de/ - rule_id: 26201 http://gcss.com/ http://bggs.com/ - rule_id: 24751 http://ntc.edu.au/ - rule_id: 24752 http://nettlinx.org/ - rule_id: 24974 http://daytonir.com/ - rule_id: 24753 http://forbin.net/ - rule_id: 24757 http://fortknox.bm/ - rule_id: 24754 http://mijash3.com/ - rule_id: 24726 http://snf.it/ - rule_id: 24756 http://from30ty.com/ - rule_id: 26206 http://anduran.com/ - rule_id: 24978 http://flamingorecordings.com/ - rule_id: 24759 http://www.pupi.cz/ - rule_id: 24758 http://www.tvtools.fi/ - rule_id: 23185 http://www.jacomfg.com/ - rule_id: 23226 http://www.ora-ito.com/ - rule_id: 23211 http://www.waldi.pl/ - rule_id: 23207 http://a-domani.com/ - rule_id: 24760 http://invictus.pl/ http://kewlmail.com/ - rule_id: 24761 http://revoldia.net/ - rule_id: 26189 http://fogra.com.pl/ - rule_id: 24981 http://umcor.am/ - rule_id: 24982 http://cubodown.com/ - rule_id: 24762 http://www.pr-park.com/ - rule_id: 23180 http://jabian.com/ http://ftmobile.com/ - rule_id: 24728 http://webways.com/ - rule_id: 26207 http://cbaben.com/ - rule_id: 24653 http://www.vexcom.com/ - rule_id: 24764 http://dbnet.at/ - rule_id: 24765 http://www.hyabmagneter.se/ - rule_id: 24766 http://www.cokocoko.com/ - rule_id: 23220 http://xult.org/ - rule_id: 26057 http://johnlyon.org/ - rule_id: 24988 http://riwn.org/ - rule_id: 24989 http://any-s.net/ - rule_id: 24990 http://themark.org/ - rule_id: 26208 http://www.abdg.com/ - rule_id: 23193 http://plaske.ua/ http://www.netcr.com/ - rule_id: 23219 http://rtcasey.com/ - rule_id: 26209 http://nels.co.uk/ - rule_id: 24771 http://www.tyrns.com/ - rule_id: 23227 http://www.hummer.hu/ - rule_id: 23200 http://enguita.net/ - rule_id: 24916 http://biurohera.pl/ - rule_id: 24774 http://www.synetik.net/ - rule_id: 23197 http://www.nqks.com/ - rule_id: 24775 http://strazynski.pl/ - rule_id: 24777 http://peminet.net/ - rule_id: 24778 http://apps.identrust.com/roots/dstrootcax3.p7c http://indonesiamedia.com/ - rule_id: 24781 http://web-york.com/ - rule_id: 24782 http://univi.it/ - rule_id: 24783 http://www.elpro.si/ - rule_id: 23189 http://pleszew.policja.gov.pl/ - rule_id: 24773 http://x1.i.lencr.org/ https://dataform.co.uk/wp-signup.php?new=magicomm.co.uk https://www.muhr-soehne.de/ - rule_id: 24785
|
679
banvari.com(23.227.38.32) - mailcious gbp-jp.com(208.80.123.104) - mailcious nekono.net(202.172.28.187) - mailcious duiops.net(135.125.108.170) - mailcious top1oil.com(104.26.0.82) - mailcious cvswl.org() daytonir.com(104.18.40.43) - mailcious www.vazir.se(206.191.152.37) - mailcious in1.smtp.messagingengine.com(66.111.4.73) bosado.com(5.39.75.157) - mailcious floopis.com(3.64.163.50) ftchat.com() shenhgts.net(199.59.243.220) - mailcious hyabmagneter.se(104.21.69.146) univi.it(18.197.121.220) - mailcious nels.co.uk(5.134.13.210) - mailcious insia.com(82.208.6.9) - mailcious www.yoruksut.com(93.187.206.66) ktenergo.ru() www.mqs.com.br(170.82.173.30) www.photo4b.com(195.78.66.50) gydrozo.ru(91.220.211.163) - mailcious mackusick.de(217.160.0.131) - mailcious www.sjbs.org(69.163.239.62) - mailcious kavram.com(104.21.89.126) - mailcious www.fnsds.org(34.237.200.184) - mailcious riwn.org(198.49.23.144) - mailcious missnue.com(104.21.234.121) - mailcious michiana.org() shztm.ru(62.122.170.171) - mailcious skgm.ru(91.201.52.102) sigtoa.com(104.21.49.75) - mailcious cpwpb.com() www.owsports.ca() - mailcious shanks.co.uk(217.19.254.22) - mailcious webavant.com(148.72.176.26) - mailcious fifa-ews.com(172.67.189.227) - mailcious 89gospel.com() roewer.de(45.142.176.225) - mailcious dwid.de(87.230.93.218) pcoyuncu.com(213.142.131.159) - mailcious anduran.com(54.161.222.85) - mailcious nlcv.bas.bg(195.96.252.188) - mailcious wahw.com.au(54.194.190.151) www.hummer.hu(185.80.51.179) kustnara.com(75.2.70.75) johnlyon.org(141.193.213.20) - mailcious www.holleman.us(51.79.51.72) - mailcious www.vexcom.com(104.21.55.224) - mailcious avc.com.sa() e-kami.net(202.172.28.89) - mailcious actmin.com() clinicasanluis.com.co(104.21.66.220) - mailcious chzko.ru() www.yocinc.org(66.94.119.160) nolaoig.org(54.212.145.129) www.wkhk.net() - mailcious cqdgroup.com(221.132.33.88) zugseil.com(92.42.191.38) - mailcious infotech.pl(79.96.32.254) - mailcious assideum.com(52.219.97.204) www.mobilnic.net(154.203.14.100) www.myropcb.com(74.208.215.199) - mailcious www.findbc.com(13.248.216.40) - mailcious ccssinc.com(104.21.19.68) - mailcious amba-tc.si() stopllc.com(162.241.233.114) - mailcious dhh.la.gov(52.200.51.73) - mailcious rappich.de(89.31.143.1) - mailcious aoinko.net(157.7.107.38) - mailcious jabian.com(104.26.7.17) absblast.com(141.193.213.20) - mailcious pertex.com(185.151.30.147) - mailcious www.hyabmagneter.se(172.67.209.90) - mailcious awfraser.com() www.maktraxx.com(72.44.93.236) - mailcious de() host.do(217.79.248.38) - mailcious gujarat.com(172.67.145.148) - mailcious mail.airmail.net(66.226.70.66) www.stnic.co.uk(77.68.50.105) www.dayvo.com(172.67.184.30) - mailcious samtv.ro() ftmobile.com(199.34.228.78) - mailcious amele.com() sjbmw.com(198.199.101.195) - mailcious biosolve.com(151.101.130.159) - mailcious shesfit.com(104.21.74.141) - mailcious slower.it(127.0.0.11) noblesse.be(5.134.4.115) - mailcious www.kernsafe.com(172.67.72.98) biurohera.pl(79.96.161.192) - mailcious www.olras.com(80.93.82.33) - mailcious techtrans.de(185.237.66.112) www.jroy.net() - mailcious piacton.com() ludomemo.com(27.0.174.59) - mailcious www.nqks.com(147.154.0.23) - mailcious geecl.com(213.175.217.57) - mailcious mackusick.com(217.160.0.179) - mailcious www.t-tre.com(135.181.73.98) webband.com() dataform.co.uk(83.223.113.46) www.reglera.com(64.125.133.18) www.11tochi.net(157.112.176.4) - mailcious sinwal.com(104.21.50.138) - mailcious apcotex.com(35.154.163.204) magicomm.co.uk(83.223.113.46) - mailcious www.item-pr.com(185.15.129.58) - mailcious kevyt.net(172.67.129.18) - mailcious webways.com(172.67.128.139) - mailcious www.depalo.com(142.250.207.115) - mailcious deckoviny.cz(88.86.118.82) - mailcious www.netcr.com(3.18.7.81) - mailcious www.ora-ito.com(213.186.33.40) www.wnsavoy.com(96.91.204.114) www.railbook.net(199.115.115.119) from30ty.com(157.7.231.224) - mailcious sidepath.com(99.83.190.102) - mailcious peminet.net(198.54.117.242) - mailcious gmail-smtp-in.l.google.com(74.125.204.27) icd-host.com(192.252.159.116) - mailcious org() www.pohlfood.com(104.218.10.254) hyab.se(104.21.52.126) - mailcious www.alteor.cl(34.117.168.233) www.tyrns.com(62.75.216.137) rokoron.com(211.13.204.3) - mailcious www.domon.com(23.227.38.74) - mailcious nts-web.net(49.212.235.175) - mailcious bigzz.by(178.249.70.75) - mailcious zupraha.cz(77.78.104.3) - mailcious plaske.ua(52.211.245.146) www.jenco.co.uk(172.67.208.67) - mailcious kayoaiba.com(154.213.117.166) - mailcious www.elpro.si(172.67.70.22) - mailcious www.nelipak.nl(82.201.61.230) komie.com(59.106.13.181) - mailcious www.muhr-soehne.de(5.189.171.125) - mailcious awal.ws(127.0.0.1) cyclad.pl(87.98.236.253) - mailcious dbnet.at(188.94.254.88) - mailcious fundeo.com(172.67.97.62) - mailcious www.naoi-a.com(202.254.236.40) - mailcious btsi.com.ph(69.46.30.77) - mailcious jnf.at(136.243.147.81) - mailcious themark.org(35.172.94.1) - mailcious burstner.ru(62.122.170.171) - mailcious uster.com(104.20.220.29) - mailcious invictus.pl(193.107.88.74) pro-fa.com() mjrcpas.com(154.81.136.239) www.pwd.org(208.109.214.162) - mailcious hamaker.net(34.102.136.180) - mailcious yhsll.com(154.88.50.199) - mailcious cjcagent.com(157.112.187.75) - mailcious impexnc.com(204.11.56.48) - mailcious shteeble.com(185.106.129.180) - mailcious atis-sk.ca() beafin.com(133.125.38.187) - mailcious www.com-sit.com(172.67.70.223) ramkome.com(62.75.216.107) - mailcious valselit.com(193.70.68.254) - mailcious rast.se(89.221.250.3) - mailcious ikulani.com(157.7.107.88) ntc.edu.au(192.124.249.15) - mailcious www.pb-games.com(173.254.28.29) workplus.hu(104.21.92.183) - mailcious angework.com(219.94.128.87) mondopp.net(173.231.184.124) - mailcious tozzhin.com(202.94.166.30) - mailcious ie-roi.com() flamingorecordings.com(35.214.171.193) - mailcious uhsa.edu.ag(192.124.249.13) - mailcious cubodown.com(104.21.30.14) - mailcious dspears.com(52.71.57.184) - mailcious xinhui.net(43.255.29.192) mijash3.com(198.49.23.144) - mailcious www.valdal.com(104.26.7.221) www.abdg.com(192.252.154.18) averwin.com() wnit.org(38.111.255.201) - mailcious h-et-l.com() - mailcious pccj.net(104.21.29.72) - mailcious nrsi.com(76.223.35.103) - mailcious www.valselit.com(193.70.68.254) www.pcgrate.com(104.21.66.46) - mailcious someikan.com() www.ex-olive.com(210.140.73.39) metaforacom.com(185.42.105.162) - mailcious www.cokocoko.com(34.205.242.146) - mailcious nblewis.com(35.169.15.168) canmore.com() xult.org(65.52.128.33) - mailcious gphpedit.org(127.0.0.1) avse.hu(185.129.138.60) - mailcious polprime.com() - mailcious epc.com.au(103.4.16.43) - mailcious www.udesign.biz() notis.ru(185.178.208.141) - mailcious midap.com(198.49.23.145) - mailcious www.ftchat.com() - mailcious snf.it(95.174.22.233) - mailcious mkm-gr.com(79.124.76.247) keio-web.com(219.94.128.216) - mailcious www.ora.ecnet.jp(60.43.154.138) isom.org(192.124.249.14) - mailcious www.rs-ag.com(104.21.1.213) strazynski.pl(85.128.196.22) - mailcious www.credo.edu.pl(62.122.190.121) www.pdqhomes.com(52.86.6.113) - mailcious www.fe-bauer.de(3.65.101.129) - mailcious www.medius.si(18.64.8.44) scip.org.uk(172.67.72.150) nettlinx.org(202.53.77.146) - mailcious htsmx.net(63.251.106.25) - mailcious bible.org(104.20.55.214) - mailcious www.dgmna.com(192.124.249.20) - mailcious www.jchysk.com(208.97.178.138) - mailcious hyab.com(172.67.193.133) akdeniz.nl(109.71.54.22) - mailcious cpmteam.com(104.21.32.240) - mailcious www.koz1.net() - mailcious cutchie.com(199.59.243.222) - mailcious www.tvtools.fi(172.67.152.159) - mailcious t-trust.jp(183.181.82.14) - mailcious smtp.sbcglobal.yahoo.com(66.218.88.163) www.stajum.com(103.3.1.161) www.evcpa.com(192.124.249.10) - mailcious alt4.gmail-smtp-in.l.google.com(142.250.152.27) web-york.com(219.94.129.97) - mailcious gcss.com(35.186.238.101) com() toundo.net() juso-gr.ch(104.21.50.140) - mailcious ldh.la.gov(75.2.95.235) www.synetik.net(193.166.255.171) www.yumgiskor.kz() refintl.org(198.49.23.145) - mailcious pers.com(192.124.249.3) - mailcious forbin.net(172.67.148.35) - mailcious tabbles.net(104.21.7.22) - mailcious esmoke.net(204.15.134.44) kewlmail.com(63.251.106.25) - mailcious akr.co.id(104.20.123.68) - mailcious www.quadlock.com(70.39.251.249) - mailcious www.cel-cpa.com(104.196.26.65) www.wifi4all.nl(104.21.42.10) - mailcious www.x0c.com(185.53.177.50) - mailcious adeesa.net(172.67.209.11) - mailcious atb-lit.com(208.100.26.245) www.jacomfg.com(96.127.180.42) - mailcious madjek.com() www.fcwcvt.org(172.67.134.134) bggs.com(35.230.155.43) - mailcious hbfuels.com(85.233.160.148) - mailcious softizer.com(185.163.45.187) - mailcious www.otena.com(99.83.154.118) www.abart.pl(89.161.163.246) www.ka-mo-me.com(211.1.226.67) umcor.am(172.67.135.11) - mailcious www.edimart.hu(81.2.194.241) - mailcious siongann.com(104.21.8.75) - mailcious muhr-soehne.de(5.189.171.125) - mailcious www.c9dd.com(188.166.152.188) kumaden.com(49.212.180.178) - mailcious www.ottospm.com(104.21.63.28) - mailcious mail7.digitalwaves.co.nz() www.tc17.com(172.67.150.80) - mailcious www.speelhal.net(217.19.237.54) wanoa.com(164.90.244.158) - mailcious jsaps.com(49.212.235.59) - mailcious diamir.de(138.201.65.187) - mailcious www.aevga.com(108.167.164.216) zemarmot.net(164.132.175.106) - mailcious www.crcsi.org(165.227.252.190) www.petsfan.com(3.130.253.23) - mailcious www.spanesi.com(5.196.166.214) com-edit.fr(63.251.106.25) - mailcious any-s.net(108.170.12.50) - mailcious pleszew.policja.gov.pl(91.229.22.126) - mailcious www.lrsuk.com(18.64.8.80) - mailcious koz1.net() cbaben.com(173.205.126.33) - mailcious ssm.ch(93.189.66.202) - mailcious www.fink.com(69.163.218.51) envogen.com(104.21.73.149) - mailcious unicus.jp(49.212.232.113) - mailcious kursavto.ru(31.177.76.70) - mailcious adventist.ro(49.12.155.123) - mailcious ccrsi.org(198.209.253.30) www.transsib.com(80.74.154.6) websy.com() nme.co.jp(203.0.113.0) dzm.cz(83.167.255.150) - mailcious www.medisa.info() oozkranj.com(212.44.102.57) - mailcious agitz.com.br() agulatex.com(133.125.38.187) - mailcious ossir.org(51.159.3.117) - mailcious wvs-net.de(104.21.43.163) - mailcious msl-lock.com(165.160.13.20) - mailcious paraski.org(94.130.164.242) - mailcious wolffkran.de() www.xaicom.es(188.165.133.163) www.baijaku.com(59.106.19.204) - mailcious dayvo.com(104.21.68.7) - mailcious www.iamdirt.com(34.117.168.233) - mailcious coxkitchensandbaths.com(205.149.134.32) - mailcious cbras.com(54.39.198.18) - mailcious onzcda.com(13.248.169.48) - mailcious indonesiamedia.com(74.208.215.145) - mailcious portoccd.org(51.89.6.56) - mailcious www.snugpak.com(104.21.73.182) - mailcious mxs.mail.ru(94.100.180.31) t-mould.com(81.169.145.175) - mailcious www.waldi.pl(46.242.238.60) - mailcious www.nunomira.com(192.241.158.94) haigh-me.com() multip.hu() revoldia.net(45.200.235.135) - mailcious gbmfg.com(151.101.2.132) www.usadig.com(198.100.146.220) 4locals.net(80.82.115.227) - mailcious ascc.org.au(203.210.102.34) - mailcious amic.at(78.46.224.133) - mailcious fogra.com.pl(85.128.55.51) - mailcious mikihan.com(153.126.211.112) - mailcious touchfam.ca(15.197.142.173) - mailcious orlyhotel.com(172.67.156.49) - mailcious sgk.home.pl(89.161.136.188) - mailcious nt-hat.com() oh28ya.com(18.176.155.206) - mailcious ncn.de(46.30.60.158) - mailcious listel.co.jp(49.212.243.77) - mailcious hazmatt.com(205.178.189.131) - mailcious enguita.net(195.5.116.23) - mailcious www.2print.com(107.180.98.101) vivastay.com(3.18.7.81) - mailcious e-asset.net() www.gpthink.com(39.99.233.155) - mailcious www.vitaindu.com(122.128.109.107) 106west.com(148.130.4.196) okashimo.com(203.137.75.45) - mailcious www.fnw.us(137.118.26.67) a-domani.com(183.90.232.24) - mailcious arowines.com(104.164.117.233) - mailcious www.pr-park.com(118.27.125.181) www.sclover3.com(157.112.182.239) - mailcious grlawcc.com() alexpope.biz(76.74.184.61) - mailcious x1.i.lencr.org(104.74.211.103) aba.org.eg(192.169.149.78) - mailcious ruzee.com(207.180.198.201) - mailcious n23china.com() www.pupi.cz(103.224.182.241) - mailcious ciicsc.com() rtcasey.com(69.195.90.46) - mailcious smtp.live.com(204.79.197.212) fortknox.bm(216.177.137.32) - mailcious 13.248.155.104 - suspicious 35.186.238.101 - mailcious 104.21.50.138 195.78.66.50 - mailcious 85.128.196.22 - mailcious 192.241.158.94 185.163.45.187 - mailcious 204.15.134.44 3.64.163.50 - mailcious 188.166.152.188 151.101.66.132 159.89.244.183 198.100.146.220 107.180.98.101 172.67.134.134 198.185.159.145 - mailcious 198.185.159.144 - mailcious 5.189.171.125 - mailcious 148.72.176.26 - mailcious 135.181.73.98 79.96.32.254 - mailcious 193.70.68.254 - mailcious 162.241.233.114 - mailcious 45.142.176.225 - mailcious 157.7.107.88 51.159.3.117 - mailcious 136.243.147.81 - mailcious 49.212.235.59 - mailcious 153.120.34.73 49.212.232.113 - mailcious 192.169.149.78 - mailcious 5.134.13.210 - mailcious 104.21.234.120 202.12.27.33 104.21.73.143 - mailcious 210.140.73.39 - mailcious 217.19.254.22 - mailcious 78.46.224.133 - mailcious 142.250.152.27 219.94.129.97 - mailcious 208.100.26.245 - phishing 104.24.161.27 91.220.211.163 - mailcious 104.20.220.29 - mailcious 104.26.1.82 213.186.33.17 - mailcious 141.193.213.20 - malware 192.124.249.3 - mailcious 205.149.134.32 - mailcious 104.21.92.183 170.82.173.30 137.118.26.67 75.2.70.75 - mailcious 60.43.154.138 83.223.113.46 - mailcious 208.109.214.162 172.67.184.30 - mailcious 3.33.152.147 - mailcious 172.67.165.62 104.26.6.17 121.254.136.27 85.128.55.51 - mailcious 104.21.23.9 202.172.28.187 - mailcious 185.129.138.60 - mailcious 211.1.226.67 172.67.188.75 - mailcious 172.67.209.90 - mailcious 213.186.33.40 - mailcious 205.178.189.131 - phishing 133.125.38.187 - mailcious 104.21.48.207 211.13.204.3 - mailcious 54.209.32.212 - mailcious 18.64.8.103 - mailcious 95.174.22.233 - mailcious 122.128.109.107 52.219.178.96 99.83.154.118 - mailcious 172.67.193.133 203.210.102.34 - mailcious 13.225.131.31 54.39.198.18 - mailcious 154.213.117.166 - mailcious 82.201.61.230 - mailcious 77.68.50.105 18.197.121.220 - mailcious 104.26.12.244 164.132.175.106 - mailcious 157.7.231.224 - mailcious 128.8.10.90 172.67.173.200 - mailcious 185.53.177.50 - mailcious 172.67.135.146 54.212.145.129 46.30.60.158 - mailcious 77.78.104.3 - phishing 52.71.57.184 - mailcious 104.21.6.168 - mailcious 69.163.218.51 - mailcious 151.101.130.159 - malware 208.97.178.138 - mailcious 45.200.235.135 198.199.101.195 - mailcious 172.67.185.152 192.36.148.17 217.19.237.54 - mailcious 217.160.0.179 - mailcious 104.21.66.46 - mailcious 104.21.41.152 - mailcious 5.134.4.115 - mailcious 202.94.166.30 - mailcious 5.196.166.214 34.117.168.233 - mailcious 31.177.76.70 - suspicious 49.212.243.77 - mailcious 198.41.0.4 204.79.197.212 188.94.254.88 - mailcious 76.223.65.111 96.127.180.42 - mailcious 118.27.125.181 221.132.33.88 - mailcious 69.46.30.77 - mailcious 108.167.164.216 153.126.211.112 - mailcious 173.231.184.124 - mailcious 172.67.163.173 - malware 27.0.174.59 - mailcious 89.31.143.1 - mailcious 103.4.16.43 - mailcious 157.112.176.4 - malware 64.233.187.27 185.178.208.141 - mailcious 35.154.163.204 185.151.30.147 - mailcious 219.94.128.216 - mailcious 198.54.117.242 - mailcious 148.130.4.196 104.26.10.81 202.254.236.40 - mailcious 172.67.199.57 51.89.6.56 - mailcious 207.180.198.201 - mailcious 198.209.253.30 195.96.252.188 - mailcious 172.67.156.237 - mailcious 43.255.29.192 79.124.76.247 69.195.90.46 - mailcious 198.1.81.28 185.237.66.112 173.205.126.33 - mailcious 192.33.4.12 192.252.154.18 - mailcious 154.88.50.199 - mailcious 76.223.35.103 - mailcious 104.21.66.220 - mailcious 99.83.190.102 34.102.136.180 - mailcious 154.203.14.100 88.86.118.82 - mailcious 157.112.187.75 - mailcious 104.21.30.14 35.168.185.204 62.75.216.107 - mailcious 93.189.66.202 - mailcious 62.122.190.121 74.208.215.199 - mailcious 172.67.163.101 104.21.68.7 - mailcious 80.82.115.227 - mailcious 104.164.117.233 - mailcious 3.140.13.188 - mailcious 165.227.252.190 - suspicious 49.212.180.178 - mailcious 183.181.82.14 - mailcious 77.73.134.27 - malware 104.26.15.53 85.233.160.148 - malware 81.2.194.241 - mailcious 202.172.28.89 - mailcious 172.67.160.168 108.170.12.50 185.42.105.162 - mailcious 104.74.211.103 192.124.249.20 - mailcious 89.221.250.3 - mailcious 203.137.75.45 - mailcious 188.165.133.163 23.227.38.74 - mailcious 104.21.1.51 76.223.27.102 103.224.182.241 - mailcious 35.230.155.43 - mailcious 66.94.119.160 63.251.106.25 - mailcious 74.208.215.145 - mailcious 104.21.1.213 92.42.191.38 - mailcious 202.53.77.146 - mailcious 54.236.92.93 34.205.242.146 - mailcious 199.34.228.78 - mailcious 65.52.128.33 - malware 172.67.189.227 - mailcious 172.217.31.19 46.242.238.60 - mailcious 89.161.163.246 - mailcious 172.67.150.80 - mailcious 80.93.82.33 - mailcious 89.161.136.188 - mailcious 204.11.56.48 - phishing 213.227.141.97 72.44.93.236 - mailcious 74.125.203.26 213.142.131.159 - mailcious 93.187.206.66 - mailcious 81.169.145.175 - mailcious 193.166.255.171 - mailcious 104.21.77.146 64.125.133.18 104.26.3.124 - mailcious 198.49.23.144 - mailcious 104.21.42.10 - mailcious 172.67.158.251 - phishing 79.96.161.192 59.106.19.204 - mailcious 172.67.148.147 109.71.54.22 - mailcious 3.130.253.23 - mailcious 178.249.70.75 - mailcious 217.69.139.150 165.160.13.20 - mailcious 94.130.164.242 - mailcious 18.176.155.206 104.20.123.68 5.39.75.157 - mailcious 76.74.184.61 - mailcious 172.67.181.113 199.59.243.223 183.90.232.24 - mailcious 39.99.233.155 - mailcious 70.39.251.249 - mailcious 69.163.239.62 38.111.255.201 - mailcious 104.218.10.254 157.112.182.239 - mailcious 54.194.190.151 138.201.65.187 - mailcious 172.67.142.169 211.13.196.162 59.106.13.181 - mailcious 104.196.26.65 - mailcious 87.230.93.218 173.254.28.29 - phishing 31.177.80.70 - mailcious 212.44.102.57 - mailcious 52.219.179.0 66.226.70.66 199.59.243.220 - mailcious 216.177.137.32 - mailcious 104.26.7.221 83.167.255.150 - mailcious 49.12.155.123 206.191.152.37 35.172.94.1 - phishing 195.5.116.23 - mailcious 192.58.128.30 13.248.169.48 82.208.6.9 - mailcious 51.79.51.72 - mailcious 192.252.159.165 - mailcious 193.0.14.129 217.160.0.131 - mailcious 104.21.7.22 - mailcious 3.65.101.129 - mailcious 154.81.136.239 104.18.40.43 - mailcious 3.19.116.195 - mailcious 192.203.230.10 23.227.38.32 - mailcious 66.111.4.70 213.175.217.57 - mailcious 104.21.2.101 52.211.245.146 217.79.248.38 - mailcious 62.75.216.137 49.212.235.175 - mailcious 75.2.95.235 80.74.154.6 - mailcious 62.122.170.171 66.163.170.48 198.32.64.12 35.214.171.193 172.67.152.159 96.91.204.114 - mailcious 208.80.122.2 91.229.22.126 - mailcious 135.125.108.170 - mailcious 172.67.189.68 - mailcious 193.107.88.74 192.124.249.15 - mailcious 192.124.249.14 - mailcious 192.124.249.13 - mailcious 87.98.236.253 - mailcious 91.201.52.102 192.124.249.10 - mailcious 172.67.33.95 185.106.129.180 - mailcious 103.3.1.161 219.94.128.87 3.18.7.81 - mailcious 164.90.244.158 - mailcious 157.7.107.38 - mailcious 185.80.51.179 - mailcious 3.94.41.167 - mailcious 147.154.0.23 - mailcious 52.200.51.73 - mailcious
|
6
ET MALWARE Backdoor.Win32.Pushdo.s Checkin ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz ET INFO Observed DNS Query to .biz TLD SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst
|
|
16.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14584 |
2023-03-22 17:33
|
vbc.exe 3a02d50415b4f76d02cda80340ecccbe UPX Malicious Library PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
7.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14585 |
2023-03-22 17:32
|
power.exe ba218b60cb97c3532b8b9c796d954622 RAT Emotet Gen2 Ave Maria WARZONE RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) .NET EXE PE32 PE File OS Processor Check DLL PE64 JPEG Format Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS crashed |
6
http://77.73.134.27/8bmdh3Slb2/index.php - rule_id: 26125 http://77.73.134.27/8bmdh3Slb2/index.php?scr=1 - rule_id: 26125 http://77.73.134.27/8bmdh3Slb2/Plugins/clip64.dll - rule_id: 26128 http://77.73.134.27/8bmdh3Slb2/Plugins/cred64.dll - rule_id: 26126 https://j.ffbbjjkk.com/logo.png - rule_id: 28017 https://j.ffbbjjkk.com/2701.html - rule_id: 27926
|
3
j.ffbbjjkk.com(172.67.158.22) - mailcious 77.73.134.27 - malware 104.21.8.227 - mailcious
|
6
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
6
http://77.73.134.27/8bmdh3Slb2/index.php http://77.73.134.27/8bmdh3Slb2/index.php http://77.73.134.27/8bmdh3Slb2/Plugins/clip64.dll http://77.73.134.27/8bmdh3Slb2/Plugins/cred64.dll https://j.ffbbjjkk.com/logo.png https://j.ffbbjjkk.com/2701.html
|
11.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14586 |
2023-03-22 17:31
|
handdiy_6.exe 54f8a4c3864f17466705a15a2ef2a06f Gen2 Trojan_PWS_Stealer Credential User Data Generic Malware UPX Malicious Library SQLite Cookie Malicious Packer Anti_VM OS Processor Check PE32 PE File PNG Format Browser Info Stealer suspicious privilege MachineGuid Code Injection Checks debugger WMI Creates executable files exploit crash Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
1
https://www.ippfinfo.top/
|
4
iplogger.com(148.251.234.93) - mailcious www.ippfinfo.top(178.18.252.110) 148.251.234.93 - mailcious 178.18.252.110
|
3
ET DNS Query to a *.top domain - Likely Hostile ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14587 |
2023-03-22 17:29
|
Clip1.exe fa0e319484845c1333e5c1e621659027 UPX PE64 PE File VirusTotal Malware |
|
|
|
|
1.4 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14588 |
2023-03-22 17:29
|
007.exe fe05605a8065764a5ec8aba32db6e697 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14589 |
2023-03-22 13:17
|
abux.txt bf1074df865384a5cffab3142a5cb38c Hide_EXE ScreenShot AntiDebug AntiVM Check memory unpack itself |
|
|
|
|
1.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14590 |
2023-03-22 10:44
|
wL8P9unF.zip 1f5166dbb451fe00af869e50377e286d ZIP Format VirusTotal Malware Report DNS |
|
12
94.23.45.86 - mailcious 172.105.226.75 - mailcious 202.129.205.3 - mailcious 104.168.155.143 - mailcious 209.126.85.32 213.239.212.5 - mailcious 107.170.39.149 - mailcious 164.90.222.65 - mailcious 187.63.160.88 - mailcious 5.135.159.50 - mailcious 115.68.227.76 - mailcious 167.172.199.165 - mailcious
|
5
ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 1 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 10
|
|
2.6 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14591 |
2023-03-22 10:36
|
NMemo1Setp.exe f12aa4983f77ed85b3a618f7656807c2 Confuser .NET .NET EXE PE32 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Ransomware DNS |
|
3
videoconvert-download38.xyz() - mailcious iplogger.org(148.251.234.83) - mailcious 148.251.234.83
|
3
ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
59 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14592 |
2023-03-22 10:28
|
handdiy_4.exe 802e1974c79084d3b80ce713a54929aa AgentTesla Gen2 Trojan_PWS_Stealer browser info stealer Credential User Data Generic Malware Google Chrome Downloader UPX Malicious Library SQLite Cookie Malicious Packer Create Service DGA Socket ScreenShot DNS BitCoin Internet API Code injecti Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files ICMP traffic exploit crash unpack itself Windows utilities suspicious process malicious URLs suspicious TLD WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
1
https://www.ippfinfo.top/
|
4
iplogger.org(148.251.234.83) - mailcious www.ippfinfo.top(178.18.252.110) 148.251.234.83 178.18.252.110
|
5
ET DNS Query to a *.top domain - Likely Hostile ET POLICY IP Check Domain (iplogger .org in DNS Lookup) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in TLS SNI)
|
|
11.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14593 |
2023-03-22 10:25
|
file.zip bbcf3b4e597001a89d6a95ded6009ef0 ZIP Format VirusTotal Malware |
|
|
|
|
0.6 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14594 |
2023-03-22 10:17
|
vbc.exe f99d5a071e38ed4add47c1d47f657422 PWS .NET framework .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14595 |
2023-03-22 10:16
|
zxcvb.exe 688774feec1cc9685acaece804dc7a26 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.2 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|