Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
3001	2024-06-14 17:49	tes.ps1 bfb1332339eda5252ef18e4a877bccba Generic Malware Antivirus unpack itself Windows Cryptographic key					0.6			ZeroCERT

3002	2024-06-14 15:16	HA.COM e5e5779fa73ba24b03346cc766a50f20								guest

3003	2024-06-14 13:46	bin2.scr 0b2395819398823d092534e26209e799 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Browser DNS	29 Keyword trend analysis Info http://www.carolinappttery.com/q380/ - rule_id: 40238 http://www.carolinappttery.com/q380/ http://www.carolinappttery.com/q380/?PJd=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&roo=krO0qmwhIp_LJR2y - rule_id: 40238 http://www.carolinappttery.com/q380/?PJd=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&roo=krO0qmwhIp_LJR2y http://www.gospelstudygroup.org/qmdw/ http://www.aritum.top/f2qc/ - rule_id: 40240 http://www.aritum.top/f2qc/ http://www.winnscce.com/xk70/?PJd=E9dNAQXSau8gxD7ycO4dLfQfH5YRjq6/aXbIhWqdNKhuK+zum8oLAEgkUh6j+ec/Dsz5NNoJPY83q7uKVhR+kQSzALNmdhL2cm95N3pKuY1dSsInVS8QGD1t6OErSJExWBCOe4E=&roo=krO0qmwhIp_LJR2y - rule_id: 40235 http://www.ay62m.top/orwn/ - rule_id: 40237 http://www.ay62m.top/orwn/ http://www.gospelstudygroup.org/qmdw/?PJd=kZQE5+J7NyHk1VKpZsdFopgUcfLAHlvR1AW0jxdBnvp4EB411rckL9DsM1GhyImy3YF39ksngIoiWe7h2+CLHpk3uYhNkgQe0XYv/yb90vBP9OLAjjQiCyGhN1bVP2EzpaLZrOo=&roo=krO0qmwhIp_LJR2y http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.tqfabxah.com/f5wa/?PJd=gvfimVYyVoaIA6LSQiLyJJ4rCFA+SDI9PWBc8jEgnhWVxILhAYweklxvvqcAelfwJ0IvmpbMteemAhVl67fWtrB9/BgWrmQnFTV5QmYGhYRFat8wsaPDvDNh/p04Lm04k2miCbo=&roo=krO0qmwhIp_LJR2y http://www.sjzsls.com/9ypd/ - rule_id: 40234 http://www.ybw73.top/zfmd/ - rule_id: 40239 http://www.ybw73.top/zfmd/ http://www.ay62m.top/orwn/?PJd=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&roo=krO0qmwhIp_LJR2y - rule_id: 40237 http://www.ay62m.top/orwn/?PJd=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&roo=krO0qmwhIp_LJR2y http://www.ybw73.top/zfmd/?PJd=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&roo=krO0qmwhIp_LJR2y - rule_id: 40239 http://www.ybw73.top/zfmd/?PJd=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&roo=krO0qmwhIp_LJR2y http://www.w90dm.top/8ms4/ - rule_id: 40236 http://www.w90dm.top/8ms4/ http://www.tqfabxah.com/f5wa/ http://www.sjzsls.com/9ypd/?PJd=Fp4YMLPzXpbUfY9ET0WH3a72p3fXf7YhU2uVF/1Su8SRdO97GHvogqvz+96x72oMEQq3eHyW0zw8RVfXjuFBE/DSpz5ZNszOE2hxgYcLkAt/YsxuqXlLrzOhs3BZhOu+6KXTzoA=&roo=krO0qmwhIp_LJR2y - rule_id: 40234 http://www.aritum.top/f2qc/?PJd=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&roo=krO0qmwhIp_LJR2y - rule_id: 40240 http://www.aritum.top/f2qc/?PJd=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&roo=krO0qmwhIp_LJR2y http://www.w90dm.top/8ms4/?PJd=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&roo=krO0qmwhIp_LJR2y - rule_id: 40236 http://www.w90dm.top/8ms4/?PJd=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&roo=krO0qmwhIp_LJR2y http://www.winnscce.com/xk70/ - rule_id: 40235	19 Info www.aritum.top(203.161.55.102) www.gospelstudygroup.org(185.245.180.25) www.tqfabxah.com(35.241.42.217) www.carolinappttery.com(123.58.214.101) www.yedurrum.xyz() www.winnscce.com(123.58.214.101) - mailcious www.sjzsls.com(154.212.44.122) - mailcious www.ay62m.top(38.47.207.132) www.ybw73.top(38.47.232.233) www.w90dm.top(38.47.232.178) 38.47.232.178 203.161.55.102 38.47.232.233 154.212.44.122 - mailcious 38.47.207.132 185.245.180.25 45.33.6.223 123.58.214.101 - mailcious 35.241.42.217	2	14 Info http://www.carolinappttery.com/q380/ http://www.carolinappttery.com/q380/ http://www.aritum.top/f2qc/ http://www.winnscce.com/xk70/ http://www.ay62m.top/orwn/ http://www.sjzsls.com/9ypd/ http://www.ybw73.top/zfmd/ http://www.ay62m.top/orwn/ http://www.ybw73.top/zfmd/ http://www.w90dm.top/8ms4/ http://www.sjzsls.com/9ypd/ http://www.aritum.top/f2qc/ http://www.w90dm.top/8ms4/ http://www.winnscce.com/xk70/	12.0	M	32	ZeroCERT

3004	2024-06-14 13:29	lummac2.exe 6e3d83935c7a0810f75dfa9badc3f199 Lumma Stealer PE File PE32 VirusTotal Malware					1.6	M	60	r0d

3005	2024-06-14 10:55	RFQ#ORDER-SP-24-0217891-003.do... 527d1b34d5c5759d38b6496008e379b1 NSIS Malicious Library UPX PE32 PE File DLL JPEG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder DNS		1			3.2		34	ZeroCERT

3006	2024-06-14 10:46	file.rar c6479683dc4b3a056b853c2f66e20998 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord RisePro DNS CoinMiner	10 Keyword trend analysis Info http://5.42.66.10/download/th/space.php - rule_id: 39944 http://77.91.77.80/rome/kenzo.exe - rule_id: 40187 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.99.177/api/twofish.php - rule_id: 40008 http://88.218.93.76/d/385135 - rule_id: 40184 http://5.42.66.10/download/123p.exe - rule_id: 39935 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://steamcommunity.com/profiles/76561199699680841 https://db-ip.com/demo/home.php?s=	36 Info db-ip.com(172.67.75.166) pool.hashvault.pro(131.153.76.130) - mailcious cdn-download.avgbrowser.com(104.100.168.115) api64.ipify.org(173.231.16.77) api.myip.com(104.26.9.59) steamcommunity.com(23.66.133.162) - mailcious lop.foxesjoy.com(104.21.66.124) - malware t.me(149.154.167.99) - mailcious iplogger.org(104.21.4.208) - mailcious ipinfo.io(34.117.186.192) bitbucket.org(104.192.141.1) - malware cdn.discordapp.com(162.159.133.233) - malware vk.com(93.186.225.194) - mailcious raw.githubusercontent.com(185.199.111.133) - malware 185.199.109.133 - mailcious 87.240.129.133 - mailcious 104.26.5.15 104.21.4.208 147.45.47.126 - mailcious 23.1.179.144 - mailcious 34.117.186.192 121.254.136.18 23.43.165.105 149.154.167.99 - mailcious 104.21.66.124 - malware 65.109.240.138 104.237.62.213 5.42.99.177 - mailcious 5.42.66.10 - malware 104.192.141.1 - mailcious 23.52.128.153 125.253.92.50 162.159.134.233 - malware 104.26.9.59 77.91.77.80 - malware 88.218.93.76 - mailcious	25 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SURICATA Applayer Mismatch protocol both directions ET INFO TLS Handshake Failure ET INFO Executable Download from dotted-quad Host ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Redirect to Discord Attachment Download ET INFO EXE - Served Attached HTTP ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) SURICATA Applayer Wrong direction first Data	7	4.2	M		ZeroCERT

3007	2024-06-14 10:18	zardsystemschange.exe 414d550d9c7fed5b71913ed7e4dd967b Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll PE File OS Processor Check VirusTotal Malware crashed					1.4		44	ZeroCERT

3008	2024-06-14 10:16	theporndude.exe 97b47da3b16adb27c0ad00f1d5f7e112 Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll MSOffice File PE File OS Processor Check VirusTotal Malware crashed					1.4		47	ZeroCERT

3009	2024-06-14 09:45	setup%E4%B8%8B%E8%BD%BD%E5%90%... 0a31329b6172776635649ab5005c4671 Generic Malware Malicious Library Antivirus UPX PE64 PE File OS Processor Check Emotet Malware download NetWireRC VirusTotal Malware Code Injection unpack itself sandbox evasion Anonymous RAT DNS		1	1		6.0	M	43	ZeroCERT

3010	2024-06-14 09:43	setup%E4%B8%8B%E8%BD%BD%E5%90%... 7ff7c6f0c4233bc3c77cdb833764af21 Generic Malware UPX PE64 PE File VirusTotal Malware Check memory DNS crashed		1			4.0	M	50	ZeroCERT

3011	2024-06-14 09:43	setup%E4%B8%8B%E8%BD%BD%E5%90%... e52c00bdc49c2e842a573532762c5f0b Generic Malware Malicious Library PE64 PE File Malware download VirusTotal Malware Malicious Traffic unpack itself DNS crashed Downloader	1 Keyword trend analysis	1	1		3.6	M	50	ZeroCERT

3012	2024-06-14 09:42	setup%E4%B8%8B%E8%BD%BD%E5%90%... 50c43ce25a63eb9f2c4b74e215be8135 Generic Malware Malicious Library PE64 PE File Malware download VirusTotal Malware Malicious Traffic Downloader	11 Keyword trend analysis Info http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/123.conf http://8.134.239.3/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf	2	1		2.0		53	ZeroCERT

3013	2024-06-14 09:41	setup%E4%B8%8B%E8%BD%BD%E5%90%... 8ece12bccc4c83c2ec683a7d5a7dc348 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			3.2		46	ZeroCERT

3014	2024-06-14 09:28	setup%E4%B8%8B%E8%BD%BD%E5%90%... 2b2690881f0030510504113baf20831b Malicious Library PE64 PE File VirusTotal Malware DNS		1			3.2	M	47	ZeroCERT

3015	2024-06-14 09:28	steal.exe 1db2c9b7cd800917493a1439dcfa8eb6 Emotet Gen1 Generic Malware ASPack Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself crashed					2.4		23	ZeroCERT