Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Hosts	IDS	Score	Zero	VT	Player
1	2022-03-15 11:35	gqKtdKmTsC4iDh d0f4262777531bb9b5f02e450e088496 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	31 Info 177.87.70.10 - mailcious 195.154.133.20 - mailcious 5.9.116.246 - mailcious 212.24.98.99 - mailcious 185.8.212.130 - mailcious 196.218.30.83 - mailcious 103.75.201.2 - mailcious 103.75.201.4 - mailcious 51.91.7.5 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 45.176.232.124 - mailcious 162.214.118.104 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 146.59.226.45 - mailcious 110.232.117.186 - mailcious 45.142.114.231 - mailcious 46.55.222.11 - mailcious 164.68.99.3 - mailcious 185.4.135.27 - mailcious 151.106.112.196 - mailcious 176.56.128.118 - mailcious 209.126.98.206 - mailcious 185.157.82.211 - mailcious 153.126.146.25 173.212.193.249 - mailcious 217.182.143.248 - mailcious 192.99.251.50 - mailcious 186.250.48.117 - mailcious 31.24.158.56 - mailcious	6 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 10 ET CNC Feodo Tracker Reported CnC Server group 18 ET CNC Feodo Tracker Reported CnC Server group 13	5.6	M	5	ZeroCERT

2	2022-03-15 10:34	i8Sv 724d5e8e2c9c0ca3ce7802f362736622 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself Kovter ComputerName Remote Code Execution DNS	9	4	5.6	M	3	ZeroCERT

3	2022-03-15 10:32	kFkWN 0a6658ca411b73e12b7d2aba34b2f706 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself Kovter ComputerName Remote Code Execution DNS	31 Info 177.87.70.10 - mailcious 195.154.133.20 - mailcious 5.9.116.246 - mailcious 212.24.98.99 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 196.218.30.83 - mailcious 103.75.201.2 - mailcious 103.75.201.4 - mailcious 51.91.7.5 - mailcious 153.126.146.25 45.118.135.203 - mailcious 45.176.232.124 - mailcious 162.214.118.104 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 146.59.226.45 - mailcious 110.232.117.186 - mailcious 45.142.114.231 - mailcious 46.55.222.11 - mailcious 164.68.99.3 - mailcious 185.4.135.27 - mailcious 151.106.112.196 176.56.128.118 - mailcious 185.157.82.211 - mailcious 212.237.17.99 - mailcious 173.212.193.249 - mailcious 217.182.143.248 - mailcious 192.99.251.50 - mailcious 186.250.48.117 - mailcious 31.24.158.56 - mailcious	6 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 18 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 10	5.2	M	3	ZeroCERT

4	2022-03-15 10:30	3NXwcYNCa 2d9f428fe4782858a3761e597649f9d6 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	31 Info 177.87.70.10 - mailcious 195.154.133.20 - mailcious 5.9.116.246 - mailcious 212.24.98.99 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 196.218.30.83 - mailcious 103.75.201.2 - mailcious 103.75.201.4 - mailcious 51.91.7.5 - mailcious 153.126.146.25 45.118.135.203 - mailcious 45.176.232.124 - mailcious 162.214.118.104 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 146.59.226.45 - mailcious 110.232.117.186 - mailcious 45.142.114.231 - mailcious 46.55.222.11 - mailcious 164.68.99.3 - mailcious 185.4.135.27 - mailcious 151.106.112.196 176.56.128.118 - mailcious 185.157.82.211 - mailcious 212.237.17.99 - mailcious 173.212.193.249 - mailcious 217.182.143.248 - mailcious 192.99.251.50 - mailcious 186.250.48.117 - mailcious 31.24.158.56 - mailcious	6 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 10 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 18	5.6	M	4	ZeroCERT

5	2022-03-15 10:11	0Z4GbaKuDTGprJ a360fda890248e56436284af71abc26f Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	28 Info 177.87.70.10 - mailcious 195.154.133.20 - mailcious 5.9.116.246 212.24.98.99 - mailcious 185.8.212.130 209.126.98.206 - mailcious 196.218.30.83 103.75.201.2 - mailcious 103.75.201.4 - mailcious 51.91.7.5 - mailcious 45.118.135.203 - mailcious 45.176.232.124 - mailcious 162.214.118.104 207.38.84.195 - mailcious 158.69.222.101 - mailcious 146.59.226.45 110.232.117.186 - mailcious 46.55.222.11 - mailcious 164.68.99.3 - mailcious 185.4.135.27 151.106.112.196 176.56.128.118 - mailcious 185.157.82.211 - mailcious 173.212.193.249 - mailcious 217.182.143.248 192.99.251.50 186.250.48.117 - mailcious 31.24.158.56 - mailcious	6 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 10 ET CNC Feodo Tracker Reported CnC Server group 18 ET CNC Feodo Tracker Reported CnC Server group 13	5.6		3	ZeroCERT

6	2022-03-15 09:48	IgWs7RRV cc9b4f85dc6f3c1d9d7449b5d4d9399f Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	25 Info 177.87.70.10 - mailcious 195.154.133.20 - mailcious 5.9.116.246 185.8.212.130 209.126.98.206 - mailcious 196.218.30.83 103.75.201.2 - mailcious 103.75.201.4 - mailcious 51.91.7.5 - mailcious 173.212.193.249 - mailcious 162.214.118.104 207.38.84.195 - mailcious 158.69.222.101 - mailcious 146.59.226.45 110.232.117.186 - mailcious 46.55.222.11 - mailcious 185.4.135.27 164.68.99.3 - mailcious 176.56.128.118 - mailcious 185.157.82.211 - mailcious 45.118.135.203 - mailcious 217.182.143.248 192.99.251.50 186.250.48.117 - mailcious 31.24.158.56 - mailcious	6 Info ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 2 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 18 ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 10	5.2			ZeroCERT

7	2022-03-15 09:45	tGJconiBvy59a81 6197f590f96b12eb7e186f86dba2d98c Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	9	4	6.0	M	4	ZeroCERT

8	2022-03-15 09:36	EsgywXXsyQdTMJtFh deda6d1032d48e93378756d7b9382883 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself Kovter ComputerName Remote Code Execution DNS	8	4	4.8	M	5	ZeroCERT

9	2022-03-15 07:45	DhaDF9VHoru7 cdd0565df75a6b552f025c2a021baf43 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	9	4	6.0		3	ZeroCERT

10	2022-03-15 07:43	CgaqeucmpVT2NEK 32c4ed423934e6bbca0a76499636a8e5 Gen2 Gen1 Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName Remote Code Execution DNS	9	4	6.0	M	3	ZeroCERT

11	2021-11-04 14:54	zidem3 e476378637d33f422cef86ca864dbbfc Emotet Gen2 Gen1 Malicious Packer Malicious Library UPX PE64 PE File DLL Checks debugger buffers extracted unpack itself DNS crashed	1		2.2			ZeroCERT