Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
32956	2022-03-30 18:23	NFT-435309562-Mar-29.xlsb ff129562f76e5ade550fd0ca90cfa276 Malicious Library Excel Binary Workbook file format(xlsb) VirusTotal Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS	3 Keyword trend analysis	3		3	4.8	M	11	guest

32957	2022-03-30 14:32	0305.ps1 cbfb80336f25ea741a7fdc87b01c2132 Generic Malware Antivirus HWP PS PostScript .NET DLL DLL PE32 PE File MSOffice File Malware powershell Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	1	2		11.6			ZeroCERT

32958	2022-03-30 13:27	서울지방조달청 주간입찰동향 220328.220401.h... 0362ed9e9a3741a3eebfe491b4d3db49 MSOffice File GIF Format Checks debugger Creates shortcut Creates executable files unpack itself					1.4			ZeroCERT

32959	2022-03-30 11:37	qJaxG4C1KG20iG3zUV1T3vpmpyqVI ca3adf8d5966fd42574159498c7548fd emotet Excel with Emotet MS_Excel_Hidden_Macro_Sheet MSOffice File VirusTotal Malware Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit crashed	2 Keyword trend analysis	3		1	4.4	M	13	ZeroCERT

32960	2022-03-30 11:15	инструкция_ркн.doc 341610a5a0cc430f99f9f9bd694b04a9 VBA_macro Generic Malware Antivirus MSOffice File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut RWX flags setting exploit crash unpack itself Check virtual network interfaces suspicious process Tofsee Windows Exploit ComputerName Cryptographic key crashed	1 Keyword trend analysis	4	1		10.0		29	ZeroCERT

32961	2022-03-30 11:13	0.ps1 1073f4f0b62cc79342a1eb72a4c4da50 Hide_EXE Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.4	M	9	ZeroCERT

32962	2022-03-30 10:57	NFT-1167138087-Mar-29.xlsb 08a5512995009c9f36fb39f077b49c6e Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS	3 Keyword trend analysis	3			4.2			guest

32963	2022-03-30 10:57	NFT-2053667904-Mar-29.xlsb 7733c814183b3b21b18e97d86036c6de Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed	3 Keyword trend analysis	3			5.2			guest

32964	2022-03-30 10:53	HkvWahS6osjcp1g.ps1 4d499b6d7b4106c52e650607cd9e25e7 emotet Generic Malware Antivirus powershell Check memory WMI unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	4	1	1	4.0			ZeroCERT

32965	2022-03-30 10:52	инструкция_ркн.doc 341610a5a0cc430f99f9f9bd694b04a9 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself					2.4		29	ZeroCERT

32966	2022-03-30 10:50	Charter flight details.pdf.vbs d6a52997063b44b68dee4f2557f0b00d Generic Malware Antivirus PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	2		10.0			ZeroCERT

32967	2022-03-30 10:35	inj3ct_svc.ps1 9ee2d346c37304f4d2c3baeb5cb96932 Generic Malware Antivirus .NET DLL DLL PE32 PE File Code Injection Check memory buffers extracted Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows Cryptographic key					5.0			ZeroCERT

32968	2022-03-30 10:24	drop.ps1 77b151a3b481c823337837820b6cf717 PWS[m] NPKI Gen2 Emotet Hide_EXE Generic Malware Antivirus Malicious Library UPX AntiDebug AntiVM GIF Format DLL PE32 PE File OS Processor Check powershell Buffer PE AutoRuns MachineGuid Code Injection Check memory buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key		5			11.6			ZeroCERT

32969	2022-03-30 10:02	61W0ovBu86 3b11a40e721dc4d5ed7b931b6f707001 Malicious Packer Malicious Library UPX OS Processor Check DLL PE32 PE File Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS		21 Info 103.75.201.2 - mailcious 159.8.59.82 - mailcious 158.69.222.101 - mailcious 197.242.150.244 - mailcious 188.44.20.25 - mailcious 212.24.98.99 - mailcious 216.120.236.62 - mailcious 131.100.24.231 - mailcious 153.126.146.25 - mailcious 217.182.25.250 - mailcious 185.8.212.130 - mailcious 212.237.17.99 - mailcious 119.193.124.41 - mailcious 58.227.42.236 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 189.232.46.161 - mailcious 195.201.151.129 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious 51.91.76.89 - malware	10 Info ET CNC Feodo Tracker Reported CnC Server group 19 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 20 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 12 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 14		5.8	M	35	ZeroCERT

32970	2022-03-30 09:57	77608712197934571105.xls 33359d166fbabd653dcdb6bb53d35cd4 emotet Excel with Emotet Emotet Gen2 Gen1 MS_Excel_Hidden_Macro_Sheet Malicious Packer Malicious Library UPX MSOffice File OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot Malware Report AutoRuns Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Kovter Windows Exploit ComputerName DNS crashed	4 Keyword trend analysis	46 Info e-fistik.com(185.216.113.92) - malware dsinformaticos.com(217.172.77.110) - malware dougveeder.com(192.252.144.38) - mailcious apps.identrust.com(119.207.65.152) 103.70.28.102 - mailcious 188.44.20.25 - mailcious 212.24.98.99 - mailcious 201.94.166.162 - mailcious 185.8.212.130 - mailcious 58.227.42.236 - mailcious 5.9.116.246 - mailcious 187.84.80.182 - mailcious 103.75.201.2 - mailcious 185.216.113.92 - malware 197.242.150.244 - mailcious 159.8.59.82 - mailcious 217.172.77.110 - malware 101.50.0.91 - mailcious 1.234.21.73 - mailcious 203.114.109.124 - mailcious 119.193.124.41 - mailcious 189.232.46.161 - mailcious 172.104.251.154 - mailcious 23.32.56.144 1.234.2.232 - mailcious 134.122.66.193 - mailcious 160.16.142.56 - mailcious 158.69.222.101 - mailcious 138.197.109.175 - mailcious 192.252.144.38 - mailcious 129.232.188.93 - mailcious 79.143.187.147 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 159.65.88.10 - mailcious 206.189.28.199 - mailcious 45.176.232.125 - mailcious 131.100.24.231 - mailcious 185.157.82.211 - mailcious 45.176.232.124 - mailcious 167.99.115.35 - mailcious 103.43.46.182 - mailcious 153.126.146.25 - mailcious 189.126.111.200 - mailcious 51.254.140.238 - mailcious 192.99.251.50 - mailcious	13 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 12	3	9.8	M		ZeroCERT