Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2021-08-06 16:41	olde-1.exe 465f28ec62439d3213d557636d48c8ea PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows Cryptographic key	14 Keyword trend analysis Info http://www.balloon-artists.com/p2io/ http://www.iotcloud.technology/p2io/?yVMpQLtX=L/l9chWQ9dl2ZFWb8vVro19pFM6JqqsPd4ppl3EKhtG9qh305X+eskSv5sG7vGkNeAZDxwTr&1bz=o8rLp http://www.myfavbutik.com/p2io/?yVMpQLtX=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&1bz=o8rLp - rule_id: 1552 http://www.adultpeace.com/p2io/ - rule_id: 1554 http://www.lucytime.com/p2io/ http://www.myfavbutik.com/p2io/ - rule_id: 1552 http://www.shopihy.com/p2io/ - rule_id: 2198 http://www.anewdistraction.com/p2io/ http://www.shopihy.com/p2io/?yVMpQLtX=Ei6RqbmvJXwd1KhoWyb/BZtLNDk4B448l51n8Zz8P/g/u3IBdZc5bHR/QCXBboISRM182550&1bz=o8rLp - rule_id: 2198 http://www.iotcloud.technology/p2io/ http://www.anewdistraction.com/p2io/?yVMpQLtX=ia0dgIkf6GE3KUyi3zp8eo0tNiPxoXJfkPx9mMo4EgGg3oj1VKxHFK3qhmtZH/rnht5B/RmY&1bz=o8rLp http://www.adultpeace.com/p2io/?yVMpQLtX=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&1bz=o8rLp - rule_id: 1554 http://www.balloon-artists.com/p2io/?yVMpQLtX=/DMwn9vRv8pPZran9syYwdBt6sFcRXVvVa9RfefW4qtbzd0YMa9UIXTiu4mlEuUVWx6wVl8M&1bz=o8rLp http://www.lucytime.com/p2io/?yVMpQLtX=Ymn5WmwLC00z4pVZK6ihuPaaOKCT+v+tuyygdx+oVo/PHq8Kcnnt5pAnbMy7+QY4AB/111t7&1bz=o8rLp	15 Info www.tpcgzwlpyggm.mobi() www.adultpeace.com(163.44.239.73) www.shopihy.com(160.153.137.40) www.lucytime.com(160.124.11.194) www.myfavbutik.com(104.21.15.16) www.anewdistraction.com(198.49.23.144) www.iotcloud.technology(34.102.136.180) www.balloon-artists.com(147.255.162.204) 163.44.239.73 - mailcious 147.255.162.204 160.124.11.194 34.102.136.180 - mailcious 104.21.15.16 - mailcious 160.153.137.40 - mailcious 198.185.159.144 - mailcious	1	6	11.6	M	34	ZeroCERT

2	2021-08-06 09:33	.audiodg.exe 4a21a7f7fa4c1ce05c8c1a7e10eb73dc PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	13.8	M	19	ZeroCERT

3	2021-08-06 09:26	usermasabikzx.exe 53b546cb0d9e9e8a27a1317e55086eb2 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.2	M	31	ZeroCERT

4	2021-08-06 09:26	DBti7kFcOLHaK2z.exe a4579e15af982f864c88df0a1c1dbf0a PWS .NET framework Generic Malware UPX .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key					3.2	M	30	ZeroCERT

5	2021-08-06 07:33	5KNTQd5xFuY7hcE.exe 94589c900f582c827be848f069c01983 PWS .NET framework Generic Malware UPX AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	14 Keyword trend analysis Info http://www.chrometoasterrv.com/qn6g/ http://www.teknotelhosting.com/qn6g/ http://www.worldanimaltransport.com/qn6g/ http://www.urnasaurora.com/qn6g/?0T0hqZ=5Y9nApRHUyNLbSfQ171lqWRj5joN9fSwp1QGW3momieNUj8sOfwA08LvtX9P3kpa1WNCZiqL&OVolp=AZ0tZJ_pEPh43080 http://www.simplebox.world/qn6g/ http://www.simplebox.world/qn6g/?0T0hqZ=QzGdtZSg8F8akSN5k2pwjBb1FoPlCuw1Z5l/Lc1JaRwV2an5McgvcAWHPZORd5AWYai5oOn7&OVolp=AZ0tZJ_pEPh43080 http://www.urnasaurora.com/qn6g/ http://www.allginns.com/qn6g/ http://www.allginns.com/qn6g/?0T0hqZ=r/7ECEpyuLrl96sv3d04QY9imYp0ltOAHLsmvfsK+GKQs1owXP9P0ZrY4mT91OO/sPuUkovN&OVolp=AZ0tZJ_pEPh43080 http://www.worldanimaltransport.com/qn6g/?0T0hqZ=apmNFC6wkW3L3p0KxKMAeJrXLsRqAofgoows/2qMdUZEN6MNld+3DxAiO98nziQ0UfmIglJu&OVolp=AZ0tZJ_pEPh43080 http://www.teknotelhosting.com/qn6g/?0T0hqZ=z8YI+6R51yEnnKDGqwsBPLquhlUb7UH9xAVfqr/XXjokYAlQoscKbsf1ULkytZXIFt5bhUgo&OVolp=AZ0tZJ_pEPh43080 http://www.realerestate.com/qn6g/?0T0hqZ=k66MBPypCsjes+y1e9EluxPQ2Zkme3f+3eM9mAYHQz9IRw3EnYLUoNudVCGsJICkZUZ+i8GN&OVolp=AZ0tZJ_pEPh43080 http://www.realerestate.com/qn6g/ http://www.chrometoasterrv.com/qn6g/?0T0hqZ=Fu3e8Nqpz+5+4FFaMeLJFH8Y30L7aCtlHBAsEYD/lc+R0ObJ136ak+iAozdvD8t+lE9r+PDd&OVolp=AZ0tZJ_pEPh43080	15 Info www.lnxdex.com() www.realerestate.com(34.102.136.180) www.worldanimaltransport.com(184.168.131.241) www.urnasaurora.com(74.208.236.33) www.simplebox.world(88.214.207.96) - mailcious www.fil-martime.com() www.chrometoasterrv.com(34.102.136.180) www.allginns.com(104.17.196.73) www.teknotelhosting.com(209.99.40.222) 74.208.236.33 184.168.131.241 - mailcious 209.99.40.222 - mailcious 34.102.136.180 - mailcious 88.214.207.96 - mailcious 104.17.193.73	3		9.6		28	ZeroCERT

6	2021-08-05 09:58	gun.exe 873cf90c9a977554d65c523f433a96f8 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key	1 Keyword trend analysis	2			6.4	M	17	ZeroCERT