Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1366	2024-05-11 19:34	beautifulgirlkeeptellingmeiwas... 07a9cf0368cad4b17cde67a7a60122a6 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.6	M	36	ZeroCERT

1367	2024-05-16 09:12	mimikats.ps1 929da23097367077c3678dea19303133 Hide_EXE Generic Malware Antivirus VirusTotal Malware powershell Check memory heapspray unpack itself WriteConsoleW Windows Cryptographic key				2.6	M	31	ZeroCERT

1368	2024-05-16 09:17	costs.vbs d789af96fc286fcccec141524b71d243 Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis			5.4	M	8	ZeroCERT

1369	2024-05-17 09:10	mrngisagreatdayformebecausewew... 8dc3b5e3a2c0fbc303f76905e8247926 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed	2 Keyword trend analysis	4	5	4.4		33	ZeroCERT

1370	2024-05-17 09:22	pappayaicecreamisreallysweeett... 82a5c6f30b627b675e1443db29fc4401 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.6	M	32	ZeroCERT

1371	2024-05-17 09:55	payload.ps1 6e3e796a5c5aeaf86de6402cece4f536 Generic Malware Antivirus VirusTotal Malware unpack itself				1.4	M	36	ZeroCERT

1372	2024-05-17 10:13	NZZ_Interview_Kohei Yamamoto.m... e86a24d9f3a42bbb8edc0ca1f8b3715c VirusTotal Malware				0.6		11	ZeroCERT

1373	2024-05-17 10:16	warm.vbs 75ec9f68a5b62705c115db5119a78134 Antivirus VirusTotal Malware VBScript Checks debugger wscript.exe payload download suspicious process Tofsee ComputerName DNS Dropper	1 Keyword trend analysis	2	2	10.0		30	ZeroCERT

1374	2024-05-20 10:49	AppStoreEvalLighthousePlugin.c... c0d7d66ce4b870e075e5d4b4f087383b AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.8			guest

1375	2024-05-20 11:24	dr.bat ce802b6e8add0c59b4c1ceea614bafa3 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows				3.8		2	ZeroCERT

1376	2024-05-22 13:26	dr.bat ce802b6e8add0c59b4c1ceea614bafa3 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows	4 Keyword trend analysis			3.8		2	ZeroCERT

1377	2024-05-22 13:26	lamda.cmd 7aad5e78aa5e3c4c1fd5da339379185e Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis			5.2		10	ZeroCERT

1378	2024-05-28 20:57	remotectl_dumpstate.txt 3dc6e96f5529d63f1633b68f372ef108 ScreenShot AntiDebug AntiVM Check memory unpack itself DNS				1.6			guest

1379	2024-05-28 20:58	remotectl_dumpstate.txt 3dc6e96f5529d63f1633b68f372ef108 ScreenShot AntiDebug AntiVM				0.4			guest

1380	2024-05-29 10:03	lioniskingandtigerisalsotrying... 313f69e46a9dbc05f6a77d87b4170be8 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	5	9 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	34	ZeroCERT