Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8011	2021-05-12 17:55	c4da0137cbb99626fd44da707ae1bc... c4da0137cbb99626fd44da707ae1bca8 PE File PE32 VirusTotal Malware MachineGuid					2.4		43	r0d

8012	2021-05-12 17:55	r1oo.exe 85725f2ce8ff2e36e9a3849e512e8db5 BitCoin Antivirus AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer ENERGETIC BEAR VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	3	1	16.8	M	16	ZeroCERT

8013	2021-05-12 17:57	c4da0137cbb99626fd44da707ae1bc... c4da0137cbb99626fd44da707ae1bca8 PE File PE32 VirusTotal Malware MachineGuid DNS					3.0		43	ZeroCERT

8014	2021-05-12 17:58	generated order 257404.xlsm 77838fe56970ec040ea084f6c5b3def6 VBA_macro VirusTotal Malware unpack itself Tofsee	8 Keyword trend analysis Info https://bhuttangill.com/wp-includes/js/tinymce/themes/inlite/Agk5yxu6D3SEW.php https://multigranos.com.bo/wp-content/plugins/woocommerce/i18n/languages/SFMm6Qoe.php https://traffickerdigital.guru/wp-content/plugins/stops-core-theme-and-plugin-updates/templates/notices/3RKTmgwCIosO1Q.php https://wickerconsultingllc.com/wp-content/plugins/force-regenerate-thumbnails/jquery-ui/redmond/MGggfHzY0QH0Cp3.php https://italmaps.com/nuovo/wp-includes/js/jquery/ui/vUYhCCeCNKQoEk.php https://bitfore.co.uk/wp-content/plugins/elementor/includes/admin-templates/1WiStiiT.php https://senalgrafsac.com/prueba/vendor/bootstrap/css/Z1Oeq1XQhEC.php https://darkmattercompany.com/billing/templates/orderforms/comparison/images/OMqNCOuk.php	20 Info bhuttangill.com(95.216.246.100) - mailcious multigranos.com.bo(64.37.56.40) - mailcious traffickerdigital.guru(185.61.154.27) - mailcious grupoakrabu.com(67.222.131.40) - mailcious darkmattercompany.com(192.185.171.227) - mailcious wickerconsultingllc.com(192.185.115.105) - mailcious vipecotton.com(172.67.138.115) - mailcious italmaps.com(185.116.60.7) - mailcious bitfore.co.uk(162.241.85.241) - mailcious senalgrafsac.com(162.241.190.216) - mailcious 64.37.56.40 - mailcious 192.185.171.227 - mailcious 185.61.154.27 - mailcious 162.241.190.216 - mailcious 104.21.56.243 - mailcious 162.241.85.241 - mailcious 95.216.246.100 - mailcious 192.185.115.105 - mailcious 185.116.60.7 - mailcious 67.222.131.40 - mailcious	2		4.2	M	31	ZeroCERT

8015	2021-05-12 18:15	c4da0137cbb99626fd44da707ae1bc... c4da0137cbb99626fd44da707ae1bca8 PE File PE32 VirusTotal Malware MachineGuid DNS					3.0		43	ZeroCERT

8016	2021-05-12 18:21	id1.dotm 71e480edcb51a02b8460ccc9b2dfa272 VBA_macro Vulnerability Malware ICMP traffic unpack itself	3 Keyword trend analysis	2			4.6			ZeroCERT

8017	2021-05-12 18:21	id2.dotm 7f8a4e0dca2e18121af505d9198d81d1 DNS					1.4			ZeroCERT

8018	2021-05-12 18:24	21504.dotm 523b3401b0fb0e8aec9be70f57686840					0.8			ZeroCERT

8019	2021-05-13 08:21	knnnn.exe 62e8b40ed70c64fbd25a070a0c8b78f7 PWS Loki[b] Loki[m] AsyncRAT backdoor Malicious Library DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2		13.2	M	19	ZeroCERT

8020	2021-05-13 08:23	XNAFrameworkClassLibrary.pdf eac4870e667458a95da0b52ed6457331 AsyncRAT backdoor DLL PE File .NET DLL PE32 VirusTotal Malware PDB					1.2		23	ZeroCERT

8021	2021-05-13 08:23	kn.exe 167f0a829df709cc4107369ed23fbdfb Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS DDNS	2 Keyword trend analysis	5	4		16.6		31	ZeroCERT

8022	2021-05-13 08:23	Asyn_gracet.exe a111a4a9058473075bea557a2ff2dfd6 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE OS Processor Check PE File PE32 Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware Kovter DNS DDNS		2	3		1.6		46	ZeroCERT

8023	2021-05-13 08:26	update201703280212.exe 3ccd1b5d4ea318d18cde4f03a6624679 PE File PE32 UPX VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows Remote Code Execution DNS	3 Keyword trend analysis Info http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:804420565&cup2hreq=04b49ece93c885a4cd63aa4b6ee0ff8021674e6a856951fcd14dfae377c3f3d2 https://update.googleapis.com/service/update2	4	4		4.4	M	27	ZeroCERT

8024	2021-05-13 09:44	update201703280212.exe 3ccd1b5d4ea318d18cde4f03a6624679 UPX PE File PE32 VirusTotal Malware Check memory unpack itself Remote Code Execution					2.8	M	27	r0d

8025	2021-05-13 09:46	update201703280212.exe 3ccd1b5d4ea318d18cde4f03a6624679 UPX PE File PE32 VirusTotal Malware Check memory unpack itself Remote Code Execution					2.8	M	27	r0d