Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9076	2021-06-21 20:29	HostStartups.exe 6640bb72348963f486a0e0fb7a221587 AgentTesla AsyncRAT backdoor Eredel Stealer Extended email stealer browser info stealer Google Chrome User Data Antivirus DNS Socket KeyLogger ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis Info http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C1900454F8C1F17DAFA268D4AC67120F.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C311B505088D4AC5F97AC7A0C3EA6538.html - rule_id: 2096	4	4	2	18.8	M	17	ZeroCERT

9077	2021-06-21 21:03	wMaiUQzBqvXzMnnb.jpg.ps1 52a065ddfaa997a46ae7ac35d9abdfaf Antivirus GIF Format Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	1		8.8	M		ZeroCERT

9078	2021-06-22 08:01	oki.exe fb2d85e3503b99fffcb9d2892a5af896 AsyncRAT backdoor Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C6FEFDB4D5C1D411D177D75771792D61.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-AF112CDD77AAF014CB96EAE02F666573.html - rule_id: 2096	3	3	2	17.6	M	16	ZeroCERT

9079	2021-06-22 09:17	Document%2063653957.xls dfb500a801d3cd450e7f54af9ccb8c4d VBA_macro MSOffice File VirusTotal Malware ICMP traffic unpack itself Tofsee DNS	10 Keyword trend analysis Info https://cryptoexpert.work/core/vendor/doctrine/lexer/lib/cpf9PlDnI8yT4tE.php https://EsteticaCanina.gruporampant.com/wp-content/themes/twentyseventeen/template-parts/footer/w3vaYV8KPKBV2P.php https://hartlepooltaxi.co.uk/TaxiShop/modules/coreupdater/views/js/bbKt3OpktVRAFni.php https://www.vidroboxbirigui.com.br/posts/GqlwMINB3GC.php https://galaxybrindes.com.br/wp-content/plugins/elementor/data/base/F43npljSP.php https://tricomenergy.com.pk/fonts/font-awesome-4.7.0/css/QblbClNi.php https://kapraywala.ga/website/wp-includes/js/jquery/ui/kk919Q3Ead7kgFQ.php https://yourcodeliberdade.com/mail/PHPMailer_5.2.0/test_script/images/ySc5emgn6yieudo.php https://www.eloyfestas.com.br/posts/EwyU0Hv3aBAST.php https://games.mobileadsit.com/__MACOSX/paper-panel-all-files/paper-panel/WT3nZjIP.php	19 Info www.eloyfestas.com.br(191.252.105.201) hartlepooltaxi.co.uk(149.202.90.163) tricomenergy.com.pk(18.136.132.202) esteticacanina.gruporampant.com(162.241.61.218) galaxybrindes.com.br(107.161.183.42) games.mobileadsit.com(162.241.87.244) cryptoexpert.work(103.253.212.34) kapraywala.ga(67.227.152.156) yourcodeliberdade.com(200.98.245.52) www.vidroboxbirigui.com.br(191.252.105.201) 107.161.183.42 - mailcious 200.98.245.52 - mailcious 191.252.105.201 - mailcious 149.202.90.163 162.241.87.244 67.227.152.156 162.241.61.218 103.253.212.34 18.136.132.202 - phishing	5		5.6		24	ZeroCERT

9080	2021-06-22 09:19	lv.exe 25d8cefcd47eafa6fe575b02c3c65bcc Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL OS P VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1			9.0		39	ZeroCERT

9081	2021-06-22 09:20	smss.exe db07493f8abf7e85974575aa9ad30406 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Backdoor DNS Cryptographic key crashed	2 Keyword trend analysis Info http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B6781E2429DB6B1FF3ABE17966B385A1.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-68C0D222E1912789D5842E1FDB050046.html - rule_id: 2096	2	3	2	10.8	M	16	ZeroCERT

9082	2021-06-22 09:20	YEl6CLKPENwsgLHt.txt.vbs 62ee88ba7a87c42b8e493f9a8646d5ee VBScript PowerShell Obfuscated File VirusTotal Malware DNS crashed					1.4		12	ZeroCERT

9083	2021-06-22 09:22	vbc.exe 5beae2f6cea2c9f92ab4e2b34dfac0d4 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.4		32	ZeroCERT

9084	2021-06-22 09:24	dw5eq7r.bmp 2be4acc4b6eaa713a7a90a49d95c5541 VirusTotal Malware					0.4		8	ZeroCERT

9085	2021-06-22 09:26	file.exe e0c4171c0bb82cf52647b0ccbfd6f3e3 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed					3.4		33	ZeroCERT

9086	2021-06-22 09:28	lk.exe bd82e968846ab3d7b35b0f49a2522494 PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	5		8.6		16	ZeroCERT

9087	2021-06-22 09:29	Inquiry pdf.exe a8135bc40e7ed54bb2f77697477df14b AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					11.8		20	ZeroCERT

9088	2021-06-22 09:32	W0rld cup_QATAR 2022 STADIUM P... 338ffcaf3397eb562228788f41c0268a AgentTesla AsyncRAT backdoor browser info stealer Google Chrome User Data Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP Http API Steal credential ScreenShot P2P AntiD VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows DNS Cryptographic key crashed keylogger	2 Keyword trend analysis Info http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F95A7A48E436A29E2F90064424C79AC7.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F4E006F474BFC99D1182EAD4118326E5.html - rule_id: 2096	3	3	2	14.4	M	20	ZeroCERT

9089	2021-06-22 09:32	cancel_sub_KT901234567890123.x... 6901ee3cdccb4f65c18375d2a31d8a25 VBA_macro VirusTotal Malware Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS crashed		1			8.4		9	ZeroCERT

9090	2021-06-22 09:33	GT2pFbB.dll 4e5fc6111da7ec4512257864ded2f43b PE File PE64 DLL VirusTotal Malware crashed					1.2		3	ZeroCERT