| 1 |
HeliosCert |
Sample submitted 2020-05-26 22:00:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:189.164.100.210 6362f5a2775dbf6bb22e308d459cb51e170d61408fef7ff3f3573bc8bf148578 #malware #cyber #security
|
2020-05-27 00:00:02 |
| 2 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 67 VirusTotal: https://www.virustotal.com/gui/file/f43414ab5aa79d8489fb36010b15da7999df23decb33d9c8f00ea9a880563298/detection/f-f43414ab5aa79d8489fb36010b15da7999df23decb33d9c8f00ea9a880563298-1584691978 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-27 00:00:02 |
| 3 |
HeliosCert |
Sample submitted 2020-05-26 21:55:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:5.2.209.161 5933a119067326d1e335a288000f7e311a0a42c9b24003a5c94196f0ff1db081 #malware #cyber #security
|
2020-05-26 23:55:02 |
| 4 |
HeliosCert |
Sample submitted 2020-05-26 21:30:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:2.136.180.140 02451fc5befe6bdbb3aea6a01561ec256727db2f57b9a255baecedbf4395a282 #malware #cyber #security
|
2020-05-26 23:30:02 |
| 5 |
James_inthe_box |
Ultimately #remcos #rat c2: bakup.banif2abused.xyz
|
2020-05-26 23:23:16 |
| 6 |
HeliosCert |
Sample submitted 2020-05-26 21:20:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:14.243.253.79 73a3848990709ba46af7abed91df93d69ea177a4f48b7f7638388cc16fdfcf08 #malware #cyber #security
|
2020-05-26 23:20:02 |
| 7 |
James_inthe_box |
Drops: http://185.177.59.184/robx/Attack.jpg
|
2020-05-26 23:15:55 |
| 8 |
HeliosCert |
Sample submitted 2020-05-26 21:15:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:117.20.31.98 5decce681d2625fafe4e0a04c546fe581d184fc47d86e35f9c0d8135d0784ee1 #malware #cyber #security
|
2020-05-26 23:15:02 |
| 9 |
James_inthe_box |
Some pretty neat obfuscation at: http://185.177.59.184/robx/e-remit.vbs @C i g a r @?? hash 7e2da5aebcfd60f903052853754fac36 on @mal_share cc @pmelson @Ledtech3 pic.twitter.com/wmQKHM15jP
|
2020-05-26 23:11:15 |
| 10 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/8e0913f4a198cec41be6faaa79fdc2edfdc07c54626318734ec11ba672eef913/detection/f-8e0913f4a198cec41be6faaa79fdc2edfdc07c54626318734ec11ba672eef913-1579205982 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 23:00:02 |
| 11 |
HeliosCert |
Sample submitted 2020-05-26 20:55:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:183.82.126.180 67c6ef97adaace40d05f8f134184b03d172d45c815d283873a732f1133f2d323 #malware #cyber #security
|
2020-05-26 22:55:02 |
| 12 |
HeliosCert |
Sample submitted 2020-05-26 20:50:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:112.200.106.230 b2db241fa6eb5c63c67d9768b20d401b19fb526ff3e65a0ca7992183ff70e095 #malware #cyber #security
|
2020-05-26 22:50:02 |
| 13 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/55a879b0e9c154bfc641e6a5a564f1350e360b3ad8e4a493cc3d6cf6611b075f/detection/f-55a879b0e9c154bfc641e6a5a564f1350e360b3ad8e4a493cc3d6cf6611b075f-1515036419 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 22:35:02 |
| 14 |
HeliosCert |
Sample submitted 2020-05-26 20:35:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:125.17.144.51 aeb30d8905ca7abe7fea6fc49fed596a48988abd18801c186254dee5e8307a68 #malware #cyber #security
|
2020-05-26 22:35:02 |
| 15 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/701d60f061c66a8fa66aeb03521e44651e266d97cabea93348b466bc7f40b72a/detection/f-701d60f061c66a8fa66aeb03521e44651e266d97cabea93348b466bc7f40b72a-1578340717 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 22:10:02 |
| 16 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/fa00d59535de04c6a7a582e6897073ed78e9c7fb4bfbf2ab3419b89b538f9117/detection/f-fa00d59535de04c6a7a582e6897073ed78e9c7fb4bfbf2ab3419b89b538f9117-1590007261 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 22:05:02 |
| 17 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 59 VirusTotal: https://www.virustotal.com/gui/file/a6c971c4c9606d960f19fcc4caa4184e4cf0c9d9cb39c0d66e0f9ab5ced06bac/detection/f-a6c971c4c9606d960f19fcc4caa4184e4cf0c9d9cb39c0d66e0f9ab5ced06bac-1549898797 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 21:45:02 |
| 18 |
Martixx |
Lo del resquemor era esto https://www.virustotal.com/gui/file/5c60389c546e0a0549354c436fe7a1ff40e4978f34ece28790562c929ba238fb/details … https://twitter.com/malwrhunterteam/status/1265276597386412032 …
|
2020-05-26 21:32:35 |
| 19 |
HeliosCert |
Sample submitted 2020-05-26 19:30:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:190.205.60.226 701d60f061c66a8fa66aeb03521e44651e266d97cabea93348b466bc7f40b72a #malware #cyber #security
|
2020-05-26 21:30:02 |
| 20 |
HeliosCert |
Sample submitted 2020-05-26 19:20:03 Dionaea Honeypot Protocol: smbd Sources: ::ffff:176.118.216.234 1507402763f3d2bba4cc63de0c9edf16b7a61416364adb71fee58d187f1cfe7b #malware #cyber #security
|
2020-05-26 21:20:03 |
| 21 |
HeliosCert |
Sample submitted 2020-05-26 19:20:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:203.203.6.176 d930464f3a04be9d5ba16bc1a2cc0940e2541eb55766c0dcd24792fdb3c8f078 #malware #cyber #security
|
2020-05-26 21:20:03 |
| 22 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/132b86c4a245d3ef628b8a61f940dd7c9e695893de8c3ac8aac6ef126c5f7353/detection/f-132b86c4a245d3ef628b8a61f940dd7c9e695893de8c3ac8aac6ef126c5f7353-1536221870 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 21:20:02 |
| 23 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/c3b2d803da2e364787dfd64127c6c909068b37717277a1cfb47d97ee3886e272/detection/f-c3b2d803da2e364787dfd64127c6c909068b37717277a1cfb47d97ee3886e272-1579202593 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 21:15:03 |
| 24 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 55 VirusTotal: https://www.virustotal.com/gui/file/4db0aea7694a2fd3065c4e60fc1a2ed3ca02f9accb7afd63d783c6aba74c4f25/detection/f-4db0aea7694a2fd3065c4e60fc1a2ed3ca02f9accb7afd63d783c6aba74c4f25-1550572780 … Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)
|
2020-05-26 21:15:02 |
| 25 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/3534ca1c2f0bc7f1e7bddd39d156a2cce00987ed4c22d2817680bfa5fc8ccdf0/detection/f-3534ca1c2f0bc7f1e7bddd39d156a2cce00987ed4c22d2817680bfa5fc8ccdf0-1557810332 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 21:05:02 |
| 26 |
yusaerguven |
#Rat #crossplatform #Ratty 1.29.3.1 found on opendir at: http://theersdlieznlzkx.com/shin.jar Connects to: 85.217.171.117:3737 Sample: https://www.virustotal.com/gui/file/d246c32f6dad5289cc2d139f10c14dc016497f4977c16faef891b693dc63d910/detection … @malwrhunterteam @Spam404 @MalwarePatrol pic.twitter.com/Orjo25iC8n
|
2020-05-26 21:03:01 |
| 27 |
HeliosCert |
Sample submitted 2020-05-26 18:55:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:41.204.187.5 8e0913f4a198cec41be6faaa79fdc2edfdc07c54626318734ec11ba672eef913 #malware #cyber #security
|
2020-05-26 20:55:02 |
| 28 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/3d96bcf61cae3bb4a0e0d16b1e4558d45d4bc6234adf528ed4f5949c52d1e99e/detection/f-3d96bcf61cae3bb4a0e0d16b1e4558d45d4bc6234adf528ed4f5949c52d1e99e-1550812257 … Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)
|
2020-05-26 20:50:02 |
| 29 |
ushadrons |
https://www.virustotal.com/gui/file/7980ef30b9bed26a9823d3dd5746cdefe5d01de2b2eb2c5e17dbfd1fd52f62bf/detection …
|
2020-05-26 20:40:34 |
| 30 |
HeliosCert |
Sample submitted 2020-05-26 18:20:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:59.126.193.69 c822afb49bebca452ffd8e1611f65f3e6256acd0246ee9dc799c12018d5a3ef1 #malware #cyber #security
|
2020-05-26 20:20:02 |
| 31 |
DynamicAnalysis |
#Malspam with ACH Remittance Notification/Credits theme and "ACH Remittance Advice-05262020.xlsm" attachment. Downloads: hxxp://185.205.209.166/cxwv/sfl.exe C2: 79.134.225.98:6996 #Remcos https://www.virustotal.com/gui/ip-address/185.205.209.166/relations … https://www.virustotal.com/gui/file/7965402620f6c8430667021160882a918fd7da56667a8e5295f9c0b776458c99/detection …
|
2020-05-26 20:19:02 |
| 32 |
JAMESWT_MHT |
#gozi #isfb #italy 26/05/2020 18:35 Full working xls with dll payload https://app.any.run/tasks/1740e750-b489-4980-acee-887f899a66ac … >makecab 185.158.250.18 g32.rar g64.rar check second image @VK_Intel @malwrhunterteam @felixw3000 @fumik0_ @58_158_177_102 @sugimu_sec @Ethereal_x0r @guelfoweb @reecdeep @VirITeXplorer pic.twitter.com/gs5Antt1R5
|
2020-05-26 20:14:53 |
| 33 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 68 VirusTotal: https://www.virustotal.com/gui/file/c5deb35612689e49ec3ad8336cda395a90da5d995c924c9df1ce2ce003178fbc/detection/f-c5deb35612689e49ec3ad8336cda395a90da5d995c924c9df1ce2ce003178fbc-1588150218 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 19:45:02 |
| 34 |
kurbagadergi |
kapıyı 4'le açtık. 14 oldu. 38 olmuş ashjkdfhajskfdhjaskfdhsjadfhjskd https://www.virustotal.com/gui/file/4314f31e796ff9aa468e28077c212d1c29a6e15ce998eb4bf7e9893d45abc78f/detection …
|
2020-05-26 19:44:07 |
| 35 |
James_inthe_box |
Active #masslogger 1.3.4.0 at: http://yatesassociates.co.za/documentato/JUrNMMY4IyeOepL.exe hash 910e4bbdcd034da5db9764531c1187a7 on @mal_share cc @fumik0_ @cocaman @Anti_Expl0it
|
2020-05-26 19:36:39 |
| 36 |
HeliosCert |
Sample submitted 2020-05-26 17:30:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:2.187.188.126 55a879b0e9c154bfc641e6a5a564f1350e360b3ad8e4a493cc3d6cf6611b075f #malware #cyber #security
|
2020-05-26 19:30:02 |
| 37 |
vassvik |
The latest executables do not get triggered by Sophos via http://VirusTotal.com . so give it a try. There are still some left that gets triggered. which is a constant struggle for us to get past. even with a signed executable. https://www.virustotal.com/gui/file/41bdcb082a2a84fe572f391838980427781d53559b725fca3f83b0674671e8ee/detection … https://www.virustotal.com/gui/file/54d65207ed2250782ba443f04c7d764efa683019d2ca30618c312c0a33ad6dad/detection …
|
2020-05-26 19:30:02 |
| 38 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/b6887297bf8d71ed6117084a8360d43c709645b8957867d2b2d88f6c6c8dbaaa/detection/f-b6887297bf8d71ed6117084a8360d43c709645b8957867d2b2d88f6c6c8dbaaa-1590474733 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 19:05:02 |
| 39 |
HeliosCert |
Sample submitted 2020-05-26 16:50:01 Dionaea Honeypot Protocol: smbd Sources: ::ffff:114.39.149.158 7010a208e4cf7c0953473509c39cc8a0027ba74467e5bb2b2e5d5d1e8f9067dc #malware #cyber #security
|
2020-05-26 18:50:02 |
| 40 |
DynamicAnalysis |
IOCs: https://pastebin.com/UYyKnw7c This sample was already submitted to AnyRun: https://app.any.run/tasks/d6b52a2c-8308-4576-a4de-9cadd85fdaaa … cc @Spam404
|
2020-05-26 18:30:53 |
| 41 |
DynamicAnalysis |
Active #ZLoader DGA: hxxps://mpcmgvwxgkkxwwucdjio.com/post.php Resolving to 5.53.125.69
|
2020-05-26 18:30:52 |
| 42 |
HeliosCert |
Sample submitted 2020-05-26 16:20:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:189.112.223.227 c3b2d803da2e364787dfd64127c6c909068b37717277a1cfb47d97ee3886e272 #malware #cyber #security
|
2020-05-26 18:20:02 |
| 43 |
DynamicAnalysis |
#ZLoader C2s: hxxps://cripuntisispoi.tk/wp-parser.php hxxps://unesrafho.cf/wp-parser.php hxxp://sannyjewelry.ir/wp-parser.php hxxp://printgenerator.sundaytimes.lk/wp-parser.php
|
2020-05-26 18:17:23 |
| 44 |
DynamicAnalysis |
Daily #ZLoader #malspam update! Downloader URLs for today: hxxps://wasubsslotsimpkent.tk/wp-keys.php hxxps://creccocktizo.ga/wp-keys.php hxxp://ferme-imaan.com/wp-keys.php hxxp://asmshippingcargo.com/wp-keys.php Malware download: hxxps://pensstomductchatlihet.tk/ew/tu.dll
|
2020-05-26 18:16:39 |
| 45 |
HeliosCert |
Sample submitted 2020-05-26 16:10:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:37.239.0.22 9f83124c0d32786e4eab62d0cb6bea75c97973a767253eda124fe46ba29f6cf5 #malware #cyber #security
|
2020-05-26 18:10:03 |
| 46 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 54 VirusTotal: https://www.virustotal.com/gui/file/9621bc45bfe30f49e2be2909b783f2860fc39ed69a17af9328a73914ad4df236/detection/f-9621bc45bfe30f49e2be2909b783f2860fc39ed69a17af9328a73914ad4df236-1550933933 … Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)
|
2020-05-26 18:10:02 |
| 47 |
3XS0 |
#maldoc target Italy start to spread Subject:Fattura DHL del 26-mag-2020 md5 : c5af22bdd1bd2a32637ada6ce8b2f02f Payload from : consaltinger.com Sample : https://app.any.run/tasks/410341b8-2ec7-4205-9f6a-2880bf38d69e … https://www.virustotal.com/gui/file/ed38e6aebeb4e8b7013540d52546bd7d52ba029b7eedfaddde3bee6cd749ed18/detection … (6/63)
|
2020-05-26 17:49:53 |
| 48 |
HeliosCert |
Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/7ab78920ad07396864187254f5323571807df03ca90c6b5eab2d1c8d0c27b4d5/detection/f-7ab78920ad07396864187254f5323571807df03ca90c6b5eab2d1c8d0c27b4d5-1586703620 … Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2020-05-26 17:45:02 |
| 49 |
3XS0 |
hxxps://declinationdesolate.com/leto0.php redirects - https://app.any.run/tasks/35d7fc0b-8050-45fe-be9a-3c01e6f9e3a5 … 162.241.175.18 pic.twitter.com/DW3N4nHToE
|
2020-05-26 17:22:00 |
| 50 |
HeliosCert |
Sample submitted 2020-05-26 15:20:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:103.99.10.87 3534ca1c2f0bc7f1e7bddd39d156a2cce00987ed4c22d2817680bfa5fc8ccdf0 #malware #cyber #security
|
2020-05-26 17:20:03 |