Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8236	2024-07-01 09:23	TQ.jpg.exe f9f5342074462fa1048fea806eef535f Emotet Generic Malware Malicious Library Downloader Malicious Packer Antivirus UPX PE File PE32 OS Processor Check DLL PE64 Malware download VirusTotal Malware SMB Traffic Potential Scan Malicious Traffic Creates executable files ICMP traffic Disables Windows Security AppData folder sandbox evasion Windows DNS DDNS Downloader	8 Keyword trend analysis Info http://118.184.169.48/dyndns/getip http://45.113.194.189/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8 http://ssl.ftp21.cc/MpMgDLL.jpg http://ssl.ftp21.cc/MpMgSvc.jpg http://down.ftp21.cc/64.jpg http://ssl.ftp21.cc/Hooks.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://down.ftp21.cc/Update.txt	22 Info gtxvdqvuweqs.com(16.162.201.176) members.3322.org(118.184.169.48) ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.199.6.55) www.362-com.com(1.226.84.135) www.4i7i.com(1.226.84.135) opendata.baidu.com(45.113.194.189) web.362-com.com(110.11.158.238) api.iproyal.com(193.228.196.69) ssl.ftp21.cc(31.184.207.62) - malware 23.219.69.110 31.184.207.62 - malware 193.228.196.69 45.113.194.189 16.162.201.176 1.226.84.135 31.222.226.20 18.163.3.159 118.184.169.48 110.11.158.238 119.203.212.165 - malware	8 Info ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection		9.4	M	55	ZeroCERT

8237	2024-07-01 09:23	wmi.jpg.exe 3d3aedfaeaf39544ff74fe6fe4541fc2 PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities suspicious TLD WriteConsoleW Firewall state off Windows DNS DDNS Downloader	10 Keyword trend analysis Info http://down.ftp21.cc/Update.txt http://ssl.ftp21.cc/445.jpg http://43.198.152.240:8080/api/node/ip_validate http://118.184.169.48/dyndns/getip http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://hook.ftp21.cc/MpMgSvc.dll http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8 http://hook.ftp21.cc/MpMgSvc.jpg http://hook.ftp21.cc/Hooks.jpg http://hook.ftp21.cc/64.jpg	28 Info gtxvdqvuweqs.com(16.162.201.176) members.3322.org(118.184.169.48) ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.199.6.55) hook.ftp21.cc(211.108.60.155) api6.my-ip.io() unixtime.org(172.67.175.23) www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.127) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(31.184.207.62) - malware 172.67.175.23 93.189.62.83 31.184.207.62 - malware 193.228.196.69 211.108.60.155 43.198.152.240 45.113.194.127 16.162.201.176 1.226.84.135 51.161.196.188 104.78.73.222 118.184.169.48 110.11.158.238 119.203.212.165 - malware	11 Info ET INFO Packed Executable Download ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)		11.2	M	60	ZeroCERT

8238	2024-06-30 23:34	https://t.co/XCgLbVc0am b88f184324bab0b6c8aa74de052a7b34 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2		4.8			guest

8239	2024-06-30 23:34	https://t.co/WRGTyuOptG 5d97f0c23481feb8b29ced43e5391035 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2		4.2			guest

8240	2024-06-30 20:07	space.php 67cef2b94174d0883a8e8b9ad9c217c7 Client SW User Data Stealer LokiBot RedLine stealer ftp Client info stealer Malicious Library Malicious Packer .NET framework(MSIL) UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3		16.4	M	11	ZeroCERT

8241	2024-06-29 15:39	amadka.exe 7858fdd5d237ed2531bb9d0ac0a756bc PE File PE32 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed	2 Keyword trend analysis	2	2		10.6	M	29	ZeroCERT

8242	2024-06-29 15:37	loaded28062024.exe 3db7f780cfc50d086820b95947a61e59 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.4	M	51	ZeroCERT

8243	2024-06-29 15:37	Photo.scr 1c16a630f64fcde9c94e5fa219374330 Generic Malware Malicious Library UPX PE File OS Processor Check VirusTotal Malware					0.6	M	11	ZeroCERT

8244	2024-06-29 15:31	XClient2.exe 7b20c6c1ae8a7fb30666a20540ed992a Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.4	M	61	ZeroCERT

8245	2024-06-29 15:29	UpdateSetup.exe a492c3a7274138520cb977971fb13fb5 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.0	M	26	ZeroCERT

8246	2024-06-29 15:28	Slovakia.exe ee1ffa80e2398a0f01a99856c1189b21 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.4	M	46	ZeroCERT

8247	2024-06-29 15:27	XClient1.exe dedb302aba9b69536c287633fbe41f5d Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger					6.2	M	58	ZeroCERT

8248	2024-06-29 15:26	XClientx3.exe 1fee5ce12cd61659dd46575a2e378361 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.4		55	ZeroCERT

8249	2024-06-29 15:25	ot.o.o.ooo.doc b0d399c7eee1ee84aa8e55b81a4ac56f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	5	2	1	5.0	M	35	ZeroCERT

8250	2024-06-29 15:24	lamda.cmd b9b513ba600e0bbf6f72129ba99ba72e Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger heapspray Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	6 Keyword trend analysis				3.6	M		ZeroCERT