Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7321	2023-11-02 10:11	Firefoxwzexefile.vbs 0b7f2e1c70bb997a5b6f1b0072c23679 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.4		2	ZeroCERT

7322	2023-11-02 10:11	12345Warzone.txt.exe 168457c869ff329fb895e314d1d8d61c Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Remote Code Execution					0.6			ZeroCERT

7323	2023-11-02 10:09	1stANzasWQA435786990Mqa9.js f757a1a6ca3595f7219e80540bcbbf52 Generic Malware Antivirus ActiveXObject PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	4	2		10.4	M	3	ZeroCERT

7324	2023-11-02 10:09	goblin.txt.exe faac5d3f56e2a6a204161fb0d29f49a6 Malicious Packer PE File PE32 .NET EXE								ZeroCERT

7325	2023-11-02 10:08	cred64.dll 0111e5a2a49918b9c34cbfbf6380f3f3 Malicious Library UPX Anti_VM PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion installed browsers check Windows Browser DNS Software	1 Keyword trend analysis	1			7.0	M	27	ZeroCERT

7326	2023-11-02 10:07	clip64.dll 8da053f9830880089891b615436ae761 Amadey Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1			3.6	M	38	ZeroCERT

7327	2023-11-02 10:05	HTMLIEbrowserHistorycache.vbs 857f884bf745995ea1ccd1275446201f VirusTotal Malware wscript.exe payload download Tofsee	1 Keyword trend analysis	2	2		2.0		3	ZeroCERT

7328	2023-11-02 07:51	IGCC.exe b559f853c534c533f75d09966aec1a81 Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	5 Keyword trend analysis Info http://www.vandistreet.com/sy22/?JjUdE2=ebYri2VV/sCK3b5rVJ3RboTDPGX+2LyTyMxHYnpzeShqSQ1cgB3Zd9ZvGXgE+e2ljlV5J+6Q&lzul=z8oHnHih3L http://www.mysonisgaythemovie.com/sy22/?JjUdE2=baQ1Jiu1kKGnkWcWqUZaFlU8q1reSZBP3QoqfGarl6ST99PuZCC+LuBenV9+EE94CjhJ8idN&lzul=z8oHnHih3L http://www.wb7mnp.com/sy22/?JjUdE2=D765QqECgZPQlxJkhVef5s22w98dFSb9s5LwarIZ8ZJKYWlk4eMvJUUamlKIenzgBZVLBjbY&lzul=z8oHnHih3L http://www.apneabirmingham.info/sy22/?JjUdE2=4HdrVjvyCAjpwzRQohtfN1+WvaRYgcN/d2hMNM296+jHjR54/eGnykfMDUW9i7A7oyCaMEwY&lzul=z8oHnHih3L http://www.sunspotplumbing.com/sy22/?JjUdE2=d6AqkGJ7bunbgmizHHRyxSnS+cE7N+DoqWC4nPxnpUsdFYm3pr534s62tX1C6jkDEl4YnzCY&lzul=z8oHnHih3L - rule_id: 36914	9 Info www.vandistreet.com(23.227.38.74) www.apneabirmingham.info(109.68.33.25) www.wb7mnp.com(15.197.148.33) www.mysonisgaythemovie.com(154.220.76.62) www.sunspotplumbing.com(15.197.148.33) - mailcious 23.227.38.74 - mailcious 3.33.130.190 - phishing 154.220.76.62 - mailcious 109.68.33.25 - mailcious	1	1	3.0	M		ZeroCERT

7329	2023-11-02 07:48	strakonaj2.1.exe 4cb44bd5d786a7f2b53fd6d9602a2b8c NSIS Malicious Library UPX PE File PE32 OS Processor Check Check memory Creates executable files unpack itself AppData folder crashed					3.2	M		ZeroCERT

7330	2023-11-02 07:48	hussanzx.exe 83cdb597d20acd75dd60840276ca77b1 .NET framework(MSIL) PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself					1.4	M		ZeroCERT

7331	2023-11-02 07:46	litoptics2.1.exe 77e2b6a251b3ed0440f515824c1d67fd PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself					1.4			ZeroCERT

7332	2023-11-02 07:46	haloup.exe 3e6ed1ceb52c1d4e9ef09cd3aebe7741 Malicious Library UPX PE File PE64 OS Processor Check					0.2			ZeroCERT

7333	2023-11-01 19:37	Biacs.exe 8bbba1d1448825a0c428dc296573cf8d Formbook AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious TLD Windows DNS Cryptographic key	21 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.prosourcegraniteinc.com/kniu/?hGC=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&iOwKE=__tE6 - rule_id: 36717 http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.theartboxslidell.com/kniu/?hGC=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&iOwKE=__tE6 - rule_id: 36718 http://www.tsygy.com/kniu/?hGC=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&iOwKE=__tE6 - rule_id: 36721 http://192.3.64.154/1906/Pxgltvs.pdf http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.frefire.top/kniu/?hGC=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&iOwKE=__tE6 - rule_id: 36723 http://www.frefire.top/kniu/ - rule_id: 36723 http://www.xxkxcfkujyeft.xyz/kniu/?hGC=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&iOwKE=__tE6 - rule_id: 36719 http://www.flyingfoxnb.com/kniu/ - rule_id: 36725 http://www.palatepursuits.cfd/kniu/?hGC=hbIoOV/dmdXO2xpIn07o59QoAXcFh8OwL7wE3CCbwPL4DaTNKf4A6Fx93MICWs67Kq9ozN+vd0WYpt+cGdGxDSTpWz7Z0RqHqaDgDUU=&iOwKE=__tE6 - rule_id: 36726 http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.palatepursuits.cfd/kniu/ - rule_id: 36726 http://192.3.64.154/1906/HtmlIEcleanerHistory.exe http://www.onlyleona.com/kniu/?hGC=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&iOwKE=__tE6 - rule_id: 36720 http://www.flyingfoxnb.com/kniu/?hGC=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&iOwKE=__tE6 - rule_id: 36725 http://www.poultry-symposium.com/kniu/?hGC=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&iOwKE=__tE6 - rule_id: 36722	24 Info www.palatepursuits.cfd(104.21.21.57) - mailcious www.onlyleona.com(104.21.13.143) - mailcious www.prosourcegraniteinc.com(216.239.32.21) - mailcious www.pengeloladata.click() - mailcious www.xxkxcfkujyeft.xyz(142.171.29.133) - mailcious www.theartboxslidell.com(23.82.12.35) - mailcious www.8956kjw1.com(103.71.154.243) www.frefire.top(67.223.117.37) - mailcious www.tsygy.com(23.104.137.185) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.flyingfoxnb.com(216.40.34.41) - mailcious www.siteapp.fun() - mailcious 142.171.29.133 192.3.64.154 - mailcious 23.104.137.185 - mailcious 67.223.117.37 - mailcious 172.67.196.133 - mailcious 216.40.34.41 - mailcious 23.82.12.35 103.71.154.243 45.33.6.223 216.239.36.21 - phishing 172.67.132.228 - mailcious 85.128.134.237 - mailcious	12 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET INFO Dotted Quad Host PDF Request SURICATA HTTP unable to match response to request ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers	18 Info http://www.onlyleona.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.tsygy.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.theartboxslidell.com/kniu/ http://www.frefire.top/kniu/ http://www.frefire.top/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.tsygy.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.onlyleona.com/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.poultry-symposium.com/kniu/	11.0	M	30	ZeroCERT

7334	2023-11-01 18:48	IGCC.exe f26a2f5b20109013af6303c9adc2546d Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Generic Malware Google Chrome User Data Downloader .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebu Remcos VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS keylogger	1 Keyword trend analysis	4	3		13.4	M	27	ZeroCERT

7335	2023-11-01 18:47	2xf9uf.bat 0f74a2178106172bd65f8bda36eb2572 Generic Malware Downloader Antivirus UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key					5.8		6	ZeroCERT