Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8191	2021-05-20 10:22	554312cx.msi 4e0a36a723ccaeb484afe5ecc7a4a889 MSOffice File PE File PE32 suspicious privilege Check memory Checks debugger unpack itself Windows utilities AntiVM_Disk VM Disk Size Check Windows ComputerName				3.0	M		ZeroCERT

8192	2021-05-20 15:18	k5dy7ow2EwylXhP.exe a1fbfc2302350826dd8fe8576b9db9cd PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8	M	23	ZeroCERT

8193	2021-05-20 16:33	winlog.exe b56e5eef4c0f60b0cdf971935b81893a PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ml Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	8.2	M	12	ZeroCERT

8194	2021-05-20 16:34	Delivery%20Order%208323673.xls 4100f7280e2ec85db09ee5e67b15b9dd VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee DNS	6 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://weeflow.com/wp-content/themes/twentyfourteen/genericons/font/B8Yj2bd8nrfXk5.php https://app.lead-concept.com/ws/wSu6ZEPLdlxH7W8.php https://gamberinigianluca.com/wp-content/themes/constructor/themes/black-urban/1FaXnq8F.php	4	2	4.0	M	30	ZeroCERT

8195	2021-05-20 16:35	fax_Documents.exe 5e9c34075c2eb3d3db131e1227383f1e Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself	3 Keyword trend analysis			2.2		34	ZeroCERT

8196	2021-05-20 16:36	PO%2068601112.xls c389608ec63d30c2d36486bd7db8668f VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	12 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ https://iminnovator.com/index_files/yVoSMJ3GBq7lzW5.php https://lrt.com.pk/9mmQzL8P7.php https://welcometotheafterdeath.com/pixelmonkey.com.au/saeadventures/wp-includes/Text/Diff/0hDhEI2E.php https://specs2go.shawalzahid.com/wp-includes/sodium_compat/src/Core/Base64/gRC1QXli.php https://abdul.yousufbaloch.com/C1q5m9Q5DWZJ24d.php https://staging.gaiafacturacion.com/produccion/v4/include/lib/phpqrcode/cache/rzkNuqp6m1hoY.php https://towingnow.ca/LvR2HWHdQ.php https://lojamusic.com.br/lojamusic.com.br/sitebuilder/IWu1s3chQoaXq.php https://standup.canicinteractive.com/vendor/swiftmailer/swiftmailer/lib/classes/SO2vS3SCmo1jil.php https://euro-office.net/AwI3uwiwuU6.php	20 Info euro-office.net(198.38.82.90) iminnovator.com(192.185.139.153) specs2go.shawalzahid.com(158.69.144.71) standup.canicinteractive.com(162.249.2.44) - mailcious lrt.com.pk(104.21.92.175) - mailcious welcometotheafterdeath.com(192.254.234.250) abdul.yousufbaloch.com(192.185.36.81) - mailcious staging.gaiafacturacion.com(179.27.152.153) - mailcious towingnow.ca(74.220.194.185) lojamusic.com.br(162.241.2.234) 192.185.139.153 74.220.194.185 179.27.152.153 - mailcious 198.38.82.90 - phishing 192.254.234.250 - mailcious 192.185.36.81 - mailcious 162.241.2.234 172.67.196.213 - mailcious 162.249.2.44 - mailcious 158.69.144.71	2	3.2	M	27	ZeroCERT

8197	2021-05-20 16:36	Inv%2006687243.xls 5186a21d30bbf28909683c4767597481 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee DNS	12 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ https://armaenerji.com/UserFiles/site/enerji-kablolari/HES/tbqsCGNY.php https://plascom.ind.br/_img/parceiros/Ii2g4cYzKfaMLz7.php https://specs2go.shawalzahid.com/wp-includes/sodium_compat/src/Core/Base64/gRC1QXli.php https://mahinur.nucleustechbd.com/3IPk4Tm2As.php https://lojamusic.com.br/lojamusic.com.br/sitebuilder/IWu1s3chQoaXq.php https://gamberinigianluca.com/wp-content/themes/constructor/themes/black-urban/1FaXnq8F.php https://fuherpronn.org/u52Xze2Vn28f.php https://abdul.yousufbaloch.com/C1q5m9Q5DWZJ24d.php https://lamiragereception.com.au/ABs8dJ2ZJ3jgv0n.php https://fotounirii.ro/wp-content/plugins/under-construction-page/themes/000webhost/EYZWDFGxTaDjbR.php	20 Info mahinur.nucleustechbd.com(67.222.155.191) lamiragereception.com.au(67.23.226.231) armaenerji.com(217.195.198.212) - mailcious plascom.ind.br(191.252.142.218) fuherpronn.org(162.241.194.204) - mailcious specs2go.shawalzahid.com(158.69.144.71) fotounirii.ro(89.35.173.76) abdul.yousufbaloch.com(192.185.36.81) - mailcious gamberinigianluca.com(64.37.52.95) lojamusic.com.br(162.241.2.234) 89.35.173.76 217.195.198.212 - mailcious 192.185.36.81 - mailcious 64.37.52.95 - mailcious 191.252.142.218 67.23.226.231 - mailcious 67.222.155.191 - mailcious 162.241.194.204 - mailcious 162.241.2.234 158.69.144.71	2	4.8	M	24	ZeroCERT

8198	2021-05-20 16:39	invoice_996451.doc bee4631c31d5682a91174ee18d7c9335 RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	2	1	3.6	M	27	ZeroCERT

8199	2021-05-20 16:41	mn.exe f421782c826203212a35308f4b155bad AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS crashed				11.0	M	38	ZeroCERT

8200	2021-05-20 16:44	fax_Documents.zip e9ab849de3862d15c03f2dc2535a2fe0 VirusTotal Malware DNS				1.4	M	24	ZeroCERT

8201	2021-05-20 16:57	fax_Documents.exe 5e9c34075c2eb3d3db131e1227383f1e Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS				2.8		34	ZeroCERT

8202	2021-05-21 08:11	Main.jpg d598749a8c86b1cdd313ff6c86626c86 RTF File doc DLL PE File OS Processor Check PE32 Vulnerability VirusTotal Malware buffers extracted exploit crash unpack itself AppData folder Exploit DNS crashed				4.4		17	ZeroCERT

8203	2021-05-21 08:33	b.dot 7eb32d81afb5598c9ab0c6651955c42d RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.8		28	ZeroCERT

8204	2021-05-21 08:35	00.exe 83377601918cdc76c76ed36c06a01546 PE File OS Processor Check PE32 VirusTotal Malware Check memory Checks debugger Creates executable files AppData folder DNS		1		5.4		52	ZeroCERT

8205	2021-05-21 08:41	netwire-988.exe c225922e8ec40ccca7d491fa57ece50b PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key				2.8		10	ZeroCERT