Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6076	2021-03-17 17:48	invoice_34457.doc 7ea6f21fe3034329bfd23235650d3f38 LokiBot Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit crashed	1 Keyword trend analysis	6	7 Info ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		4.6	M	23	ZeroCERT

6077	2021-03-17 17:56	putty.exe 6fa14b3b1c54a26f0b9bbcd2f6b45899 VirusTotal Malware Check memory Checks debugger unpack itself Remote Code Execution					2.0	M	1	Zero

6078	2021-03-17 17:58	putty.exe 6fa14b3b1c54a26f0b9bbcd2f6b45899 VirusTotal Malware Check memory Checks debugger unpack itself Remote Code Execution					2.0	M	1	Zero

6079	2021-03-17 18:19	linas138.dll e905846ca83adae7c9fa32e55ed1b826 Trickbot VirusTotal Malware Checks debugger unpack itself suspicious process Remote Code Execution					3.4	M	33	ZeroCERT

6080	2021-03-17 18:21	winlog2.exe f51bde692301062e32b59eb71505e141 Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					7.8	M	22	ZeroCERT

6081	2021-03-17 18:22	linas139.dll 190b62c21a3413d44cc73e4098b6987b Trickbot VirusTotal Malware Checks debugger unpack itself suspicious process Remote Code Execution					3.4	M	34	ZeroCERT

6082	2021-03-17 18:31	Stgedo.exe 4fa1dbfe022061e6699ae4754b45cb4f AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows ComputerName Cryptographic key	3 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D9F79B55F8D4D9EC712336B52F5A918A.html - rule_id: 361	2		1	3.2	M	28	Zero

6083	2021-03-17 18:32	linas139.dll 190b62c21a3413d44cc73e4098b6987b Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	8	6 Info ET CNC Feodo Tracker Reported CnC Server group 4 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET POLICY curl User-Agent Outbound SURICATA Applayer Mismatch protocol both directions ET CNC Feodo Tracker Reported CnC Server group 1		9.2	M	34	ZeroCERT

6084	2021-03-17 18:32	regasm.exe f5ddb8aeb5d10b0b6d8d1825326f4433 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	3 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		10.6	M	27	ZeroCERT

6085	2021-03-17 18:40	winlog.exe e4647cc71d27837d5cb8a9a0b0707dab VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs sandbox evasion ComputerName crashed					4.8	M	27	ZeroCERT

6086	2021-03-17 22:45	Build.exe 780293b790c796c29b8d0cbf92053af2 Azorult .NET framework AsyncRAT backdoor Malware download VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName	8 Keyword trend analysis Info http://dsulum.anonymous-sec.com/moab//connection.php http://dsulum.anonymous-sec.com/moab//check_panel.php http://dsulum.anonymous-sec.com/moab/login.php http://dsulum.anonymous-sec.com/moab//getCommand.php?id=bTBhYl83QzYwMjRBRA http://dsulum.anonymous-sec.com/moab//receive.php?command=T25saW5l&vicID=bTBhYl83QzYwMjRBRA http://dsulum.anonymous-sec.com/moab/ http://dsulum.anonymous-sec.com/moab//receive.php?command=UGluZ2Vk&vicID=bTBhYl83QzYwMjRBRA http://dsulum.anonymous-sec.com/moab//receive.php?command=TmV3TG9nfEJOfFN1Y2N8Qk58Q2xpZW50IGlzIENvbm5lY3RlZA&vicID=bTBhYl83QzYwMjRBRA	2	2		4.4	M	47	Zero

6087	2021-03-17 22:48	NotepadPlus.txt e83b5f2b03ffe236917d448f42937528 VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself sandbox evasion Browser ComputerName crashed		2			5.8	M	7	Zero

6088	2021-03-17 22:58	dcrat.exe a16225aa2cb7f0c1c4f975bb7a9eede0 Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.4	M	51	Zero

6089	2021-03-17 22:59	kleiman.exe f67d50d3ca318b7dc910ea10830f5c39 AsyncRAT backdoor VirusTotal Malware DNS	2 Keyword trend analysis	1			2.2	M	52	Zero

6090	2021-03-17 23:00	scvhost900.exe d488957da746ffc43cf8b843c8452aa9 VirusTotal Malware Check memory Checks debugger unpack itself	2 Keyword trend analysis				2.0	M	45	Zero