Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6121	2024-01-25 13:55	E9DF1F28CFBC831B89A404816A0242... e5a10df3734802a63d6f10a63ff0054c HWP PS PostScript MSOffice File Lnk Format GIF Format VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself				2.0		10	ZeroCERT

6122	2024-01-25 13:54	E46907CFAF96D2FDE8DA8A0281E4E1... d6080cc6bad2a70cf21f84147c58bca1 ZIP Format Word 2007 file format(docx) PNG Format JPEG Format Malware download NetWireRC VirusTotal Malware RWX flags setting exploit crash unpack itself Konni Exploit RAT DNS crashed		2	1	4.2		15	ZeroCERT

6123	2024-01-25 13:53	조선 시장 물가 분석(회령).hwp 54b3aa4b83e410f4bf28368d59a0711b HWP PS PostScript MSOffice File Lnk Format GIF Format VirusTotal Malware Checks debugger Creates shortcut Creates executable files				1.6		15	ZeroCERT

6124	2024-01-25 13:52	577C3A0AC66FF71D9541D983E37530... f264f6bfa09a6305865f08bde57b9fd8 ZIP Format Word 2007 file format(docx) PNG Format JPEG Format Malware download NetWireRC Vulnerability VirusTotal Malware RWX flags setting unpack itself Konni RAT DNS		2	1	4.2		11	ZeroCERT

6125	2024-01-25 13:51	39C97CA820F31E7903CCB190FEE020... 28d25a4021536394fd890c4b6d9b5551 ZIP Format PNG Format JPEG Format Malware download NetWireRC VirusTotal Malware RWX flags setting exploit crash unpack itself Konni Exploit RAT DNS crashed		2	1	4.2		13	ZeroCERT

6126	2024-01-25 13:48	2F78ABC001534E28EB208A73245CE5... eeadfcccb6d95dc04d81f68ae7865f8b HWP PS PostScript MSOffice File Lnk Format GIF Format VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself				2.0		13	ZeroCERT

6127	2024-01-25 11:40	browserupdateiongoingwithmicro... 73209cc1a6e13bbfd7365c6a103d958f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash Exploit DNS crashed	2 Keyword trend analysis	3	1	4.2	M	33	ZeroCERT

6128	2024-01-25 10:31	ISOturned.vbs 586060d06409eb7a7a99005cd9093be4 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	4 Keyword trend analysis	5	2	9.8	M		ZeroCERT

6129	2024-01-25 10:30	gold1201001.exe 6c0b848e31c8d918fa82aae9d760d821 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key crashed				3.0	M	22	ZeroCERT

6130	2024-01-25 10:28	microsoftdecentipdationinstall... b437cdb4742fbfa853685f76e28fc045 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	5	10 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	33	ZeroCERT

6131	2024-01-25 10:27	microinternalprojectcreationfo... adb0708b4a6acc72c9ab9ff10f3bd877 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	5	3	4.6	M	33	ZeroCERT

6132	2024-01-25 10:26	BrowserUpdate.vbs de5bdb19782a627822c978a99ee2d930 VirusTotal Malware wscript.exe payload download	1 Keyword trend analysis	2		2.0	M	7	ZeroCERT

6133	2024-01-25 10:25	microsoftwindowsinstantdistanc... f71fd269414714b16001419f60e3a7ef MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	33	ZeroCERT

6134	2024-01-25 10:23	microsoftdesignedentireprocess... eb0165158626b14a85aa7b07f0289b86 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	4 Keyword trend analysis Info http://www.theundraftd.com/he09/?GzuD=3lXeepixblc/XEtZ1EvsIqAmWL+n4YonwTDUoXUSh3HBvLHEOtNDCwwJjbttqziEicGRZpjH&AlB=O2MthllH7 http://www.fino-shop.store/he09/?GzuD=QwDeHw0h79Kv45QE1/tPkzm6xVUnXnh9QB1txwyqw8goEXZFsBWgmhQA3e7In5jI5DTaNlKF&AlB=O2MthllH7 http://www.wjr3x0d.shop/he09/?GzuD=EzmSEMWAJEAiOMoDtJcF/SEKHCHoZAUibF+EkFM3MN7/1rs2R7FLOSCnH7Xkt787xO1QWUqw&AlB=O2MthllH7 http://192.3.176.145/2356/conhost.exe	8	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)	4.6	M	34	ZeroCERT

6135	2024-01-25 10:22	browserupdateiongoingwithmicro... 73209cc1a6e13bbfd7365c6a103d958f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed				3.2	M	33	ZeroCERT