Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	Player
8971	2023-11-11 16:28	SIPARIS_08.11.2023.PDF.jar 2348d8022547af23c5f1c68935d57e94 ZIP Format Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName crashed					3.2	M	ZeroCERT

8972	2023-11-11 16:25	10-11-2023-SIPARIS.jar 83990e881fb65cca147200aaae89b247 ZIP Format Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName crashed					3.2		ZeroCERT

8973	2023-11-11 16:25	XClient2.exe 6ebd73c9be60fc393f77fe33b47adc44 Antivirus UPX PE32 PE File .NET EXE OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.6	M	ZeroCERT

8974	2023-11-11 16:23	kongaby2.1.exe 0289449a841d419c7fecc344ea10d16a Formbook NSIS Malicious Library UPX PE32 PE File FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	2 Keyword trend analysis	7	1	1	3.0	M	ZeroCERT

8975	2023-11-11 16:23	0311.dll 28ade89b1d09d13581d3abe00d7658fb Malicious Library UPX PE File DLL PE64 DllRegisterServer dll					0.4		ZeroCERT

8976	2023-11-11 16:22	1 f4b77b243a4034e1e5ea5b673605396f Downloader UPX PE32 PE File Check memory DNS crashed		1			1.8		ZeroCERT

8977	2023-11-11 16:22	j-10 cbb30cf779a03c4a42012fe3991a3ab3 Malicious Library Downloader UPX PE32 PE File DLL ZIP Format JPEG Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader	4 Keyword trend analysis	1	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		5.8	M	ZeroCERT

8978	2023-11-11 16:21	1 779fec3eb8a3a078127c09b1733d892d Downloader UPX PE32 PE File crashed					1.0	M	ZeroCERT

8979	2023-11-11 16:19	MyBot.exe 6cf234dc5736dd648ea27662e2efa934 UPX AntiDebug AntiVM PE File PE64 JPEG Format Malware Buffer PE AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Windows ComputerName crashed	2 Keyword trend analysis	2			9.2	M	ZeroCERT

8980	2023-11-11 16:18	10.11.2023_SIPARIS_LISTESI.PDF... 36e1f972423dcb93ee5308ae5f956612 ZIP Format Check memory heapspray unpack itself Java					1.6	M	ZeroCERT

8981	2023-11-11 16:17	smss.exe 8faf95f9dadf5b14bc7d023cb88d0efc Malicious Library Admin Tool (Sysinternals etc ...) UPX PE32 PE File MZP Format DllRegisterServer dll RWX flags setting unpack itself Tofsee Interception crashed		2	2		3.0	M	ZeroCERT

8982	2023-11-11 16:16	instalador.msi a02f4c15bb388be9c1f54d28b7609027 Generic Malware Malicious Library Antivirus MSOffice File OS Processor Check suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					1.8	M	ZeroCERT

8983	2023-11-11 16:15	j-20 14be279cc716aa095ab0f5a49d95d802 Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader	4 Keyword trend analysis	1	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		7.4		ZeroCERT

8984	2023-11-11 16:14	afkjo.vbs 16c1919dc542fd57240f82c2f4dbed02 wscript.exe payload download Tofsee	1 Keyword trend analysis	2	2		1.6		ZeroCERT

8985	2023-11-11 16:12	1699457954-Mhfahqwyu.exe add4f74b17495d24287efb5b3f7f666c PE File PE64 suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					2.6		ZeroCERT