Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22501	2022-12-08 05:35	http://wagwalker.test-app.link 991249b1da4faebe139fe961c6ffb360 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.2			guest

22502	2022-12-07 16:13	Juzgado 09 civil del circuito ... 4a69b0a3796dd688d57e11658ac1058c Antivirus Word 2007 file format(docx) VirusTotal Malware RWX flags setting					2.0		26	ZeroCERT

22503	2022-12-07 16:10	Juzgado 09 civil del circuito ... 4a69b0a3796dd688d57e11658ac1058c Antivirus Word 2007 file format(docx) VirusTotal Malware exploit crash unpack itself Exploit crashed					2.6		26	ZeroCERT

22504	2022-12-07 16:03	cred64.dll 98cc0f811ad5ff43fedc262961002498 PWS Loki[b] Loki.m Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email RCE DNS Software crashed	1 Keyword trend analysis	1	1	1	6.0	M	53	ZeroCERT

22505	2022-12-07 15:51	pb1109.exe d925de50dd98dbed8ec6b93c98e6900c Malicious Library VMProtect PE File PE64 VirusTotal Malware crashed					2.0	M	23	ZeroCERT

22506	2022-12-07 15:51	newlege.exe 065ee41f9a4f66bd96f0448d68cc4178 RedLine stealer[m] PWS Loki[b] Loki.m RAT .NET framework Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) VMProtect Create Service Escalate priviledges AntiDebug AntiVM PE32 OS Processor Check PE File DLL .NET EXE PE64 JPEG Fo Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Interception Windows Browser Email ComputerName WordPress RCE DNS Cryptographic key Software crashed	9 Keyword trend analysis Info http://www.time4unow.com/wp-content/file.exe http://byh.ajn322bb.com/files/pe/pb1109.exe http://62.204.41.6/p9cWxH/Plugins/cred64.dll http://62.204.41.6/p9cWxH/index.php http://62.204.41.6/p9cWxH/index.php?scr=1 http://31.41.244.188/new/linda5.exe - rule_id: 24510 http://31.41.244.188/lego/5jk29l2fg.exe http://31.41.244.188/miha/wish.exe http://31.41.244.188/ano/anon.exe	10	10 Info ET DROP Dshield Block Listed Source group 1 ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request	1	19.4	M	49	ZeroCERT

22507	2022-12-07 15:51	lib32.exe 72eae711b521c031d8c4616459f6da89 UPX PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					2.6		38	ZeroCERT

22508	2022-12-07 15:50	Logic%20Media%20Explorer.exe fa9b0ac29dc8d6d7d6078c6bb16bf669 Gen2 Malicious Library Malicious Packer UPX Antivirus OS Processor Check PE File PE64 VirusTotal Malware PDB RCE DNS		1	1		3.0		5	ZeroCERT

22509	2022-12-07 15:50	dealer2.exe 09e48a34077f3f13adf9e08c8c3626c0 RAT PWS Loki[b] Loki.m Generic Malware UPX Antivirus PE File PE64 VirusTotal Malware powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			6.8		36	ZeroCERT

22510	2022-12-07 15:47	newversion5.exe 355ce92ce35c97a86c144d175d83a3a3 RAT PWS Loki[b] Loki.m Generic Malware UPX Antivirus PE File PE64 VirusTotal Malware powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		7.8	M	28	ZeroCERT

22511	2022-12-07 11:35	3.txt.ps1 fafde8664fa8689a4a001724caaa0b9a Hide_EXE PowerShell Script Generic Malware Anti_VM Antivirus VirusTotal Malware powershell AutoRuns Check memory heapspray Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			5.2	M	5	ZeroCERT

22512	2022-12-07 10:31	9.exe c92a7da9372f6c5f1f1464aaaa4ce6bc Cutwail Malicious Library ScreenShot DNS Internet API Code injection HTTP Escalate priviledges Http A Malware download VirusTotal Malware Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process suspicious TLD sandbox evasion Tofsee Windows Backdoor ComputerName DNS Cryptographic key	236 Keyword trend analysis Info http://www.xaicom.es/ - rule_id: 24556 http://atbauk.org/ http://pccj.net/ - rule_id: 24646 http://onzcda.com/ http://lyto.net/ - rule_id: 24647 http://keio-web.com/ - rule_id: 24648 http://kewlmail.com/ - rule_id: 24761 http://uhsa.edu.ag/ - rule_id: 24671 http://www.yocinc.org/ - rule_id: 23202 http://vdoherty.com/ - rule_id: 24650 http://orlyhotel.com/ - rule_id: 24651 http://www.sclover3.com/ - rule_id: 24652 http://akdeniz.nl/ - rule_id: 24735 http://vivastay.com/ - rule_id: 24694 http://enguita.net/ http://envogen.com/ - rule_id: 24701 http://www.fnsds.org/ - rule_id: 24655 http://epc.com.au/ - rule_id: 24656 http://dayvo.com/ http://www.snugpak.com/ - rule_id: 23198 http://bible.org/ http://www.valdal.com/ - rule_id: 23188 http://ramkome.com/ - rule_id: 24657 http://rkengg.com/ - rule_id: 24658 http://arowines.com/ http://www.11tochi.net/ - rule_id: 24659 http://jsaps.com/ - rule_id: 24660 http://doggybag.org/ http://mcseurope.nl/ - rule_id: 24661 http://clinicasanluis.com.co/ - rule_id: 24662 http://www.myropcb.com/ - rule_id: 24663 http://amerifor.com/ - rule_id: 24755 http://www.depalo.com/ - rule_id: 23191 http://webavant.com/ http://www.sjbs.org/ - rule_id: 24664 http://fifa-ews.com/ - rule_id: 24665 http://www.quadlock.com/ - rule_id: 23184 http://orbitgas.com/ - rule_id: 24666 http://adeesa.net/ - rule_id: 24667 http://www.hummer.hu/ - rule_id: 23200 http://www.findbc.com/ - rule_id: 24562 http://www.holleman.us/ - rule_id: 23213 http://burstner.ru/ http://roewer.de/ http://www.ex-olive.com/ - rule_id: 23224 http://portoccd.org/ http://metaforacom.com/ - rule_id: 24673 http://dzm.cz/ http://603888.com/ http://kevyt.net/ - rule_id: 24674 http://com-edit.fr/ - rule_id: 24708 http://pers.com/ http://ruzee.com/ http://tabbles.net/ - rule_id: 24677 http://hbfuels.com/ http://magicomm.co.uk/ - rule_id: 24678 http://www.alteor.cl/ - rule_id: 23182 http://tbvlugus.nl/ http://fundeo.com/ http://akr.co.id/ - rule_id: 24679 http://www.kernsafe.com/ - rule_id: 23218 http://www.item-pr.com/ - rule_id: 24680 http://www.jchysk.com/ - rule_id: 24561 http://kavram.com/ http://sgk.home.pl/ http://cbaben.com/ - rule_id: 24653 http://noblesse.be/ - rule_id: 24687 http://www.domon.com/ - rule_id: 24688 http://vonparis.com/ - rule_id: 24689 http://dyag-eng.com/ http://pellys.co.uk/ - rule_id: 24767 http://aba.org.eg/ http://ascc.org.au/ http://missnue.com/ http://nettle.pl/ http://cutchie.com/ - rule_id: 24693 http://yhsll.com/ http://host.do/ - rule_id: 24696 http://www.wifi4all.nl/ - rule_id: 23195 http://aoinko.net/ http://nekono.net/ http://holp-ai.com/ http://shanks.co.uk/ http://okashimo.com/ http://acraloc.com/ http://mackusick.com/ - rule_id: 24699 http://listel.co.jp/ - rule_id: 24700 http://nts-web.net/ - rule_id: 24749 http://bigzz.by/ http://kamptal.at/ - rule_id: 24702 http://www.pdqhomes.com/ - rule_id: 23183 http://www.transsib.com/ - rule_id: 23204 http://shteeble.com/ http://jnf.at/ http://midap.com/ - rule_id: 24704 http://shenhgts.net/ http://biosolve.com/ http://www.iamdirt.com/ - rule_id: 23192 http://impexnc.com/ - rule_id: 24706 http://oozkranj.com/ http://nlcv.bas.bg/ - rule_id: 24675 http://gydrozo.ru/ http://absblast.com/ - rule_id: 24719 http://s5w.com/ http://stopllc.com/ http://vfcindia.com/ http://www.ora.ecnet.jp/ - rule_id: 23212 http://www.edimart.hu/ - rule_id: 23221 http://www.abdg.com/ - rule_id: 23193 http://uster.com/ http://t-mould.com/ - rule_id: 24711 http://www.abart.pl/ - rule_id: 23208 http://msl-lock.com/ http://www.valselit.com/ - rule_id: 23216 http://ncn.de/ - rule_id: 24713 http://yoruksut.com/ - rule_id: 24714 http://geecl.com/ http://unicus.jp/ - rule_id: 24715 http://www.x0c.com/ - rule_id: 23225 http://coxkitchensandbaths.com/ - rule_id: 24716 http://cjcagent.com/ - rule_id: 24717 http://www.fcwcvt.org/ - rule_id: 23196 http://www.gpthink.com/ - rule_id: 23215 http://adventist.ro/ http://infotech.pl/ http://kayoaiba.com/ - rule_id: 24718 http://78san.com/ http://www.maktraxx.com/ - rule_id: 24720 http://dhh.la.gov/ - rule_id: 24721 http://insia.com/ - rule_id: 24722 http://www.credo.edu.pl/ - rule_id: 23190 http://rokoron.com/ - rule_id: 24723 http://www.dayvo.com/ - rule_id: 24724 http://www.photo4b.com/ - rule_id: 23201 http://sjbmw.com/ - rule_id: 24725 http://www.dgmna.com/ - rule_id: 23187 http://pertex.com/ http://www.speelhal.net/ - rule_id: 23228 http://yasuma.com/ http://www.naoi-a.com/ - rule_id: 23209 http://k-nikko.com/ - rule_id: 24729 http://www.2print.com/ - rule_id: 23222 http://sanfotek.net/ http://www.evcpa.com/ - rule_id: 24550 http://www.petsfan.com/ - rule_id: 23194 http://muhr-soehne.de/ - rule_id: 24732 http://www.mqs.com.br/ - rule_id: 23205 http://www.rs-ag.com/ - rule_id: 23199 http://www.olras.com/ - rule_id: 23186 http://lpver.com/ http://ossir.org/ - rule_id: 24733 http://sinwal.com/ - rule_id: 24734 http://siongann.com/ http://diamir.de/ - rule_id: 24736 http://wnit.org/ http://www.fe-bauer.de/ - rule_id: 24738 http://alexpope.biz/ http://www.baijaku.com/ - rule_id: 23181 http://www.pwd.org/ - rule_id: 24741 http://sigtoa.com/ - rule_id: 24742 http://hyab.se/ - rule_id: 24743 http://polprime.com/ - rule_id: 24682 http://www.tc17.com/ - rule_id: 24745 http://rast.se/ - rule_id: 24747 http://www.crcsi.org/ - rule_id: 23206 http://kairel.com/ http://zemarmot.net/ http://cpmteam.com/ http://hes.pt/ http://www.ora-ito.com/ - rule_id: 23211 http://araax.com/ - rule_id: 24750 http://ssm.ch/ http://bggs.com/ - rule_id: 24751 http://www.ottospm.com/ - rule_id: 24727 http://nettlinx.org/ http://www.jenco.co.uk/ - rule_id: 23179 http://touchfam.ca/ http://duiops.net/ http://mijash3.com/ - rule_id: 24726 http://canasil.com/ http://snf.it/ - rule_id: 24756 http://forbin.net/ - rule_id: 24757 http://anduran.com/ http://flamingorecordings.com/ - rule_id: 24759 http://captlfix.com/ http://www.pupi.cz/ - rule_id: 24758 http://www.tvtools.fi/ - rule_id: 23185 http://www.jacomfg.com/ - rule_id: 23226 http://www.t-tre.com/ - rule_id: 23214 http://www.waldi.pl/ - rule_id: 23207 http://a-domani.com/ - rule_id: 24760 http://www.otena.com/ - rule_id: 24532 http://wantapc.net/ http://fdlymca.org/ - rule_id: 24649 http://fogra.com.pl/ http://umcor.am/ http://cubodown.com/ - rule_id: 24762 http://karmy.com.pl/ - rule_id: 24703 http://www.pr-park.com/ - rule_id: 23180 http://sledsport.ru/ http://hchc.org/ - rule_id: 24763 http://linac.co.uk/ http://cjborden.com/ http://www.vazir.se/ - rule_id: 23203 http://x1.i.lencr.org/ http://www.lrsuk.com/ - rule_id: 23223 http://www.nelipak.nl/ - rule_id: 23217 http://www.vexcom.com/ - rule_id: 24764 http://dbnet.at/ - rule_id: 24765 http://www.hyabmagneter.se/ - rule_id: 24766 http://www.cokocoko.com/ - rule_id: 23220 http://eos-i.com/ http://johnlyon.org/ http://riwn.org/ http://any-s.net/ http://www.pcgrate.com/ - rule_id: 24560 http://mackusick.de/ - rule_id: 24769 http://popbook.com/ http://notis.ru/ http://www.netcr.com/ - rule_id: 23219 http://www.tyrns.com/ - rule_id: 23227 http://shztm.ru/ http://biurohera.pl/ - rule_id: 24774 http://www.synetik.net/ - rule_id: 23197 http://www.nqks.com/ - rule_id: 24775 http://strazynski.pl/ - rule_id: 24777 http://peminet.net/ - rule_id: 24778 http://hazmatt.com/ - rule_id: 24779 http://apps.identrust.com/roots/dstrootcax3.p7c http://indonesiamedia.com/ - rule_id: 24781 http://shittas.com/ - rule_id: 24691 http://univi.it/ - rule_id: 24783 http://www.elpro.si/ - rule_id: 23189 http://pleszew.policja.gov.pl/ - rule_id: 24773 https://dataform.co.uk/wp-signup.php?new=magicomm.co.uk https://www.muhr-soehne.de/ - rule_id: 24785	687 Info banvari.com(23.227.38.32) - mailcious www.vazir.se(206.191.152.37) - mailcious e-kami.net(202.172.28.89) - mailcious www.owsports.ca() - mailcious cvswl.org() nekono.net(202.172.28.187) in1.smtp.messagingengine.com(66.111.4.71) ludea.cz(46.8.8.200) lpver.com(92.204.129.113) shenhgts.net(199.59.243.220) hyabmagneter.se(104.21.69.146) univi.it(18.197.121.220) - mailcious insia.com(82.208.6.9) - mailcious www.yoruksut.com(93.187.206.66) www.mqs.com.br(170.82.174.30) www.photo4b.com(195.78.66.50) gydrozo.ru(91.220.211.163) mackusick.de(217.160.0.131) - mailcious www.sjbs.org(162.214.120.26) - mailcious skypearl.com(153.122.170.15) www.netcr.com(3.18.7.81) - mailcious usadig.com(198.100.146.220) www.fnsds.org(52.20.253.197) - mailcious riwn.org(198.49.23.144) missnue.com(104.21.234.120) michiana.org() shztm.ru(52.50.65.32) skgm.ru(91.201.52.102) sigtoa.com(172.67.160.168) - mailcious duiops.net(135.125.108.170) shanks.co.uk(217.19.254.22) webavant.com(148.72.176.26) fifa-ews.com(104.21.10.34) - mailcious 89gospel.com() roewer.de(45.142.176.225) dwid.de(87.230.93.218) pcoyuncu.com() - mailcious anduran.com(52.86.6.113) nlcv.bas.bg(195.96.252.188) - mailcious wahw.com.au(54.194.190.151) canasil.com(104.26.2.14) www.hummer.hu(185.80.51.179) kustnara.com(99.83.190.102) johnlyon.org(141.193.213.20) www.holleman.us(51.79.51.72) - mailcious www.vexcom.com(104.21.55.224) - mailcious sokuwan.net(185.230.63.107) avc.com.sa() www.reglera.com(64.125.133.18) actmin.com() clinicasanluis.com.co(104.21.66.220) - mailcious pellys.co.uk(77.72.4.226) - mailcious chzko.ru() www.yocinc.org(66.94.119.160) hchc.org(34.224.10.110) - mailcious www.wkhk.net() - mailcious cqdgroup.com(221.132.33.88) vvsteknik.dk(185.31.76.90) zugseil.com(92.42.191.38) - mailcious infotech.pl(79.96.32.254) www.mobilnic.net() kallman.net() www.findbc.com(13.248.216.40) - mailcious stopllc.com(162.241.233.114) www.myropcb.com(74.208.215.199) - mailcious aoinko.net(157.7.107.38) absblast.com(35.206.109.131) - mailcious yasuma.com(61.200.81.23) pertex.com(185.151.30.147) www.hyabmagneter.se(104.21.69.146) - mailcious awfraser.com() 603888.com(67.21.93.233) www.maktraxx.com(72.44.93.236) - mailcious de() host.do(217.79.248.38) - mailcious eos-i.com(45.158.22.194) mail.protonmail.ch(185.205.70.128) www.stnic.co.uk(192.124.249.108) vonparis.com(23.185.0.4) - mailcious www.dayvo.com(104.21.68.7) - mailcious samtv.ro() amele.com() sjbmw.com(198.199.101.195) - mailcious biosolve.com(159.65.255.114) shesfit.com(104.21.74.141) cjborden.com(15.197.142.173) noblesse.be(5.134.4.115) - mailcious www.koz1.net() - mailcious biurohera.pl(79.96.161.192) - mailcious xsui.com(127.0.0.1) www.olras.com(80.93.82.33) - mailcious techtrans.de(185.237.66.112) www.jroy.net() - mailcious piacton.com() acraloc.com(192.64.150.164) ludomemo.com(27.0.174.59) www.nqks.com(147.154.3.56) - mailcious aiolos-sa.gr(138.201.96.195) geecl.com(213.175.217.57) mackusick.com(217.160.0.179) - mailcious www.t-tre.com(135.181.73.98) araax.com(54.209.32.212) - mailcious yhsll.com(154.88.50.199) dataform.co.uk(83.223.113.46) www.11tochi.net(157.112.176.4) - mailcious sinwal.com(104.21.50.138) - mailcious tbvlugus.nl(174.129.25.170) magicomm.co.uk(83.223.113.46) - mailcious www.item-pr.com(185.15.129.58) - mailcious kevyt.net(104.21.2.101) - mailcious www.depalo.com(142.250.206.211) - mailcious kavram.com(172.67.189.68) www.ora-ito.com(213.186.33.40) www.wnsavoy.com(96.91.204.114) multip.hu() from30ty.com(157.7.231.224) peminet.net(198.54.117.242) - mailcious gmail-smtp-in.l.google.com(108.177.125.27) yoruksut.com(93.187.206.66) - mailcious org() www.pohlfood.com(3.89.178.37) hyab.se(172.67.199.57) - mailcious www.alteor.cl(199.15.163.148) www.tyrns.com(62.75.216.137) rokoron.com(211.13.204.3) - mailcious www.domon.com(23.227.38.74) - mailcious fdlymca.org(192.124.249.9) - mailcious nts-web.net(49.212.235.175) - mailcious bigzz.by(178.249.70.75) zupraha.cz(77.78.104.3) www.nelipak.nl(82.201.61.230) www.jenco.co.uk(104.21.23.9) - mailcious sanfotek.net(97.74.42.79) amerifor.com(64.18.191.61) - mailcious kayoaiba.com(154.213.117.166) - mailcious www.elpro.si(104.26.15.53) - mailcious ultibax.org() burstner.ru(52.50.65.32) www.muhr-soehne.de(5.189.171.125) - mailcious vdoherty.com(91.216.241.100) - mailcious dbnet.at(188.94.254.88) - mailcious fundeo.com(104.24.161.27) cnti.krsn.ru(217.74.161.133) www.naoi-a.com(202.254.236.40) - mailcious btsi.com.ph(69.46.30.77) - mailcious s5w.com(192.99.226.184) rkengg.com(3.18.7.81) - mailcious uster.com(104.20.221.29) pro-fa.com() mjrcpas.com(154.81.136.239) www.pwd.org(132.148.143.235) - mailcious bidroll.com(13.56.33.8) cjcagent.com(157.112.187.75) - mailcious impexnc.com(204.11.56.48) - mailcious shteeble.com(185.106.129.180) atis-sk.ca() www.com-sit.com(172.67.70.223) ramkome.com(62.75.216.107) - mailcious www.ottospm.com(104.21.63.28) - mailcious rast.se(89.221.250.3) - mailcious ikulani.com(157.7.107.88) ntc.edu.au(192.124.249.15) - mailcious www.pb-games.com(173.254.28.29) ie-roi.com() flamingorecordings.com(34.146.32.226) - mailcious uhsa.edu.ag(192.124.249.13) - mailcious cubodown.com(104.21.30.14) - mailcious dyag-eng.com(3.64.163.50) dspears.com(52.71.57.184) - mailcious touchfam.ca(104.37.84.3) xinhui.net(43.255.29.192) vfcindia.com(68.71.135.170) karmy.com.pl(185.253.212.22) - mailcious mijash3.com(198.49.23.144) - mailcious www.valdal.com(104.26.6.221) www.abdg.com(192.252.154.18) averwin.com() kairel.com(54.217.118.81) h-et-l.com(152.228.164.216) - mailcious pccj.net(172.67.148.147) - mailcious nrsi.com(76.223.35.103) www.valselit.com(193.70.68.254) www.pcgrate.com(172.67.201.26) - mailcious someikan.com() www.ex-olive.com(210.140.73.39) metaforacom.com(185.42.105.162) - mailcious www.cokocoko.com(34.205.242.146) - mailcious nblewis.com(52.0.29.214) canmore.com() jnf.at(136.243.147.81) gphpedit.org(127.0.0.1) dhh.la.gov(52.200.51.73) - mailcious epc.com.au(103.4.16.43) - mailcious www.udesign.biz() notis.ru(185.178.208.141) midap.com(198.49.23.145) - mailcious www.ftchat.com() - mailcious snf.it(95.174.22.233) - mailcious mkm-gr.com(79.124.76.247) keio-web.com(219.94.128.216) - mailcious www.ora.ecnet.jp(60.43.154.138) www.rs-ag.com(172.67.152.88) strazynski.pl(85.128.196.22) - mailcious www.credo.edu.pl(62.122.190.121) popbook.com(47.91.167.60) lyto.net(172.67.138.3) - mailcious www.pdqhomes.com(52.71.57.184) - mailcious www.fe-bauer.de(3.65.101.129) - mailcious www.medius.si(18.64.8.48) nettlinx.org(202.53.77.146) bible.org(104.20.55.214) www.dgmna.com(192.124.249.20) - mailcious www.jchysk.com(208.97.178.138) - mailcious hyab.com(104.21.65.224) akdeniz.nl(109.71.54.22) - mailcious cpmteam.com(104.21.32.240) alt4.gmail-smtp-in.l.google.com(142.250.152.26) polprime.com(154.214.189.76) - mailcious cutchie.com(199.59.243.222) - mailcious www.tvtools.fi(104.21.88.198) - mailcious captlfix.com(198.185.159.144) t-trust.jp(183.181.82.14) - mailcious smtp.sbcglobal.yahoo.com(67.195.12.38) www.stajum.com(103.3.1.161) www.evcpa.com(192.124.249.10) - mailcious www.abart.pl(89.161.163.246) web-york.com(219.94.129.97) - mailcious com() www.petsfan.com(52.86.6.113) - mailcious ldh.la.gov(75.2.95.235) www.synetik.net(193.166.255.171) mcseurope.nl(46.19.218.80) - mailcious www.yumgiskor.kz() refintl.org(198.185.159.144) - mailcious www.kernsafe.com(172.67.72.98) pers.com(192.124.249.3) forbin.net(104.21.41.152) - mailcious thiessen.net(62.75.251.116) tabbles.net(104.21.7.22) - mailcious esmoke.net(204.15.134.44) kewlmail.com(63.251.106.25) - mailcious akr.co.id(172.67.33.252) - mailcious www.quadlock.com(70.39.251.249) - mailcious www.cel-cpa.com(104.196.26.65) www.wifi4all.nl(104.21.42.10) - mailcious www.x0c.com(185.53.177.50) - mailcious atbauk.org(104.21.92.170) shittas.com(43.246.117.171) - mailcious wnit.org(38.111.255.201) adeesa.net(172.67.209.11) - mailcious atb-lit.com() iranytu.net(103.224.212.222) www.jacomfg.com(96.127.180.42) - mailcious koz1.net() bggs.com(35.230.155.43) - mailcious orbitgas.com(107.180.58.31) - mailcious hbfuels.com(85.233.160.139) softizer.com(185.163.45.187) www.otena.com(3.64.163.50) www.ka-mo-me.com(211.1.226.67) umcor.am(104.21.6.168) www.edimart.hu(81.2.194.241) - mailcious siongann.com(172.67.156.237) muhr-soehne.de(5.189.171.125) - mailcious www.c9dd.com(188.166.152.188) komie.com(59.106.13.181) sledsport.ru(185.22.232.175) mail7.digitalwaves.co.nz() www.tc17.com(172.67.150.80) - mailcious www.gpthink.com(39.99.233.155) - mailcious scintel.com(23.239.201.14) wanoa.com(159.89.244.183) jsaps.com(49.212.235.59) - mailcious diamir.de(138.201.65.187) - mailcious www.aevga.com(108.167.164.216) zemarmot.net(164.132.175.106) www.crcsi.org(165.227.252.190) clysma.com() www.spanesi.com(5.196.166.214) com-edit.fr(63.251.106.25) - mailcious any-s.net(76.223.15.82) www.sigtoa.com(172.67.160.168) wantapc.net(157.7.107.49) pleszew.policja.gov.pl(91.229.22.126) - mailcious www.lrsuk.com(18.64.8.108) - mailcious www.fcwcvt.org(104.21.25.200) calvinly.com(216.239.36.21) cbaben.com(173.205.126.33) - mailcious fr-dat.com(127.0.0.1) ssm.ch(93.189.66.202) www.fink.com(69.163.218.51) webband.com() envogen.com(104.21.73.149) - mailcious unicus.jp(49.212.232.113) - mailcious kursavto.ru() k-nikko.com(18.177.67.59) - mailcious 78san.com(133.242.15.119) mxs.mail.ru(94.100.180.31) ccrsi.org(198.209.253.30) www.transsib.com(80.74.154.6) apps.identrust.com(23.59.72.9) vivastay.com(18.119.154.66) - mailcious nme.co.jp(203.0.113.0) dzm.cz(83.167.255.150) www.medisa.info() oozkranj.com(212.44.102.57) agitz.com.br() agulatex.com(133.125.38.187) ossir.org(51.159.3.117) - mailcious doggybag.org(213.186.33.16) msl-lock.com(165.160.13.20) wolffkran.de() willsub.com(69.89.107.122) www.xaicom.es(188.165.133.163) www.baijaku.com(59.106.19.204) - mailcious dayvo.com(104.21.68.7) www.iamdirt.com(199.15.163.148) - mailcious coxkitchensandbaths.com(205.149.134.32) - mailcious nettle.pl(195.128.140.29) cbras.com(54.39.198.18) onzcda.com(35.186.238.101) indonesiamedia.com(74.208.215.145) - mailcious holp-ai.com(59.106.13.169) portoccd.org(51.89.6.56) www.snugpak.com(172.67.165.62) - mailcious adventist.ro(172.67.183.62) t-mould.com(81.169.145.175) - mailcious www.waldi.pl(46.242.238.60) - mailcious www.nunomira.com(192.241.158.94) haigh-me.com() www.railbook.net(103.224.212.221) revoldia.net() www.usadig.com(198.100.146.220) ruzee.com(207.180.198.201) amic.at(78.46.224.133) - mailcious fogra.com.pl(85.128.55.51) hes.pt(52.19.230.145) orlyhotel.com(172.67.156.49) - mailcious sgk.home.pl(89.161.136.188) anteph.org() nt-hat.com() kamptal.at(128.204.134.138) - mailcious tcpoa.com(76.223.35.103) ncn.de(46.30.60.158) - mailcious listel.co.jp(49.212.243.77) - mailcious hazmatt.com(205.178.189.131) - mailcious enguita.net(195.5.116.23) linac.co.uk(23.236.62.147) www.2print.com(107.180.98.101) e-asset.net() www.speelhal.net(217.19.237.54) www.vitaindu.com(58.64.191.148) 106west.com(148.130.4.196) okashimo.com(203.137.75.45) www.fnw.us(137.118.26.67) a-domani.com(183.90.232.24) - mailcious arowines.com(104.164.117.233) www.pr-park.com(118.27.125.181) shiner.com(104.21.27.205) www.sclover3.com(157.112.182.239) - mailcious grlawcc.com() alexpope.biz(76.74.184.61) x1.i.lencr.org(104.74.168.254) aba.org.eg(192.169.149.78) ascc.org.au(203.210.102.34) n23china.com() www.pupi.cz(103.224.182.241) - mailcious ciicsc.com() rtcasey.com(69.195.90.46) smtp.live.com(204.79.197.212) 35.186.238.101 - mailcious 79.124.76.247 18.64.8.59 192.64.150.164 34.199.140.178 192.241.158.94 185.163.45.187 185.15.129.58 3.64.163.50 - mailcious 188.166.152.188 159.89.244.183 198.100.146.220 107.180.98.101 172.67.134.134 198.185.159.145 - mailcious 198.185.159.144 - mailcious 5.189.171.125 - mailcious 148.72.176.26 135.181.73.98 52.19.230.145 79.96.32.254 193.70.68.254 170.82.173.30 45.142.176.225 157.7.107.88 13.56.33.8 - mailcious 136.243.147.81 49.212.235.59 - mailcious 153.120.34.73 104.21.73.149 - mailcious 49.212.232.113 - mailcious 192.169.149.78 34.146.32.226 - mailcious 104.21.234.121 202.12.27.33 178.249.70.75 217.74.161.133 217.19.254.22 78.46.224.133 - mailcious 142.250.152.27 219.94.129.97 - mailcious 23.236.62.147 - mailcious 154.81.136.239 23.59.72.9 91.220.211.163 52.50.65.32 - suspicious 80.74.154.6 - mailcious 185.106.129.180 213.186.33.17 - mailcious 141.193.213.20 - malware 192.124.249.3 205.149.134.32 - mailcious 35.206.109.131 - mailcious 172.67.206.199 - mailcious 193.166.255.171 - mailcious 137.118.26.67 51.79.51.72 - mailcious 192.124.249.9 - mailcious 60.43.154.138 172.67.209.11 - mailcious 83.223.113.46 - mailcious 75.2.70.75 - mailcious 104.21.8.75 69.89.107.122 128.204.134.138 - mailcious 91.216.241.100 - mailcious 172.67.165.62 199.59.243.220 - mailcious 83.167.255.150 67.21.93.233 58.64.191.148 202.172.28.187 185.31.76.90 211.1.226.67 172.67.209.90 - mailcious 213.186.33.40 - mailcious 173.254.28.29 - phishing 133.125.38.187 - mailcious 104.21.48.207 211.13.204.3 - mailcious 18.64.8.103 - mailcious 95.174.22.233 - mailcious 138.201.96.195 45.158.22.194 199.59.243.222 - mailcious 199.15.163.128 - mailcious 153.122.170.15 172.67.208.67 - mailcious 203.210.102.34 133.242.15.119 154.213.117.166 - mailcious 82.201.61.230 - mailcious 62.122.190.121 18.197.121.220 - mailcious 157.112.182.239 - mailcious 164.132.175.106 157.7.231.224 128.8.10.90 210.140.73.39 - mailcious 172.67.183.62 172.67.135.146 76.223.15.82 72.44.93.236 - mailcious 77.78.104.3 - phishing 107.180.58.31 - mailcious 104.21.6.168 69.163.218.51 - mailcious 162.241.233.114 208.97.178.138 - mailcious 66.111.4.75 198.199.101.195 - mailcious 89.161.136.188 213.186.33.16 - mailcious 52.0.29.214 217.19.237.54 - mailcious 217.160.0.179 - mailcious 104.21.66.46 - mailcious 192.99.226.184 104.21.41.152 - mailcious 5.134.4.115 - mailcious 47.91.167.60 5.196.166.214 199.15.163.138 - mailcious 54.217.118.81 49.212.243.77 - mailcious 198.41.0.4 204.79.197.212 188.94.254.88 - mailcious 104.21.69.146 96.127.180.42 - mailcious 104.26.10.81 221.132.33.88 - mailcious 69.46.30.77 - mailcious 108.167.164.216 85.128.55.51 62.75.216.137 27.0.174.59 103.4.16.43 - mailcious 157.112.176.4 - malware 103.224.212.222 - mailcious 185.178.208.141 66.94.119.160 172.67.68.180 185.151.30.147 - mailcious 205.178.189.131 - phishing 148.130.4.196 118.27.125.181 202.254.236.40 - mailcious 185.22.232.175 172.67.199.57 51.89.6.56 198.209.253.30 195.96.252.188 - mailcious 43.255.29.192 69.195.90.46 104.21.65.224 198.1.81.28 97.74.42.79 3.89.178.37 185.237.66.112 173.205.126.33 - mailcious 192.252.154.18 - mailcious 154.88.50.199 91.229.22.126 - mailcious 92.204.129.113 51.159.3.117 - mailcious 157.112.187.75 - mailcious 104.21.30.14 195.128.140.29 34.224.10.110 - mailcious 62.75.216.107 - mailcious 93.189.66.202 104.37.84.3 74.208.215.199 - mailcious 104.21.68.7 - mailcious 104.164.117.233 165.227.252.190 - suspicious 172.67.33.252 183.181.82.14 - mailcious 172.67.152.88 157.7.107.49 - malware 159.65.255.114 18.119.154.66 - mailcious 81.2.194.241 - mailcious 38.111.255.201 66.163.170.48 172.67.160.168 202.172.28.89 - mailcious 185.42.105.162 - mailcious 198.54.117.242 - mailcious 192.124.249.20 - mailcious 203.137.75.45 188.165.133.163 23.227.38.74 - mailcious 64.18.191.61 - mailcious 89.221.250.3 - mailcious 174.129.25.170 103.224.182.241 - mailcious 35.230.155.43 - mailcious 63.251.106.25 - mailcious 74.208.215.145 - mailcious 61.200.81.23 104.26.2.14 92.42.191.38 - mailcious 202.53.77.146 76.223.35.103 172.67.70.22 207.180.198.201 46.242.238.60 - mailcious 89.161.163.246 - mailcious 172.67.150.80 - mailcious 80.93.82.33 - mailcious 216.239.36.21 - phishing 204.11.56.48 - phishing 195.78.66.50 - mailcious 68.71.135.170 81.169.145.175 - mailcious 172.67.164.178 104.21.77.146 64.125.133.18 46.8.8.200 172.67.188.75 198.49.23.144 - mailcious 104.21.42.10 - mailcious 172.67.158.251 - phishing 206.191.152.37 79.96.161.192 59.106.19.204 - mailcious 172.67.148.147 77.72.4.226 - mailcious 109.71.54.22 - mailcious 3.130.253.23 - mailcious 103.224.212.221 - mailcious 104.21.92.170 204.15.134.44 142.250.204.115 217.69.139.150 185.205.70.128 165.160.13.20 - mailcious 54.39.198.18 3.140.13.188 - mailcious 76.74.184.61 93.187.206.66 - mailcious 104.74.168.254 183.90.232.24 - mailcious 39.99.233.155 - mailcious 70.39.251.249 - mailcious 46.19.218.80 - mailcious 54.194.190.151 43.246.117.171 - mailcious 138.201.65.187 - mailcious 211.13.196.162 59.106.13.181 104.196.26.65 - mailcious 87.230.93.218 185.253.212.22 - mailcious 104.21.29.72 - mailcious 104.21.55.224 - mailcious 212.44.102.57 13.248.216.40 - mailcious 15.197.142.173 - mailcious 85.128.196.22 - mailcious 104.26.7.221 192.124.249.15 - mailcious 192.228.79.201 195.5.116.23 192.58.128.30 104.24.161.27 82.208.6.9 - mailcious 172.67.138.3 - mailcious 23.239.201.14 162.214.120.26 - mailcious 217.160.0.131 - mailcious 3.65.101.129 - mailcious 85.233.160.139 - mailcious 3.18.7.81 - mailcious 185.53.177.50 - mailcious 3.19.116.195 - mailcious 46.30.60.158 - mailcious 23.227.38.32 - mailcious 104.21.10.34 213.175.217.57 104.21.2.101 217.79.248.38 - mailcious 172.67.72.98 49.212.235.175 - mailcious 75.2.95.235 192.124.249.108 - mailcious 104.21.27.205 59.106.13.169 35.169.15.168 152.228.164.216 - mailcious 104.21.63.28 - mailcious 198.32.64.12 172.67.152.159 23.185.0.4 - malware 96.91.204.114 - mailcious 62.75.251.116 108.177.125.27 154.214.189.76 - mailcious 135.125.108.170 172.67.189.68 132.148.143.235 - mailcious 18.177.67.59 - mailcious 192.124.249.13 - mailcious 91.201.52.102 192.124.249.10 - mailcious 104.20.221.29 172.67.33.95 103.3.1.161 219.94.128.216 - mailcious 157.7.107.38 - mailcious 185.80.51.179 - mailcious 3.94.41.167 - mailcious 147.154.0.23 - mailcious 52.200.51.73 - mailcious 185.230.63.186 - suspicious	9 Info ET MALWARE Backdoor.Win32.Pushdo.s Checkin ET INFO Observed DNS Query to .biz TLD ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst ET INFO TLS Handshake Failure ET WEB_CLIENT Hex Obfuscation of parseInt % Encoding ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding SURICATA HTTP Request line incomplete		17.2	M	39	ZeroCERT

22513	2022-12-07 10:02	config_20.ps1 c33e914ccb466f16598888c2c574818a Generic Malware Antivirus Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1			4.6			ZeroCERT

22514	2022-12-07 09:49	csrss.exe fc978e8e9d20edf8f2a0c4b157fe1920 Malicious Library UPX PE32 PE File VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	22 Keyword trend analysis Info http://www.lyonfinancialusa.com/henz/ - rule_id: 23666 http://www.afterdarksocial.club/henz/ - rule_id: 23667 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.automotiveparts-store.com/henz/ http://www.lopezmodeling.com/henz/?RZ3d8rz8=dpH6BKfQQ0cm5ImeofuKRskABJrBNfLp0vSyI4bn1RZjePkdeS9a/FiQgEdxlvmzsB0l+sQcpRgj8HqvSEXtkBUtM/7b2ek1qpGMuFI=&_FNDOP=wxlLRVvHOBA - rule_id: 23671 http://www.phootka.ru/henz/ - rule_id: 23673 http://www.brennancorps.info/henz/?RZ3d8rz8=P4ST2IJPckjMYpRf2hTG7XGyBDGAy7OOggEf6mHPhnME1yGBMW0exDItYRA37f+XnLyPH15dACF6dKWBGe8FrnsbvwR+k5hXy5NlDxw=&_FNDOP=wxlLRVvHOBA - rule_id: 23670 http://www.seufi.com/henz/?RZ3d8rz8=IBGzHMg16oJNSPrzw250+MvRfpuZJ+UNeLGkgBGOsROhXn3QAnT7j8xX9Jlog+RFk3dGiXHpM08k153fm/VBkqw4m0Htf2ZTok+naIQ=&_FNDOP=wxlLRVvHOBA http://www.lopezmodeling.com/henz/ - rule_id: 23671 http://www.foxwhistle.com/henz/ - rule_id: 23672 http://www.eufidelizo.com/henz/?RZ3d8rz8=wcp3urA+/rGtUuNVdzf16ZeZGpZq4XGXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqWKQvjoVWw+U5Y7ODGkonKNL7W0=&_FNDOP=wxlLRVvHOBA - rule_id: 23665 http://www.lyonfinancialusa.com/henz/?RZ3d8rz8=I97X75yj3reE70KD0H/Cak1oo2zHy9G/KKFZ2xPoakAfOE75REIsiEdUspxqeb3/DlFpoh36cAjqvl85DwXllB7WLme1uHpNnCumkME=&_FNDOP=wxlLRVvHOBA - rule_id: 23666 http://www.afterdarksocial.club/henz/?RZ3d8rz8=8TptbrIX6F4NxrWdTnVKCiNdtmXGEuELv5cUeaX5N5UPFd9Hxy/eCwrx8CSqMIuqYtp16J6ah9tFi3/97BblSlVnUMukTQJmI59ItyY=&_FNDOP=wxlLRVvHOBA - rule_id: 23667 http://www.patrickguarte.com/henz/ - rule_id: 23668 http://www.automotiveparts-store.com/henz/?RZ3d8rz8=l755dn3SV1HJ85bgdYLXX0FitE0O++oBuxO/p/rOD3cyNdqLfUPJLAMkl1O9xhY/fGSw1luYDYlS6H/677nep41+QBgryFqg6K8ooWg=&_FNDOP=wxlLRVvHOBA http://www.patrickguarte.com/henz/?RZ3d8rz8=5p9Ov6C7qce51hIp6nkbqV/d59cDddN77lLEFw6Ufibk2yN56suGmW9SnR2oT5DaW1POG/xMOeVc/Muqlx89dGklgcJInIpBk29/OFI=&_FNDOP=wxlLRVvHOBA - rule_id: 23668 http://www.phootka.ru/henz/?RZ3d8rz8=w1bwPjtuf2ZlKfJJwO+BTMATo3IZhxYr0xwxA7aVeAjkl5kFf+SBsbPh/8ORAg46rPRxP2SAJydpY5hX47JJGDyZCrebhSML6UzwAv0=&_FNDOP=wxlLRVvHOBA - rule_id: 23673 http://www.courdak.info/henz/?RZ3d8rz8=vdyVzLcxoZUoogW6+NKMfwQ5LAGTMZCWuq0zGM5B+O39UoDsvg/hobD3JDgVlVzjVFZes90R2RhtZev/AI+f5OQ7oLMklDSyOnM4EYU=&_FNDOP=wxlLRVvHOBA - rule_id: 23789 http://www.foxwhistle.com/henz/?RZ3d8rz8=jIhXpQA4pSG2yYWBbTjo4KjMDsvsQ9F5uiLrR0YNz1ez7r/FQUV2XPmUrykxRWDvkt62w03aCUUodajM6m+91s+tfqSr6z5AiriQQhU=&_FNDOP=wxlLRVvHOBA - rule_id: 23672 http://www.seufi.com/henz/ http://www.brennancorps.info/henz/ - rule_id: 23670 http://www.courdak.info/henz/ - rule_id: 23789	24 Info www.19t221013d.tokyo() - mailcious www.seufi.com(2.57.90.16) www.lyonfinancialusa.com(206.233.197.135) - mailcious www.afterdarksocial.club(162.214.129.149) - mailcious www.courdak.info(66.29.151.40) - mailcious www.foxwhistle.com(154.22.100.62) - mailcious www.eufidelizo.com(192.185.217.47) - mailcious www.automotiveparts-store.com(162.0.238.93) - mailcious www.brennancorps.info(2.57.90.16) - mailcious www.sqlite.org(45.33.6.223) www.phootka.ru(195.24.68.23) - mailcious www.patrickguarte.com(155.159.61.221) - mailcious www.lopezmodeling.com(192.185.35.86) - mailcious 162.214.129.149 - mailcious 154.22.100.62 - mailcious 195.24.68.23 - malware 192.185.217.47 - mailcious 66.29.151.40 - mailcious 2.57.90.16 - mailcious 45.33.6.223 192.185.35.86 - mailcious 162.0.238.93 - mailcious 206.233.197.135 - mailcious 155.159.61.221 - mailcious	1	17 Info http://www.lyonfinancialusa.com/henz/ http://www.afterdarksocial.club/henz/ http://www.lopezmodeling.com/henz/ http://www.phootka.ru/henz/ http://www.brennancorps.info/henz/ http://www.lopezmodeling.com/henz/ http://www.foxwhistle.com/henz/ http://www.eufidelizo.com/henz/ http://www.lyonfinancialusa.com/henz/ http://www.afterdarksocial.club/henz/ http://www.patrickguarte.com/henz/ http://www.patrickguarte.com/henz/ http://www.phootka.ru/henz/ http://www.courdak.info/henz/ http://www.foxwhistle.com/henz/ http://www.brennancorps.info/henz/ http://www.courdak.info/henz/	4.4	M	34	ZeroCERT

22515	2022-12-07 09:48	lib.hta b31d78c45268cf98eb09a4ce81ab7f60 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.8			ZeroCERT