Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8551	2023-09-18 13:41	po# 348839.exe 4a7a9da9b5d246c23e12315e4eac1fcd Formbook NSIS UPX Malicious Library PE File PE32 OS Processor Check Malware download VirusTotal Malware suspicious privilege Check memory Creates executable files ICMP traffic unpack itself AppData folder	13 Keyword trend analysis Info http://www.houtaijiaju.com/stcf/?el=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&isnBX=nywdxOY_N7CAIHs - rule_id: 36372 http://www.ronikonmet.online/stcf/?el=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&isnBX=nywdxOY_N7CAIHs - rule_id: 36374 http://www.innovativefewsustra.com/stcf/?el=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&isnBX=nywdxOY_N7CAIHs - rule_id: 36377 http://www.saintprojetdesalers.com/stcf/ - rule_id: 36373 http://www.saintprojetdesalers.com/stcf/?el=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&isnBX=nywdxOY_N7CAIHs - rule_id: 36373 http://www.innovativefewsustra.com/stcf/ - rule_id: 36377 http://www.hummall.com/stcf/ - rule_id: 36375 http://www.admiralx-qjff.buzz/stcf/ - rule_id: 36376 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip http://www.ronikonmet.online/stcf/ - rule_id: 36374 http://www.houtaijiaju.com/stcf/ - rule_id: 36372 http://www.hummall.com/stcf/?el=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&isnBX=nywdxOY_N7CAIHs - rule_id: 36375 http://www.admiralx-qjff.buzz/stcf/?el=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&isnBX=nywdxOY_N7CAIHs - rule_id: 36376	15 Info www.houtaijiaju.com(206.237.167.5) - mailcious www.aboutmart.info(66.29.149.4) - mailcious www.saintprojetdesalers.com(103.224.182.252) - mailcious www.hummall.com(192.187.101.110) - mailcious www.innovativefewsustra.com() - mailcious www.admiralx-qjff.buzz(104.21.79.241) - mailcious www.ronikonmet.online(194.58.112.174) - mailcious 103.224.182.252 - mailcious 192.187.101.110 - mailcious 206.237.167.5 - mailcious 199.21.76.77 - mailcious 194.58.112.174 - mailcious 66.29.149.4 - mailcious 45.33.6.223 104.21.79.241	2	12 Info http://www.houtaijiaju.com/stcf/ http://www.ronikonmet.online/stcf/ http://www.innovativefewsustra.com/stcf/ http://www.saintprojetdesalers.com/stcf/ http://www.saintprojetdesalers.com/stcf/ http://www.innovativefewsustra.com/stcf/ http://www.hummall.com/stcf/ http://www.admiralx-qjff.buzz/stcf/ http://www.ronikonmet.online/stcf/ http://www.houtaijiaju.com/stcf/ http://www.hummall.com/stcf/ http://www.admiralx-qjff.buzz/stcf/	6.6	M	32	ZeroCERT

8552	2023-09-18 13:40	po# 348839.exe 4a7a9da9b5d246c23e12315e4eac1fcd Formbook NSIS UPX Malicious Library PE File PE32 OS Processor Check Malware download VirusTotal Malware suspicious privilege Check memory Creates executable files ICMP traffic unpack itself AppData folder	13 Keyword trend analysis Info http://www.admiralx-qjff.buzz/stcf/?Pve=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&LSiIl=htN9PL45qap - rule_id: 36376 http://www.houtaijiaju.com/stcf/?Pve=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&LSiIl=htN9PL45qap - rule_id: 36372 http://www.hummall.com/stcf/?Pve=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&LSiIl=htN9PL45qap - rule_id: 36375 http://www.saintprojetdesalers.com/stcf/?Pve=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&LSiIl=htN9PL45qap - rule_id: 36373 http://www.ronikonmet.online/stcf/?Pve=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&LSiIl=htN9PL45qap - rule_id: 36374 http://www.innovativefewsustra.com/stcf/?Pve=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&LSiIl=htN9PL45qap - rule_id: 36377 http://www.saintprojetdesalers.com/stcf/ - rule_id: 36373 http://www.houtaijiaju.com/stcf/ - rule_id: 36372 http://www.innovativefewsustra.com/stcf/ - rule_id: 36377 http://www.hummall.com/stcf/ - rule_id: 36375 http://www.admiralx-qjff.buzz/stcf/ - rule_id: 36376 http://www.ronikonmet.online/stcf/ - rule_id: 36374 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip	15 Info www.houtaijiaju.com(206.237.167.5) - mailcious www.aboutmart.info(66.29.149.4) - mailcious www.saintprojetdesalers.com(103.224.182.252) - mailcious www.hummall.com(192.187.101.110) - mailcious www.innovativefewsustra.com() - mailcious www.admiralx-qjff.buzz(172.67.172.5) - mailcious www.ronikonmet.online(194.58.112.174) - mailcious 103.224.182.252 - mailcious 192.187.101.110 - mailcious 206.237.167.5 - mailcious 199.21.76.77 - mailcious 194.58.112.174 - mailcious 66.29.149.4 - mailcious 45.33.6.223 172.67.172.5 - mailcious	2	12 Info http://www.admiralx-qjff.buzz/stcf/ http://www.houtaijiaju.com/stcf/ http://www.hummall.com/stcf/ http://www.saintprojetdesalers.com/stcf/ http://www.ronikonmet.online/stcf/ http://www.innovativefewsustra.com/stcf/ http://www.saintprojetdesalers.com/stcf/ http://www.houtaijiaju.com/stcf/ http://www.innovativefewsustra.com/stcf/ http://www.hummall.com/stcf/ http://www.admiralx-qjff.buzz/stcf/ http://www.ronikonmet.online/stcf/	6.6	M	32	ZeroCERT

8553	2023-09-18 11:35	364D4FDF430477222FE854B3CD5B6D... 364d4fdf430477222fe854b3cd5b6d40 Suspicious_Script_Bin Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM CHM Format VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName	1 Keyword trend analysis				5.2		16	ZeroCERT

8554	2023-09-18 11:30	XMYFCPT9speAh98pdf.lnk 6d164ac8281441a98190607ceff43264 Lnk Format GIF Format VirusTotal Malware Creates shortcut AntiVM_Disk WriteConsoleW VM Disk Size Check					1.6		15	ZeroCERT

8555	2023-09-18 11:25	북의 핵위협 양상과 한국의 대응방향.chm... 364d4fdf430477222fe854b3cd5b6d40 AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory unpack itself crashed					2.4		16	ZeroCERT

8556	2023-09-18 11:22	ob.ps1 19f25adb285db21f0f11e966bc57d48e Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key					0.8			ZeroCERT

8557	2023-09-18 09:49	winlogin.exe 64aa45857bbf819ca0516126748ddfdb UPX PE File PE32 .NET EXE OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself		2			3.6		59	ZeroCERT

8558	2023-09-18 09:48	forex.msi 452db598b23ac2a6cd0d4d4692f1c438 Generic Malware Malicious Library CAB MSOffice File OS Processor Check Malware download VirusTotal Malware Buffer PE suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check Lumma Stealer ComputerName	2 Keyword trend analysis	2	2		5.0		6	ZeroCERT

8559	2023-09-18 09:47	Magic_Stage.ps1 3377b4e386b5ef09b80f96c3b121f9c8 Generic Malware Antivirus PE File .NET DLL DLL PE32 VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	3	3	1	7.2		1	ZeroCERT

8560	2023-09-18 09:44	ClickMe.lnk 08b5b3505abb428c860598363761f2e8 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.6		4	ZeroCERT

8561	2023-09-18 09:43	3fdbfc74.exe 5ba328846dad5cb3e3a41f579d25b7fd UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware unpack itself					1.2	M	27	ZeroCERT

8562	2023-09-18 09:42	Cmstp.bat 31254e5f0a767dba0d013d83d8949be8 Generic Malware Hide_EXE Downloader WebCam Antivirus UPX Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM PE File .NET DLL DLL PE32 Malware powershell MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Windows DNS Cryptographic key	3 Keyword trend analysis	3	6 Info ET INFO PS1 Powershell File Request ET HUNTING Generic Powershell DownloadFile Command ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.8	M		ZeroCERT

8563	2023-09-18 07:51	champ.exe 1ac6fd0301c47ecb144702fd7a9ffe22 .NET framework(MSIL) PE File PE32 .NET EXE suspicious privilege Code Injection Check memory Checks debugger unpack itself					4.2	M		ZeroCERT

8564	2023-09-18 07:50	index.php 5ba328846dad5cb3e3a41f579d25b7fd UPX Malicious Library PE File PE32 OS Processor Check unpack itself					0.4			ZeroCERT

8565	2023-09-18 07:48	Arch_scam.ps1 671f5371312d91c2e723fe2035655aac Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted WMI Creates executable files unpack itself Detects VMWare powershell.exe wrote Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware VM Disk Size Check Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1	4		14.2	M		ZeroCERT