Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8776	2021-05-27 10:27	AwSetp.exe 77a3dd75a7400c15f9a95929f2f76df6 AsyncRAT backdoor Gen1 .NET EXE PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Software crashed	11 Keyword trend analysis Info https://iplogger.org/1v9Fz7 https://iphonemail.xyz/ https://iplogger.org/1e9Ut7 https://news-systems.xyz/?user=aws2 - rule_id: 1515 https://news-systems.xyz/?user=aws3 - rule_id: 1515 https://news-systems.xyz/?user=aws1 - rule_id: 1515 https://news-systems.xyz/?user=aws6 - rule_id: 1515 https://news-systems.xyz/?user=aws4 - rule_id: 1515 https://news-systems.xyz/?user=aws5 - rule_id: 1515 https://iphonemail.xyz/api.php?getusers https://iphonemail.xyz/api.php	6	1	6	10.6	M		ZeroCERT

8777	2021-05-27 10:26	BBQbrowser.exe 81189d695443fc7f2a0adab7a6957d89 AsyncRAT backdoor BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	5	3	1	10.8	M		ZeroCERT

8778	2021-05-27 10:26	WLP_Setup.exe 6bd3098fc75bd4616d1d069b41a366cd AsyncRAT backdoor PWS .NET framework .NET EXE PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	7	3		6.2	M		ZeroCERT

8779	2021-05-27 10:26	file18.exe 495214dc4882127b4cf5480510ce440c AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious TLD Tofsee Windows Cryptographic key crashed	2 Keyword trend analysis	4	1		9.8	M	37	ZeroCERT

8780	2021-05-27 10:00	Document 70259454.xls fa58cb567a2ffeee77053fadf440a56f VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://vitiligomatch.com/wpvitiligomatch/wp-includes/css/dist/block-directory/QaLUIUkxomX.php https://bellaloveboutique.com/wp-content/themes/salient/includes/partials/tgTzKdqzGivuZ9.php https://ppml.com.kh/ppml.com.kh/sothea.chhem/E7rTEXxjAS.php https://marcoislandguidebook.com/wp-includes/js/tinymce/plugins/charmap/xltGrJWiK.php https://ntf.gov.sb/components/com_acysms/views/unsubscribe/tmpl/8Wa80ysYUv6Klh.php https://bycec.in/wp-includes/js/tinymce/plugins/charmap/1MRWRA8z2S2Ajv.php https://houzzlink.com/wp-content/plugins/osen-wc-mpesa-master/updates/Puc/KOmZGbynRtPJ.php https://labrie-sabette.com/wp-includes/sodium_compat/namespaced/Core/ChaCha20/gp5yHrBp.php https://www.akseral.com/yonetim/vendors/iconfonts/font-awesome/css/wjM7uzNc3U8doR.php https://alpax.elcanotradingcorp.com/public/bower_components/jquery/src/ajax/oAIZxkctW.php	26 Info ntf.gov.sb(192.185.32.234) - mailcious labrie-sabette.com(173.230.252.50) - mailcious alpax.elcanotradingcorp.com(108.167.181.248) - mailcious www.akseral.com(83.150.213.154) marcoislandguidebook.com(192.185.79.55) - mailcious houzzlink.com(148.66.138.194) - mailcious incoming.telemetry.mozilla.org(52.42.229.170) definitionupdates.microsoft.com(23.40.44.112) vitiligomatch.com(192.185.16.122) - mailcious bycec.in(208.91.198.106) - mailcious ppml.com.kh(209.188.15.214) - mailcious bellaloveboutique.com(107.180.58.44) - mailcious www.microsoft.com(23.212.13.232) 192.185.16.122 - mailcious 192.185.32.234 - mailcious 108.167.181.248 - mailcious 23.40.44.112 35.155.6.125 107.180.58.44 - mailcious 148.66.138.194 - malware 173.230.252.50 - mailcious 208.91.198.106 - malware 209.188.15.214 - mailcious 192.185.79.55 - mailcious 23.212.13.232 83.150.213.154 - mailcious	4		3.2	M	20	ZeroCERT

8781	2021-05-27 09:56	file5.exe c6409dcd1888eed5d528f85c21b89162 Malicious Library PE File PE32 OS Processor Check VirusTotal Malware Checks debugger Creates executable files unpack itself suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee DNS	3 Keyword trend analysis	4	2		4.2	M	10	ZeroCERT

8782	2021-05-27 09:56	file20.exe e79511486f15a4f50b215af8440f25f9 AsyncRAT backdoor NPKI PWS .NET framework .NET EXE PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Cryptographic key Software crashed	2 Keyword trend analysis	4	1		6.6	M	18	ZeroCERT

8783	2021-05-27 09:56	file4.exe 10e4779075440455a3a16bfb66aceb52 AsyncRAT backdoor PWS .NET framework .NET EXE PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Cryptographic key Software crashed	2 Keyword trend analysis	4	2		7.4	M	35	ZeroCERT

8784	2021-05-27 09:54	file19.exe 131296e016a70ea67760fa6eec3dca8f Anti_VM PE File PE32 VirusTotal Malware unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows Firmware DNS crashed	2 Keyword trend analysis	2	1		5.8	M	38	ZeroCERT

8785	2021-05-27 09:18	Document%20777622.xls a7b63000938bbeb31722acac4a96b004 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://supereclinica.com.br/gestor/ckfinder/plugins/fileeditor/codemirror/Mad1mAVF6Vla1IY.php https://www.ktateeb.vision-building.com/public/graph/uploads/200x300/content_images/CByVubhIO51.php https://smtp.computeraccess.co.in/8Lj6KntHS.php https://donboscoschoolbd.com/fdoMMqJznv.php https://coeniglich.de/oVWjOr1Z3Z.php https://bypuzzle.com.br/avada/wp-content/themes/twentyfifteen/css/5clwWvDJgRsTKvW.php https://proterra.med.br/wp-includes/js/tinymce/themes/advanced/Zg1TbiK17uVn.php https://agentsv2.ivm.mv/user_guide/_static/css/rjWMenNTq.php https://clinicasaludmasculina.com/phone/css/AvGj1IrWszA5cUW.php https://bonsventosnautica.com.br/xhpxAHxeWeE6lH3.php	19 Info supereclinica.com.br(162.241.203.185) - mailcious donboscoschoolbd.com(138.201.27.66) - mailcious proterra.med.br(192.185.217.211) - mailcious smtp.computeraccess.co.in(192.185.154.138) - mailcious coeniglich.de(172.104.152.37) - mailcious clinicasaludmasculina.com(192.185.131.33) - mailcious bonsventosnautica.com.br(162.241.203.116) - mailcious agentsv2.ivm.mv(192.185.36.231) - mailcious www.ktateeb.vision-building.com() bypuzzle.com.br(192.185.215.103) - mailcious 192.185.131.33 - malware 192.185.217.211 - mailcious 138.201.27.66 - mailcious 192.185.36.231 - mailcious 162.241.203.185 - malware 192.185.215.103 - mailcious 162.241.203.116 - mailcious 192.185.154.138 - mailcious 172.104.152.37 - mailcious	4		2.8		20	ZeroCERT

8786	2021-05-27 09:03	PO 7080027.xls f1fcca46fd7af3f90aa67654250e7a05 VBA_macro MSOffice File VirusTotal Malware ICMP traffic unpack itself Tofsee	10 Keyword trend analysis Info https://bellaloveboutique.com/wp-content/themes/salient/includes/partials/tgTzKdqzGivuZ9.php https://forwei.com/image/cache/data/Varios/Cables/0YGwrERy.php https://surustore.com/image/cache/catalog/demo/banners/h0dD8T2aNRz.php https://ootashop.com/catalog/language/ar/extension/captcha/Iz40CaCFx.php https://bycec.in/wp-includes/js/tinymce/plugins/charmap/1MRWRA8z2S2Ajv.php https://marcoislandguidebook.com/wp-includes/js/tinymce/plugins/charmap/xltGrJWiK.php https://labrie-sabette.com/wp-includes/sodium_compat/namespaced/Core/ChaCha20/gp5yHrBp.php https://brandsites.gunwebhosting.com.au/site/wp-includes/Text/Diff/Engine/eUhebviTSOzDZ.php https://dinratnews.net/wp-content/uploads/2020/05/thumbnails/brCyRumj.php https://enlazador.com.es/wp-content/themes/twentynineteen/sass/blocks/mLrfH3gL5MqmI.php	20 Info marcoislandguidebook.com(192.185.79.55) brandsites.gunwebhosting.com.au(122.201.118.64) ootashop.com(199.188.205.57) forwei.com(217.160.0.5) - mailcious labrie-sabette.com(173.230.252.50) - mailcious enlazador.com.es(51.77.67.181) surustore.com(192.158.238.23) dinratnews.net(103.237.38.215) bycec.in(208.91.198.106) bellaloveboutique.com(107.180.58.44) 122.201.118.64 51.77.67.181 217.160.0.5 - malware 192.158.238.23 107.180.58.44 - mailcious 103.237.38.215 - mailcious 173.230.252.50 - mailcious 199.188.205.57 208.91.198.106 - malware 192.185.79.55 - mailcious	4		4.0	M	20	ZeroCERT

8787	2021-05-26 17:40	PO 474050.xls 8cd09ba1a0a1c52115e5419c92342708 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://market-in.org/wp-content/uploads/2020/06/H4RiD4lTF.php https://akachi.co.za/uJPPYNmRbBCB8fm.php https://sklep.northserwis.pl/fckeditor/editor/dialog/common/images/239x8XnABbK.php https://agentsv2.ivm.mv/user_guide/_static/css/rjWMenNTq.php https://mail-call.us/76a7Sg6AAZRX.php https://aims1.ezicodes.com/wp-includes/js/tinymce/skins/lightgray/A2jVIUfifA7zwR.php https://fate.sa/2EWZ1gzKbk.php https://newzroot.com/wp-content/themes/sahifa/css/ilightbox/otlDh6Ov4gImZ0t.php https://creatalca.cl/nacionprogresiva/wp-includes/css/dist/block-directory/3pHa6HkTHtTkK.php https://coeniglich.de/oVWjOr1Z3Z.php	20 Info fate.sa(192.196.158.90) - mailcious akachi.co.za(66.85.46.71) - mailcious sklep.northserwis.pl(82.177.209.21) - mailcious mail-call.us(74.220.219.123) - mailcious coeniglich.de(172.104.152.37) - mailcious newzroot.com(138.201.203.76) - mailcious agentsv2.ivm.mv(192.185.36.231) - mailcious market-in.org(104.21.55.237) - mailcious aims1.ezicodes.com(188.225.225.70) - mailcious creatalca.cl(192.185.16.103) - mailcious 104.21.55.237 82.177.209.21 - mailcious 192.185.36.231 - mailcious 192.196.158.90 - mailcious 188.225.225.70 - mailcious 138.201.203.76 - mailcious 66.85.46.71 - mailcious 172.104.152.37 - mailcious 74.220.219.123 - malware 192.185.16.103 - mailcious	4		3.4	M	34	ZeroCERT

8788	2021-05-26 09:52	t.exe ddda0d5616775408eb31992c1d602a8d AsyncRAT backdoor .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS	2 Keyword trend analysis	3	8 Info ET INFO TLS Handshake Failure SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO Executable Download from dotted-quad Host SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	3.6		18	ZeroCERT

8789	2021-05-26 09:40	jexi_cry.exe 6245b34a94512b3f2a8b753e7b8dd24f AsyncRAT backdoor PWS .NET framework .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows DNS	1 Keyword trend analysis	5	1		7.6		14	ZeroCERT

8790	2021-05-26 09:36	%E5%88%9B%E8%BE%89%E4%BC%81%E4... b002b1aef58889242163dba60b7d6a47 Gen2 Emotet PE File OS Processor Check PE32 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Tofsee Windows Remote Code Execution crashed	2 Keyword trend analysis	4	2		5.0	M	62	ZeroCERT