Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8161	2024-07-03 18:27	IEnetCache.hta 23944bdd42dd1973f4cebc54defbccd0 Generic Malware Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	3		12.0		13	ZeroCERT

8162	2024-07-03 18:12	강연의뢰서_ 엄구호 교수님 .docx.lnk... 52d073c181531c7f0b8b3aa764c6551d Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4		26	guest

8163	2024-07-03 17:19	pconsnap.dll 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		37	ZeroCERT

8164	2024-07-03 17:19	pconsnap.dll 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		37	ZeroCERT

8165	2024-07-03 13:24	setup.exe 6a29cf171c9718d55a0b617102451f6b Malicious Library PE File PE32 Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					3.6			ZeroCERT

8166	2024-07-03 13:24	setup.exe 5d286a1851e49c4a21ec0178bcf8b239 Malicious Library PE File PE32 VirusTotal Malware Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					4.6	M	37	ZeroCERT

8167	2024-07-03 11:27	Video HD (1080p).lnk e694422f9ae9a4bf93258f6376db4292 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell ZIP Format VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Interception Windows ComputerName Cryptographic key	4 Keyword trend analysis	4	1	1	11.6		19	ZeroCERT

8168	2024-07-03 11:20	setup.exe 6a29cf171c9718d55a0b617102451f6b Malicious Library PE File PE32 Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					3.6			ZeroCERT

8169	2024-07-03 10:46	Update.js cbca476a716c76cf629b3428ee9c3f43 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			r0d

8170	2024-07-03 10:42	archive.rar 9d10f6f08ae1cc016c10b09007063417 Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM VirusTotal Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord DNS CoinMiner	10 Keyword trend analysis Info http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://80.78.242.100/d/525403 http://5.42.99.177/api/twofish.php - rule_id: 40008 http://x1.i.lencr.org/ https://steamcommunity.com/profiles/76561199707802586 - rule_id: 40674 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://db-ip.com/demo/home.php?s= http://77.105.133.27/download/th/space.php http://77.105.133.27/download/123p.exe	35 Info db-ip.com(172.67.75.166) monoblocked.com(45.130.41.108) - malware api64.ipify.org(173.231.16.77) api.myip.com(172.67.75.163) steamcommunity.com(104.100.64.90) - mailcious lop.foxesjoy.com(104.21.66.124) - malware t.me(149.154.167.99) - mailcious ipinfo.io(34.117.186.192) x1.i.lencr.org(23.35.220.247) bitbucket.org(104.192.141.1) - malware cdn.discordapp.com(162.159.133.233) - malware vk.com(87.240.132.67) - mailcious iplogger.org(104.21.4.208) - mailcious pool.hashvault.pro(142.202.242.45) - mailcious 104.71.154.102 104.26.5.15 149.154.167.99 - mailcious 23.201.35.155 34.117.186.192 125.253.92.50 104.26.8.59 162.159.130.233 - malware 104.21.66.124 - malware 45.130.41.108 - malware 104.237.62.213 77.91.77.80 - malware 104.192.141.1 - mailcious 121.254.136.9 80.78.242.100 - mailcious 37.27.31.150 5.42.99.177 - mailcious 23.41.113.9 77.105.133.27 - mailcious 87.240.132.72 - mailcious 172.67.132.113	17 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) SURICATA Applayer Mismatch protocol both directions ET INFO Executable Download from dotted-quad Host ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET HUNTING Redirect to Discord Attachment Download ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	4	6.0	M	1	ZeroCERT

8171	2024-07-03 10:05	au.u.u.uuu.doc 82bb2c75e40c4beb166cfa0c3d7fc0bc MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted ICMP traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2			6.8	M	37	ZeroCERT

8172	2024-07-03 10:04	scrscrscr.exe d62cda8235956adc06d774785dbc8ca6 UPX PE File PE32 VirusTotal Malware PDB RCE					1.2	M	21	ZeroCERT

8173	2024-07-03 09:49	Gamesense.rar b1adc1e869b9d40b6d9c8550cd129268 Escalate priviledges PWS KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself					3.0	M	38	ZeroCERT

8174	2024-07-03 09:40	outbyte-driver-updater.exe 19e7819eb886414b6bcab23db00541ec Gen1 HermeticWiper Generic Malware PhysicalDrive Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE File PE32 MZP Format OS Processor Check Lnk Format GIF Format DLL PE64 MSOffice File DllRegisterServer dll ftp Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee GameoverP2P Zeus Windows Browser ComputerName Trojan Banking crashed	1 Keyword trend analysis	9	2		11.6		4	ZeroCERT

8175	2024-07-03 09:37	Fortect.exe 745dfc19a7a8ce32812211f17b792fa6 Gen1 RedLine stealer Emotet NSIS Generic Malware Suspicious_Script_Bin Downloader Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus Anti_VM Javascript_Blob PE File PE32 OS Processor Check DLL PNG Format JPEG Format Lnk For VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut RWX flags setting unpack itself Auto service AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Tofsee Ransomware Windows ComputerName DNS Software	11 Keyword trend analysis Info https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=PKAOK¶m=ServiceRunning<> https://app.fortect.com/events/version.php?data=json&sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&installed= https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSVR¶m=6.5.0.2<> https://app.fortect.com/ev-install-start/ev-install-start.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502 https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSST¶m=Downloader%20Started<> https://app.fortect.com/ev-install-end/ev-install-end.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502 https://cloud.fortect.com/app/installation/engine/6502/FortectSetup64.7z https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=LANG¶m=1042<>ko<> https://app.fortect.com/events/evt_scan.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=AUINS¶m=service%20installed<>0<>6.5.0.2<> https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSRN¶m=6.5.0.2<*> https://cloud.fortect.com/app/installation/service/6502/FortectProtection64.7z	6	3		8.6		1	ZeroCERT