| 14701 |
2023-03-10 17:51
|
 80.exe 3e7a4148f1133cb4b8a097fd74590f44
Malware download VirusTotal Malware Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process suspicious TLD sandbox evasion Tofsee Windows Backdoor ComputerName Remote Code Execution DNS Cryptographic key |
285
http://www.xaicom.es/ - rule_id: 24556
http://atbauk.org/ - rule_id: 24914
http://pccj.net/ - rule_id: 24646
http://onzcda.com/ - rule_id: 24915
http://lyto.net/ - rule_id: 24647
http://www.spanesi.com/ - rule_id: 26024
http://cyclad.pl/ - rule_id: 26025
http://apcotex.com/
http://vdoherty.com/ - rule_id: 24650
http://iranytu.net/ - rule_id: 26194
http://cutchie.com/ - rule_id: 24693
http://www.sclover3.com/ - rule_id: 24652
http://akdeniz.nl/ - rule_id: 24735
http://vivastay.com/ - rule_id: 24694
http://envogen.com/ - rule_id: 24701
http://www.holleman.us/ - rule_id: 23213
http://www.stnic.co.uk/ - rule_id: 26026
http://www.fnsds.org/ - rule_id: 24655
http://reproar.com/ - rule_id: 26190
http://www.railbook.net/ - rule_id: 26023
http://epc.com.au/ - rule_id: 24656
http://www.ka-mo-me.com/ - rule_id: 26050
http://msl-lock.com/ - rule_id: 24957
http://www.snugpak.com/ - rule_id: 23198
http://bible.org/ - rule_id: 24918
http://www.valdal.com/ - rule_id: 23188
http://mijash3.com/ - rule_id: 24726
http://absblast.com/ - rule_id: 24719
http://rkengg.com/ - rule_id: 24658
http://www.mobilnic.net/ - rule_id: 24643
http://www.11tochi.net/ - rule_id: 24659
http://www.cel-cpa.com/ - rule_id: 26032
http://gydrozo.ru/ - rule_id: 24952
http://isom.org/ - rule_id: 24740
http://www.pohlfood.com/ - rule_id: 26027
http://mcseurope.nl/ - rule_id: 24661
http://clinicasanluis.com.co/ - rule_id: 24662
http://www.myropcb.com/ - rule_id: 24663
http://amerifor.com/ - rule_id: 24755
http://www.depalo.com/ - rule_id: 23191
http://webavant.com/ - rule_id: 24921
http://www.fe-bauer.de/ - rule_id: 24738
http://www.fink.com/ - rule_id: 26028
http://www.quadlock.com/ - rule_id: 23184
http://kumaden.com/ - rule_id: 24739
http://adeesa.net/ - rule_id: 24667
http://zugseil.com/ - rule_id: 24772
http://www.findbc.com/ - rule_id: 24562
http://603888.com/ - rule_id: 24926
http://www.sjbs.org/ - rule_id: 24664
http://www.valselit.com/ - rule_id: 23216
http://www.aevga.com/ - rule_id: 26030
http://skypearl.com/
http://sidepath.com/ - rule_id: 24672
http://burstner.ru/ - rule_id: 24922
http://roewer.de/ - rule_id: 24923
http://www.ex-olive.com/ - rule_id: 23224
http://metaforacom.com/ - rule_id: 24673
http://ludomemo.com/ - rule_id: 26031
http://dzm.cz/ - rule_id: 24925
http://dog-jog.net/ - rule_id: 26192
http://www.waldi.pl/ - rule_id: 23207
http://kevyt.net/ - rule_id: 24674
http://sokuwan.net/ - rule_id: 26033
http://www.wifi4all.nl/ - rule_id: 23195
http://nlcv.bas.bg/ - rule_id: 24675
http://icd-host.com/ - rule_id: 26191
http://sigtoa.com/ - rule_id: 24742
http://likangds.com/ - rule_id: 26034
http://4locals.net/ - rule_id: 24676
http://orlyhotel.com/ - rule_id: 24651
http://magicomm.co.uk/ - rule_id: 24678
http://tbvlugus.nl/ - rule_id: 24930
http://akr.co.id/ - rule_id: 24679
http://acraloc.com/ - rule_id: 24945
http://www.item-pr.com/ - rule_id: 24680
http://www.jchysk.com/ - rule_id: 24561
http://kavram.com/ - rule_id: 24932
http://shesfit.com/ - rule_id: 26060
http://polprime.com/ - rule_id: 24682
http://tozzhin.com/ - rule_id: 26035
http://www.vazir.se/ - rule_id: 23203
http://refintl.org/ - rule_id: 24684
http://coxkitchensandbaths.com/ - rule_id: 24716
http://amic.at/ - rule_id: 24685
http://beafin.com/ - rule_id: 24686
http://noblesse.be/ - rule_id: 24687
http://www.domon.com/ - rule_id: 24688
http://paraski.org/ - rule_id: 26036
http://doggybag.org/ - rule_id: 24920
http://dyag-eng.com/ - rule_id: 24934
http://kustnara.com/
http://shittas.com/ - rule_id: 24691
http://ascc.org.au/ - rule_id: 24936
http://missnue.com/ - rule_id: 24937
http://www.tc17.com/ - rule_id: 24745
http://angework.com/
http://www.yocinc.org/ - rule_id: 23202
http://hamaker.net/ - rule_id: 24695
http://host.do/ - rule_id: 24696
http://aoinko.net/ - rule_id: 24940
http://nts-web.net/ - rule_id: 24749
http://nekono.net/ - rule_id: 24941
http://rast.se/ - rule_id: 24747
http://shanks.co.uk/ - rule_id: 24943
http://scintel.com/
http://www.kernsafe.com/ - rule_id: 23218
http://ccssinc.com/ - rule_id: 24698
http://mackusick.com/ - rule_id: 24699
http://www.vitaindu.com/ - rule_id: 23210
http://listel.co.jp/ - rule_id: 24700
http://wvs-net.de/ - rule_id: 26196
http://shiner.com/ - rule_id: 26037
http://bigzz.by/ - rule_id: 24946
http://karmy.com.pl/ - rule_id: 24703
http://bidroll.com/ - rule_id: 26054
http://midap.com/ - rule_id: 24704
http://www.transsib.com/ - rule_id: 23204
http://shteeble.com/ - rule_id: 24947
http://s5w.com/ - rule_id: 24953
http://jnf.at/ - rule_id: 24948
http://ikulani.com/
http://shenhgts.net/ - rule_id: 24949
http://biosolve.com/ - rule_id: 24950
http://keio-web.com/ - rule_id: 24648
http://www.iamdirt.com/ - rule_id: 23192
http://impexnc.com/ - rule_id: 24706
http://ramkome.com/ - rule_id: 24657
http://bosado.com/ - rule_id: 24707
http://78san.com/ - rule_id: 24961
http://tcpoa.com/ - rule_id: 26039
http://vvsteknik.dk/ - rule_id: 26040
http://www.medius.si/ - rule_id: 26038
http://stopllc.com/ - rule_id: 24954
http://www.t-tre.com/ - rule_id: 23214
http://www.yoruksut.com/ - rule_id: 26042
http://scip.org.uk/
http://atb-lit.com/
http://www.edimart.hu/ - rule_id: 23221
http://kursavto.ru/ - rule_id: 26043
http://www.abdg.com/ - rule_id: 23193
http://www.netcr.com/ - rule_id: 23219
http://x96.com/ - rule_id: 24710
http://t-mould.com/ - rule_id: 24711
http://any-s.net/ - rule_id: 24990
http://www.abart.pl/ - rule_id: 23208
http://insia.com/ - rule_id: 24722
http://valselit.com/ - rule_id: 26197
http://themark.org/ - rule_id: 26208
http://komie.com/ - rule_id: 26044
http://dayvo.com/ - rule_id: 24917
http://revoldia.net/ - rule_id: 26189
http://ncn.de/ - rule_id: 24713
http://yoruksut.com/ - rule_id: 24714
http://geecl.com/ - rule_id: 24958
http://unicus.jp/ - rule_id: 24715
http://www.hyabmagneter.se/ - rule_id: 24766
http://www.com-sit.com/ - rule_id: 26045
http://www.x0c.com/ - rule_id: 23225
http://skgm.ru/
http://cjcagent.com/ - rule_id: 24717
http://www.fcwcvt.org/ - rule_id: 23196
http://www.gpthink.com/ - rule_id: 23215
http://adventist.ro/ - rule_id: 24959
http://leapc.com/ - rule_id: 24709
http://infotech.pl/ - rule_id: 24960
http://com-edit.fr/ - rule_id: 24708
http://www.maktraxx.com/ - rule_id: 24720
http://dhh.la.gov/ - rule_id: 24721
http://htsmx.net/ - rule_id: 26204
http://bount.com.tw/
http://www.credo.edu.pl/ - rule_id: 23190
http://rokoron.com/ - rule_id: 24723
http://www.dayvo.com/ - rule_id: 24724
http://zupraha.cz/ - rule_id: 26046
http://mikihan.com/ - rule_id: 26047
http://oaith.ca/ - rule_id: 26048
http://www.dgmna.com/ - rule_id: 23187
http://pertex.com/ - rule_id: 24962
http://www.speelhal.net/ - rule_id: 23228
http://www.ottospm.com/ - rule_id: 24727
http://arowines.com/ - rule_id: 24919
http://www.naoi-a.com/ - rule_id: 23209
http://k-nikko.com/ - rule_id: 24729
http://www.2print.com/ - rule_id: 23222
http://sanfotek.net/ - rule_id: 24964
http://www.evcpa.com/ - rule_id: 24550
http://www.petsfan.com/ - rule_id: 23194
http://muhr-soehne.de/ - rule_id: 24732
http://www.mqs.com.br/ - rule_id: 23205
http://www.rs-ag.com/ - rule_id: 23199
http://www.olras.com/ - rule_id: 23186
http://ossir.org/ - rule_id: 24733
http://sinwal.com/ - rule_id: 24734
http://siongann.com/ - rule_id: 24966
http://www.lrsuk.com/ - rule_id: 23223
http://diamir.de/ - rule_id: 24736
http://www.alteor.cl/ - rule_id: 23182
http://www.pdqhomes.com/ - rule_id: 23183
http://oh28ya.com/ - rule_id: 26049
http://alexpope.biz/ - rule_id: 24968
http://www.baijaku.com/ - rule_id: 23181
http://www.pwd.org/ - rule_id: 24741
http://www.c9dd.com/ - rule_id: 26051
http://sjbmw.com/ - rule_id: 24725
http://hyab.se/ - rule_id: 24743
http://wnit.org/ - rule_id: 24967
http://fortknox.bm/ - rule_id: 24754
http://pers.com/ - rule_id: 24927
http://nettle.pl/ - rule_id: 24938
http://www.photo4b.com/ - rule_id: 23201
http://www.crcsi.org/ - rule_id: 23206
http://cbras.com/ - rule_id: 26205
http://hes.pt/ - rule_id: 24972
http://pcoyuncu.com/ - rule_id: 24737
http://ssm.ch/ - rule_id: 24973
http://calvinly.com/ - rule_id: 26203
http://rappich.de/ - rule_id: 26201
http://gcss.com/
http://nettlinx.org/ - rule_id: 24974
http://www.jenco.co.uk/ - rule_id: 23179
http://touchfam.ca/ - rule_id: 24975
http://duiops.net/ - rule_id: 24976
http://popbook.com/ - rule_id: 24991
http://canasil.com/ - rule_id: 24977
http://snf.it/ - rule_id: 24756
http://from30ty.com/ - rule_id: 26206
http://www.pupi.cz/ - rule_id: 24758
http://captlfix.com/ - rule_id: 24979
http://www.tvtools.fi/ - rule_id: 23185
http://www.jacomfg.com/ - rule_id: 23226
http://www.ora-ito.com/ - rule_id: 23211
http://flamingorecordings.com/ - rule_id: 24759
http://ifesnet.com/ - rule_id: 26055
http://t-trust.jp/ - rule_id: 24654
http://gbp-jp.com/ - rule_id: 26056
http://fogra.com.pl/ - rule_id: 24981
http://redgiga.com/ - rule_id: 24730
http://umcor.am/ - rule_id: 24982
http://cubodown.com/ - rule_id: 24762
http://www.pr-park.com/ - rule_id: 23180
http://workplus.hu/ - rule_id: 24712
http://hchc.org/ - rule_id: 24763
http://linac.co.uk/ - rule_id: 24984
http://ftmobile.com/ - rule_id: 24728
http://webways.com/ - rule_id: 26207
http://cbaben.com/ - rule_id: 24653
http://www.nelipak.nl/ - rule_id: 23217
http://www.vexcom.com/ - rule_id: 24764
http://dbnet.at/ - rule_id: 24765
http://www.hummer.hu/ - rule_id: 23200
http://www.cokocoko.com/ - rule_id: 23220
http://xult.org/ - rule_id: 26057
http://orbitgas.com/ - rule_id: 24666
http://simetar.com/ - rule_id: 26058
http://www.ora.ecnet.jp/ - rule_id: 23212
http://assideum.com/
http://www.pcgrate.com/ - rule_id: 24560
http://mackusick.de/ - rule_id: 24769
http://e-kami.net/ - rule_id: 24770
http://www.pb-games.com/ - rule_id: 26029
http://notis.ru/ - rule_id: 24992
http://rtcasey.com/ - rule_id: 26209
http://nels.co.uk/ - rule_id: 24771
http://www.tyrns.com/ - rule_id: 23227
http://dspears.com/ - rule_id: 24683
http://pleszew.policja.gov.pl/ - rule_id: 24773
http://avse.hu/ - rule_id: 26193
http://bd-style.com/ - rule_id: 26059
http://www.synetik.net/ - rule_id: 23197
http://www.nqks.com/ - rule_id: 24775
http://strazynski.pl/ - rule_id: 24777
http://apps.identrust.com/roots/dstrootcax3.p7c
http://karila.fr/ - rule_id: 24780
http://hubbikes.com/ - rule_id: 24669
http://indonesiamedia.com/ - rule_id: 24781
http://web-york.com/ - rule_id: 24782
http://wantapc.net/ - rule_id: 24980
http://univi.it/ - rule_id: 24783
http://www.elpro.si/ - rule_id: 23189
http://smitko.net/ - rule_id: 24784
http://x1.i.lencr.org/
http://shztm.ru/ - rule_id: 24993
https://dataform.co.uk/wp-signup.php?new=magicomm.co.uk
https://www.muhr-soehne.de/ - rule_id: 24785
|
749
banvari.com(23.227.38.32) - mailcious
gbp-jp.com(208.80.123.104) - mailcious
www.vazir.se(206.191.152.37) - mailcious
e-kami.net(202.172.28.89) - mailcious
cutchie.com(199.59.243.222) - mailcious
duiops.net(135.125.108.170) - mailcious
top1oil.com(104.26.1.82) - mailcious
cvswl.org()
daytonir.com(104.18.40.43) - mailcious
nekono.net(202.172.28.187) - mailcious
in1.smtp.messagingengine.com(66.111.4.74)
bosado.com(5.39.75.157) - mailcious
ludea.cz()
floopis.com(3.64.163.50)
ftchat.com()
shenhgts.net(199.59.243.220) - mailcious
hyabmagneter.se(104.21.69.146)
univi.it(18.197.121.220) - mailcious
nels.co.uk(5.134.13.210) - mailcious
insia.com(82.208.6.9) - mailcious
www.yoruksut.com(93.187.206.66)
ktenergo.ru()
www.mqs.com.br(170.82.173.30)
www.photo4b.com(195.78.66.50)
gydrozo.ru(91.220.211.163) - mailcious
mackusick.de(217.160.0.131) - mailcious
www.sjbs.org(69.163.239.62) - mailcious
skypearl.com(153.122.170.15)
kavram.com(172.67.189.68) - mailcious
www.fnsds.org(52.200.100.0) - mailcious
missnue.com(104.21.234.120) - mailcious
pro-fa.com()
shztm.ru(52.50.65.32) - mailcious
skgm.ru(91.201.52.102)
sigtoa.com(172.67.160.168) - mailcious
cpwpb.com()
dyag-eng.com(3.64.163.50) - mailcious
shanks.co.uk(217.19.254.22) - mailcious
webavant.com(148.72.176.26) - mailcious
fifa-ews.com(172.67.189.227) - mailcious
roewer.de(45.142.176.225) - mailcious
www.abart.pl(89.161.163.246)
bd-style.com(107.165.223.27) - mailcious
anduran.com(3.18.7.81) - mailcious
nlcv.bas.bg(195.96.252.188) - mailcious
wahw.com.au(54.194.190.151)
canasil.com(104.26.3.14) - mailcious
www.hummer.hu(185.80.51.179)
kustnara.com(13.248.155.104)
www.holleman.us(51.79.51.72) - mailcious
www.vexcom.com(104.21.55.224) - mailcious
sokuwan.net(185.230.63.171) - mailcious
c-drop.net()
bount.com.tw(104.21.76.140)
org()
actmin.com()
clinicasanluis.com.co(172.67.164.178) - mailcious
pellys.co.uk(77.72.4.226) - mailcious
chzko.ru()
www.yocinc.org(66.94.119.160)
www.wkhk.net() - mailcious
cqdgroup.com(221.132.33.88)
vvsteknik.dk(185.31.76.90) - mailcious
zugseil.com(92.42.191.38) - mailcious
infotech.pl(79.96.32.254) - mailcious
assideum.com(52.219.178.56)
www.mobilnic.net(154.203.14.100)
www.myropcb.com(74.208.215.199) - mailcious
www.findbc.com(13.248.216.40) - mailcious
hubbikes.com(75.2.70.75) - mailcious
ccssinc.com(104.21.19.68) - mailcious
amba-tc.si()
stopllc.com(162.241.233.114) - mailcious
polprime.com(154.214.189.76) - mailcious
noblesse.be(5.134.4.115) - mailcious
rappich.de(89.31.143.1) - mailcious
aoinko.net(157.7.107.38) - mailcious
jabian.com(104.26.7.17)
absblast.com(141.193.213.20) - mailcious
yasuma.com(61.200.81.23) - mailcious
leapc.com(35.231.13.148) - mailcious
pertex.com(185.151.30.147) - mailcious
www.hyabmagneter.se(104.21.69.146) - mailcious
awfraser.com()
603888.com(67.21.93.229) - mailcious
www.maktraxx.com(72.44.93.236) - mailcious
de()
host.do(217.79.248.38) - mailcious
mail.airmail.net(66.226.70.66)
www.stnic.co.uk(77.68.50.105)
vonparis.com(23.185.0.4) - mailcious
www.dayvo.com(104.21.68.7) - mailcious
samtv.ro()
ftmobile.com(199.34.228.78) - mailcious
amele.com()
bossinst.com(205.178.189.131) - mailcious
sjbmw.com(198.199.101.195) - mailcious
biosolve.com(151.101.130.159) - mailcious
shesfit.com(104.21.74.141) - mailcious
ldh.la.gov(75.2.95.235)
www.kernsafe.com(104.26.3.124)
xsui.com(127.0.0.1)
www.olras.com(80.93.82.33) - mailcious
techtrans.de(185.237.66.112)
www.jroy.net() - mailcious
piacton.com()
acraloc.com(192.64.150.164) - mailcious
ludomemo.com(27.0.174.59) - mailcious
www.nqks.com(147.154.3.56) - mailcious
redgiga.com(172.67.186.153) - mailcious
aiolos-sa.gr(172.67.168.72)
hchc.org(34.224.10.110) - mailcious
mackusick.com(217.160.0.179) - mailcious
www.t-tre.com(135.181.73.98)
araax.com(34.205.242.146) - mailcious
webband.com()
dataform.co.uk(83.223.113.46)
www.11tochi.net(157.112.176.4) - mailcious
oozkranj.com(212.44.102.57) - mailcious
apcotex.com(35.154.163.204)
dog-jog.net(153.122.24.177) - mailcious
tbvlugus.nl(174.129.25.170) - mailcious
magicomm.co.uk(83.223.113.46) - mailcious
www.item-pr.com(213.186.33.17) - mailcious
kevyt.net(104.21.2.101) - mailcious
webways.com(172.67.128.139) - mailcious
www.depalo.com(142.250.206.243) - mailcious
deckoviny.cz(88.86.118.82) - mailcious
www.netcr.com(52.86.6.113) - mailcious
www.ora-ito.com(213.186.33.40)
www.wnsavoy.com(96.91.204.114)
simetar.com(172.67.146.154) - mailcious
multip.hu()
from30ty.com(157.7.231.224) - mailcious
sidepath.com(75.2.70.75) - mailcious
peminet.net(198.54.117.242) - mailcious
gmail-smtp-in.l.google.com(142.251.8.26)
icd-host.com(192.252.159.116) - mailcious
yoruksut.com(93.187.206.66) - mailcious
www.reglera.com(64.125.133.18)
www.pohlfood.com(104.218.10.254)
hyab.se(172.67.199.57) - mailcious
www.alteor.cl(199.15.163.148)
www.tyrns.com(62.75.216.137)
rokoron.com(211.13.204.3) - mailcious
www.domon.com(23.227.38.74) - mailcious
nts-web.net(49.212.235.175) - mailcious
bigzz.by(178.249.70.75) - mailcious
zupraha.cz(77.78.104.3) - mailcious
burstner.ru(52.50.65.32) - mailcious
www.jenco.co.uk(172.67.208.67) - mailcious
sanfotek.net(97.74.42.79) - mailcious
eos-i.com(15.204.18.132) - mailcious
amerifor.com(64.18.191.61) - mailcious
www.elpro.si(104.26.14.53) - mailcious
www.nelipak.nl(82.201.61.230)
komie.com(59.106.13.181) - mailcious
www.muhr-soehne.de(5.189.171.125) - mailcious
vdoherty.com(91.216.241.100) - mailcious
cyclad.pl(87.98.236.253) - mailcious
dbnet.at(188.94.254.88) - mailcious
www.naoi-a.com(202.254.236.40) - mailcious
s5w.com(192.99.226.184) - mailcious
themark.org(35.172.94.1) - mailcious
rkengg.com(18.119.154.66) - mailcious
invictus.pl()
michiana.org()
mjrcpas.com(154.81.136.239)
www.pwd.org(208.109.214.162) - mailcious
hamaker.net(34.102.136.180) - mailcious
bidroll.com(13.56.33.8) - mailcious
cjcagent.com(157.112.187.75) - mailcious
impexnc.com(204.11.56.48) - mailcious
shteeble.com(185.106.129.180) - mailcious
beafin.com(133.125.38.187) - mailcious
www.com-sit.com(104.26.11.81)
ramkome.com(62.75.216.107) - mailcious
www.ottospm.com(104.21.63.28) - mailcious
rast.se(89.221.250.3) - mailcious
ikulani.com(157.7.107.88)
ntc.edu.au(192.124.249.15) - mailcious
www.pb-games.com(173.254.28.29)
workplus.hu(172.67.197.24) - mailcious
angework.com(219.94.128.87)
mondopp.net(173.231.184.124) - mailcious
tozzhin.com(202.94.166.30) - mailcious
flamingorecordings.com(35.214.171.193) - mailcious
cubodown.com(104.21.30.14) - mailcious
dspears.com(3.130.253.23) - mailcious
touchfam.ca(15.197.142.173) - mailcious
at-shun.com(210.140.73.39) - mailcious
vfcindia.com(68.71.135.170) - mailcious
reproar.com(194.143.194.23) - mailcious
karmy.com.pl(185.253.212.22) - mailcious
mijash3.com(198.185.159.144) - mailcious
www.valdal.com(104.26.6.221)
www.abdg.com(192.252.154.18)
averwin.com()
www.dgmna.com(192.124.249.20) - mailcious
h-et-l.com() - mailcious
pccj.net(172.67.148.147) - mailcious
nrsi.com(76.223.35.103) - mailcious
www.valselit.com(193.70.68.254)
www.pcgrate.com(104.21.66.46) - mailcious
someikan.com()
www.ex-olive.com(210.140.73.39)
metaforacom.com(185.42.105.162) - mailcious
www.cokocoko.com(52.86.6.113) - mailcious
canmore.com()
xult.org(65.52.128.33) - mailcious
jnf.at(136.243.147.81) - mailcious
gphpedit.org(127.0.0.1)
avse.hu(185.129.138.60) - mailcious
dhh.la.gov(52.200.51.73) - mailcious
epc.com.au(103.4.16.43) - mailcious
www.udesign.biz()
notis.ru(185.178.208.141) - mailcious
midap.com(198.49.23.145) - mailcious
www.ftchat.com() - mailcious
plaske.ua(52.211.245.146)
snf.it(95.174.22.233) - mailcious
mkm-gr.com(79.124.76.247)
keio-web.com(219.94.128.216) - mailcious
www.ora.ecnet.jp(60.43.154.138)
isom.org(192.124.249.14) - mailcious
www.rs-ag.com(172.67.152.88)
strazynski.pl(85.128.196.22) - mailcious
www.credo.edu.pl(62.122.190.121)
oaith.ca(192.124.249.12) - mailcious
popbook.com(47.91.167.60) - mailcious
lyto.net(172.67.138.3) - mailcious
www.pdqhomes.com(3.140.13.188) - mailcious
www.fe-bauer.de(3.65.101.129) - mailcious
www.medius.si(18.64.8.59)
scip.org.uk(104.26.13.244)
nettlinx.org(202.53.77.146) - mailcious
htsmx.net(63.251.106.25) - mailcious
bible.org(172.67.33.95) - mailcious
wnit.org(38.111.255.201) - mailcious
www.jchysk.com(208.97.178.138) - mailcious
camamat.com(104.21.235.32) - mailcious
hyab.com(104.21.65.224)
akdeniz.nl(109.71.54.22) - mailcious
cpmteam.com(172.67.188.75) - mailcious
www.koz1.net() - mailcious
nettle.pl(195.128.140.29) - mailcious
www.tvtools.fi(104.21.88.198) - mailcious
captlfix.com(198.185.159.144) - mailcious
t-trust.jp(183.181.82.14) - mailcious
smtp.sbcglobal.yahoo.com(66.163.170.48)
www.stajum.com(103.3.1.161)
www.evcpa.com(192.124.249.10) - mailcious
alt4.gmail-smtp-in.l.google.com(142.250.152.26)
web-york.com(219.94.129.97) - mailcious
gcss.com(35.186.238.101)
com()
toundo.net()
likangds.com(23.225.40.19) - mailcious
www.synetik.net(193.166.255.171)
mcseurope.nl(46.19.218.80) - mailcious
www.yumgiskor.kz()
refintl.org(198.185.159.144) - mailcious
pers.com(192.124.249.3) - mailcious
thiessen.net(62.75.251.116)
karila.fr(89.107.169.125) - mailcious
esmoke.net(204.15.134.44)
kewlmail.com(63.251.106.25) - mailcious
akr.co.id(104.20.122.68) - mailcious
www.quadlock.com(70.39.251.249) - mailcious
www.cel-cpa.com(104.196.26.65)
www.wifi4all.nl(104.21.42.10) - mailcious
www.x0c.com(185.53.177.50) - mailcious
atbauk.org(172.67.196.145) - mailcious
shittas.com(43.246.117.171) - mailcious
adeesa.net(104.21.77.146) - mailcious
atb-lit.com(208.100.26.245)
iranytu.net(103.224.212.222) - mailcious
www.jacomfg.com(96.127.180.42) - mailcious
madjek.com()
koz1.net()
orbitgas.com(107.180.58.31) - mailcious
hbfuels.com(85.233.160.148) - mailcious
softizer.com(185.163.45.187) - mailcious
www.otena.com(99.83.154.118)
www.ka-mo-me.com(211.1.226.67)
umcor.am(104.21.6.168) - mailcious
www.edimart.hu(81.2.194.241) - mailcious
smitko.net(31.15.12.103) - mailcious
siongann.com(172.67.156.237) - mailcious
muhr-soehne.de(5.189.171.125) - mailcious
www.c9dd.com(188.166.152.188)
kumaden.com(49.212.180.178) - mailcious
valselit.com(193.70.68.254) - mailcious
sledsport.ru(185.22.232.175) - mailcious
mail7.digitalwaves.co.nz()
www.tc17.com(104.21.79.244) - mailcious
www.speelhal.net(217.19.237.54)
scintel.com(23.239.201.14)
diamir.de(138.201.65.187) - mailcious
www.aevga.com(108.167.164.216)
www.crcsi.org(165.227.252.190)
clysma.com()
www.petsfan.com(18.119.154.66) - mailcious
www.spanesi.com(5.196.166.214)
com-edit.fr(63.251.106.25) - mailcious
any-s.net(185.104.28.238) - mailcious
wantapc.net(157.7.107.49) - mailcious
pleszew.policja.gov.pl(91.229.22.126) - mailcious
www.lrsuk.com(18.64.8.80) - mailcious
www.fcwcvt.org(104.21.25.200)
calvinly.com(216.239.34.21) - mailcious
cbaben.com(173.205.126.33) - mailcious
fr-dat.com(127.0.0.1)
ssm.ch(93.189.66.202) - mailcious
www.fink.com(69.163.218.51)
envogen.com(104.21.73.149) - mailcious
unicus.jp(49.212.232.113) - mailcious
kursavto.ru(31.177.76.70) - mailcious
k-nikko.com(18.177.67.59) - mailcious
78san.com(133.242.15.119) - mailcious
adventist.ro(104.21.48.92) - mailcious
ccrsi.org(198.209.253.30)
www.transsib.com(80.74.154.6)
websy.com()
nme.co.jp(203.0.113.0)
dzm.cz(83.167.255.150) - mailcious
www.medisa.info()
sinwal.com(172.67.206.199) - mailcious
agitz.com.br()
ossir.org(51.159.3.117) - mailcious
doggybag.org(213.186.33.16) - mailcious
wvs-net.de(172.67.181.113) - mailcious
msl-lock.com(165.160.13.20) - mailcious
paraski.org(94.130.164.242) - mailcious
wolffkran.de()
willsub.com(69.89.107.122)
www.xaicom.es(188.165.133.163)
www.baijaku.com(59.106.19.204) - mailcious
dayvo.com(104.21.68.7) - mailcious
www.iamdirt.com(199.15.163.138) - mailcious
coxkitchensandbaths.com(205.149.134.32) - mailcious
cbras.com(54.39.198.18) - mailcious
onzcda.com(35.186.238.101) - mailcious
indonesiamedia.com(74.208.215.145) - mailcious
portoccd.org(51.89.6.56) - mailcious
www.snugpak.com(104.21.73.182) - mailcious
mxs.mail.ru(217.69.139.150)
t-mould.com(81.169.145.175) - mailcious
ymlp15.net()
www.waldi.pl(46.242.238.60) - mailcious
www.nunomira.com(192.241.158.94)
haigh-me.com()
www.railbook.net(108.59.12.98)
revoldia.net(45.200.235.135) - mailcious
www.usadig.com(198.100.146.220)
4locals.net(80.82.115.227) - mailcious
ruzee.com(207.180.198.201) - mailcious
amic.at(78.46.224.133) - mailcious
pcoyuncu.com(213.142.131.159) - mailcious
fogra.com.pl(85.128.55.51) - mailcious
mikihan.com(153.126.211.112) - mailcious
hes.pt(52.19.230.145) - mailcious
orlyhotel.com(172.67.156.49) - mailcious
anteph.org()
ifesnet.com(172.67.137.15) - mailcious
nt-hat.com()
kamptal.at(128.204.134.138) - mailcious
oh28ya.com(18.182.136.195) - mailcious
tcpoa.com(164.90.244.158) - mailcious
ncn.de(46.30.60.158) - mailcious
x96.com(172.67.167.96) - mailcious
listel.co.jp(49.212.243.77) - mailcious
hazmatt.com(205.178.189.131) - mailcious
linac.co.uk(23.236.62.147) - mailcious
www.2print.com(107.180.98.101)
vivastay.com(52.71.57.184) - mailcious
www.gpthink.com(39.99.233.155) - mailcious
www.vitaindu.com(122.128.109.107)
106west.com(148.130.4.196)
okashimo.com(203.137.75.45) - mailcious
www.fnw.us(137.118.26.67)
a-domani.com(183.90.232.24) - mailcious
aluminox.es(37.59.243.164) - mailcious
arowines.com(104.164.117.233) - mailcious
www.pr-park.com(118.27.125.181)
shiner.com(104.21.27.205) - mailcious
www.sclover3.com(157.112.182.239) - mailcious
alexpope.biz(76.74.184.61) - mailcious
x1.i.lencr.org(104.74.211.103)
ascc.org.au(203.210.102.34) - mailcious
n23china.com()
www.pupi.cz(103.224.182.241) - mailcious
ciicsc.com()
www.owsports.ca() - mailcious
rtcasey.com(69.195.90.46) - mailcious
fortknox.bm(216.177.137.32) - mailcious
geecl.com(213.175.217.57) - mailcious
79.124.76.247
104.21.26.154 - mailcious
198.185.159.145 - mailcious
198.185.159.144 - mailcious
172.67.137.15
216.239.34.21 - mailcious
43.246.117.171 - mailcious
185.244.106.2
104.21.235.31
82.208.6.9 - mailcious
91.220.211.163 - mailcious
31.177.76.70 - suspicious
59.106.13.181 - mailcious
205.149.134.32 - mailcious
137.118.26.67
172.67.209.11 - mailcious
199.59.243.222 - mailcious
199.59.243.220 - mailcious
52.86.6.113 - mailcious
95.174.22.233 - mailcious
99.83.154.118 - mailcious
18.197.121.220 - mailcious
192.36.148.17
157.7.231.224 - mailcious
31.15.12.103 - mailcious
107.180.58.31 - mailcious
66.111.4.71
151.101.130.159 - malware
5.134.13.210 - mailcious
172.67.184.30 - mailcious
211.1.226.67
5.134.4.115 - mailcious
47.91.167.60 - mailcious
192.5.5.241
118.27.125.181
52.11.37.152
104.21.62.182
153.126.211.112 - mailcious
64.18.191.61 - mailcious
35.154.163.204
104.21.32.240 - malware
51.89.6.56 - mailcious
198.209.253.30
104.21.65.224
97.74.42.79 - mailcious
172.67.156.49 - mailcious
165.160.13.20 - mailcious
172.67.168.72
173.231.184.124 - mailcious
154.203.14.100
88.86.118.82 - mailcious
157.112.187.75 - mailcious
62.122.190.121
49.212.180.178 - mailcious
49.212.243.77 - mailcious
18.119.154.66 - mailcious
172.67.129.18 - mailcious
81.2.194.241 - mailcious
38.111.255.201 - mailcious
192.124.249.20 - mailcious
23.227.38.74 - mailcious
174.129.25.170 - mailcious
89.31.143.1 - mailcious
89.161.163.246 - mailcious
193.166.255.171 - mailcious
89.107.169.125 - mailcious
172.67.208.67 - mailcious
68.71.135.170 - mailcious
103.224.212.222 - mailcious
219.94.128.216 - mailcious
172.64.147.213
185.253.212.22 - mailcious
104.21.29.72 - mailcious
18.64.8.59
104.26.7.221
66.218.88.163
51.79.51.72 - mailcious
23.239.201.14
46.30.60.158 - mailcious
62.75.216.137
75.2.95.235
104.26.2.124
23.185.0.4 - malware
96.91.204.114 - mailcious
62.75.251.116
3.33.152.147 - mailcious
104.21.74.141 - mailcious
103.3.1.161
157.7.107.38 - mailcious
147.154.0.23 - mailcious
66.226.70.66
192.64.150.164 - mailcious
185.163.45.187 - mailcious
3.64.163.50 - mailcious
198.100.146.220
107.180.98.101
172.67.199.57
136.243.147.81 - mailcious
202.12.27.33
78.46.224.133 - mailcious
23.236.62.147 - mailcious
208.100.26.245 - phishing
154.81.136.239
108.59.12.98 - suspicious
85.128.55.51 - mailcious
172.67.206.199 - mailcious
172.67.138.3 - mailcious
172.67.165.62
35.214.171.193
172.67.70.223
205.178.189.131 - phishing
133.125.38.187 - mailcious
35.231.13.148 - mailcious
104.21.76.38
23.61.75.162
122.128.109.107
133.242.15.119 - mailcious
157.112.182.239 - mailcious
210.140.73.39 - mailcious
170.82.173.30
104.164.117.233 - mailcious
172.67.185.152
202.94.166.30 - mailcious
5.196.166.214
104.21.69.146
104.26.3.14 - mailcious
185.178.208.141 - mailcious
185.151.30.147 - mailcious
172.67.197.24 - mailcious
91.229.22.126 - mailcious
195.128.140.29 - mailcious
62.75.216.107 - mailcious
172.67.160.168
104.21.68.7 - mailcious
104.21.88.198 - mailcious
82.201.61.230 - mailcious
69.163.218.51 - mailcious
104.20.122.68 - mailcious
202.172.28.89 - mailcious
198.54.117.242 - mailcious
207.180.198.201 - mailcious
172.67.72.150
94.130.164.242 - mailcious
34.205.242.146 - mailcious
199.34.228.78 - mailcious
5.189.171.125 - mailcious
87.98.236.253 - mailcious
185.80.51.179 - mailcious
85.128.196.22 - mailcious
204.11.56.48 - phishing
72.44.93.236 - mailcious
198.49.23.145 - mailcious
172.67.189.68 - mailcious
172.67.148.147
76.74.184.61 - mailcious
74.208.215.199 - mailcious
69.163.239.62
46.19.218.80 - mailcious
104.218.10.254
96.16.99.73
59.106.19.204 - mailcious
13.248.216.40 - mailcious
172.67.128.139 - mailcious
23.225.40.19 - mailcious
104.21.25.200
34.237.200.184
217.160.0.131 - mailcious
185.53.177.50 - mailcious
217.79.248.38 - mailcious
49.212.235.175 - mailcious
80.74.154.6 - mailcious
154.214.189.76 - mailcious
37.59.243.164 - mailcious
18.177.67.59 - mailcious
91.201.52.102
172.67.33.95
206.191.152.37
219.94.128.87
213.175.217.57 - mailcious
192.241.158.94
188.166.152.188
135.181.73.98
193.70.68.254 - mailcious
69.195.90.46 - mailcious
51.159.3.117 - mailcious
49.212.232.113 - mailcious
69.89.107.122
178.249.70.75 - mailcious
219.94.129.97 - mailcious
91.216.241.100 - mailcious
15.204.18.132
83.223.113.46 - mailcious
75.2.70.75 - mailcious
185.104.28.238 - mailcious
35.172.94.1 - phishing
185.22.232.175 - mailcious
104.21.42.10 - mailcious
18.64.8.103 - mailcious
199.15.163.128 - mailcious
153.122.170.15
203.210.102.34 - mailcious
54.39.198.18 - mailcious
172.67.183.62
77.78.104.3 - phishing
104.21.6.168 - mailcious
162.241.233.114 - mailcious
208.97.178.138 - mailcious
217.19.237.54 - mailcious
217.160.0.179 - mailcious
128.204.134.138 - mailcious
192.99.226.184 - mailcious
52.19.230.145 - mailcious
213.186.33.17 - mailcious
213.186.33.16 - mailcious
157.112.176.4 - malware
94.100.180.31
66.94.119.160
31.177.80.70 - mailcious
148.130.4.196
211.13.204.3 - mailcious
202.254.236.40 - mailcious
195.96.252.188 - mailcious
108.167.164.216
93.189.66.202 - mailcious
173.205.126.33 - mailcious
34.102.136.180 - mailcious
104.26.6.17
80.82.115.227 - mailcious
183.181.82.14 - mailcious
157.7.107.49 - malware
99.83.190.102
203.137.75.45 - mailcious
188.165.133.163
89.221.250.3 - mailcious
204.15.134.44
104.26.2.14
202.53.77.146 - mailcious
172.67.189.227 - mailcious
172.217.31.19
213.142.131.159 - mailcious
93.187.206.66 - mailcious
183.90.232.24 - mailcious
109.71.54.22 - mailcious
85.233.160.148 - malware
104.26.0.82
54.194.190.151
135.125.108.170 - mailcious
104.21.55.224 - mailcious
138.201.65.187 - mailcious
208.80.123.104
216.177.137.32 - mailcious
198.199.101.195 - mailcious
192.58.128.30
208.109.214.162
193.0.14.129
3.65.101.129 - mailcious
104.21.76.140
104.21.2.101
52.211.245.146
54.161.222.85 - mailcious
64.233.188.27
172.67.167.96
54.250.32.94
198.1.81.28
185.15.129.58
192.228.79.201
52.200.51.73 - mailcious
35.186.238.101 - mailcious
194.143.194.23 - mailcious
172.67.186.153 - mailcious
213.186.33.40 - mailcious
159.89.244.183
83.167.255.150 - mailcious
148.72.176.26 - mailcious
45.142.176.225 - mailcious
157.7.107.88
13.56.33.8 - mailcious
153.120.34.73
104.21.234.120
142.250.152.26
52.50.65.32 - mailcious
185.106.129.180 - mailcious
141.193.213.20 - malware
192.124.249.3 - mailcious
60.43.154.138
153.122.24.177 - mailcious
52.219.88.115
202.172.28.187 - mailcious
185.129.138.60 - mailcious
188.94.254.88 - mailcious
216.239.32.21 - mailcious
52.71.57.184 - mailcious
185.31.76.90 - mailcious
217.19.254.22 - mailcious
221.132.33.88 - mailcious
27.0.174.59 - mailcious
103.4.16.43 - mailcious
104.21.79.166
67.21.93.229
185.237.66.112
61.200.81.23 - mailcious
192.33.4.12
192.252.154.18 - mailcious
104.21.8.75
104.21.30.14
77.68.50.105
199.15.163.148 - mailcious
165.227.252.190 - suspicious
172.67.152.88
172.67.163.101
185.42.105.162 - mailcious
80.93.82.33 - mailcious
63.251.106.25 - mailcious
74.208.215.145 - mailcious
211.13.196.162
92.42.191.38 - mailcious
76.223.35.103 - mailcious
172.67.70.22
46.242.238.60 - mailcious
172.67.150.80 - mailcious
195.78.66.50 - mailcious
96.127.180.42 - mailcious
81.169.145.175 - mailcious
172.67.164.178
65.52.128.33 - malware
5.39.75.157 - mailcious
3.130.204.160
77.72.4.226 - mailcious
3.130.253.23 - mailcious
104.21.92.170
103.224.182.241 - mailcious
172.67.181.113
64.125.133.18
39.99.233.155 - mailcious
70.39.251.249 - mailcious
104.196.26.65 - mailcious
173.254.28.29 - phishing
172.67.201.26
192.252.159.165 - mailcious
79.96.32.254 - mailcious
23.227.38.32 - mailcious
104.21.27.205 - mailcious
104.21.63.28 - mailcious
192.124.249.15 - mailcious
192.124.249.14 - mailcious
34.193.204.92
192.124.249.12 - mailcious
192.124.249.10 - mailcious
212.44.102.57 - mailcious
172.67.135.11
107.165.223.27 - mailcious
185.230.63.186 - suspicious
|
8
ET MALWARE Backdoor.Win32.Pushdo.s Checkin
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed DNS Query to .biz TLD
ET INFO TLS Handshake Failure
ET INFO HTTP Request to a *.tw domain
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst
SURICATA ICMPv4 invalid checksum
|
|
16.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14702 |
2023-03-10 16:59
|
 LZ.exe 282df7bcb720a5b6f409caf9ccda2f75
Gen1 Gen2 UPX Malicious Library Anti_VM Malicious Packer OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself WriteConsoleW Ransomware |
|
|
|
|
3.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14703 |
2023-03-10 16:54
|
 Projectads.exe 0f16ee89f88b541aea1867c8b6b44868
UPX Malicious Library PE32 PE File Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName |
|
1
ytbwdoevgozptoogir71mmp.cuc59nbf3uiiogdm62yhd321emm7lk()
|
|
|
2.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14704 |
2023-03-10 16:52
|
 11.html 4535be9cfea1617ede162091edd6fac1
Antivirus unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14705 |
2023-03-10 16:52
|
 1.html 32445d05dd1348bce9b6a395b2f8fbd8
Antivirus crashed |
|
|
|
|
0.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14706 |
2023-03-10 16:22
|
 blessed.exe 4d0bdca2a21a00816e99065eb2d9c4e0
SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
api.ipify.org(173.231.16.76)
64.185.227.155
|
|
|
10.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14707 |
2023-03-10 16:19
|
 vbc.exe f1068187e6778378217cb6774b2374ca
UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://208.67.105.148/sung/five/fre.php
|
1
208.67.105.148 - mailcious
|
|
|
8.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14708 |
2023-03-10 16:19
|
 vbc.exe 6e4c51c65c966531518f3ace3499ade7
Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
14.6 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14709 |
2023-03-10 11:53
|
 Ndi8RJtM5xSosyq.zip 542f53c1fd9de5d3423b7a8a22f6d9bf
ZIP Format Report ICMP traffic DNS |
|
12
91.207.28.33 -
104.168.155.143 -
159.65.88.10 -
103.132.242.26 -
164.90.222.65 -
182.162.143.56 -
72.15.201.15 -
187.63.160.88 -
183.111.227.137 -
91.121.146.47 -
167.172.199.165 -
66.228.32.31 -
|
5
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 7
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 1
|
|
3.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14710 |
2023-03-10 11:40
|
 Agenzia_Entrate.url c57ce09111a84d1110b24a8505ff5804
AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://46.8.210.57/Agenzia/server.exe
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14711 |
2023-03-10 11:13
|
 uucqwn.txt.ps1 05526a1c67586ceb0c63891ca2d1a15f
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Discord ComputerName DNS Cryptographic key |
2
https://cdn.discordapp.com/attachments/1071268301457592352/1075814163055644672/ADEL_Catalogue_1.1.2019.pdf
https://cdn.discordapp.com/attachments/1071268301457592352/1080901288881045555/Quyet_pdf_1.exe
|
2
cdn.discordapp.com(162.159.130.233) - malware
162.159.134.233 - malware
|
3
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14712 |
2023-03-10 11:02
|
 rlmp32wlve.dll 543f45c69c8be4abd29e2b578bf26613
UPX DLL PE32 PE File Malware download VirusTotal Malware Malicious Traffic Checks debugger unpack itself ComputerName crashed |
2
http://nerf-0148-unknown.guru/bot/regex - rule_id: 27575
http://nerf-0148-unknown.guru/bot/online?guid=TEST22-PC\\test22&key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34 - rule_id: 27576
|
2
nerf-0148-unknown.guru(79.137.195.205) - mailcious
79.137.195.205 - mailcious
|
1
ET MALWARE Laplas Clipper - SetOnline CnC Checkin
|
2
http://nerf-0148-unknown.guru/bot/regex
http://nerf-0148-unknown.guru/bot/online
|
4.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14713 |
2023-03-10 10:59
|
 yardmaintenance.exe 95e03ae51a6671e98b8461dc1ad766eb
PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
botanicalcorp.com(192.185.235.142)
192.185.235.142
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14714 |
2023-03-10 10:59
|
 photo_004.exe 44dc4f18399b1fa27fc6a7ab008546a8
UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself Remote Code Execution |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14715 |
2023-03-10 10:57
|
 vbc.exe 0c416e462853425ce474820d82ed8212
PWS .NET framework Generic Malware Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
1
http://checkip.dyndns.org/
|
2
checkip.dyndns.org(193.122.6.168)
193.122.6.168
|
5
ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain
|
|
14.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|