No | Date | Request | Urls | Hosts | IDS | Rule | Score | Zero | VT | Player | Etc | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 2024-01-12 08:05 |
plugins.exe d1a6f9be6f046fcdd20d871cec0e1a42Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Http API PWS Code injection AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check VirusTotal Malware Telegram Buffer PE PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder malicious URLs Tofsee Windows ComputerName DNS Cryptographic key crashed |
2
|
5 | 3 | 13.0 | M | 34 | ZeroCERT | |||||||||||||||
|