Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
32911	2022-03-31 13:45	202203 BTCETH 추가계정정보.docx... 2677f9871cb340750e582cb677d40e81 Word 2007 file format(docx) VirusTotal Malware unpack itself	5 Keyword trend analysis	2			2.4		24	ZeroCERT

32912	2022-03-31 13:42	vbaProject.bin.doc 4520cad706d5dfc7df2250b487dcf020 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself					2.0		21	ZeroCERT

32913	2022-03-31 13:39	accountTemplate0330.zip.docx 1559aeb8e464759247e4588cb6a09877 VBA_macro Word 2007 file format(docx) VirusTotal Malware unpack itself					1.8		19	ZeroCERT

32914	2022-03-31 13:35	Invoice_ 19075.16_10.doc a8eda3039c4cbbb362eb5847ed38e37a Gen1 Emotet VBA_macro Generic Malware Malicious Packer Malicious Library UPX MSOffice File PE32 PE File VirusTotal Malware suspicious privilege Creates executable files unpack itself AppData folder	1 Keyword trend analysis	1			6.8		49	ZeroCERT

32915	2022-03-31 11:33	NFT-1425656790-Mar-29.xlsb d0d98ee06e93c648e985d39b6e8aaf37 Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed	1 Keyword trend analysis	3		1	7.2	M	10	guest

32916	2022-03-31 11:27	MHR.exe 8d5fd2c8bc4d982da1c485cf74c46765 Generic Malware Malicious Packer DNS AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1		14.6	M	34	r0d

32917	2022-03-31 11:10	vbc.exe 5b9d23eb5a8f6d5578897abbecfe3d37 Formbook AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.6	M	38	r0d

32918	2022-03-31 10:57	7718681721587271.xls 4077736d3a04cc2c292eb21e04abd768 emotet Excel with Emotet MS_Excel_Hidden_Macro_Sheet Malicious Library UPX MSOffice File OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot VirusTotal Malware Report AutoRuns Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Kovter Windows Exploit ComputerName DNS crashed	6 Keyword trend analysis Info http://dmcontabilidade.com/correspondentecaixa/TrS/ https://fcelik.nl/rittenregistratie/web/css/B3ILfU8Xk2SsEmT/ https://www.gessersh.com/wp-includes/ZwQLepW/ https://www.fantasticmotion.jp/_cnskin/qfWEQrrwBg/ http://fanfield.co.uk/cgi-bin/7pp6DjWFNJXY8/ http://www.garantihaliyikama.com/wp-admin/FjgB6I/	24 Info www.garantihaliyikama.com(213.128.75.146) - malware www.gessersh.com(81.95.101.8) - malware 45.118.115.99 - mailcious 206.189.28.199 - mailcious 187.84.80.182 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 45.176.232.124 - mailcious 1.234.2.232 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 81.95.101.8 - malware 209.250.246.206 - mailcious 138.197.109.175 - mailcious 183.111.227.137 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 51.91.76.89 - malware 213.128.75.146 - malware 72.15.201.15 - mailcious 103.43.46.182 - mailcious 79.143.187.147 - mailcious 209.126.98.206 - mailcious	9 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 19 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 14 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET INFO EXE - Served Attached HTTP	1	10.0	M	18	ZeroCERT

32919	2022-03-31 10:55	00675281126.xls f284cb44aba6ee6f4aa83086ed8dc951 Excel with Emotet MS_Excel_Hidden_Macro_Sheet Malicious Library UPX MSOffice File OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot VirusTotal Malware Report AutoRuns Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Kovter Windows Exploit ComputerName DNS crashed	6 Keyword trend analysis Info http://dmcontabilidade.com/correspondentecaixa/TrS/ https://fcelik.nl/rittenregistratie/web/css/B3ILfU8Xk2SsEmT/ https://www.gessersh.com/wp-includes/ZwQLepW/ https://www.fantasticmotion.jp/_cnskin/qfWEQrrwBg/ http://fanfield.co.uk/cgi-bin/7pp6DjWFNJXY8/ http://www.garantihaliyikama.com/wp-admin/FjgB6I/	24 Info www.garantihaliyikama.com(213.128.75.146) - malware www.gessersh.com(81.95.101.8) - malware 45.118.115.99 - mailcious 206.189.28.199 - mailcious 187.84.80.182 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 45.176.232.124 - mailcious 1.234.2.232 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 81.95.101.8 - malware 209.250.246.206 - mailcious 138.197.109.175 - mailcious 183.111.227.137 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 51.91.76.89 - malware 213.128.75.146 - malware 72.15.201.15 - mailcious 103.43.46.182 - mailcious 79.143.187.147 - mailcious 209.126.98.206 - mailcious	9 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 5 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 14 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET INFO EXE - Served Attached HTTP		10.2	M	20	ZeroCERT

32920	2022-03-31 10:54	MHR.exe 8d5fd2c8bc4d982da1c485cf74c46765 DNS AntiDebug AntiVM .NET EXE PE32 PE File Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	2		13.6	M	34	ZeroCERT

32921	2022-03-31 10:53	eEusN3GN6vDF.exe 4fff25327afeda87f089e27a6f62a03f ASProtect PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself sandbox evasion Windows ComputerName DNS Cryptographic key		1			9.0	M	45	ZeroCERT

32922	2022-03-31 10:51	vbc.exe 5b9d23eb5a8f6d5578897abbecfe3d37 [m] Generic Malware AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS	11 Keyword trend analysis Info http://www.avida2015.com/foi3/?nbWhY=rt1OUDQadVws4Xhs2LnVv4bjZ/3lsVqV7VaWPyb3AMU04vmMWW78GpBmARU08em66FoQHcow&D8bDm=9rkHzHjH http://www.tjginde.com/foi3/?nbWhY=+3Oc61A2+CxOJh0kW8+QptREWWWOLuINRMjO9MOOrLLKAEm4V/rzefqrBP6bUd9Yt8sZHZpL&D8bDm=9rkHzHjH - rule_id: 15316 http://www.pericumix.com/foi3/?nbWhY=kGyCCW/DrqOOEKcf8Aq01RwPrevxqTX+CIkQccm46kROSDa0xSkHrPixWxvgxS9o1TQLhHLU&v2Jx9=0p-PJFjxGV1t1fM0 http://www.health2earn.com/foi3/?nbWhY=1e/dMCVrZs33RIbAndgsIftr/p2749eLVne8ar9Uk84uyJg/nE4e0omSG3JvwocRJ0E8ybiK&D8bDm=9rkHzHjH - rule_id: 15311 http://www.artrascents.com/foi3/?nbWhY=MFpf8GLTgsGj2LVa2fRuoeqtdMsx3mjiUs/+kMMB+WHYvEpEC0M+ytqxtzL4DVBy3Luvt8W3&v2Jx9=0p-PJFjxGV1t1fM0 http://www.just-bussiness.online/foi3/?nbWhY=D+1uSx7o0la+Hbq4Pd+LMFmvxiP7ojE4/729CYIuiWZ9ATQqBudZyFokeGgk8P1SF/p7IgZN&D8bDm=9rkHzHjH http://www.asgard888game.com/foi3/?nbWhY=WsWHeLKwEaADGJlV/hN7ZpbePc5rNAbIeL/u0zMpQi6mJc+o0v0SyL7d7OeZmP/qTrxD3qPf&D8bDm=9rkHzHjH http://www.njkhmj.com/foi3/?nbWhY=siARVp6Qv3Lsd2xqmphHCyFYUQbIGi9LbLSpLqXJPWyLbwO12jXpgYYtDMa7vZnO6yXUCVms&D8bDm=9rkHzHjH http://www.marcopolotogo.com/foi3/?nbWhY=zIiwOP9O77ECLxyAKwTwiioZQ7K0DMyuK+hL1EkMz/uZ1UFo5wQvq67Pn4BQo5tCcmdGf2wE&D8bDm=9rkHzHjH - rule_id: 15312 http://www.petitsiteentreamis.com/foi3/?nbWhY=lhUwHk+EotedDGwkxa1yqcRlQe62RTpfJ3e1sBuN3KsSGbjmOr7+sTejHv3KHEhQOUJ4jdrX&D8bDm=9rkHzHjH http://www.sazuthedev.com/foi3/?nbWhY=HjfBmsr2QCZUYI+JM9TBIETros4t8dKi8QZwF1064LXY/GMMkw7yQEgXh8nLlGSqDgdOxq57&D8bDm=9rkHzHjH	28 Info www.caixadepandora.club() www.howtofindahotniche.com() www.piyingren.top() www.revolvewsefsu.top() www.sazuthedev.com(104.21.66.100) www.artrascents.com(156.232.154.174) www.health2earn.com(199.36.158.100) www.iphone13pro.guide() www.just-bussiness.online(104.21.17.228) www.njkhmj.com(154.86.195.206) www.petitsiteentreamis.com(213.186.33.5) www.marcopolotogo.com(74.208.236.196) www.avida2015.com(209.99.40.222) www.asgard888game.com(172.67.217.129) www.pericumix.com(172.217.26.243) www.tjginde.com(23.110.200.167) www.kloecker-versicherungen.com() 199.36.158.100 - phishing 172.67.217.129 172.67.178.163 74.208.236.196 - mailcious 142.250.207.19 209.99.40.222 - mailcious 213.186.33.5 - mailcious 104.21.66.100 154.86.195.206 156.232.154.174 23.110.200.167 - mailcious	2	3	8.8	M	38	ZeroCERT

32923	2022-03-31 10:51	qfWEQrrwBg 16427c3406c7f8a4da826971ac2b5a43 Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS		20 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 - mailcious 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5		5.8			ZeroCERT

32924	2022-03-31 10:51	6454269803989995.xls 046e89fbbbd8d4c48200a5afad3c865e Excel with Emotet MS_Excel_Hidden_Macro_Sheet Malicious Library UPX MSOffice File OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot VirusTotal Malware Report AutoRuns Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Kovter Windows Exploit ComputerName DNS crashed	6 Keyword trend analysis Info http://dmcontabilidade.com/correspondentecaixa/TrS/ https://fcelik.nl/rittenregistratie/web/css/B3ILfU8Xk2SsEmT/ https://www.gessersh.com/wp-includes/ZwQLepW/ https://www.fantasticmotion.jp/_cnskin/qfWEQrrwBg/ http://fanfield.co.uk/cgi-bin/7pp6DjWFNJXY8/ http://www.garantihaliyikama.com/wp-admin/FjgB6I/	24 Info www.garantihaliyikama.com(213.128.75.146) www.gessersh.com(81.95.101.8) 45.118.115.99 - mailcious 206.189.28.199 - mailcious 187.84.80.182 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 45.176.232.124 - mailcious 1.234.2.232 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 81.95.101.8 209.250.246.206 - mailcious 138.197.109.175 - mailcious 183.111.227.137 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 51.91.76.89 - malware 213.128.75.146 72.15.201.15 - mailcious 103.43.46.182 - mailcious 79.143.187.147 - mailcious 209.126.98.206 - mailcious	9 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 5 ET POLICY PE EXE or DLL Windows file download HTTP ET CNC Feodo Tracker Reported CnC Server group 14 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET INFO EXE - Served Attached HTTP		10.4		19	ZeroCERT

32925	2022-03-31 10:49	FjgB6I dec4691f828115b1a5e1481de933fba9 Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS		20 Info 1.234.2.232 - mailcious 72.15.201.15 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 164.68.99.3 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 45.118.115.99 - mailcious 209.250.246.206 - mailcious 138.197.109.175 - mailcious 206.189.28.199 - mailcious 103.43.46.182 - mailcious 183.111.227.137 - mailcious 104.131.11.205 - mailcious 189.232.46.161 - mailcious 79.143.187.147 - mailcious 187.84.80.182 - mailcious 51.91.76.89 - malware 209.126.98.206 - mailcious 45.176.232.124 - mailcious	5		5.8			ZeroCERT