Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
3016	2024-06-14 09:28	setup%E4%B8%8B%E8%BD%BD%E5%90%... 2b2690881f0030510504113baf20831b Malicious Library PE64 PE File VirusTotal Malware DNS		1			3.2	M	47	ZeroCERT

3017	2024-06-14 09:28	steal.exe 1db2c9b7cd800917493a1439dcfa8eb6 Emotet Gen1 Generic Malware ASPack Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself crashed					2.4		23	ZeroCERT

3018	2024-06-14 09:27	client.exe 866ad295aff7b5f29b44040b98c6994d Gen1 Generic Malware ASPack Malicious Library UPX Anti_VM PE64 ftp PE File OS Processor Check DLL ZIP Format Malware Check memory Creates executable files unpack itself Ransomware					2.6			ZeroCERT

3019	2024-06-14 09:27	ransom.exe 425a94ea0db7c1fb84b3abeaed25784b Icarus Stealer Emotet Gen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format Malware Check memory Creates executable files Ransomware DNS		1			2.2			ZeroCERT

3020	2024-06-14 09:27	onecommander.exe 55757364d854adc3fc1e5cb59532f1c3 Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll PE File OS Processor Check DNS crashed		1			0.8	M		ZeroCERT

3021	2024-06-14 09:25	OfferedBuilt.exe 00614852dbe5c98d84c4501702d04e93 NSIS Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName					6.4	M		ZeroCERT

3022	2024-06-14 09:24	sharo.doc 8b049d5e850fc75c1cef5edb8fc68feb Formbook MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself suspicious TLD Tofsee Exploit DNS crashed		21 Info www.primeplay88.org(91.195.240.19) - mailcious covid19help.top(172.67.175.222) - mailcious www.kinkynerdspro.blog(94.23.162.163) - mailcious www.touchclean.top(67.223.117.189) www.99b6q.xyz() - mailcious www.mrart.co.kr(183.111.183.31) - mailcious www.besthomeincome24.com() - mailcious www.ibistradingco.com(191.101.228.74) www.terelprime.com(66.96.161.166) - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.86) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 67.223.117.189 54.38.220.85 - mailcious 93.127.196.69 66.96.161.166 - mailcious 172.67.175.222 - mailcious 45.33.6.223 194.9.94.85 - mailcious 183.111.183.31 - mailcious 198.12.241.35 - mailcious	7 Info ET DNS Query to a .top domain - Likely Hostile ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1 ET INFO HTTP Request to a .top domain ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP Request abnormal Content-Encoding header ET HUNTING Possible COVID-19 Domain in SSL Certificate M2	12 Info http://www.kinkynerdspro.blog/ufuh/ http://www.terelprime.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.primeplay88.org/ufuh/ http://www.terelprime.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.primeplay88.org/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.kinkynerdspro.blog/ufuh/	3.6	M	33	ZeroCERT

3023	2024-06-14 09:24	sharo.scr 3935f15dafdd5edfca70895940dce681 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM .NET EXE PE32 PE File DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself AppData folder malicious URLs Browser		15 Info www.primeplay88.org(91.195.240.19) - mailcious www.mrart.co.kr(183.111.183.31) - mailcious www.99b6q.xyz() - mailcious www.besthomeincome24.com() - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.85) - mailcious www.terelprime.com(66.96.161.166) - mailcious www.kinkynerdspro.blog(94.23.162.163) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 66.96.161.166 - mailcious 54.38.220.85 - mailcious 194.9.94.86 - mailcious 45.33.6.223 183.111.183.31 - mailcious 198.12.241.35 - mailcious	1	12 Info http://www.kinkynerdspro.blog/ufuh/ http://www.kinkynerdspro.blog/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.terelprime.com/ufuh/ http://www.terelprime.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.primeplay88.org/ufuh/ http://www.primeplay88.org/ufuh/ http://www.mrart.co.kr/ufuh/	12.6	M	42	ZeroCERT

3024	2024-06-14 09:22	bin1.doc ab6398c625d0ae23c0582ad07d044581 MS_RTF_Obfuscation_Objects RTF File doc Cobalt Strike Cobalt VirusTotal Malware c&c RWX flags setting exploit crash Tofsee Exploit DNS crashed		19 Info dukeenergyltd.top(104.21.25.202) - malware www.ekvassf.store() www.baldjourney.com(35.212.60.56) www.themirrorproject.org() www.planningexcellence.org(104.21.68.117) www.heolty.xyz(162.0.238.43) www.5597043.com(172.66.47.183) www.mildhicky.com(149.88.71.203) www.usebanq.com(198.54.117.242) www.vt0lcffi5.sbs(47.239.13.172) 47.239.13.172 35.212.60.56 172.66.44.73 198.54.117.242 - mailcious 45.33.6.223 172.67.134.136 - malware 149.88.71.203 162.0.238.43 104.21.68.117	4		3.2	M	32	ZeroCERT

3025	2024-06-14 09:20	bin2.doc 118072abaca518e6ece93908a9fee1f4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash suspicious TLD Tofsee Exploit DNS crashed	17 Keyword trend analysis Info http://www.carolinappttery.com/q380/ http://www.ybw73.top/zfmd/?gSDpSqhg=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&zd=lHTo3CucwT http://www.aritum.top/f2qc/?gSDpSqhg=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&zd=lHTo3CucwT http://www.aritum.top/f2qc/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip http://www.ybw73.top/zfmd/ http://www.carolinappttery.com/q380/?gSDpSqhg=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&zd=lHTo3CucwT http://www.sjzsls.com/9ypd/ http://www.winnscce.com/xk70/?gSDpSqhg=E9dNAQXSau8gxD7ycO4dLfQfH5YRjq6/aXbIhWqdNKhuK+zum8oLAEgkUh6j+ec/Dsz5NNoJPY83q7uKVhR+kQSzALNmdhL2cm95N3pKuY1dSsInVS8QGD1t6OErSJExWBCOe4E=&zd=lHTo3CucwT http://www.w90dm.top/8ms4/ http://www.ay62m.top/orwn/ http://www.sjzsls.com/9ypd/?gSDpSqhg=Fp4YMLPzXpbUfY9ET0WH3a72p3fXf7YhU2uVF/1Su8SRdO97GHvogqvz+96x72oMEQq3eHyW0zw8RVfXjuFBE/DSpz5ZNszOE2hxgYcLkAt/YsxuqXlLrzOhs3BZhOu+6KXTzoA=&zd=lHTo3CucwT http://www.ay62m.top/orwn/?gSDpSqhg=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&zd=lHTo3CucwT http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.w90dm.top/8ms4/?gSDpSqhg=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&zd=lHTo3CucwT http://www.winnscce.com/xk70/ https://dukeenergyltd.top/bin2.scr	16 Info www.aritum.top(203.161.55.102) dukeenergyltd.top(172.67.134.136) - malware www.sjzsls.com(154.212.44.122) - mailcious www.carolinappttery.com(123.58.214.101) www.winnscce.com(123.58.214.101) www.ay62m.top(38.47.207.132) www.ybw73.top(38.47.232.233) www.w90dm.top(38.47.232.178) 38.47.232.178 203.161.55.102 38.47.232.233 154.212.44.122 - mailcious 38.47.207.132 45.33.6.223 172.67.134.136 - malware 123.58.214.101	3		4.4	M	33	ZeroCERT

3026	2024-06-14 09:20	setup%E7%9B%AE%E5%BD%95%E8%A1%... b8cc81e57efd30cab09d0256f79f7098 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			2.6		16	ZeroCERT

3027	2024-06-14 09:17	setup%E7%9B%AE%E5%BD%95%E8%A1%... 7fbc6a95fc41c5bb0fecdd659d641ae9 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			2.4		6	ZeroCERT

3028	2024-06-14 07:51	lummac2.exe 6e3d83935c7a0810f75dfa9badc3f199 PE32 PE File					0.4	M		ZeroCERT

3029	2024-06-14 07:49	setup%E4%B8%8B%E8%BD%BD%E5%90%... 4dc6a0aa29fc47b343521af82014af0f Malicious Library PE64 PE File DNS crashed	1 Keyword trend analysis	1			2.2	M		ZeroCERT

3030	2024-06-14 07:47	qgtplfgy2.exe 3d033b03106e5b46abde0df781c164d5 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed		2	2		7.4	M		ZeroCERT