Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14986	2023-03-09 17:36	bcd4b93a1a85c5ba45a4f7e5980db1... b5e1e946ebad560b876703e9675ca326 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	2	5.2	M	43	ZeroCERT

14987	2023-03-09 17:34	bcd4b93a1a85c5ba45a4f7e5980db1... bf48a5cd9169a5826521a8a33b21adee Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	5.2	M	42	ZeroCERT

14988	2023-03-09 17:33	CL.exe ed2a38021d3dcadca60d08163d1c7a31 RAT NPKI UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Windows ComputerName					9.0	M	37	ZeroCERT

14989	2023-03-09 17:12	i3YFqH6uMO3o8pg2Cbx.zip 5a72267343811d8fe7d72c1f96bac927 VirusTotal Malware Report ICMP traffic DNS		11	5		3.4	M	6	ZeroCERT

14990	2023-03-09 15:38	8f803ff90bee714e5d243cc3b3ad70... 1e16074ff6afe068fd5f852ff66eb188 Gen1 UPX Malicious Packer PE File PE64 Remote Code Execution					0.2			ZeroCERT

14991	2023-03-09 15:38	c95d3e98bd8a782a492370ad69bf82... e95942eabc6c7e41201180d1a2219673 Gen1 UPX Malicious Packer PE32 PE File Remote Code Execution					0.2			ZeroCERT

14992	2023-03-09 15:38	7f55dece1d491b5fd45817b01b4266... d649e0919963e72952b7337c45d34d55 Gen1 UPX Malicious Packer PE32 PE File Check memory Remote Code Execution					0.4			ZeroCERT

14993	2023-03-09 14:47	Fix.exe d543b38b01f033815b048cd17cd658dd UPX Malicious Library Admin Tool (Sysinternals etc ...) AntiDebug AntiVM OS Processor Check PE File PE64 JPEG Format MSOffice File VirusTotal Malware PDB Code Injection Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Exploit Remote Code Execution DNS crashed	44 Keyword trend analysis Info https://fonts.googleapis.com/css2?family=Oswald&display=swap https://i.imgur.com/Dk4kbVR.jpg https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlvAA.woff https://i.imgur.com/nsHW2sD.jpg https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.6/clipboard.min.js https://i.imgur.com/nZtfyNw.jpg https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgWxM.woff https://i.imgur.com/scAAvrJ.jpg https://2.bp.blogspot.com/-6FlMntiv-QM/XHqS-LCeUaI/AAAAAAAAD4M/Ytwi80ug7NMakyJvZKNdhj54iZFjanCMgCLcBGAs/s1600/header-01.jpg https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/sbAUsFSFkMm.css?_nc_x=Ij3Wp8lg5Kz https://use.fontawesome.com/releases/v6.1.1/css/all.css https://www.jaiefra.com/ https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/Dkx2xQN1fRV.js?_nc_x=Ij3Wp8lg5Kz https://i.imgur.com/6kRvFKg.jpg https://www.jaiefra.com/favicon.ico https://connect.facebook.net/es_LA/sdk/xfbml.customerchat.js https://unpkg.com/feather-icons@4.29.0/dist/feather.min.js https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/J6ifX-SKuSy.js?_nc_x=Ij3Wp8lg5Kz https://scontent-ssn1-1.xx.fbcdn.net/v/t39.30808-1/309787944_467309492095485_6740795535777712297_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=109&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=hcNmGrJIxpQAX_WRHMe&_nc_ht=scontent-ssn1-1.xx&edm=ADwHzz8EAAAA&oh=00_AfDP3q8bQdDV7qvBOI7BIV_ACuLIJjOnGQp06pc45clwXg&oe=640D9E97 https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5vAA.woff https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/VnkLYxrrsQ6.js?_nc_x=Ij3Wp8lg5Kz https://i.imgur.com/6MYEl1l.jpg https://cdn.jsdelivr.net/gh/zkreations/whale@1.5.5/dist/js/whale.min.js https://use.fontawesome.com/releases/v5.15.4/css/all.css https://www.facebook.com/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34fdb5418190dc%26domain%3Dwww.jaiefra.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.jaiefra.com%252Ff209ab796ac5354%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fjaiefra&locale=es_LA&sdk=joey&show_facepile=false&small_header=false&tabs=&width= https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/zzibYZcrR6-.css?_nc_x=Ij3Wp8lg5Kz https://i.imgur.com/HFGWqH9.jpg https://static.xx.fbcdn.net/rsrc.php/v3iWO94/yu/l/es_LA/w3cpxApqWUX.js?_nc_x=Ij3Wp8lg5Kz https://unpkg.com/feather-icons@4.29.0 https://unpkg.com/feather-icons https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9vAA.woff https://fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvgUI.woff https://i.imgur.com/lSf6ELo.jpg https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtvAA.woff https://cdn.jsdelivr.net/gh/danieIabel/rellax@1.8.0/rellax.min.js https://i.imgur.com/2y3RhsW.jpg https://scontent-ssn1-1.xx.fbcdn.net/v/t39.30808-6/274807150_3110650415868810_6155898568556935251_n.jpg?stp=dst-jpg_p130x130&_nc_cat=104&ccb=1-7&_nc_sid=dd9801&_nc_ohc=YwkpRMD6IQgAX82-_QL&_nc_ht=scontent-ssn1-1.xx&edm=ADwHzz8EAAAA&oh=00_AfCuu1QHp9xS8ATdxkZBk-yOJPB2063OvUNcaglCMdsmCg&oe=640F4ACA https://www.blogger.com/static/v1/widgets/229057146-widgets.js https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/P8FoGCIGp4L.js?_nc_x=Ij3Wp8lg5Kz https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap	26 Info static.xx.fbcdn.net(157.240.215.14) www.facebook.com(157.240.215.35) 2.bp.blogspot.com(172.217.25.161) fonts.googleapis.com(142.250.207.106) unpkg.com(104.16.123.175) scontent-ssn1-1.xx.fbcdn.net(157.240.215.14) cdn.jsdelivr.net(104.16.86.20) - malware i.imgur.com(151.101.40.193) - mailcious use.fontawesome.com(172.64.132.15) connect.facebook.net(157.240.215.14) fonts.gstatic.com(142.250.207.99) cdnjs.cloudflare.com(104.17.25.14) - mailcious www.jaiefra.com(142.250.76.147) www.blogger.com(142.250.206.233) 104.17.25.14 - 157.240.215.14 - 142.250.206.233 - 104.16.86.20 - 172.217.25.161 - mailcious 142.250.207.99 172.64.133.15 - 151.101.24.193 - mailcious 104.16.124.175 157.240.215.35 142.250.76.147 - mailcious 142.250.207.106 - malware	1		6.4		2	guest

14994	2023-03-09 13:57	INVOICE 589 03_23.doc b59808aba76dd0095aa06133382de9ed Generic Malware VBA_macro Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Report unpack itself suspicious process malicious URLs sandbox evasion Tofsee ComputerName DNS	1 Keyword trend analysis	11	6 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 7 ET CNC Feodo Tracker Reported CnC Server group 1		4.8		27	ZeroCERT

14995	2023-03-09 13:40	FACT.724346.msi 25b49a59b55af3e0c4082c3ebe4e01ac Gen2 Generic Malware Malicious Library OS Processor Check CAB MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk IP Check VM Disk Size Check Tofsee ComputerName		2	2		2.6		7	ZeroCERT

14996	2023-03-09 13:29	VESSEL PARTICULARS.exe 24f2bf961c5ebc9007ba75b6f029388b PWS .NET framework .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.4		30	ZeroCERT

14997	2023-03-09 11:15	5814 N 17ST.doc d44eab3f49c70836c4f7b9524a343f31 emotet Generic Malware VBA_macro MSOffice File VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit crashed	3 Keyword trend analysis	15 Info finephotos.com.au(212.1.210.110) - malware baangnews.com(104.21.69.237) - malware www.theaffiliateincome.com(66.96.149.32) - malware snjwellers.com() - malware vietcontents.xyz() - malware pesquisacred.com() - malware arthurjacksonctc.com(185.230.63.171) - malware apps.identrust.com(23.216.159.81) luandasoft.com(103.224.212.222) - malware 104.21.69.237 212.1.210.110 121.254.136.27 185.230.63.107 - phishing 103.224.212.222 - mailcious 66.96.149.32 - mailcious	3	1	3.8		45	ZeroCERT

14998	2023-03-09 11:10	azienda.url c57ce09111a84d1110b24a8505ff5804 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8		3	ZeroCERT

14999	2023-03-09 10:49	htatest1.hta.html 39d9214d90175864588feedc9e27b5b0 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed			2		9.0		9	ZeroCERT

15000	2023-03-09 10:40	DefendUpdate.exe bbabecb60a7d91dc4b01da5359280b92 UPX PE File PE64 VirusTotal Malware crashed					1.8	M	21	r0d