Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7426	2021-04-20 16:13	a268e9e152c260a0e80431aa8d6df1... a58394937da9d3adb33e948058fde4e9 VBA_macro Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee	5 Keyword trend analysis Info http://rsimadinah.com/wp-content/16qT/ - rule_id: 1014 http://insvat.com/wp-admin/Dw/ - rule_id: 1010 http://blogs.g2gtechnologies.com/blogs/v/ - rule_id: 1011 http://pattayastore.com/visio-network-1hmpp/j5/ - rule_id: 1013 https://tenmoney.business/wp-content/nhW/ - rule_id: 1015	14 Info blogs.g2gtechnologies.com(208.91.199.15) - malware sureoptimize.com(142.93.247.242) - malware tenmoney.business(172.67.156.186) - mailcious pattayastore.com(202.183.165.89) - malware rsimadinah.com(66.96.230.225) - malware insvat.com(185.42.104.77) - malware littleindiadirectory.com(18.141.196.101) - malware 185.42.104.77 - malware 208.91.199.15 - malware 202.183.165.89 142.93.247.242 66.96.230.225 - malware 172.67.156.186 - mailcious 18.141.196.101 - malware	1	5	4.8	M	50	guest

7427	2021-04-20 18:07	re.dot aa3c8f347806d6fa1910c71a04210769 Malware download Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	3.2	M		ZeroCERT

7428	2021-04-20 18:07	참가신청서양식.doc ed9aa858ba2c4671ca373496a4dd05d4 VBA_macro VBMacro Convert Image File Vulnerability VirusTotal Malware unpack itself DNS					4.4		30	r0d

7429	2021-04-20 18:12	참가신청서양식.doc ed9aa858ba2c4671ca373496a4dd05d4 VBA_macro Convert Image File Vulnerability VirusTotal Malware unpack itself					3.8		30	r0d

7430	2021-04-21 08:00	mvp.exe 410bd9644a7a26eb0aa075ab4d1da1c6 PWS .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					9.4		11	ZeroCERT

7431	2021-04-21 08:13	155.html 8f442e8d149e52d4c038c377cec1c32e Emotet Browser Info Stealer Malware download FTP Client Info Stealer ENERGETIC BEAR VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory buffers extracted unpack itself Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Browser ComputerName DNS Software	1 Keyword trend analysis	3	3		8.8		26	ZeroCERT

7432	2021-04-21 09:22	km.dot 94c2c8723c5275bbc57c76fca34e94f0 Vulnerability VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed		2	2		3.8	M	27	ZeroCERT

7433	2021-04-21 09:25	ashleyx.exe 8bb6b2cd59a316a1b2509a53d9b7bed5 AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software	3 Keyword trend analysis Info http://edgedl.gvt1.com/edgedl/release2/chrome/AL5rs2UJAhI5hqZoF2YHW-w_89.0.4389.128/89.0.4389.128_chrome_installer.exe http://mmwrlridbhmibnr.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C74A40101EF9210BFD08B410CB832AFC.html https://update.googleapis.com/service/update2?cup2key=10:3910824222&cup2hreq=dc950c06ee23db63ccbc6463d0953d7c049cb27465657b9d252c3381314707af	6	4		15.6	M	19	ZeroCERT

7434	2021-04-21 09:36	catalog-349912341.xlsm df2938a470a7d5a3194207f5bd91fba8 Check memory unpack itself Tofsee crashed	2 Keyword trend analysis	8	2		3.2			ZeroCERT

7435	2021-04-21 09:36	catalog-2133469391.xlsm c08158e8674bb5ef097c64236f0b42aa Check memory unpack itself Tofsee DNS crashed	2 Keyword trend analysis	8	2		3.8			ZeroCERT

7436	2021-04-21 09:38	catalog-334041965.xlsm 8d70ebc40f4fdc94aaf8744bdc7879b0 Check memory unpack itself Tofsee crashed	2 Keyword trend analysis	8	2		3.2			ZeroCERT

7437	2021-04-21 09:39	catalog-532402110.xlsm 3c783f26d920978c063be2e392954da0 Check memory unpack itself Tofsee DNS crashed	2 Keyword trend analysis	8	2		3.8			ZeroCERT

7438	2021-04-21 09:41	ugopoundx.exe 715bd23d518811ec970b9288cfb597c8 AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://mmwrlridbhmibnr.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-CE1CE7E82580292924EE8F401A568CF6.html - rule_id: 1070 http://mmwrlridbhmibnr.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-CE1CE7E82580292924EE8F401A568CF6.html	2	1	1	13.6		25	ZeroCERT

7439	2021-04-21 09:41	zedd.exe 74481d0c157676fc8648aac06ee15088 Malicious Packer PWS .NET framework Generic Malware AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS crashed					12.2		24	ZeroCERT

7440	2021-04-21 09:51	vbc.exe a5c974a5617823b3de03e26b469ad47d Glupteba VirusTotal Malware PDB unpack itself Windows DNS crashed					3.2		25	ZeroCERT