Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Hosts	IDS	Score	Zero	VT	Player
1	2022-04-01 17:34	xOvCgoYFAIVjwy6I 5d9072ac79b1bb3bf7eb14ba453b2dd7 UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	17 Info 54.38.143.246 - mailcious 5.189.160.61 - mailcious 202.29.239.162 - mailcious 2.58.16.87 - mailcious 78.47.204.80 - mailcious 188.166.229.148 - mailcious 94.177.178.26 - mailcious 185.148.168.15 - mailcious 87.106.97.83 - mailcious 37.59.209.141 - mailcious 103.82.248.59 - mailcious 103.133.214.242 - mailcious 104.131.62.48 - mailcious 128.199.192.135 - mailcious 59.148.253.194 - mailcious 195.77.239.39 - mailcious 119.59.125.140 - mailcious	9 Info ET CNC Feodo Tracker Reported CnC Server group 24 ET CNC Feodo Tracker Reported CnC Server group 20 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 19	6.2	M	24	ZeroCERT

2	2022-03-31 23:55	8haN b98c6ef0d51ef8c074efdd3d9e908027 UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	17 Info 54.38.143.246 - mailcious 5.189.160.61 - mailcious 202.29.239.162 - mailcious 2.58.16.87 - mailcious 78.47.204.80 - mailcious 188.166.229.148 - mailcious 94.177.178.26 - mailcious 185.148.168.15 - mailcious 87.106.97.83 - mailcious 37.59.209.141 - mailcious 103.82.248.59 - mailcious 103.133.214.242 - mailcious 104.131.62.48 - mailcious 128.199.192.135 - mailcious 59.148.253.194 - mailcious 195.77.239.39 - mailcious 119.59.125.140 - mailcious	9 Info ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 24 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 11 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 4	4.6	M		ZeroCERT

3	2022-03-31 23:31	tbK 452c40d59759d11aa8d3b4e27d529c2e UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	17 Info 54.38.143.246 - mailcious 5.189.160.61 - mailcious 202.29.239.162 - mailcious 2.58.16.87 - mailcious 78.47.204.80 - mailcious 188.166.229.148 - mailcious 94.177.178.26 - mailcious 185.148.168.15 - mailcious 87.106.97.83 - mailcious 37.59.209.141 - mailcious 103.82.248.59 - mailcious 103.133.214.242 - mailcious 104.131.62.48 - mailcious 128.199.192.135 - mailcious 59.148.253.194 - mailcious 195.77.239.39 - mailcious 119.59.125.140 - mailcious	9 Info ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 20 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 24 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 2	4.6			ZeroCERT

4	2022-03-31 23:29	2CkpKEf2H0F 779cd04356b02362d8b975d620b7ca92 UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	17 Info 54.38.143.246 - mailcious 5.189.160.61 - mailcious 202.29.239.162 - mailcious 2.58.16.87 - mailcious 78.47.204.80 - mailcious 188.166.229.148 - mailcious 94.177.178.26 - mailcious 185.148.168.15 - mailcious 87.106.97.83 - mailcious 37.59.209.141 - mailcious 103.82.248.59 - mailcious 103.133.214.242 - mailcious 104.131.62.48 - mailcious 128.199.192.135 - mailcious 59.148.253.194 - mailcious 195.77.239.39 - mailcious 119.59.125.140 - mailcious	9 Info ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 24 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 4 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 2	4.6			ZeroCERT

5	2022-03-31 18:54	ZwQLepW 2d2777ee535f76e20293d2d69d80520e UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	20 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 - mailcious 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5	5.8	M		ZeroCERT

6	2022-03-31 10:51	qfWEQrrwBg 16427c3406c7f8a4da826971ac2b5a43 Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	20 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 - mailcious 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5	5.8			ZeroCERT

7	2022-03-31 10:49	FjgB6I dec4691f828115b1a5e1481de933fba9 Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	20 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 - mailcious 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5	5.8			ZeroCERT

8	2022-03-31 09:47	HLDoANj 2dfac1fecaf2e2f74aa1b195d50ea1e3 Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	21 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 5.9.116.246 - mailcious 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5	5.8			ZeroCERT

9	2022-03-31 09:42	fVea 95c79f9a37f7c948ca9d9cc3c02fbe54 Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	20 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5	6.2		5	ZeroCERT