Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
3991	2024-05-17 09:20	evengwalkreallynicetodoforheal... 8c2e6ab3fa1fe129f426869952a3a1d8 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed	2 Keyword trend analysis	4	5		4.8	M	38	ZeroCERT

3992	2024-05-17 09:19	todaywegobeautifulgirl.vbs 8ebbcf9f93c0c88b68945c48415f6d98 VirusTotal Malware VBScript wscript.exe payload download Tofsee Dropper	1 Keyword trend analysis	2	2		10.0	M	13	ZeroCERT

3993	2024-05-17 09:18	becauseofflowerwecantgivesucha... e050b72bd8f7f3c5a79af85cb1a1bd73 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	38	ZeroCERT

3994	2024-05-17 09:17	815abba63691f5311f254f757bad8b... e83ada5bc4a70e0802b8f35186758c81 Malicious Library Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself ComputerName					2.6		33	ZeroCERT

3995	2024-05-17 09:17	beautifulthingshappeningonbeau... a75f66170a17551071949b1188489af1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	3		4.6	M	35	ZeroCERT

3996	2024-05-17 09:17	loudd.scr aab1d3c0633ee5a766395a51c4b4cf66 LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk suspicious TLD WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	8 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		15.8	M	26	ZeroCERT

3997	2024-05-17 09:16	sharzx.scr 4eabadc99a3505b71e02e73c43bcddab LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1			15.8	M	29	ZeroCERT

3998	2024-05-17 09:13	dl.php d20089770bdb6ace5be655ee209e4f24 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.4	M	31	ZeroCERT

3999	2024-05-17 09:13	weneverneedtokissflowersbeause... 4f3983c99751f41c7d1639fccbee0491 Formbook MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	13 Keyword trend analysis Info http://www.crimsoncascade.xyz/a42m/ http://www.gregoriusalvin.com/a42m/ - rule_id: 39605 http://www.gregoriusalvin.com/a42m/?IWGZfq=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&6Za=ySE9k110 - rule_id: 39605 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip http://www.xn--bb55rtp-9va2p.store/a42m/?IWGZfq=SpRmwiWWWie0LiCQik30fMumghQ1V43TuTRukl4i+K/mOSJ9++mg5ZeFxUAkG3Pdc43Qwg0V3CKoqh5jVerICFqxOreCo6UFThdoK0ITtUR0x3kt6DvHO7oYbUe5+lYToPjvUAg=&6Za=ySE9k110 http://www.fidyart.com/a42m/?IWGZfq=TRa47sC0zg9DwlJH2ofZbpLPxb60FAnROaHr8XI2UWJs85O5KJ5v05dP6WLbumUjxgnYSz8VJIiFOj3/jDGGhDjJnNfIP19njrbmy90O84rAfsEKawWCksmZBQaaYfgJFBMVu+Q=&6Za=ySE9k110 http://www.tintasmaiscor.com/a42m/?IWGZfq=BaBbynwG2FaMiw+hhIbbh28MgtbEHbpnPsDfKOVNrs70A5vduIAGjxN5gftBLQVIAtEactO1mhmKtuNjdeyvWaHsEukAqVbBiuakY2ayn/21WOCwyWJ4ZPsM5Fw7u2uLCIVlGog=&6Za=ySE9k110 - rule_id: 39606 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.fidyart.com/a42m/ http://www.crimsoncascade.xyz/a42m/?IWGZfq=OaCxij+az8CWZkVV/54ln7Tii7cuYBvJsZdPmSHU0RFVoK/pLfrBdHMvdCD9qCJrgyFEUHy2yFOAdhP54QELuvsZtM/ZdHBp7cl68dN6EF+6a9fy3QPRhNX/VA1OInBnCfWbr6U=&6Za=ySE9k110 http://www.xn--bb55rtp-9va2p.store/a42m/ http://www.tintasmaiscor.com/a42m/ - rule_id: 39606 http://192.3.216.156/71120/smss.exe	17 Info www.crimsoncascade.xyz(162.0.237.22) www.fidyart.com(63.250.43.146) www.italiangreyhounds.online() - mailcious www.xn--bb55rtp-9va2p.store(84.32.84.32) www.gregoriusalvin.com(103.247.10.164) - mailcious www.tintasmaiscor.com(162.240.81.18) - mailcious www.designsbysruly.com() - mailcious www.gcashservice247.com() - mailcious www.weeveno.com() - mailcious www.infomail.website() - mailcious 162.0.237.22 84.32.84.32 - mailcious 45.33.6.223 63.250.43.147 162.240.81.18 - mailcious 103.247.10.164 - mailcious 192.3.216.156 - malware	7 Info ET MALWARE FormBook CnC Checkin (GET) M5 ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious smss.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4	4.6	M	35	ZeroCERT

4000	2024-05-17 09:11	dl.php 9b811321fcab794c77c3f9a6b6622c37 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.4	M	32	ZeroCERT

4001	2024-05-17 09:10	createdbeautifulimagesentirepl... 118a6298bf966ad5979e15faca957cbd MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2		4.6	M	35	ZeroCERT

4002	2024-05-17 09:10	mrngisagreatdayformebecausewew... 8dc3b5e3a2c0fbc303f76905e8247926 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed	2 Keyword trend analysis	4	5		4.4		33	ZeroCERT

4003	2024-05-17 07:43	shell.exe 346dae7e729ed4f192d213fcd2292d58 UPX MPRESS PE File PE32 DLL VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder sandbox evasion Windows					4.6		54	ZeroCERT

4004	2024-05-17 07:41	grace.exe 6cb57b7bbac238426bb2f888fbfc3ed7 Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	52	ZeroCERT

4005	2024-05-17 07:39	sb.exe 04bcca3d8db9f3034c8814acd8735073 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Windows					2.2		55	ZeroCERT