Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9136	2023-11-04 10:30	주요도시 시장가격 조사2023.xlsx.lnk... d1dc2db2956803de7eef7a76a6ac5cb2 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM Lnk Format GIF Format PowerShell ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.0		24	ZeroCERT

9137	2023-11-04 10:26	Kuteiisd.exe 0bb98a8a1597245e3c0c37fbf2c0f94b Hide_EXE PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					2.0		41	ZeroCERT

9138	2023-11-03 18:29	Amadey.exe 5d0310efbb0ea7ead8624b0335b21b7b Amadey RedLine stealer Browser Login Data Stealer RedlineStealer RedLine Infostealer Gen1 Emotet Generic Malware Hide_EXE Malicious Library UPX Malicious Packer .NET framework(MSIL) ScreenShot PWS Anti_VM Javascript_B Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW IP Check VM Disk Size Check human activity check installed browsers check Kelihos Tofsee Stealc Stealer Windows Update Browser ComputerName Trojan DNS Cryptographic key Software crashed Downloader	65 Keyword trend analysis Info http://185.196.8.176/7jshasdS/index.php?scr=1 - rule_id: 37683 http://5.182.86.30/TEST32.exe http://185.196.8.176/7jshasdS/index.php - rule_id: 37683 http://193.233.255.73/loghub/master - rule_id: 37500 http://185.196.8.176/7jshasdS/Plugins/clip64.dll - rule_id: 37685 http://167.235.20.126/bjdm32DP/index.php - rule_id: 37786 http://167.235.20.126/bjdm32DP/index.php?scr=1 - rule_id: 37786 http://171.22.28.213/build2.exe http://185.196.8.176/7jshasdS/Plugins/cred64.dll - rule_id: 37684 http://171.22.28.213/TEST32.exe http://109.107.182.2/race/lom30.exe http://77.91.124.1/theme/index.php - rule_id: 37040 https://www.google.com/favicon.ico https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 https://fonts.googleapis.com/css?family=Roboto:400,500 https://fonts.gstatic.com/s/youtubesans/v22/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.10a25667.chunk.js https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png https://www.youtube.com/ https://accounts.google.com/generate_204?dap48w https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://www.epicgames.com/id/login https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://www.youtube.com/img/desktop/supported_browsers/opera.png https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.520a7eda.chunk.js https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://accounts.google.com/_/bscframe https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywXMRymWtXksqblJvlUYJFlJpIBYOvVGbAuX2Ek1p_KKsKWal2mSwVOyZ7Kxhsq7qREHNHDmw https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png https://steamcommunity.com/openid/loginform/ https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=F9Ougyu-CyG3&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=eYJYuhv32ILn&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyzuEIb-UEcUXM-N1dV2w2UTTKTYT6Y4L2bfCbNf3HMq8VmgW-zlcvm_lgIXTMSD6nIc8SElCQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-771307111%3A1699002903738664 https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=gYtbaAKt6bwQ&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare	41 Info www.paypal.com(151.101.193.21) ssl.gstatic.com(142.250.207.99) www.google.com(142.250.76.132) store.steampowered.com(23.40.44.77) steamcommunity.com(104.76.78.101) - mailcious www.youtube.com(172.217.175.238) - mailcious fonts.googleapis.com(142.251.222.42) api.ipify.org(173.231.16.77) static-assets-prod.unrealengine.com(18.64.8.108) twitter.com(104.244.42.65) accounts.google.com(142.250.206.205) community.cloudflare.steamstatic.com(172.64.145.151) fonts.gstatic.com(142.250.207.99) www.epicgames.com(34.198.71.3) 149.40.62.171 142.250.207.99 23.40.44.77 167.235.20.126 - malware 18.64.8.109 77.91.124.1 - malware 64.185.227.156 193.233.255.73 - mailcious 104.244.42.129 - suspicious 142.250.76.132 142.251.222.42 85.209.176.171 172.64.145.151 77.91.124.86 194.169.175.118 - mailcious 194.169.175.235 185.196.9.171 - mailcious 192.229.232.89 142.250.206.205 - suspicious 142.250.207.46 171.22.28.239 - mailcious 104.76.78.101 - mailcious 5.182.86.30 185.196.8.176 - malware 54.175.89.124 109.107.182.2 - malware 171.22.28.213 - malware	26 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Kelihos.F EXE Download Common Structure ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey Bot Activity (POST) M1 ET INFO Dotted Quad Host DLL Request ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Amadey Bot Activity (POST) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO TLS Handshake Failure	8 Info http://185.196.8.176/7jshasdS/index.php http://185.196.8.176/7jshasdS/index.php http://193.233.255.73/loghub/master http://185.196.8.176/7jshasdS/Plugins/clip64.dll http://167.235.20.126/bjdm32DP/index.php http://167.235.20.126/bjdm32DP/index.php http://185.196.8.176/7jshasdS/Plugins/cred64.dll http://77.91.124.1/theme/index.php	25.8	M		ZeroCERT

9139	2023-11-03 18:20	timeSync.exe c5413f26ad9d6a74ed7e649f8001da14 Malicious Library UPX PE File PE32 OS Processor Check unpack itself					0.8			ZeroCERT

9140	2023-11-03 18:18	macoptic2.1.exe d6c5df23371399eb60055b93d7b80ea7 NSIS Malicious Library UPX PE File PE32 OS Processor Check Check memory Creates executable files unpack itself AppData folder crashed					3.2			ZeroCERT

9141	2023-11-03 18:18	jujoptics2.1.exe 0c57a7aae080fd2eac42a31fa5b7f051 NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself DNS	2 Keyword trend analysis	8	1		4.0			ZeroCERT

9142	2023-11-03 18:16	IGCC.exe 3e00f6658bc36989fe775244acce3cd0 LokiBot PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4		9.4			ZeroCERT

9143	2023-11-03 18:16	latestrock.exe 0bddfbdc76418c7fc877a5a11013dfee Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File PE32 .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Tofsee Ransomware DNS		2	4		11.0			ZeroCERT

9144	2023-11-03 18:13	nelfbinzx.exe 64e25a4134d33448d33c5d0d250394d6 PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself					1.4			ZeroCERT

9145	2023-11-03 18:12	sistem32.jpg 06cbe7e4119ca545f6420e7b4100e3d2 Admin Tool (Sysinternals etc ...) Malicious Library UPX AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows ComputerName DNS Cryptographic key DDNS crashed		2	1		9.6			ZeroCERT

9146	2023-11-03 18:11	cuzineeeeVBS_FILE.vbs 6e50413706aceea089f8a8c4f2d44ec6 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis	5	2		8.6			ZeroCERT

9147	2023-11-03 18:06	new_image.jpg.exe 6dab97885e747392758ea655733f6c35 Generic Malware Antivirus .NET DLL PE File DLL PE32 PDB					0.6			ZeroCERT

9148	2023-11-03 17:44	0j.ps1 034c1dc569ea0a5b13330c759a10df8d Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis				0.8			ZeroCERT

9149	2023-11-03 17:38	setup.rar d7b36686b22ecf8da8c34bf6d55ad331 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself PrivateLoader Tofsee DNS	2 Keyword trend analysis	7	2	1	4.8	M		ZeroCERT

9150	2023-11-03 15:54	1.exe 1819332f150048eed72a2d891390dad1 Emotet Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL PE64 DllRegisterServer dll MSOffice File CAB Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces sandbox evasion Tofsee Ransomware Windows Google ComputerName Remote Code Execution DNS	4 Keyword trend analysis Info http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe https://update.googleapis.com/service/update2?cup2key=12:fiH-rpFmRD_9K6RrmjLJh__4TUMN6H9j0EsLvPpPbKw&cup2hreq=d0876e1be58e78f6be4d5e4f2cb7dd29f25148548a5a47d58e905d10712788fc https://update.googleapis.com/service/update2	27 Info edgedl.me.gvt1.com(34.104.35.123) dns.google(8.8.4.4) www.google.com(142.250.76.132) www.gstatic.com(142.250.206.227) r1---sn-3u-bh2ss.gvt1.com(211.114.64.12) clients2.googleusercontent.com(142.250.206.225) accounts.google.com(142.250.206.205) _googlecast._tcp.local() apis.google.com(142.250.206.238) clientservices.googleapis.com(142.251.42.195) 142.250.207.65 216.58.203.78 211.114.64.12 172.217.175.227 142.250.204.131 142.250.206.225 - mailcious 142.250.204.110 142.250.199.68 142.250.66.99 34.104.35.123 216.58.200.227 142.250.76.138 - phishing 142.250.76.142 - mailcious 172.217.161.202 - malware 142.250.199.77 142.250.199.67 172.217.25.174 - mailcious	4		8.4			ZeroCERT