Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
17716	2023-05-17 09:04	cred64.dll a995fde990914d0ae4278af25213cac0 Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName crashed					2.6		36	ZeroCERT

17717	2023-05-17 09:04	jenns.exe d35fc5185c8a58731cc0b8c4371e6c9c NSIS UPX Malicious Library PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder suspicious TLD DNS	13 Keyword trend analysis Info http://www.ascents.info/hk38/ http://www.1waif.top/hk38/?YmI=zzkZuzLAoma85XiX7lxIbQG/EJHsOO2+Q6oiR8OLkS/KwAhRwr9lPadDsgBC/R6Ehz+P4CWVVfJwNXurykV5FbLn1BWKF7Aw1kgOiys=&vVMKMC=JtlMqX9aXUH6E http://www.lgys174.top/hk38/ http://www.cryptohere.net/hk38/?YmI=ueolYRFMqDgL2w2WSyY2ND5otMaXj9PSMr4D1l6DUAw2kT04GXN59A0oGKPjQT9+3NvvA9XVQSpCofUlgfc89cVHCNXt6Tw+bOwl+vU=&vVMKMC=JtlMqX9aXUH6E http://www.nescotopp.shop/hk38/ http://www.ascents.info/hk38/?YmI=KrPc6+l/LbhA4QqNRpcmhen1wfbyqFB9qWau7oi8GuhJrnImuTvqwBhjinANrYUid0CBNXiHItrEvn/DOgRkhYxcfTTricRTxtRtwg8=&vVMKMC=JtlMqX9aXUH6E http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.memshaconsultancy.com/hk38/?YmI=ylcRdOeQ8XQ4MBe6+o+woVrTwHnafctqX6zKfONVwMcCeye0booFMTvbXdYSGzr1oUKVttZ5cokf78mxnXYdaQyvIAyyJB6YSbiDTd4=&vVMKMC=JtlMqX9aXUH6E http://www.lgys174.top/hk38/?YmI=C7+QLmlVH+QiRxI6PBDl5AOYi+WV4kkm2HpNG2cJ9XVlHr0M8Q0IkKn366y7kv3boAdk3F4dVuwUlUtIJQk6NWa3tLVuPdH+n5rm7/w=&vVMKMC=JtlMqX9aXUH6E http://www.cryptohere.net/hk38/ http://www.1waif.top/hk38/ http://www.nescotopp.shop/hk38/?YmI=DrtU8bnbnXpbNShePnwsRj13bS+UCxOuZvzH6bEjmv010pTnm4zit6bh6EVUeYhYrTCAEppr9rHC6Bu3VgZaW+HjzX/PpsxeO8UHktE=&vVMKMC=JtlMqX9aXUH6E http://www.memshaconsultancy.com/hk38/	18 Info www.nescotopp.shop(84.32.84.32) www.cryptohere.net(104.21.33.161) www.ascents.info(162.0.225.178) www.1waif.top(23.234.28.124) www.lgys174.top(107.148.25.134) www.shpmig.xyz() www.estherxpena.com() www.maniapetlovers.online() www.879-21.review(38.177.159.165) www.memshaconsultancy.com(149.255.62.50) 84.32.84.32 - mailcious 107.148.25.134 23.234.28.124 38.177.159.165 149.255.62.50 45.33.6.223 172.67.164.202 162.0.225.178	5		6.8		43	ZeroCERT

17718	2023-05-17 09:02	vbc.exe df8ab976221bbbd5d47dccd29ce378d3 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself RCE					2.4		45	ZeroCERT

17719	2023-05-17 07:13	MavrodiBlack.exe 22b25918bfdd12b1b6646cf6cdf1e867 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself crashed					2.2		47	ZeroCERT

17720	2023-05-17 07:12	version32.exe 9889b03f358c1e2a2635ae17eb4bf489 Anti_VM PE64 PE File VirusTotal Cryptocurrency Miner Malware unpack itself DNS CoinMiner		2	1		2.0		43	ZeroCERT

17721	2023-05-16 18:01	test2.bat 7a101f92a30ccd73bcdd71c103475442 Generic Malware Downloader Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					5.2			ZeroCERT

17722	2023-05-16 17:52	wf_4780.exe ec4951e9f2b1945815954fec161cf57a PWS .NET framework RAT UPX Malicious Library OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	60	ZeroCERT

17723	2023-05-16 15:57	5.26행사초청장.hwp 9b754bc802f440121aaf9f7daa4ec989 HWP PS PostScript AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

17724	2023-05-16 15:55	5.26행사일정표.hwp.lnk 74e3d84492845067a0da6cfa00c064eb Generic Malware HWP MSOffice File GIF Format							25	ZeroCERT

17725	2023-05-16 15:53	526.zip 487769a19f032e981f33023b2cb7fe10 Generic Malware HWP PS PostScript ZIP Format MSOffice File VirusTotal Malware					0.8		26	ZeroCERT

17726	2023-05-16 15:44	5.26.zip 487769a19f032e981f33023b2cb7fe10 Generic Malware HWP PS PostScript ZIP Format MSOffice File VirusTotal Malware					0.8		26	ZeroCERT

17727	2023-05-16 15:42	5.26행사초청장&일정표 (2).zip 994e644b7a36edfd7211f3141bd4c652 ZIP Format								ZeroCERT

17728	2023-05-16 15:40	5.26행사초청장&일정표.zip 487769a19f032e981f33023b2cb7fe10 Generic Malware HWP PS PostScript ZIP Format MSOffice File VirusTotal Malware					0.8		26	ZeroCERT

17729	2023-05-16 15:37	북한인권단체 활동의 어려움과 활성화 방안.chm... 002fd493096214a9a44d82acb7f1ac30 AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory unpack itself crashed					2.4		17	ZeroCERT

17730	2023-05-16 13:14	File_pass1234.7z 6323683cd9d1a9b15963cf5f50445139 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	5 Keyword trend analysis	13	2	2	5.6	M		ZeroCERT