Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Hosts	IDS	Score	Zero	VT	Player
1	2022-03-29 13:56	aM099L ea0c35e43ddf4445527be47eeaf30791 Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	24 Info 131.100.24.231 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 216.120.236.62 - mailcious 212.237.17.99 - mailcious 119.193.124.41 - mailcious 5.9.116.246 - mailcious 158.69.222.101 - mailcious 189.232.46.161 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 107.182.225.142 - mailcious 159.8.59.82 - mailcious 51.91.76.89 - malware 188.44.20.25 - mailcious 153.126.146.25 - mailcious 45.118.135.203 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious	10 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 19 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 12 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 14	5.4	M	18	ZeroCERT

2	2022-03-29 09:58	O2Z1HMebIXiHYBBS d4aebb327243895ce7254996bb2f85aa Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	30 Info 196.218.30.83 - mailcious 188.44.20.25 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 159.8.59.82 - mailcious 216.120.236.62 - mailcious 51.91.7.5 - mailcious 153.126.146.25 - mailcious 119.193.124.41 - mailcious 189.232.46.161 - mailcious 79.172.212.216 - mailcious 158.69.222.101 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.76.89 - malware 131.100.24.231 - mailcious 72.15.201.15 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious	11 Info ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 19 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 22 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 12 ET CNC Feodo Tracker Reported CnC Server group 14	5.8	M	18	ZeroCERT

3	2022-03-29 09:51	sfGsF ac0df56c97c8ccbb36187fd6cf7d6502 Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	29 Info 188.44.20.25 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 159.8.59.82 - mailcious 216.120.236.62 - mailcious 51.91.7.5 - mailcious 153.126.146.25 - mailcious 119.193.124.41 - mailcious 189.232.46.161 - mailcious 79.172.212.216 - mailcious 158.69.222.101 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.76.89 - malware 131.100.24.231 - mailcious 72.15.201.15 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious	11 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 12 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 22 ET CNC Feodo Tracker Reported CnC Server group 14	5.8		19	ZeroCERT

4	2022-03-29 09:51	30C 31df52782ab71cab086d403ef124b251 Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	29 Info 188.44.20.25 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 159.8.59.82 - mailcious 216.120.236.62 - mailcious 51.91.7.5 - mailcious 153.126.146.25 - mailcious 119.193.124.41 - mailcious 189.232.46.161 - mailcious 79.172.212.216 - mailcious 158.69.222.101 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.76.89 - malware 131.100.24.231 - mailcious 72.15.201.15 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious	11 Info ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 5 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 12 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 22 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 15	5.8		19	ZeroCERT

5	2022-03-29 09:10	UTnG7GKKkZf 6ba36615d02eed36ad3fbe2014be82fc Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	28 Info 188.44.20.25 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 159.8.59.82 - mailcious 216.120.236.62 - mailcious 51.91.7.5 - mailcious 153.126.146.25 - mailcious 119.193.124.41 - mailcious 189.232.46.161 - mailcious 79.172.212.216 - mailcious 158.69.222.101 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.76.89 - malware 131.100.24.231 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious	11 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 20 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 12 ET CNC Feodo Tracker Reported CnC Server group 22 ET CNC Feodo Tracker Reported CnC Server group 19	5.8		17	ZeroCERT

6	2022-03-29 09:08	FcEgwPugDI7wr2 18d9d16fed5e770d4f1b4502fab0e7a7 Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS	30 Info 196.218.30.83 - mailcious 188.44.20.25 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 159.8.59.82 - mailcious 216.120.236.62 - mailcious 51.91.7.5 - mailcious 153.126.146.25 - mailcious 119.193.124.41 - mailcious 189.232.46.161 - mailcious 79.172.212.216 - mailcious 158.69.222.101 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.76.89 - malware 131.100.24.231 - mailcious 72.15.201.15 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious	11 Info ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 4 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 22 ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 12	5.8		17	ZeroCERT