Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44896	2024-06-07 09:49	lionsarekingogthejunglewhorule... 56b4ddf6c247124f9bc633b06b169a84 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	9 Info SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious lsass.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	3.2	M		ZeroCERT

44897	2024-06-07 09:49	setup-lightshot.exe 42d41456f2eccff630138c1ac9d50d1f Generic Malware WinRAR Malicious Library UPX PE File PE32 OS Processor Check Lnk Format GIF Format URL Format DLL VirusTotal Malware PDB MachineGuid Creates shortcut Creates executable files unpack itself ComputerName Remote Code Execution				3.4	M	20	ZeroCERT

44898	2024-06-07 09:51	liitletigersearchingforfoodwhi... 077e4cfa6534a69f9e8de8e5b83ba08c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2	4.6	M	37	ZeroCERT

44899	2024-06-07 09:54	obizx.doc e7b1cf4b76def016284ea19d18724961 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	2	2	3.6	M	34	ZeroCERT

44900	2024-06-07 09:54	wwlib.dll 9aec2351a3966a9f854513a7b7aa5a13 Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed				2.6	M	35	ZeroCERT

44901	2024-06-07 09:56	igcc.exe fa362d6eab964c2243f02ee774ed6d90 AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3	12.0	M	53	ZeroCERT

44902	2024-06-07 09:58	lana.exe e6f6123ba522419ec38f54fb447fcd5e Malicious Packer Anti_VM PE File PE32 Malware download Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity)	5.6	M		ZeroCERT

44903	2024-06-07 16:09	@5762537436.pdf 5b036befff4e8f5ee17672a1c17f2de5 PDF							guest

44904	2024-06-07 17:48	64npf.sys de7fcc77f4a503af4ca6a47d49b3713d Generic Malware UPX PE64 PE File OS Processor Check PDB				0.4			guest

44905	2024-06-07 17:49	packet.dll 2ce150705bbeb30e6c8059cc530043aa Generic Malware Malicious Library PE File DLL PE32 PDB				0.2			guest

44906	2024-06-07 17:49	npptools.dll e8415cb60c91c988dfae2d4b6c5ee1ca Generic Malware Malicious Library PE File DLL PE32				0.6			guest

44907	2024-06-07 17:49	64npf.sys de7fcc77f4a503af4ca6a47d49b3713d Generic Malware UPX PE64 PE File OS Processor Check PDB				0.4			guest

44908	2024-06-07 17:49	wpcap.dll 4633b298d57014627831ccac89a2c50b Generic Malware Malicious Library PE File DLL PE32 PDB				0.2			guest

44909	2024-06-07 17:50	npptools.dll e8415cb60c91c988dfae2d4b6c5ee1ca Generic Malware Malicious Library PE File DLL PE32				0.6			guest

44910	2024-06-07 17:50	npptools.dll e8415cb60c91c988dfae2d4b6c5ee1ca Generic Malware Malicious Library PE File DLL PE32				0.6			guest