Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8956	2023-10-25 09:52	HTMLprofile.dOC 2885bbb18db2fc076e129a10729faadb MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit crashed	2 Keyword trend analysis	2	3		3.2	M	30	ZeroCERT

8957	2023-10-25 09:54	HTMLCacheCentos.dOC b39f481790c393d21234af0ced69da7a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit crashed		2	3		2.6	M	29	ZeroCERT

8958	2023-10-25 10:37	HTMLCachesClear.dOC ae797eafb49080484af9350259e7920a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash Tofsee Exploit crashed		2	3		2.2	M	29	ZeroCERT

8959	2023-10-25 10:48	HTMLCacheCentos.dOC b39f481790c393d21234af0ced69da7a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash Tofsee Exploit crashed		2	3		2.2	M	29	ZeroCERT

8960	2023-10-25 11:00	HTMLprofile.doc 5342b58b3951c40f8e5eb08f5d9824be MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Windows Exploit Google DNS crashed	7 Keyword trend analysis Info http://141.98.6.91/72/Audiodgse.exe http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adnh37obenwknkqmvhcw72i7qsia_417/lmelglejhemejginpboagddgdfbepgmp_417_all_ZZ_kqkdtq7va5rvur2kfj67x5s2gi.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=11:ucciJXz2DRnbg3OLFhEKLNT1Ho4HCaExqeDsDp12_7M&cup2hreq=8650510305d18db3aa4a81c1579e660f081ba8e1c5014aaf087a8fc498361059	30 Info edgedl.me.gvt1.com(34.104.35.123) dns.google(8.8.4.4) www.google.com(142.250.76.132) clients2.googleusercontent.com(172.217.161.225) www.gstatic.com(142.250.206.227) accounts.google.com(142.250.206.205) _googlecast._tcp.local() apis.google.com(142.251.222.14) clientservices.googleapis.com(142.250.206.195) r1---sn-3u-bh2ss.gvt1.com(211.114.64.12) 142.250.204.35 142.250.206.238 - mailcious 172.217.25.1 - malware 141.98.6.91 - mailcious 211.114.64.12 142.250.206.234 - malware 142.251.220.46 142.250.206.195 172.217.25.3 34.104.35.123 142.250.76.131 142.250.199.68 142.251.220.109 172.217.24.68 172.217.161.225 - mailcious 142.251.220.110 172.217.24.67 142.250.207.106 - malware 142.250.199.67 172.217.25.174 - mailcious	9 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)		4.4		28	ZeroCERT

8961	2023-10-25 11:22	FX_432661.exe 897af5616bfd6af5b687876924f39ee3 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB Code Injection Checks debugger wscript.exe payload download Creates executable files suspicious process Tofsee crashed		2	3		5.4	M	50	ZeroCERT

8962	2023-10-25 12:19	Comprobante_transfer.pdf.js c8bb8a34766ec04c304597c76d179f4b ActiveXObject VirusTotal Malware wscript.exe payload download Check virtual network interfaces Tofsee DNS crashed	3 Keyword trend analysis	5	2	1	3.4	M	15	ZeroCERT

8963	2023-10-25 13:18	HNB.txt.exe 43ec3cc0836bd759260e8cf120b79a7b Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger	1 Keyword trend analysis	5	5		8.0		54	ZeroCERT

8964	2023-10-25 13:18	HTMLbrowser.vbs 80c07cfd04a28aa0b03f1396fdf81b2d Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.0			ZeroCERT

8965	2023-10-25 13:19	HTMLobject.vbs 74a3ea36669a5bdbeff3775545527a92 LokiBot Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PowerShell Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Exploit Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	3 Keyword trend analysis	8	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup SURICATA Applayer Detect protocol only one direction ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	1	20.0	M	13	ZeroCERT

8966	2023-10-25 13:32	IGCC.vbs 42bc2a9470984d793673d9aae1a933b8 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.6		13	ZeroCERT

8967	2023-10-25 13:33	MAH.txt.exe 7ea06a0e6c1e5707a23364ae6984b4f3 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI		5.2		51	ZeroCERT

8968	2023-10-25 13:52	SAN.txt.exe 6bdb7a11d0eaa407e7a7f34d794fb567 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS crashed		4	6 Info ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI		4.6		54	ZeroCERT

8969	2023-10-25 13:52	qasx.vbs ff2a2bc8850b1ad61236bd460eb61e01 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PowerShell Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee EXPLOIT_KIT Windows Exploit Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	1	15.8	M	17	ZeroCERT

8970	2023-10-25 16:50	up.ps1 21440931518ff0df59af9b94e52a7c84 Lnk Format GIF Format VirusTotal Malware powershell AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key		4	1		7.2	M	12	ZeroCERT