Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2041	2024-07-22 11:12	6699582c986e9_appdrivevideo.ex... ba45cf8e20d509ee5785cc22413570cd North Korea Malicious Library .NET framework(MSIL) UPX Socket Http API PWS HTTP DNS Internet API AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					9.0		53	ZeroCERT

2042	2024-07-22 11:11	ou.ou.ou.ou.ou.doc 034e661a8a618c2a1596205d982f769d MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	4	5 Info ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image	2	4.6	M	37	ZeroCERT

2043	2024-07-22 10:14	get.exe a507dfa5bc805e574236ee0b0c61a5db Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege MachineGuid Check memory Checks debugger unpack itself					2.2	M	17	r0d

2044	2024-07-22 09:30	567jn7x.exe e8a1d35e54a6982c175c4351f3ce0dcd Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.8		49	ZeroCERT

2045	2024-07-22 09:10	svhosts.exe d39a20fd19892439847037745f81a036 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Telegram AutoRuns Tofsee Windows ComputerName DNS		2	4		2.6		38	ZeroCERT

2046	2024-07-22 07:49	Build.exe 17db34e555e545ce20f804526a31ed48 Generic Malware Malicious Library .NET framework(MSIL) UPX Antivirus PE File .NET EXE PE32 OS Processor Check Malware powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		7.4	M		ZeroCERT

2047	2024-07-22 07:46	acev.exe 4f5771aa008fb55801a3f9fba7130f69 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					2.2	M		ZeroCERT

2048	2024-07-22 07:44	winiti.exe e430899d8e61ea4cb961be83d6b4091a Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key					6.0	M		ZeroCERT

2049	2024-07-22 07:42	get.exe a507dfa5bc805e574236ee0b0c61a5db PE File .NET EXE PE32 PDB suspicious privilege MachineGuid Check memory Checks debugger unpack itself					1.6	M		ZeroCERT

2050	2024-07-22 07:40	5.exe 387539254d02064c55935e94f0f56649 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE32 OS Processor Check PDB Checks debugger unpack itself suspicious TLD DNS crashed		2	1		3.8	M		ZeroCERT

2051	2024-07-22 07:31	bp.exe 6733c804b5acf9b6746712bafaca17da Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 Check memory Checks debugger unpack itself					0.8			ZeroCERT

2052	2024-07-22 07:31	jp.exe 808502752ca0492aca995e9b620d507b Generic Malware Malicious Library UPX PE File PE64 OS Processor Check PDB					0.4	M		ZeroCERT

2053	2024-07-21 10:05	Hkr1RNIlYyM4nwwskttpcl5yFUnv3m... af526914b1724469467f85ae09e90f3e crashed					0.2			ZeroCERT

2054	2024-07-21 10:02	263CWoYD.exe e1a6bad0a3a2e1040d730a2d6694fc1c Gen1 Emotet Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer ASPack UPX Antivirus Anti_VM DllRegisterServer dll PE File PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications AppData folder sandbox evasion installed browsers check Windows Browser ComputerName Remote Code Execution DNS		1			8.6		34	ZeroCERT

2055	2024-07-21 09:59	tomcat.exe 60697ecdf48bd911582ccd71c115dd21 Gen1 Emotet Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files RWX flags setting unpack itself Collect installed applications sandbox evasion human activity check installed browsers check Windows Browser ComputerName DNS		1			7.2		45	ZeroCERT