Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10186	2024-07-03 09:40	outbyte-driver-updater.exe 19e7819eb886414b6bcab23db00541ec Gen1 HermeticWiper Generic Malware PhysicalDrive Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE File PE32 MZP Format OS Processor Check Lnk Format GIF Format DLL PE64 MSOffice File DllRegisterServer dll ftp Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee GameoverP2P Zeus Windows Browser ComputerName Trojan Banking crashed	1 Keyword trend analysis	9	2		11.6		4	ZeroCERT

10187	2024-07-03 10:42	archive.rar 9d10f6f08ae1cc016c10b09007063417 Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM VirusTotal Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord DNS CoinMiner	10 Keyword trend analysis Info http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://80.78.242.100/d/525403 http://5.42.99.177/api/twofish.php - rule_id: 40008 http://x1.i.lencr.org/ https://steamcommunity.com/profiles/76561199707802586 - rule_id: 40674 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://db-ip.com/demo/home.php?s= http://77.105.133.27/download/th/space.php http://77.105.133.27/download/123p.exe	35 Info db-ip.com(172.67.75.166) monoblocked.com(45.130.41.108) - malware api64.ipify.org(173.231.16.77) api.myip.com(172.67.75.163) steamcommunity.com(104.100.64.90) - mailcious lop.foxesjoy.com(104.21.66.124) - malware t.me(149.154.167.99) - mailcious ipinfo.io(34.117.186.192) x1.i.lencr.org(23.35.220.247) bitbucket.org(104.192.141.1) - malware cdn.discordapp.com(162.159.133.233) - malware vk.com(87.240.132.67) - mailcious iplogger.org(104.21.4.208) - mailcious pool.hashvault.pro(142.202.242.45) - mailcious 104.71.154.102 104.26.5.15 149.154.167.99 - mailcious 23.201.35.155 34.117.186.192 125.253.92.50 104.26.8.59 162.159.130.233 - malware 104.21.66.124 - malware 45.130.41.108 - malware 104.237.62.213 77.91.77.80 - malware 104.192.141.1 - mailcious 121.254.136.9 80.78.242.100 - mailcious 37.27.31.150 5.42.99.177 - mailcious 23.41.113.9 77.105.133.27 - mailcious 87.240.132.72 - mailcious 172.67.132.113	17 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) SURICATA Applayer Mismatch protocol both directions ET INFO Executable Download from dotted-quad Host ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET HUNTING Redirect to Discord Attachment Download ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	4	6.0	M	1	ZeroCERT

10188	2024-07-03 10:46	Update.js cbca476a716c76cf629b3428ee9c3f43 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			r0d

10189	2024-07-03 11:27	Video HD (1080p).lnk e694422f9ae9a4bf93258f6376db4292 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell ZIP Format VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Interception Windows ComputerName Cryptographic key	4 Keyword trend analysis	4	1	1	11.6		19	ZeroCERT

10190	2024-07-03 18:47	uho.uouo.uououo.doc 9904916ce3549610216e99d83e7e2135 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit Java DNS crashed	3 Keyword trend analysis	4	4	1	5.0	M	33	ZeroCERT

10191	2024-07-03 19:02	file_ahstznsa.ob0.txt.ps1 478b1ac88592f59f8a1d4cb790120c38 Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName	2 Keyword trend analysis	2	1	1	3.6	M	9	ZeroCERT

10192	2024-07-03 19:10	file_xgep41gp.dyp.txt.ps1 b75a49ff9b2f445e17519d2e743fe1b4 Generic Malware Antivirus Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName	2 Keyword trend analysis	2	1	1	3.2	M		ZeroCERT

10193	2024-07-04 02:39	http://py.pl/I7mIC 6cb7e9e8e7161d8a30c49a4228aafaaf Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2		5.6			guest

10194	2024-07-04 09:39	systemd.exe da4b6f39fc024d2383d4bfe7f67f1ee1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Tofsee crashed	1 Keyword trend analysis	2	2		2.0		44	ZeroCERT

10195	2024-07-04 09:41	Bitwarden-Installer-2024.6.3.e... 06e9439beabd1813ff13295adbba48ff Generic Malware Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File ftp PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Software	2 Keyword trend analysis	5	3		10.8		10	ZeroCERT

10196	2024-07-04 09:45	MOVE.vbs 17a1424e8ac08659157d2d0f0d143de9 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware VBScript powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key Dropper	3 Keyword trend analysis	3	2		10.0	M	7	ZeroCERT

10197	2024-07-04 10:17	file_20dp34d4.orr.txt.ps1 d95ef9e08e9db08a9722d77fb91c39df Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1	1	4.2	M		ZeroCERT

10198	2024-07-04 11:31	Update.js 616eae241a26b57cf9d5efc97ff8491f VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest

10199	2024-07-04 17:02	uh.uh.uhuhuh.uu.uh.doc 2065f134f20986527b4023d59e12081c MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit Java DNS crashed	4 Keyword trend analysis	4	4	1	5.0	M	34	ZeroCERT

10200	2024-07-04 17:08	Explore.vbs 9b5731dd0f4fe8d82ce62e1ef83ebc8c Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key		1	2		9.0		30	ZeroCERT