Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44806	2024-06-03 07:27	GetFormsOnline.b1b4093ff0ac420... 72c1f55ceb95184b435249f2b2c1daa3 Generic Malware Malicious Library UPX PE File PE32 DLL OS Processor Check BMP Format VirusTotal Malware Check memory Creates executable files unpack itself Check virtual network interfaces AppData folder sandbox evasion Tofsee	2 Keyword trend analysis	6	1		5.2	M	34	ZeroCERT

44807	2024-06-03 07:29	SCP.Desktop.Client.IssueView.e... fc8a44c4044a479d678d7ecca1825be6 Emotet Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					2.4	M	20	ZeroCERT

44808	2024-06-03 07:29	logo2.jpg 74330f4c8e412ee96b41d01561ed1873 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	55	ZeroCERT

44809	2024-06-03 07:31	abc.exe 0423137cc78e3e3d7af3ecb534847d1b Malicious Library PE64 PE File VirusTotal Malware RWX flags setting DNS		1			3.2	M	62	ZeroCERT

44810	2024-06-03 07:35	@DDRI2_2.exe 1cfa70c1b2f1eb15d9f6b0d502095360 Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Remote Code Execution					2.6	M	21	ZeroCERT

44811	2024-06-03 07:35	GTA_V.exe adf5adfae118dabb87818f625502d0d8 Emotet Gen1 Generic Malware Malicious Library UPX ASPack Admin Tool (Sysinternals etc ...) Malicious Packer PE File PE32 MZP Format OS Processor Check DLL PNG Format MSOffice File PE64 .NET DLL DllRegisterServer dll ftp VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder					4.6	M	17	ZeroCERT

44812	2024-06-03 08:51	mdll.exe d65acc2321b1580bc524b991fad0f78a Emotet Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory RWX flags setting sandbox evasion Browser Remote Code Execution DNS		1			5.0	M	67	ZeroCERT

44813	2024-06-03 08:51	S1.exe db4468bcb2b2a4831714f107451eebfd Emotet Malicious Library UPX PE File PE32 OS Processor Check PNG Format VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself sandbox evasion Tofsee Browser Remote Code Execution DNS		3	1		4.6	M	63	ZeroCERT

44814	2024-06-03 09:36	2.exe fd75736f30d58471359129fe5bb6d452 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0		29	ZeroCERT

44815	2024-06-03 09:38	download.php ba1078a938632c3219edc00cc855625a Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					1.6	M	24	ZeroCERT

44816	2024-06-03 09:40	AppGate2103v01.exe 9905d4c0f3aaf44c8f7a0f6c4b4d3543 Emotet North Korea Generic Malware UPX Malicious Library .NET framework(MSIL) Malicious Packer Downloader Admin Tool (Sysinternals etc ...) Socket ScreenShot Steal credential DNS Code injection Anti_VM AntiDebug AntiVM PE64 PE File PE32 OS Process Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Check virtual network interfaces malicious URLs Firewall state off IP Check Tofsee Windows Browser ComputerName Remote Code Execution DNS crashed	15 Keyword trend analysis Info http://5.42.66.10/download/th/retail.php - rule_id: 39943 http://176.111.174.109/google http://185.172.128.69/download.php?pub=inte - rule_id: 39937 http://185.172.128.69/download.php?pub=inte http://5.42.66.10/download/th/space.php - rule_id: 39944 http://5.42.99.177/api/crazyfish.php http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://147.45.47.149:54674/rade/kano.exe http://185.172.128.159/dl.php - rule_id: 39941 http://5.42.66.10/download/th/getimage12.php - rule_id: 39942 http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe - rule_id: 39939 http://5.42.99.177/api/twofish.php http://5.42.66.10/download/123p.exe - rule_id: 39935 https://db-ip.com/demo/home.php?s=	26 Info f.123654987.xyz() - malware db-ip.com(172.67.75.166) monoblocked.com(45.130.41.108) - malware api64.ipify.org(104.237.62.213) api.myip.com(104.26.9.59) lop.foxesjoy.com(104.21.66.124) - malware ipinfo.io(34.117.186.192) vk.com(87.240.132.72) - mailcious 176.111.174.109 61.111.58.34 - malware 5.42.99.177 104.26.9.59 104.26.4.15 172.67.159.232 34.117.186.192 45.130.41.108 - malware 147.45.47.149 94.232.45.38 - malware 104.237.62.213 185.172.128.69 - malware 87.240.132.67 - mailcious 5.42.66.10 - malware 185.172.128.159 - malware 91.202.233.232 - mailcious 5.42.65.116 149.88.76.85 - malware	18 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 1 SURICATA Applayer Mismatch protocol both directions ET DROP Spamhaus DROP Listed Traffic Inbound group 14 ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET DROP Dshield Block Listed Source group 1 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	8 Info http://5.42.66.10/download/th/retail.php http://185.172.128.69/download.php?pub=inte http://5.42.66.10/download/th/space.php http://94.232.45.38/eee01/eee01.exe http://185.172.128.159/dl.php http://5.42.66.10/download/th/getimage12.php http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe http://5.42.66.10/download/123p.exe	18.4	M	14	ZeroCERT

44817	2024-06-03 09:41	123p.exe d43ac79abe604caffefe6313617079a3 PE64 PE File VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		1.8	M	58	ZeroCERT

44818	2024-06-03 10:46	123p.exe d43ac79abe604caffefe6313617079a3 Generic Malware PE64 PE File VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		1.8	M	58	r0d

44819	2024-06-03 10:48	123p.exe d43ac79abe604caffefe6313617079a3 Generic Malware PE64 PE File VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		2.4	M	58	r0d

44820	2024-06-03 11:07	google 25f75c4de10c970fd05472f8e6c3f337 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					1.6	M	20	ZeroCERT