Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47416	2024-08-21 14:27	file.pdf.lnk 589440925b53b50ff9f6518c1b532320 Suspicious_Script_Bin Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		12.6		18	ZeroCERT

47417	2024-08-21 15:15	통일부 5월 간담회 계획안(줄리 터너대사 방한건_인권 ... 028075a00beb580aae25e2d60180889f Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.2		19	ZeroCERT

47418	2024-08-21 15:16	NATO%20company.lnk.lnk 1099227fc19bfaab01b509e016079fa0 Lnk Format GIF Format VirusTotal Malware Creates shortcut unpack itself WriteConsoleW	1 Keyword trend analysis				1.4		6	ZeroCERT

47419	2024-08-21 15:17	newupdate.hta 800ba50354158f39366e2b4e7f96a3eb Generic Malware Antivirus AntiDebug AntiVM MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed		1	2		12.2		17	ZeroCERT

47420	2024-08-21 15:19	통일부 5월 간담회 계획안(줄리 터너대사 방한건_인권 ... 028075a00beb580aae25e2d60180889f Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.2		19	ZeroCERT

47421	2024-08-21 15:21	Public Official Property Decla... dfc1a7f27ae2cfbcfe0cea9c1305ce80 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates shortcut unpack itself DNS					3.6			ZeroCERT

47422	2024-08-21 15:28	photo.jpeg.exe 1a530b88ea994df4c9cc20d9a9470a36 Malicious Library PE File PE64 VirusTotal Malware AutoRuns PDB ICMP traffic unpack itself Windows DNS		1			5.6		45	ZeroCERT

47423	2024-08-21 21:20	scan_20240805144103.pdf e4f6cd4d0556d4a0841b0617f14efc92 PDF								guest

47424	2024-08-22 10:46	https://archivecloud.dev/ b43d9021a42d173048611a17339d2c85 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2		3.8			guest

47425	2024-08-22 11:27	yummysilkybutterbuncamewithcho... ed3c59a3e67a8803a62bb3ca27c9ad31 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6		35	ZeroCERT

47426	2024-08-22 11:28	downloader.exe 64f01094081e5214edde9d6d75fca1b5 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					1.4		13	ZeroCERT

47427	2024-08-22 11:30	f.php e6f22534386dfeabe97f646659b7820a Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key		2	1		3.8	M	54	ZeroCERT

47428	2024-08-22 11:31	random.exe a151cbfbefd0a8e04caa4aa5be8f388e Generic Malware Malicious Library UPX Code injection AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself malicious URLs installed browsers check Tofsee Ransomware Exploit Browser ComputerName crashed		2	1		9.4		20	ZeroCERT

47429	2024-08-22 11:35	random.exe 34440059466824a2678e1e846f3bff3b Stealc Amadey RedLine stealer Gen1 Generic Malware Malicious Library UPX Malicious Packer Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder malicious URLs sandbox evasion VMware anti-virtualization installed browsers check Tofsee Ransomware Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin	10 Keyword trend analysis Info http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968 http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://31.41.244.10/Dem7kTu/index.php - rule_id: 42202 http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/0d60be0de163924d/msvcp140.dll	5	21 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	3	22.4	M	43	ZeroCERT

47430	2024-08-22 15:04	kleiseIche.exe e54c022314dfd1cc38e8994f725ba3be Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8	M	43	ZeroCERT