Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8011	2024-07-08 14:09	INVESTIGATION_OF_SEXUAL_HARASS... 9345d52abd5bab4320c1273eb2c90161 ZIP Format Word 2007 file format(docx) VirusTotal Malware unpack itself Tofsee	2 Keyword trend analysis	4	1		2.0		4	ZeroCERT

8012	2024-07-08 13:29	node.js.exe 9e6ba754b50c865d54a69075a65620ae Gen1 RedLine stealer NSIS Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) Obsidium protector Antivirus Anti_VM Javascript_Blob PE File PE32 DLL PE64 OS Processor Check ftp VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder Ransomware					4.2		1	ZeroCERT

8013	2024-07-08 11:11	archive.rar 2074be740d489e298715968ed68fd122 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord DNS	10 Keyword trend analysis Info http://176.111.174.109/psyzh - rule_id: 40370 http://77.105.133.27/download/123p.exe - rule_id: 40857 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://80.78.242.100/d/525403 - rule_id: 40853 http://5.42.99.177/api/twofish.php - rule_id: 40008 http://80.78.242.100/d/385132 http://77.105.133.27/download/th/space.php - rule_id: 40856 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://db-ip.com/demo/home.php?s=	26 Info raw.githubusercontent.com(185.199.109.133) - malware db-ip.com(172.67.75.166) api64.ipify.org(104.237.62.213) api.myip.com(104.26.9.59) lop.foxesjoy.com(104.21.66.124) - malware ipinfo.io(34.117.186.192) cdn.discordapp.com(162.159.133.233) - malware vk.com(87.240.132.72) - mailcious iplogger.org(172.67.132.113) - mailcious 176.111.174.109 - malware 182.162.106.33 - malware 43.153.49.49 - mailcious 173.231.16.77 104.26.4.15 172.67.75.163 34.117.186.192 104.21.66.124 - malware 185.199.111.133 - mailcious 5.42.99.177 - mailcious 87.240.129.133 - mailcious 77.105.133.27 - mailcious 162.159.135.233 - malware 182.162.106.144 172.67.132.113 77.91.77.80 - malware 80.78.242.100 - mailcious	18 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SURICATA Applayer Mismatch protocol both directions ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET HUNTING Redirect to Discord Attachment Download ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY IP Check Domain (iplogger .org in DNS Lookup)	7	5.2	M		ZeroCERT

8014	2024-07-08 10:36	App.dll 1afdf73c0d1ba126c63927b423c55205 Generic Malware Malicious Library ASPack UPX PE File DLL PE64 OS Processor Check PDB Checks debugger crashed					0.6			ZeroCERT

8015	2024-07-08 10:04	Update.js affe7c07da3776a191c69b73e50d491a VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest

8016	2024-07-08 09:54	Client.exe 86108d3bcc19fe774cc81b71494d31f9 Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check PNG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	4	3		7.8	M	61	ZeroCERT

8017	2024-07-08 09:52	my.exe 6470b936622d9502880cae6452d1bb48 Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File PE64 ftp OS Processor Check VirusTotal Malware WriteConsoleW DNS		2			4.0		27	ZeroCERT

8018	2024-07-08 09:52	win.exe f0e6f9c7b9ddc461c6929d4765a15eaa Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File ftp PE32 OS Processor Check VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS		1			3.6		41	ZeroCERT

8019	2024-07-08 09:48	update.exe f8ae25eb2bef827759f8cd837ad85bda Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer VirusTotal Malware Malicious Traffic RWX flags setting sandbox evasion VMware Windows Update Browser DNS crashed	1 Keyword trend analysis	1	2		5.6	M	45	ZeroCERT

8020	2024-07-08 09:48	1.exe ed44c98c40576ef50f6abcf6e40c71d7 UPX PE File PE32 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS		1			4.0	M	23	ZeroCERT

8021	2024-07-08 09:46	Installer.exe bed8cdced2d57be2bd750f0f59991ecd Malicious Library UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Ransomware Windows ComputerName DNS		4	4		9.8	M	63	ZeroCERT

8022	2024-07-08 09:46	build.exe 7081e613321921500b70899fddb56a4d RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.8	M	63	ZeroCERT

8023	2024-07-08 09:44	windows_update.exe 14129aa32bbd6bf03d3cde8837119e2a UPX PE File PE64 VirusTotal Malware					2.2	M	27	ZeroCERT

8024	2024-07-08 09:44	tool.exe 34c704347497551c5593eeabebb7b6ce UPX PE File PE64 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS		2			5.2	M	44	ZeroCERT

8025	2024-07-08 09:44	igccu.exe c3ebea7cd7e96887d0fffff22bf00101 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check DLL Browser Info Stealer VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser	15 Keyword trend analysis Info http://www.wwfglobal.com/m95o/ http://www.freel2charger.com/a4ue/?Xp3xoqu0=3Vd/jhwRuTdOxuTB8JI5nOWg/apgnlL07zqrrDtNySlQNx92si9z0GTEyKNUovs2vFDx3z0WHuC5qtQtmV1Z+JPFOszkR7570ju18v427TjxuMC6Q9FdcnyuD0lX4EuWURba81w=&3C=-W0nH4abwqVx6Z http://www.j1k.tech/ggih/?Xp3xoqu0=i8yzt6XI/zjj0EvWzDpVtZBP16SoDk4AakjQiSQahgkkQjG9W6bktvv9lCGUtqBrNJmyocQc6INn5KIHl6b9E9My6YsY/pwJyHRA4RGjG4LpDxC6HG5D7wyJQEAKu8/ahrYwvcM=&3C=-W0nH4abwqVx6Z http://www.haimai.site/icf0/ http://www.ssicma.org/qxr1/ http://www.j1k.tech/ggih/ http://www.theweekendcreator.com/awb5/?Xp3xoqu0=q3JBavBuYNoAFHwauSUUJN+keHbDXRNO3B64FYkHj+ESHjf6uMe8Ml18n4dPe7A7aU95Qh4NdpEzKf8PQGGhOsCO//xwyGdpY4pSV5d1JaOmNNNmKMZpMyvkuOK0EM5V1PaCanQ=&3C=-W0nH4abwqVx6Z http://www.wwfglobal.com/m95o/?Xp3xoqu0=loIQP3UiqoDjBFJmw0L2TRhB20kRG2X9tn2fHKVmv6zwqnZvk5N84SggBG/BgRcfHRNHZvwpARRf777bnidZ37SD7iT6sqAUnBDtKNk/rHev/lWeFvdkUpIQjUOAVmPnkAOAZpw=&3C=-W0nH4abwqVx6Z http://www.haimai.site/icf0/?Xp3xoqu0=U4JeMG3qb5QJeBzWswvZRpXbdUbus2JptZtYRCnPoVuWQN8AMfSV/KSC/xeCxJC/O44U6AJahBfYedKb0boAnF2JoNLnI8yTZ7fVdLrvsXMgQtoLZXOjy9i/SxhsIguY533/7XI=&3C=-W0nH4abwqVx6Z http://www.valerieomage.com/szs0/ http://www.valerieomage.com/szs0/?Xp3xoqu0=nINTDym7Q9j+BCpkuujjwjGAmK2M3l6Ta6JnU7my4W3+ygqCWIWSYrKZWHtet07iDDp0UTeAPatxkU+Y4s9MpkgkU/s8fphY9KdqoJ4yoDvxJ+HW3rS0xLPCSn9cTKONJWJmDmU=&3C=-W0nH4abwqVx6Z http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zip http://www.freel2charger.com/a4ue/ http://www.ssicma.org/qxr1/?Xp3xoqu0=2m4sk20gG7hdiEEZPbwTHBPhtGachfxfUQkVGf1jp+PhCTwkzgTQmGXQy0a1TEtXBjpQyKYGB70SN5YHZcubEUeNS431TYCqoE6spLmJedjPDy0EPuJ9tZ8AUv34yB9u8tQMDRY=&3C=-W0nH4abwqVx6Z http://www.theweekendcreator.com/awb5/	17 Info www.wwfglobal.com(52.1.217.30) www.theweekendcreator.com(217.160.0.87) - mailcious www.jjkelker.com() www.glucotrustlonely.best() www.freel2charger.com(64.98.135.118) www.ssicma.org(15.197.148.33) www.j1k.tech(84.32.84.32) www.haimai.site(195.110.124.133) www.valerieomage.com(23.227.38.74) 64.98.135.118 52.1.217.30 195.110.124.133 - mailcious 3.33.130.190 - phishing 217.160.0.87 - mailcious 84.32.84.32 - mailcious 45.33.6.223 23.227.38.74 - mailcious			7.2		52	ZeroCERT