Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48001	2024-09-13 09:24	wenneedtounderstandhowpowerful... eceaf68e766e67119c7ae2af631ee6a3 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1	4.6	M	35	ZeroCERT

48002	2024-09-13 09:24	vstdlib_s.exe 3a7af8198a80e2c90488ac8353a5cbd1 North Korea task schedule Downloader Malicious Library .NET framework(MSIL) ScreenShot PWS DNS KeyLogger Create Service Socket DGA Http API Escalate priviledges Steal credential Sniff Audio HTTP Code injection Internet API FTP P2P AntiDebug AntiVM PE File VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows ComputerName Cryptographic key				7.8		49	ZeroCERT

48003	2024-09-13 09:26	gooddaycomingwithgoodthingsent... 4dada1c43d8218485ddb6a4ae1fd8fa1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1	4.6		33	ZeroCERT

48004	2024-09-13 09:26	useraccount.aspx 9b73c82d8f0e6cae3bce7b2fc98b3383 Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Tofsee crashed		4	2	2.4		40	ZeroCERT

48005	2024-09-13 09:27	beautifuldaysbeautyofthedayher... 68862cb17d442aee2608c7216f929e37 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1	7.6		7	ZeroCERT

48006	2024-09-13 09:27	setup3.exe 2ff26b3561bd1921720cc328a0199d4c Malicious Library UPX PE File PE32 OS Processor Check unpack itself				1.2			ZeroCERT

48007	2024-09-13 09:28	66e30a27e0efe_tmpD.exe af91873c641aab500eba3a3ad6f17b74 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Creates executable files RWX flags setting Windows utilities suspicious process Tofsee Windows Remote Code Execution	1 Keyword trend analysis	2	1	8.4		38	ZeroCERT

48008	2024-09-13 09:29	greennicepicturegetmebackwithy... fa071ef25a60e1eaea926347f324dd13 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1	7.6		7	ZeroCERT

48009	2024-09-13 09:31	seennewthingsentireworldseethe... e586cee8737a0875953be251a6b08be7 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1	7.6	M	5	ZeroCERT

48010	2024-09-13 09:33	frownked2.1.exe ab7caff90a8347576988a104a322a916 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS	18 Keyword trend analysis Info http://www.trapkitten.website/vzgx/?Jht=fAt7pIVPpGXAvBzfbofxH6KLA/SKUI8tR0TDZSipM2iZbUNyxYUxThLLESsgo4hlkDzs7nheSjoc1Sj/m3Gn3caq3+Ik36hEeLqFX7XS2ZCHg+ZK2jYSb1UZmcKhE1PtLCklngg=&fl=WtGo http://www.dfmagazine.shop/wc8m/ http://www.kevin-torkelson.info/gekb/?Jht=5z2j4JvjBCmnxDGmXhsNUCzyBEeNU+efumCOi9/ZiiqSem4bSPmiC7+SQGIeXbOACmsQlkv/nReqN9BPj1atBFP4iljpjZG37OmieLn9iAg49nsR4NFlAX0ACoZEb3mOX8X6rtg=&fl=WtGo http://www.disn-china.buzz/za6x/ http://www.qwefs.org/toq1/ http://www.disn-china.buzz/za6x/?Jht=EgAkyEJNK52+6mt3E5/kJbXdEzdYowDWwvgRo5oIQtO9ZSuXgOHTA+BJ7wLJ2gaYF8C47CtaBGKeFv/a+P8O0H1n59GM1zMsYaWK1AmiqPY5ZahcO8GJtNWa29lHrhEg3yNDlxM=&fl=WtGo http://www.pmjjewels.online/risb/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip http://www.mandemj.top/to69/?Jht=jnxbIh9toY3Lk087C6fRSAIIDhtmtOIIZy5Q1YpSMvmzprTTtz9chlCe8JLifgChZqJUy3cTTTxPfarkAUDrW4VnhfiXjSai62R1N2pl8mrhOBQxiL5e+vemTWR4j4PbfMHKe5c=&fl=WtGo http://www.trapkitten.website/vzgx/ http://www.kevin-torkelson.info/gekb/ http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.mandemj.top/to69/ http://www.qwefs.org/toq1/?Jht=uFBHOFjbtFvxqkcdxVd4tJdULw7QnIRXIDe+8RHTfxNdoahKRW8U0UCbhdOPwbKTgOK/uYLPOnJNTHSrlEGfXzyIhJOeIq51xyFm40Ibheoc9HKPcTfbc4gFNH+mWXon7XUk+C8=&fl=WtGo http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.dfmagazine.shop/wc8m/?Jht=LNw/HBPP4tr5bvxRqEHHjPwHzHq/oSZ3YB7NlE9rWxPCxu7fGi7WVymEaD0ez69xv6ZMfJiRCRJpj/kbYTwl2Jp3vmj/K6IWSBhtVJ2AAHCG128jD1oExGyyLZzj9OMbCV/AQw0=&fl=WtGo http://www.pmjjewels.online/risb/?Jht=eaaelBCTiJBUEmuLZOnRpNwStkEgMLy/XK1YEbKYGwCJmco23DW+jwYfw/wGti4g6zAdqT8YjPqv8SPTYnHAaF9kOPWwjHlUiv4xVtfBSx2ls1nJs2JEa5QE0YkRP5wLYmM3P0s=&fl=WtGo	16 Info www.pmjjewels.online(199.59.243.226) www.trapkitten.website() www.mandemj.top(162.0.238.43) www.disn-china.buzz(161.97.168.245) www.dfmagazine.shop(84.32.84.32) www.qwefs.org(45.114.171.236) www.mktimediato.online() www.kevin-torkelson.info(208.91.197.27) 199.59.243.226 - phishing 84.32.84.32 - mailcious 208.91.197.27 - mailcious 161.97.168.245 45.114.171.236 45.33.6.223 162.0.238.43 - mailcious 195.161.68.8 - mailcious	3	7.6		36	ZeroCERT

48011	2024-09-13 09:33	66e316a0373e2_crypted.exe#1 11506bb939332f58920d0a3c8ad1c5c2 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	14.2	M	44	ZeroCERT

48012	2024-09-13 09:33	useraccount.aspx 5fb15984b6312b2de010679b77c2e3b4 Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed				2.6	M	34	ZeroCERT

48013	2024-09-13 09:33	1.exe 95bb292a795c5c517e405f698fbd3fed Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder suspicious TLD CryptBot DNS	1 Keyword trend analysis	2	3	3.2	M	29	ZeroCERT

48014	2024-09-13 09:34	Graphic.bat c64838099d6a9eeffb87c15a15c96892 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.6		3	ZeroCERT

48015	2024-09-13 09:35	66e2cce3eae78_Pink_0x000872A65... 00465490b449aa57d0e1ac7cba51af72 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check crashed				0.2	M		ZeroCERT