Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6556	2023-12-18 07:52	wlanext.exe cae0a2b2c56b394afa087d84a85e1f6b Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					6.0	M		ZeroCERT

6557	2023-12-18 07:51	thursdayexploitxla.exe cce987d4f92698550805cd361acdab2a .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Check memory Checks debugger unpack itself ComputerName					1.0	M		ZeroCERT

6558	2023-12-18 07:50	TierDiagnosis.exe 2e600b1ff7cd82c6402bb280720ced61 Generic Malware task schedule Downloader Malicious Library Admin Tool (Sysinternals etc ...) UPX KeyLogger Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName		1			11.8	M	48	ZeroCERT

6559	2023-12-18 07:50	wlanext.exe d28a7016ca5651a4a4a270883792ebb7 Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					5.4	M		ZeroCERT

6560	2023-12-15 19:04	adobe.exe f74eaaf7cee624885219e992887a1689 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check DllRegisterServer dll PE64 wget ZIP Format Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.2			ZeroCERT

6561	2023-12-15 19:03	setup294.exe c83e00b6e41e1a56fc6908e165ab4cb5 Malicious Library UPX AntiDebug AntiVM PE32 PE File DLL OS Processor Check Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder					4.0			ZeroCERT

6562	2023-12-15 19:00	2.exe f89eaa7fbb0a8b2e24ad2671d833b15f Malicious Library VMProtect PE32 PE File Remote Code Execution crashed					1.8			ZeroCERT

6563	2023-12-15 18:22	Delivery_Data.jar eea444443394d25856661dc1cfbbff20 Malicious Library MSOffice File VirusTotal Malware Check memory heapspray unpack itself Java					2.4	M	20	ZeroCERT

6564	2023-12-15 18:20	svchost.exe d973e5134f0a64365f35d158d23c4ba1 Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself					2.8	M	36	ZeroCERT

6565	2023-12-15 18:18	DNS1.exe 6a23b6e2536f7027a8506c87245eea5d PE32 PE File VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Creates executable files unpack itself suspicious TLD Windows DNS	2 Keyword trend analysis	6	4		6.4	M	59	ZeroCERT

6566	2023-12-15 18:16	Dvvyjoogg.exe 4a9119576c02d6707f5914f5ea020730 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.4	M	32	ZeroCERT

6567	2023-12-15 18:16	tSV0dUC1pYGjOvI.exe f0b67e5a152e990ffc32d8364da1c8b2 PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key crashed					5.0	M	29	ZeroCERT

6568	2023-12-15 17:45	Voice-Ai-beta.exe db24ccd5edd193c3de7e8324af4df458 Gen1 Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL PNG Format ZIP Format icon VirusTotal Malware Check memory Creates executable files Ransomware					2.6		18	ZeroCERT

6569	2023-12-15 17:45	release.rar 57ab5e01e6e92d13ae33e587004ad918 Stealc PrivateLoader Amadey Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Vidar Glupteba Open Directory Malware c&c Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Discord Exploit Browser RisePro DNS Downloader plugin	62 Keyword trend analysis Info http://5.42.64.41/40d570f44e84a454.php - rule_id: 38591 http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://91.92.242.146/advdlc.php http://5.42.64.41/2a7743b8bbd7e4a7/softokn3.dll http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=eight&s=ab - rule_id: 38706 http://5.42.64.35/timeSync.exe - rule_id: 38593 http://5.42.64.35/syncUpd.exe - rule_id: 38707 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://api.ipify.org/?format=qwc http://185.172.128.19/InstallSetup8.exe http://45.15.156.229/api/firegate.php - rule_id: 36052 http://still.topteamlife.com/order/tuc3.exe http://195.20.16.45/api/firegate.php - rule_id: 38697 http://5.42.64.41/2a7743b8bbd7e4a7/vcruntime140.dll http://77.105.147.130/api/tracemap.php http://185.172.128.19/ghsdh39s/index.php - rule_id: 38300 http://5.42.64.41/2a7743b8bbd7e4a7/nss3.dll http://5.42.64.41/2a7743b8bbd7e4a7/freebl3.dll http://5.42.64.41/2a7743b8bbd7e4a7/sqlite3.dll http://91.92.254.7/scripts/plus.php?substr=one&s=two - rule_id: 38706 http://176.113.115.84:8080/4.php - rule_id: 34795 http://5.42.64.41/2a7743b8bbd7e4a7/msvcp140.dll http://195.20.16.45/api/tracemap.php - rule_id: 38695 http://zen.topteamlife.com/order/adobe.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://109.107.182.3/dote/film.exe http://5.42.64.41/2a7743b8bbd7e4a7/mozglue.dll https://vk.com/doc418490229_669576362?hash=2TYLSTWS5p3PwhTNSYwsx2GpGiyOpl6IB17qzZDTTnz&dl=R4angaiywIuZ3iAh5RqnVQxC3TmVWJZOPSt2s7ZkU94&api=1&no_preview=1 https://vk.com/doc418490229_669536405?hash=R1SzeC40xJ3N84YoN0iXk4AQPRuvygwN5sp4tBfbczD&dl=GXT1bZGxOK19LH7eZCNhRVIcrGJyQCrsbbajDN7XKHk&api=1&no_preview=1#nsd https://sun6-20.userapi.com/c909228/u418490229/docs/d36/c87009947661/file141223.bmp?extra=riGpl1sVynSQNy7_56coUnxCg7bnPcMRbuAzvkh_ETAwlmYx6qE_ofcQ65AriUxQcf_ivxfJAJM3YADTPZpm0PQnGOn-nmQ0wfHlZF3X1ntWeFueWSrC0bm4lZU0qKMLHBkZK0r0esUhSSQUng https://vk.com/doc418490229_669587219?hash=k77BufzomwcBsW3hPhpz2FEdZyz0nCp5svZgzAhWzX8&dl=GGiKhtZZMwWTM9cPInAZ3ZvsfBC6QLOXzRT6d5aaZ9w&api=1&no_preview=1#xin https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=HJmhL06OJea1RlhWWse3wquZZjcLEZaOXFHu4a0VKb0%3D&spr=https&se=2023-12-16T09%3A12%3A02Z&rscl=x-e2eid-07bdf5ea-b89c46ec-8622ba13-cca3d6da-session-bfed46ea-eff3416b-81f720b1-a91cee8f https://vk.com/doc418490229_669575350?hash=vKrKQ1LNzfmk5bqDBawqJaSNYy2pPUvsVD8GKsP1go0&dl=bKf2OcMYkQVThifDdutSO1iDmr9BZ1mynSvBZGNDR74&api=1&no_preview=1#tw https://sun6-20.userapi.com/c909518/u418490229/docs/d24/8a4941081cf4/xinxin.bmp?extra=MYqii3RlgEdZmDiKshYG4cBuSFt-4I8No-BNWthaqggg8UIboNVqio9EQKvqnDf0IwnpwaqiXtjrufIKCgD54naDTYqQKF7M8ZxG9jgvbLoxaZAboWXtmkjqHzXUIPaO1cX_tjq7DjsuoOVT1Q https://sun6-22.userapi.com/c909218/u418490229/docs/d43/33a4d3a867cd/crypted.bmp?extra=7n1p5WXd_XA-frypoGw5NGGcH5ozP0-5aPXvPSGNWJnmWcOQyKm3XmG1A4H78VWMkEfRaxwAsjW6UtarY0Cdk2S00-TlIzTDgoGExJ2V7IUXR3iB7Oq8RmopiHVQh1hv_C_EWlY_STkxOJE2iw https://vk.com/doc418490229_669583708?hash=eKiEuBeLlD8AVLZpMr9fKb3Fp25y6PbAZumFOSRz8Ls&dl=Dexpdq6aIxefqfmky79VED88wzPCzbXZWs8AXq2twlc&api=1&no_preview=1#test22 https://vdfgdfbfdbdfbdfgroup.sbs/setup294.exe https://sun6-23.userapi.com/c909228/u418490229/docs/d43/b05f93b34277/irisaCrypt.bmp?extra=4bwsZcK5u5cEEHtMWABs91FQoKbo4zXJ4K4gfYbS4E4umS85yFuk5CBomenrD5NM9YfshQdl03pizbE7teLHEenSIgkV_vvzQNfWHtMMYtg94gK8eT35lVqZ2pCIzmY0OmDluTvvoGpmJj4z5A https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb https://domen414.com/70e35a78e758263ac94805845a3b1aa6/e0cbefcb1af40c7d4aff4aca26621a98.exe https://api.myip.com/ https://msdl.microsoft.com/download/symbols/index2.txt https://sun6-23.userapi.com/c909418/u418490229/docs/d39/c8967eb6f89d/PLmp.bmp?extra=4rNxN4-WGW1_vpBEh0yJ7O9mXuWiNiVfzRYTurrDDQ4puTpR49fSpaHI_fGwXIZcMw16OD6BZwIlWibKWNGNRnZP9KdPo-9HxcFrCZFI21fq_QZNl8UoJqh-BFl60eeV8xM1RFT1XYsTNcAO_w https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb https://db-ip.com/demo/home.php?s=175.208.134.152 https://vk.com/doc418490229_669553328?hash=izexNkT0c9lubTKZrX98Bt9LyqTRtBjqbopnZwLqlgz&dl=ECg5r3GQRknKKixHOxzIu5HdJ3xcDAtCSdybIVtGzGX&api=1&no_preview=1 https://vk.com/doc418490229_669446288?hash=QFSGrfzK1NpHqTbP7orCKrs6ivw74w9NbUeXT4cVAJ8&dl=scYinNdJ0msbOFLMzJwjxC4aj2UhN7mrdx5bV4i4j1T&api=1&no_preview=1#ww11 https://vk.com/doc418490229_669446210?hash=BZ9b8Xtsn5Z8zZkSRBEdwF1W7jzCAT8GJBVEicdXS6L&dl=eA4o75IiHafzbkgdBC8nz7TmLS7uMpwJRsfDOcAnrqD&api=1&no_preview=1 https://iplis.ru/1Gemv7.mp3 https://sun6-22.userapi.com/c909618/u418490229/docs/d42/d3f4cb6b29e6/twointe.bmp?extra=i7uy3fj3_0Ze73YL3gCj-5SBktdI9fvOagbQj0A_MTiUAkHJpynsELLBxOzk_eRHirZQfV0sivxHcLQaU_1LDcnsap5U75nd8N-bK6d_DTLR2JmJwXiur__vcggTugQ_hcATc-qjTcUuqdB49g https://api.2ip.ua/geo.json https://vk.com/doc418490229_668982322?hash=azDCFq3LKE8SI4FuHIiO9uqD9f0NzgSZGZRfp16uXc8&dl=S8rnCmwvOvSogOT6fxEmoZZvxNehhMMaIfqIZkup0tP&api=1&no_preview=1 https://sun6-23.userapi.com/c909228/u418490229/docs/d8/82a883d0cb5c/RisePro_1_1.bmp?extra=Khx0S2q1Cc35UHPx2HuaYmrza_MbtEdOxIPETSaulwXUXV1_rOOCqrnbkChic9YVaUB54TG5UV9XzCcFaEMz9Fs-QxMSWyPh49aPdA4i6lnKfYQSEDEtz4wB7t_GWVPlUMDQdldbTLx7Ifly2A https://sun6-21.userapi.com/c235131/u418490229/docs/d58/5c0b9e6bfbb0/WWW11_32.bmp?extra=p1oBag1URwphK9fm5j9Jq7YOyeLeYwoTlNXxy-wy5IUdSKAq5VMvZiEdPlIcLVQn8hIZLuRKmCNHWREB57Cexdl8j2qkqFJbyxi0QG7Y6MixRJdPAmBV-XZVChIxLC6qYD1souE3k5cCPKfsSA https://mrproper.org/e0cbefcb1af40c7d4aff4aca26621a98.exe https://vk.com/doc418490229_669431693?hash=ZJOgiMvcEt67O8ZgIQTPetDJ5TJVWChVj8OP8l7poMo&dl=l8kZtnWtBZ88utyX5ok8hBf0AvLsgVspFPCyrexPZcc&api=1&no_preview=1 https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=oby3wWHlvYWWrF7NhzaeDiB4De2SzNZjlf1ujeFGLuE%3D&spr=https&se=2023-12-16T09%3A35%3A46Z&rscl=x-e2eid-da202a57-853643ff-8f0c306b-e4a3eb32-session-aa02589a-042c46e7-b900bab6-bb84b0be https://sun6-21.userapi.com/c235031/u418490229/docs/d20/3537096df5d0/sdfj34dv.bmp?extra=-wfwzf8mggLUbLw-tDmqqwImNK4Ftwq957DguR_ZMse6BpyI5-rPV6hbhzSG2NwFqlvPZVAflEjl79RMCYIB1POUVIydbhkLkUQ6dr7fGPtpI4ydIkrZ_U79xWEv5Xk1NueG2w6-DwHLIn3DeQ https://vk.com/doc418490229_669575445?hash=vrqpipzq5gbIf9ZzlH6eoLxWYY2GVWTdCZyZfEBDU6o&dl=vAwShLyLIswxvXKtspyKZMxVY7MZYQOz2xin63S1bXz&api=1&no_preview=1#1 https://vk.com/doc418490229_669524169?hash=inQnNfQi9pW3FIKvlWtzgZEF4L0HuZ8DIxxvcU43wrc&dl=fEEIzUN5hJ8zayr8sOcmw911iz7V6Wz6VvyTXKMFcdk&api=1&no_preview=1#risepro https://sun6-21.userapi.com/c909328/u418490229/docs/d9/ed7e4b61a950/tmvwr.bmp?extra=8ABSpR5kzOaL11KUTp_YTUz2hMDoCUYwXHxrulWm_E5Qppp5p26G9nQBBugoFJ3FhMkU7aktVviN94njhqhJWc4jj01UDf2oKFiCQ5w1tYtq3ZQaL-VtmQiiv4NSJja4CPGU6aMHn99Tfe6lCg https://sun6-20.userapi.com/c909518/u418490229/docs/d9/5e0d43d301bf/BotClient_WWW.bmp?extra=K4Bc2tEiqrN1_FErEK6iFLRLCk66bRPdEIg_NBxdAdEKjqBoH80jch2EATGL5aoZyV0ONQLUKsLO3xWLSK_Dqja2G9_4sN84DzErWXT52ONKiCO1heZTXPBUC44s8QXP0LO8LqIDy-hnCQNaAQ	75 Info db-ip.com(104.26.4.15) 91920b82-9195-455d-9a5f-23f11e556e53.uuid.dumperstats.org(185.82.216.111) vanaheim.cn(91.222.236.186) - mailcious ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) - mailcious medfioytrkdkcodlskeej.net(91.215.85.209) - malware server6.dumperstats.org(185.82.216.111) api.2ip.ua(172.67.139.220) iplogger.org(104.21.4.208) - mailcious msdl.microsoft.com(204.79.197.219) cdn.discordapp.com(162.159.135.233) - malware sun6-20.userapi.com(95.142.206.0) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious mrproper.org(104.21.63.180) stun1.l.google.com(172.253.56.127) zen.topteamlife.com(172.67.138.35) walkinglate.com(172.67.212.188) - malware api.ipify.org(64.185.227.156) zexeq.com(211.53.230.67) - malware transfer.sh(144.76.136.153) - malware domen414.com(172.67.166.192) vsblobprodscussu5shard10.blob.core.windows.net(20.150.38.228) iplis.ru(172.67.147.32) - mailcious still.topteamlife.com(172.67.138.35) sun6-22.userapi.com(95.142.206.2) - mailcious vsblobprodscussu5shard58.blob.core.windows.net(20.150.38.228) vdfgdfbfdbdfbdfgroup.sbs(172.67.222.70) vk.com(87.240.132.72) - mailcious api.myip.com(104.26.9.59) xmr-asia1.nanopool.org(172.104.165.191) - mailcious 95.142.206.1 - mailcious 5.42.64.35 - malware 91.92.254.7 - mailcious 91.215.85.209 - mailcious 162.159.135.233 - malware 104.26.5.15 172.67.138.35 172.67.212.188 23.67.53.27 104.21.38.114 104.21.63.180 45.15.156.187 172.67.75.163 34.117.186.192 185.172.128.19 - mailcious 185.82.216.111 211.53.230.67 - malware 121.254.136.18 91.92.242.146 87.240.132.67 - mailcious 172.104.165.191 - mailcious 20.150.79.68 34.117.59.81 176.113.115.84 - mailcious 194.33.191.60 - mailcious 5.42.64.41 - mailcious 204.79.197.219 172.253.56.127 20.150.38.228 45.15.156.229 - mailcious 194.33.191.102 - malware 144.76.136.153 - mailcious 172.67.166.192 195.20.16.45 - mailcious 77.105.147.130 173.231.16.77 176.123.10.211 - mailcious 104.21.63.150 95.142.206.2 - mailcious 172.67.139.220 95.142.206.0 - mailcious 95.142.206.3 - mailcious 91.222.236.186 172.67.132.113 109.107.182.3 - mailcious	62 Info ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DROP Spamhaus DROP Listed Traffic Inbound group 20 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET HUNTING Rejetto HTTP File Sever Response ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO TLS Handshake Failure ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings) ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Redline Stealer Family Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET POLICY External IP Lookup (ipify .org) ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port) ET MALWARE Observed Glupteba CnC Domain (dumperstats .org in TLS SNI) ET MALWARE Amadey Bot Activity (POST) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	12 Info http://5.42.64.41/40d570f44e84a454.php http://zexeq.com/test2/get.php http://91.92.254.7/scripts/plus.php http://5.42.64.35/timeSync.exe http://5.42.64.35/syncUpd.exe http://45.15.156.229/api/tracemap.php http://45.15.156.229/api/firegate.php http://195.20.16.45/api/firegate.php http://185.172.128.19/ghsdh39s/index.php http://91.92.254.7/scripts/plus.php http://176.113.115.84:8080/4.php http://195.20.16.45/api/tracemap.php	7.6	M		ZeroCERT

6570	2023-12-15 16:22	128.5.14-package.hta 715d2502c51eddfd399a63042a259634 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			ZeroCERT