Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9061	2021-06-21 13:00	winfuck.exe 53cc9d24a2dacc86819a40ac71819870 AsyncRAT backdoor PWS .NET framework Antivirus Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.2	M	26	ZeroCERT

9062	2021-06-21 13:05	File.exe 34b2d327ebe6246d844b7a4b8640d4d5 AgentTesla AsyncRAT backdoor Eredel Stealer Extended email stealer browser info stealer ftp Client Google Chrome User Data Antivirus Escalate priviledges KeyLogger Steal credential ScreenShot DNS Socket AntiDebug AntiVM PE File .NET EXE Browser Info Stealer Emotet FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check Ransomware Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	8 Keyword trend analysis Info http://ni2748194-1.web16.nitrado.hosting/HostStartups.exe http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-08D4450EE4EB09C734C93A8E8E91A909.html - rule_id: 2096 http://46.102.106.151/panel/index.php http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-153E31DBDD1ACDF382491ECDBE37689C.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C1900454F8C1F17DAFA268D4AC67120F.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C311B505088D4AC5F97AC7A0C3EA6538.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-59CA53825A30DDA8641228CFB3A1898A.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B8A00046C7A941058E012A87473EB342.html - rule_id: 2096	9	8 Info ET INFO DNS Query for Suspicious .gq Domain SURICATA HTTP Request unrecognized authorization method ET INFO HTTP Request to a .gq domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY DNS Query to DynDNS Domain .ddns .net ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	6 Info http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/	32.6	M	13	ZeroCERT

9063	2021-06-21 13:05	pure.exe f98403adb295304f1e3f52b86a5ad441 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.4	M	36	ZeroCERT

9064	2021-06-21 13:06	lv.exe 88ca00752b5d524d9a88a5fc5818d639 Gen1 NPKI Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows DNS crashed		2			8.8	M	51	ZeroCERT

9065	2021-06-21 13:12	setup.exe ed070e82321e34aca28364015919f78e Emotet Gen1 Gen2 Generic Malware PE File PE64 OS Processor Check DLL .NET DLL VirusTotal Malware Check memory Creates executable files unpack itself Ransomware DNS					4.2		26	ZeroCERT

9066	2021-06-21 13:50	이력서_210620(경력사항도 같이 기재하였으니 확인부... 69e7253f4566665890fa293e91a1bc89 PE File PE32 VirusTotal Malware Check memory unpack itself crashed					1.6		16	r0d

9067	2021-06-21 13:51	포트폴리오_210620(경력사항도 같이 기재하였으니 확... 90144b44265dd72a22ccadf0824966a1 PE File PE32 VirusTotal Malware Check memory unpack itself crashed					1.6		16	r0d

9068	2021-06-21 17:23	vbc.exe 44d30f858fcb66c0fa2b475f60d8f6f3 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities AppData folder Tofsee Windows DNS Cryptographic key	7 Keyword trend analysis Info http://www.cyrilgraze.com/p2io/?WZ=ytsDIrP&ibxHRhGx=PONkgH6OT+IdHpvpbj4YyU3gBn/U0y1OFS1Y8BXnr3YdY2x3tUozsMLieTk0sG+frQWfUBsy - rule_id: 1567 http://www.cyrilgraze.com/p2io/ - rule_id: 1567 http://www.micheldrake.com/p2io/ - rule_id: 1550 http://www.micheldrake.com/p2io/?WZ=ytsDIrP&ibxHRhGx=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw - rule_id: 1550 http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:2052101556&cup2hreq=876c248ec5ef25e72ce37cb3d31e61f13291d289045ee395f5c45bb4a691de2a https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201	11	5	4	12.2	M	19	ZeroCERT

9069	2021-06-21 17:24	lv.exe 72eabb4aebfc3d4efd52b64d04847747 Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL OS P VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed		1			8.4		32	ZeroCERT

9070	2021-06-21 17:24	vbc-0.exe ecce2c5c0b5e52edcf5a9d283b767201 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			8.4		36	ZeroCERT

9071	2021-06-21 17:25	vbc-0.exe ecce2c5c0b5e52edcf5a9d283b767201 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					7.8		36	ZeroCERT

9072	2021-06-21 17:47	wMaiUQzBqvXzMnnb.jpg.ps1 52a065ddfaa997a46ae7ac35d9abdfaf DNS					0.6	M		ZeroCERT

9073	2021-06-21 17:48	rwe.wbk be62b274d4a4aa3ceef7ad17a15b5ab3 RTF File doc AntiDebug AntiVM FormBook Malware download Malware MachineGuid Malicious Traffic Check memory ICMP traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader	6 Keyword trend analysis Info http://www.thesoulrevitalist.com/p2io/ http://www.thesoulrevitalist.com/p2io/?1bw=ywi4HDlC8ElSOMEyK6H+rd6B6cynTULkanOSXBUPYg06e2wPUHpv6wPun14JIO+5lIaxxIkr&LZa0=kJEXPjV http://www.painhut.com/p2io/?1bw=403u/w6DmQ0SdXY5uvN4cykoFcXgffqxcXVyEVQEiHIwKr5fFLVOKqQhRyqqhxyR2hkDTO+v&LZa0=kJEXPjV http://www.redudiban.com/p2io/ http://www.redudiban.com/p2io/?1bw=lG9Y6vALifV69L5nwZMaSDuac40TgmoMbDmTo0RVe6GC0eaU+z9H3LThoKEFdKrpsqSNHxEr&LZa0=kJEXPjV http://www.painhut.com/p2io/	9	7 Info ET MALWARE FormBook CnC Checkin (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M		ZeroCERT

9074	2021-06-21 17:48	csrss.exe 789a47d33ce65dad5fd40c1e656cf638 Generic Malware PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization DNS		1			3.2	M	11	ZeroCERT

9075	2021-06-21 20:24	이력서_210620(경력사항도 같이 기재하였으니 확인부... 69e7253f4566665890fa293e91a1bc89 PE File PE32 VirusTotal Malware Check memory unpack itself DNS					2.2		27	ZeroCERT