Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10066	2024-06-07 09:54	obizx.doc e7b1cf4b76def016284ea19d18724961 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	2	2	3.6	M	34	ZeroCERT

10067	2024-06-07 09:56	igcc.exe fa362d6eab964c2243f02ee774ed6d90 AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3	12.0	M	53	ZeroCERT

10068	2024-06-07 09:58	lana.exe e6f6123ba522419ec38f54fb447fcd5e Malicious Packer Anti_VM PE File PE32 Malware download Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity)	5.6	M		ZeroCERT

10069	2024-06-08 01:31	index.html 0227cfd904e99656279202032b98d4a7 AntiDebug AntiVM StartPage MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8			guest

10070	2024-06-08 01:40	audit_log.html cfc4dd7a77f4dd5fa271fc822560302e AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8			guest

10071	2024-06-08 01:43	audit_log.html cfc4dd7a77f4dd5fa271fc822560302e Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

10072	2024-06-08 01:52	export_file.html ba18e54410f8138a68ae1e581c241032 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

10073	2024-06-08 01:55	index.html 0227cfd904e99656279202032b98d4a7 AntiDebug AntiVM StartPage MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8			guest

10074	2024-06-08 02:04	export_file.html ba18e54410f8138a68ae1e581c241032 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8			guest

10075	2024-06-08 04:07	index.html 0227cfd904e99656279202032b98d4a7 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM StartPage Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

10076	2024-06-08 04:08	index.html 0227cfd904e99656279202032b98d4a7 AntiDebug AntiVM StartPage MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8			guest

10077	2024-06-08 04:21	audit_log.html cfc4dd7a77f4dd5fa271fc822560302e Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

10078	2024-06-08 04:31	export_file.html ba18e54410f8138a68ae1e581c241032 AntiDebug AntiVM Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

10079	2024-06-08 04:31	audit_log.html cfc4dd7a77f4dd5fa271fc822560302e Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

10080	2024-06-08 05:11	export_file.html ba18e54410f8138a68ae1e581c241032 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest