Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
3046	2024-06-13 13:13	Moneta-Bankdeposit.txt.jar 55ef9bbcb17c61bd3687d9abf98d6dc9 ZIP Format VirusTotal Malware Check memory heapspray unpack itself Java					2.2		12	ZeroCERT

3047	2024-06-13 13:02	bn.jar 25134872eb45cd26b9bda5752f0cc55d ZIP Format Check memory heapspray unpack itself Java					1.6			ZeroCERT

3048	2024-06-13 11:44	audiodrive.exe 3270851a7cca5589082b87fb8b194cc1 Generic Malware Malicious Library Antivirus Socket Http API HTTP DNS Internet API AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					11.2	M	52	ZeroCERT

3049	2024-06-13 11:42	%E7%9B%AE%E5%BD%95%E8%A1%A8%E6... fc51b9880f028f0de17682f992c8911d Malicious Library PE64 PE File Emotet VirusTotal Malware Code Injection Malicious Traffic buffers extracted unpack itself sandbox evasion DNS crashed	1 Keyword trend analysis	3	1		9.4		16	ZeroCERT

3050	2024-06-13 11:40	%E7%9B%AE%E5%BD%95%E8%A1%A8%E6... 7d12d31bcf973c8e543610bce47f6bde Malicious Library PE64 PE File Emotet VirusTotal Malware Code Injection Malicious Traffic buffers extracted unpack itself sandbox evasion DNS crashed	1 Keyword trend analysis	3	1		7.8		6	ZeroCERT

3051	2024-06-13 11:40	%E8%A1%A8%E6%A0%BC%E7%9B%AE%E5... 2e956653703d1fa9a23d6c9d23d53ee3 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX Downloader Antivirus PE32 PE File OS Processor Check DLL MZP Format BMP Format VirusTotal Malware Check memory Creates shortcut Creates executable files AntiVM_Disk sandbox evasion VM Disk Size Check Browser ComputerName Remote Code Execution DNS crashed		1			5.8		35	ZeroCERT

3052	2024-06-13 11:38	DIP.exe 3f02a2516380a49f81ae8e15e7f548cc Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	3		7.0		38	ZeroCERT

3053	2024-06-13 10:36	setup.exe 175fcc55a11bbd0bd69c5dab9cba90c3 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					12.0	M	32	ZeroCERT

3054	2024-06-12 17:05	jquery.min.js 41ce2a4359cc224772c6e32eae0a6013 VirusTotal Malware crashed					1.2		37	r0d

3055	2024-06-12 15:17	fb34_gate2.rar a229ecb9458451d9691f269857aec75d Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord RisePro DNS CoinMiner	8 Keyword trend analysis Info http://5.42.66.10/download/th/space.php - rule_id: 39944 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.99.177/api/twofish.php - rule_id: 40008 http://88.218.93.76/d/385135 http://5.42.66.10/download/123p.exe - rule_id: 39935 https://db-ip.com/demo/home.php?s= https://steamcommunity.com/profiles/76561199698764354	36 Info db-ip.com(104.26.4.15) pool.hashvault.pro(125.253.92.50) - mailcious cdn-download.avgbrowser.com(23.1.236.116) api64.ipify.org(104.237.62.213) bitbucket.org(104.192.141.1) - malware api.myip.com(172.67.75.163) steamcommunity.com(104.106.57.101) - mailcious iplogger.org(104.21.4.208) - mailcious t.me(149.154.167.99) - mailcious ipinfo.io(34.117.186.192) lop.foxesjoy.com(172.67.159.232) - malware cdn.discordapp.com(162.159.135.233) - malware vk.com(87.240.132.78) - mailcious raw.githubusercontent.com(185.199.108.133) - malware 104.71.154.102 182.162.106.33 - malware 104.26.5.15 104.21.4.208 147.45.47.126 - mailcious 185.199.111.133 - mailcious 34.117.186.192 149.154.167.99 - mailcious 95.217.135.112 162.159.130.233 - malware 104.21.66.124 - malware 104.237.62.213 77.91.77.80 - malware 5.42.66.10 - malware 104.192.141.1 - mailcious 121.254.136.9 125.253.92.50 5.42.99.177 - mailcious 104.26.9.59 23.33.184.247 88.218.93.76 87.240.132.72 - mailcious	24 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure SURICATA Applayer Mismatch protocol both directions ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET HUNTING Redirect to Discord Attachment Download ET INFO Packed Executable Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) SURICATA Applayer Wrong direction first Data	4	4.2	M		ZeroCERT

3056	2024-06-12 13:25	bas.bat c3d227e82f84533c2918a6239b99ff2d Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName Cloudflare DNS Cryptographic key crashed	2 Keyword trend analysis	4	2		7.0			ZeroCERT

3057	2024-06-12 11:14	0eb413efb152de726ad9cdb8927e93... 1adeea63d576dea9add98e01e9fe78b4 Malicious Library Antivirus .NET framework(MSIL) .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces					2.4	M	61	ZeroCERT

3058	2024-06-12 10:24	부가가치세 수정신고 안내(부가가치세사무처리규정).hwp... 0777cbcc96dd9a2d4319a4bf9404bba7 Generic Malware Malicious Library HWP PS PostScript Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell CAB PE32 PE File MSOffice File JPEG Format Malware download VirusTotal Malware Campaign powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Konni Windows ComputerName Cryptographic key	3 Keyword trend analysis	2	1		9.2		25	ZeroCERT

3059	2024-06-12 10:13	Update.exe 41ba5678a81003f4f12cfda4c800f61f Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check VirusTotal Malware					1.4	M	29	ZeroCERT

3060	2024-06-12 10:13	causativenesszb.exe d00c83d7c1ab5910961439e14bb3032f Generic Malware ASPack Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware Cryptocurrency wallets Cryptocurrency Check memory unpack itself ComputerName					3.2		58	ZeroCERT