Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2536	2024-07-03 19:10	file_xgep41gp.dyp.txt.ps1 b75a49ff9b2f445e17519d2e743fe1b4 Generic Malware Antivirus Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName	2 Keyword trend analysis	2	1	1	3.2	M		ZeroCERT

2537	2024-07-03 19:02	file_ahstznsa.ob0.txt.ps1 478b1ac88592f59f8a1d4cb790120c38 Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName	2 Keyword trend analysis	2	1	1	3.6	M	9	ZeroCERT

2538	2024-07-03 18:50	poop.exe 42e52b8daf63e6e26c3aa91e7e971492 PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Creates shortcut Creates executable files Ransomware Browser					4.6	M	68	ZeroCERT

2539	2024-07-03 18:47	uho.uouo.uououo.doc 9904916ce3549610216e99d83e7e2135 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit Java DNS crashed	3 Keyword trend analysis	4	4	1	5.0	M	33	ZeroCERT

2540	2024-07-03 18:46	client_win.exe 9f478308a636906db8c36e77ce68b4c2 Gen1 Generic Malware Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files WriteConsoleW					1.6		26	ZeroCERT

2541	2024-07-03 18:44	123.exe 4a24aad5274be7e1fd5e3ef95ea20f8f Gen1 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processor Che VirusTotal Malware AutoRuns PDB Code Injection Creates executable files Windows utilities WriteConsoleW Windows Remote Code Execution crashed					6.0		47	ZeroCERT

2542	2024-07-03 18:43	OPERATIONAL_MOAT.exe fe630e60d070ead8f5421d4006872435 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1	1		4.4		45	ZeroCERT

2543	2024-07-03 18:41	ok.exe 2a5bdb0a785762ab4982d360bd4c37e5 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1	1		4.2		38	ZeroCERT

2544	2024-07-03 18:41	wmi.jpg.exe 1953c97029337ec04a8d4b69911d843f UPX PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities WriteConsoleW Firewall state off IP Check Windows DNS DDNS Downloader	5 Keyword trend analysis Info http://118.184.169.48/dyndns/getip http://16.162.161.106:8080/api/node/ip_validate http://ssl.ftp21.cc/64.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8	27 Info gtxvdqvuweqs.com(16.162.201.176) - mailcious members.3322.org(118.184.169.48) down.ftp21.cc(107.189.29.100) - malware ipv6-api.iproyal.com() api.ipify.org(172.67.74.152) download.microsoft.com(72.247.96.197) hook.ftp21.cc(211.108.60.155) - malware api6.my-ip.io() www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.189) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(211.108.60.155) - malware 16.162.161.106 104.26.13.205 211.108.60.155 - malware 59.151.136.153 51.161.196.188 45.113.194.127 16.162.201.176 - mailcious 1.226.84.135 218.57.129.51 93.189.62.83 118.184.169.48 110.11.158.238 119.203.212.165 - malware	12 Info ET DNS Query for .cc TLD ET INFO Packed Executable Download ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup		11.2	M	40	ZeroCERT

2545	2024-07-03 18:40	toi.txt.exe 5de123afed9669f8abd8994820591ec7 Generic Malware PE File DLL PE64 VirusTotal Malware crashed					1.4	M	45	ZeroCERT

2546	2024-07-03 18:38	EERIE_EAVE.exe e515e4872f4891fb598b503c34036b8c Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger Check virtual network interfaces DNS		1	1		4.8		40	ZeroCERT

2547	2024-07-03 18:38	lumma0207.exe 168c5908924803d268d26965c32a5620 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.2		26	ZeroCERT

2548	2024-07-03 18:27	IEnetCache.hta 23944bdd42dd1973f4cebc54defbccd0 Generic Malware Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	3		12.0		13	ZeroCERT

2549	2024-07-03 18:12	강연의뢰서_ 엄구호 교수님 .docx.lnk... 52d073c181531c7f0b8b3aa764c6551d Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4		26	guest

2550	2024-07-03 17:19	pconsnap.dll 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		37	ZeroCERT