Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2023-11-29 00:11	.rels 69984e911a8e36d7f6eab75bf36c6d01 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

2	2023-11-29 00:10	.rels 69984e911a8e36d7f6eab75bf36c6d01 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

3	2023-11-29 00:10	[Content_Types].xml 10720bd1e11273d47d78cc6f2d215894 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

4	2023-11-29 00:09	[Content_Types].xml 10720bd1e11273d47d78cc6f2d215894 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

5	2023-08-11 17:29	Pooja.xlam f942baab036075e8ace437ccf96815a7 VBA_macro Generic Malware .NET framework(MSIL) ZIP Format JPEG Format MSOffice File .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger exploit crash unpack itself Exploit ComputerName crashed				4.2		18	ZeroCERT

6	2023-06-09 16:18	SOA-0438.xlsx 261cc699f2de3e15d63c9a9180cb8625 ZIP Format Malware download Remcos VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	3 Keyword trend analysis	5	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Generic .bin download from Dotted Quad ET INFO DYNAMIC_DNS Query to a *.gotdns .ch Domain ET JA3 Hash - Remcos 3.x TLS Connection ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.2		37	ZeroCERT

7	2023-05-30 09:45	ddd.xlsb 0e65c589e0c6edffb3b305e7595a271b ZIP Format Excel Binary Workbook file format(xlsb) VirusTotal Malware exploit crash unpack itself Exploit crashed				1.8	M	3	ZeroCERT

8	2023-05-29 18:22	ddd.xlsb 0e65c589e0c6edffb3b305e7595a271b ZIP Format Excel Binary Workbook file format(xlsb) VirusTotal Malware unpack itself DNS				1.8		3	ZeroCERT

9	2023-04-19 09:39	za.xlsx 8d1c5cf6f85743869f7272d487bb180a ZIP Format exploit crash unpack itself Exploit crashed				1.8			ZeroCERT

10	2023-03-27 11:27	Wyciek-NFZ-16-03-2023.xlsx 67126c10471b06d8a5b86d78bd6052f4 ZIP Format exploit crash unpack itself Exploit crashed				1.8	M		ZeroCERT

11	2023-03-27 07:52	Wyciek-NFZ-16-03-2023.xlsx 67126c10471b06d8a5b86d78bd6052f4 ZIP Format RWX flags setting exploit crash unpack itself Exploit crashed				2.2			ZeroCERT

12	2023-02-24 07:53	order-list-1674464922674.xlsx 5755f68e5abc49228bff823a40bb62bf unpack itself				1.2			ZeroCERT

13	2023-02-14 08:37	INFO 5350.xlsm f6a0730ed2585494373a8e79bdd9319d MS_XLSX_Macrosheet VirusTotal Malware Creates executable files exploit crash unpack itself suspicious process Tofsee Exploit crashed	5 Keyword trend analysis	8	2	5.4	M	41	ZeroCERT

14	2023-02-14 08:35	XXW-902058.xlsm 877dd4503b88a3610e98c057ed0de96c MS_XLSX_Macrosheet VirusTotal Malware Creates executable files exploit crash unpack itself Tofsee Exploit crashed	8 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://www.arkpp.com/ARIS-BSU/9K1/ http://www.avrworks.com/mail/0Z4GbaKuDTGprJ/ http://www.babylinesl.com/catalog/iVsl6YvlyIyX/ https://physioacademy.co.uk/blog/Qs8QZTp0Z6nKf9YjVBMS/ https://unada.us/acme-challenge/3NXwcYNCa/ https://automobile-facile.fr/wp-admin/QV/ https://alebit.de/css/gqKtdKmTsC4iDh/	14 Info alebit.de(91.204.46.166) - malware unada.us(216.239.36.21) - malware www.arkpp.com() - malware physioacademy.co.uk(31.170.127.252) - malware automobile-facile.fr(146.59.209.152) www.avrworks.com() - malware apps.identrust.com(23.43.165.105) www.babylinesl.com(185.70.93.244) - malware 91.204.46.166 - malware 216.239.34.21 - mailcious 121.254.136.57 185.70.93.244 146.59.209.152 - phishing 31.170.127.252 - malware	2	4.4	M	41	ZeroCERT

15	2022-12-08 09:48	snake.docx 3b853ae547346befe5f3d06290635cf6 Word 2007 file format(docx) unpack itself Tofsee	2 Keyword trend analysis	4	1	1.6			ZeroCERT