Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9151	2023-11-03 12:33	JEQnFjDSDMbRhl.vbs 3acbcc1e0e59f0fa67e43c7e33a413c0 wscript.exe payload download Tofsee crashed		2	3		1.4			ZeroCERT

9152	2023-11-03 12:33	gRjYtXOvXOp.vbs f11a5ac557578737ef391c0b6ad4b333 wscript.exe payload download Tofsee crashed		2	3		1.4			ZeroCERT

9153	2023-11-03 12:23	lom30.exe 701ea7974b3f98830d636e93f836cfce Amadey RedLine stealer Gen1 Emotet SmokeLoader Generic Malware Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Confuser .NET Admin Tool (Sysinternals etc ...) PWS ScreenShot Javascript_Blob AntiDebug AntiVM PE File PE32 Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Email Client Info Stealer Malware powershell Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Stealc Stealer Windows Update Exploit Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	99 Keyword trend analysis Info http://77.91.124.1/theme/Plugins/clip64.dll - rule_id: 37036 http://193.233.255.73/loghub/master - rule_id: 37500 http://77.91.68.249/fuza/2.ps1 - rule_id: 37524 http://77.91.68.249/fuza/foto1661.exe - rule_id: 37636 http://77.91.68.249/fuza/tus.exe - rule_id: 37637 http://77.91.124.1/theme/Plugins/cred64.dll - rule_id: 37037 http://77.91.124.1/theme/index.php - rule_id: 37040 https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/V9SMX8ENNXW.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxxWA0Ljh5xWLEvAJ6NevMd7QB5iL9TprwZYNP8u-n9zXo51MmtGRn25Gjf78sQZ4KzK1Dc https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop https://accounts.google.com/generate_204?NO7qPw https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyyT4td1m_8jmCTuLflf4CGZrqIHYxNvv-75kjvDivr6JChBm-48E_vH0foop83wQC67d99m https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxVW6rLt9tLaC8ykc1nwAIgbdXX5n-L35f5sE1jqHcfiXjLMhDRqy2-fP8xGUFUaaXcJSrITA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-570376988%3A1698980725508326 https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png https://www.facebook.com/login https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyyidh94t-7_letWPwvjNQfl6I8TMheIR3px7R79ys-v-C3n_ey4IpHEeEFVPcsdPA92mVFQPw https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=8BlFIKwdZV37&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/EhJ0QrY2FBP.js?_nc_x=Ij3Wp8lg5Kz https://accounts.google.com/generate_204?phWHLQ https://accounts.google.com/generate_204?FM9MMw https://www.epicgames.com/id/login https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare https://www.youtube.com/img/desktop/supported_browsers/opera.png https://community.cloudflare.steamstatic.com/public/shared/images/header/btn_header_installsteam_download.png?v=1 https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyz4A49MvhLj_r5ov_AJY5BYrTyapUBFfv7BWCcUgyCaE1ee8Ou4w4nAiEXlupUrsDguPr4bQw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S856045394%3A1698980708442226 https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare https://accounts.google.com/ https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/eoEHQM4veKY.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxHmAuJ7cTrlJwP83uTJIwZEOmrXGcYW_i0uz5KMlDH1JsRYBc2MmUHjR6ye20L2fYuNPufuw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S537282805%3A1698980634624638 https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxa6sAB10RaHTDUTJBO3-eoyqwGJOMg6fq-JIxFpsnqcBSN8g6aim1IDWZ3iP__yBBnia-T&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S1879541505%3A1698980644017236 https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.520a7eda.chunk.js https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=F9Ougyu-CyG3&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/OeVbDlggYtT.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015 https://www.facebook.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyy7hCYNnf-0YByYNzHXr3uFjshUMd78hOZpACYJ4Y7BQwyeDu8hhNuK6JppcoPONOvNupzDtw https://accounts.google.com/generate_204?kjEEiA https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png https://fonts.googleapis.com/css?family=Roboto:400,500 https://fbsbx.com/security/hsts-pixel.gif?c=5 https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.10a25667.chunk.js https://connect.facebook.net/security/hsts-pixel.gif https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/RvHDSigkA0R.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=eYJYuhv32ILn&l=english&_cdn=cloudflare https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywosNhdGsuZdVCndGpS2K_jZJeHBslOkGyM_5Abhb0zccwpk0a_EpRThKNdW8KNTJvRtoAJFA https://fonts.gstatic.com/s/youtubesans/v22/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/M8A8jLevlDW.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/zSmMZJhuRfw.css?_nc_x=Ij3Wp8lg5Kz https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyGAuzn9a3z76ZcjJ_86wbJSidIfjfS9TcjHJMFLojLQH0IkqpoTM2fbcuLmlU3nQm3iQjlHg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1190693834%3A1698980664313585 https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywa7Mm0Zk8Gm5Hb9kGiEkDrs_pgduAfwvBWsacz3D950CTr9Khe11ewNMaKJf4MaAiHmWs_ https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/7O04Eyj-1fg.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxVtPgesztclkUEaiZDNru1Lk12ZQXjId8z3gxpZ4pOLgUmGhg-fxuwVplGdjkIvsmeJrFYuA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-871854372%3A1698980704315173 https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=Vbm1kuHoXmMB&l=english&_cdn=cloudflare https://accounts.google.com/generate_204?Mxmnvw https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 https://steamcommunity.com/openid/loginform/ https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=tSnvragsq7Tn&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare	43 Info ssl.gstatic.com(142.250.207.99) www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) community.cloudflare.steamstatic.com(172.64.145.151) www.paypal.com(151.101.193.21) store.steampowered.com(23.40.44.77) www.youtube.com(172.217.31.142) - mailcious static.xx.fbcdn.net(157.240.215.14) steamcommunity.com(104.76.78.101) - mailcious static-assets-prod.unrealengine.com(18.64.8.66) fbcdn.net(157.240.215.35) connect.facebook.net(157.240.215.14) twitter.com(104.244.42.1) accounts.google.com(142.250.206.205) fonts.gstatic.com(142.250.207.99) facebook.com(157.240.215.35) www.google.com(142.250.76.132) fonts.googleapis.com(142.250.207.106) www.epicgames.com(52.204.190.22) 142.251.130.3 23.40.44.77 18.64.8.109 77.91.124.1 - malware 193.233.255.73 - mailcious 146.75.49.21 104.244.42.129 - suspicious 104.94.217.48 142.250.204.46 172.217.31.3 142.251.220.78 172.64.145.151 77.91.124.86 104.75.41.21 - mailcious 142.250.66.45 157.240.215.35 77.91.68.249 - malware 52.45.237.32 157.240.215.14 104.76.78.101 - mailcious 216.58.200.228 54.175.89.124 18.64.8.127 142.250.66.42	19 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO PS1 Powershell File Request ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		27.4	M		ZeroCERT

9154	2023-11-03 12:10	IGCC.exe 2558474300fbc1c4e924d1cb077696ad Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	3 Keyword trend analysis Info http://www.vandistreet.com/sy22/?GVW8=ebYri2VV/sCK3b5rVJ3RboTDPGX+2LyTyMxHYnpzeShqSQ1cgB3Zd9ZvGXgE+e2ljlV5J+6Q&uldX=kjFPdVD0hnWHFJ - rule_id: 37797 http://www.rollesgraciejiujitsu.com/sy22/?GVW8=wNOPQ9lPL0LlPifzaFD7oS/J4vOv5L9Eq5jAtNxi81+z9IaaPyU3XhbcbjJzUPxyEBlmVqqy&uldX=kjFPdVD0hnWHFJ http://www.docomo-mobileconsulting.com/sy22/?GVW8=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&uldX=kjFPdVD0hnWHFJ - rule_id: 35906	8	1	2	3.0	M		ZeroCERT

9155	2023-11-03 12:08	yandexzx.exe 92221d94e74c8903e418ad51caaa12ba PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself					1.4			ZeroCERT

9156	2023-11-03 12:06	yulzx.exe b38dc9fdc7cb07f8ccd59ed9f1c03b69 LokiBot PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		4	5		10.6			ZeroCERT

9157	2023-11-03 10:38	macringa2.1.exe f231a02d229e5f504eacc706629ae2f1 NSIS Malicious Library UPX PE File PE32 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself					3.8	M	51	r0d

9158	2023-11-03 10:33	macringa2.1.exe f231a02d229e5f504eacc706629ae2f1 NSIS Malicious Library UPX PE File PE32 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself					3.8	M	51	r0d

9159	2023-11-03 10:05	marikolock2.1.exe 1b4bc7eb054142c70e87755de845e039 Formbook NSIS Malicious Library UPX PE File PE32 OS Processor Check FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself Windows utilities AppData folder Windows	1 Keyword trend analysis	4	1	1	6.4	M	53	r0d

9160	2023-11-03 09:33	marikolock2.1.exe 1b4bc7eb054142c70e87755de845e039 NSIS Malicious Library UPX PE File PE32 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself					3.4	M	53	r0d

9161	2023-11-02 17:02	Xiu2Xiu.exe 07f36f03342b3b07ecfb8498d0e078a2 Gen1 Malicious Library UPX ASPack Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ftp wget DllRegisterServer dll Malware Check memory Creates executable files unpack itself Ransomware					2.8			ZeroCERT

9162	2023-11-02 14:36	File.rar c18fbc972354abb0fd945ffccbb93ad3 PrivateLoader Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Malware c&c Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows RisePro DNS	40 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://91.92.243.151/api/tracemap.php http://91.92.243.151/api/firecom.php http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://185.172.128.69/newumma.exe - rule_id: 37499 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://apps.identrust.com/roots/dstrootcax3.p7c http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://ronaldrichards.icu/e9c345fc99a4e67e.php http://www.maxmind.com/geoip/v2.1/city/me http://94.142.138.113/api/tracemap.php - rule_id: 28877 http://171.22.28.226/download/Services.exe - rule_id: 37064 https://sun6-23.userapi.com/c909618/u26060933/docs/d4/7caf185e1947/Risepro.bmp?extra=7FXlsGxLQIPRYANXa3bqeG3hcbsNS0dKcak4PUGs8R5-_JslfV8EU9fv6FJOQdvEaI1m1FTJU93cK7oTMfBwNuFssszLscrz9Cp-PC8h5_cL92W_KwdOMx337cegLJS56Rsdw-WyUI_Npc2h https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-21.userapi.com/c909218/u26060933/docs/d31/c926cfacc1f4/new_go.bmp?extra=HtQcuH2QjM0315WmkJdVH1mdYBSvv064tAbEOg4LDcetY4TZLtnYzavt2XLLjq0NXXZQ-680zJ-uVhjhhGOj1dze70rfMIe3a_Ln3Lk-sWoOm4TTPqeibD4bjeVEAMiqwFd9f9Ip5nM3qbmH https://vk.com/doc26060933_667226611?hash=3AOa9zwJbxnrXLo5M1UNZwTTDvxsoWSyfwgmxISqqxL&dl=HnSve9vk6MIyt0bE2UGvnGrn7uoz7zwDsDLBVNodlP4&api=1&no_preview=1#riseK https://vk.com/doc26060933_667223635?hash=qzxpj41H7aJKGYAkotcS9kwFdHSU9KQawZjeS9cVst4&dl=iEliVZrkZcesylYAmZs8zvhVjQpPOUAfyAIZcvJVbPH&api=1&no_preview=1#ww11 https://sun6-22.userapi.com/c237331/u493219498/docs/d54/970161281382/tmvwr.bmp?extra=i927vrM_3T63rdgS7FcQie8v-JlaGdg4vrToGaMBTqwShIMTwkEVKCvfe9GoqbuPE_z5vIJs-kAStdG0VWdxGQ9kAITbxJ2ZhF92v5EIR_XuU2MfpG0xGXk2ybTmc8Gf8fEMNTEZ1sgmkstkcA https://api.ip.sb/ip https://fdjbgkhjrpfvsdf.online/setup294.exe https://vk.com/doc26060933_667223519?hash=4h0hZRp0TSlGi1za4NQqeUs4Z2Owa7H8HcgLzZogiBc&dl=4yZXwXXDHBqFHcM30tryxz8P1qRNU3LWlwbmQoruwmL&api=1&no_preview=1 https://db-ip.com/ https://vk.com/doc26060933_667234651?hash=Rv3y1hZYldejZNTzjJxgzdYVgzKs0azR7LT5gowzNJT&dl=fEH5j2bjnO3mwDbqODuUYTgMkVbKBYVrBOOWxCsJzJ0&api=1&no_preview=1 https://vk.com/doc26060933_667218383?hash=7UW057pOa1xiEe10gtJ3QSwoTJDrSVPqZuGSbstptEH&dl=yqIEoQoYSd5j0zYFeVKTzHy16DTH1wq1kX6PBuZazRX&api=1&no_preview=1#bnf https://dzen.ru/?yredirect=true https://vk.com/doc26060933_667215509?hash=G3Jm1EaMJVztPO45r3HxRNlS4ZgetOknNtYy2avkFPw&dl=8fjE5gX9uYKwtbhjDbbqZIfJvR8v4T4lyZisCWbPlgc&api=1&no_preview=1#1 https://sun6-20.userapi.com/c909218/u26060933/docs/d16/6de25ac9c8b9/s2as2fad.bmp?extra=93M5T4Pa8Q3v-6wCV0cMg-imldFl3M7pP9fiQWexCQVfAHR6bOaCYNmIhblaorz2ajVnq9ITftW-KCQwspVW7DbtPyDFKCTvp9SEcQHaQMAlrKO5x90RNNH-89CyjAZ03dQGY6Leo9A9oUVa https://sun6-20.userapi.com/c237331/u825067038/docs/d49/f3d174c7d126/PL_Client.bmp?extra=XDfkwfVkwRcivpIteb_RsNhr6eqpk3Sh24NjsrJ7nR2EAq93CkJ7kmPRE49s-PptoRkiv1DlMYMm4G-EjxMy3ZKbg-9BUhc0NtHIuZM8phnB22dI5a_tz7k-BACUbK_qxxTb405WhzGYuI1t0w https://sun6-20.userapi.com/c909218/u26060933/docs/d22/a35d812ef006/RisePro.bmp?extra=LgPIMsxlbkpwHU5tCRY0vgUUAviiE7g7nMwb1oAv7HySSrauv2XjWksVWa7ZlFA3JXksarqScqvGtt1ETuNK6vMq7PyUQYgR2vLJ_T_aOnDWK_TKXwfUgdLiFLt-hsv4qpwsSsSIRWLoQTI1 https://sun6-21.userapi.com/c235031/u26060933/docs/d60/aadf300fd920/BotClients.bmp?extra=WDt2JKhhn-eQrPHTN9X8R0bO_tJ9q0myEWR4olRZdoa3canBj-lmFAG5cGCHMWcveqzg7IA6SkZEgaXn7_yF1ZPOhbnbI4vHz0fiMpVF8qWL4pijOcDsVf6aNjPpO0eOG8p1J66TE-BKQC-h https://sun6-21.userapi.com/c235031/u26060933/docs/d17/f2f6f33ee91f/WWW11_32.bmp?extra=YkAJ9WwBghZQCvm2tl1uLbMufgtzR6Yn6c26ciwed5aKCO-Rw-yV4cJfXn8nio3l8RYZVp2QwfyPiYJ8Q8fOOfhA000eXJmSBorA7IDhKGejIp04_2OVOLLWjtHDUIjGYHzdNUwjv2l33dHB https://sun6-21.userapi.com/c237031/u493219498/docs/d9/c7fc8ca88f65/file291023.bmp?extra=HJE0rWNAwxwlZMpDm0nMXfYfAV0NPcx59BCa43IG_bXuChoyS7uFn7bse_58CEa8kk12QRrnh7q-Dw-GenGfCBz-k2gxOG-kXj-MvZt78r50ec_AmOipYf-TCxGK9M1dCTfKr6B4BlweimH5oA https://vk.com/doc26060933_667166279?hash=ZwaE4tvZWFZCd2bm3WcrC9P0n7U9VIU9U93MzzIkiVg&dl=pnJSpAC8qJBqMfKXSgNNzjPf12azGKZWlyCFZ86hE2P&api=1&no_preview=1#risepro https://sso.passport.yandex.ru/push?uuid=378496ab-5899-48b7-bf10-80f50778653f&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc26060933_667204817?hash=6lgEzCTOqGu7pXY0CjbNe2FXz4rab735i6AEdl7puVw&dl=U0RHXi4KJa141aANcboV7iQspCTlmbxFsgLwQz9bGwc&api=1&no_preview=1#maff https://sun6-21.userapi.com/c909418/u26060933/docs/d20/171a1ad09e5c/crypted.bmp?extra=USOyMI-QrVD8ahA0mCuN1w-bxZzgqjcqo6Tzt3gOhGAsI0yQDB1U4gyXEOkH9dOBYLRqxIH032ISFZcZOEZ5KTf6gzdM_yJlTG3ITv6KbMFD9NzdtpVOIBX0BWIXmrNdeuJ6DUaJj52BUDaE https://sun6-23.userapi.com/c236331/u26060933/docs/d36/f582a2f7d651/mggkfn.bmp?extra=kXzl1fMGvZsozKZ51_V9AIUJOViBXHnvbHtPIo-fm1QSon9y47f4eu5t1tnXJsZ-9Yn_qH0wPULruDXEJv5YPVFLCVB8tJk2Mcs-BJAZWoU6geCJmdzITbv3Y6p0_tmBtcEYUqbBEK0nsfd6 https://api.2ip.ua/geo.json	62 Info db-ip.com(104.26.5.15) dl54-broomcleaner.icu(193.106.175.190) - malware ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) - mailcious yandex.ru(5.255.255.70) dzen.ru(62.217.160.2) medfioytrkdkcodlskeej.net(91.215.85.209) - malware ronaldrichards.icu(193.106.175.190) api.2ip.ua(172.67.139.220) iplogger.org(148.251.234.83) - mailcious twitter.com(104.244.42.129) telegram.org(149.154.167.99) sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(104.26.5.15) sun6-21.userapi.com(95.142.206.1) - mailcious sso.passport.yandex.ru(213.180.204.24) michaelcoleman.icu(193.106.175.190) - malware api.ip.sb(172.67.75.172) iplogger.com(148.251.234.93) - mailcious zexeq.com(190.139.250.133) - malware fdjbgkhjrpfvsdf.online(172.67.139.27) api.myip.com(104.26.9.59) sun6-22.userapi.com(95.142.206.2) - mailcious www.maxmind.com(104.18.145.235) vk.com(87.240.132.78) - mailcious iplis.ru(148.251.234.93) - mailcious 148.251.234.93 - mailcious 194.169.175.128 - mailcious 104.18.146.235 93.186.225.194 - mailcious 185.225.75.171 - mailcious 172.67.139.27 - mailcious 62.217.160.2 104.244.42.1 - suspicious 104.26.5.15 208.67.104.60 - mailcious 5.255.255.70 149.154.167.99 - mailcious 213.180.204.24 121.254.136.18 185.173.38.57 194.49.94.40 194.49.94.41 171.22.28.226 - malware 34.117.59.81 148.251.234.83 104.26.8.59 95.142.206.0 - mailcious 91.92.243.151 185.172.128.69 - malware 94.142.138.131 - mailcious 94.142.138.113 - mailcious 91.215.85.209 - mailcious 45.15.156.229 - mailcious 172.67.75.172 - mailcious 104.26.4.15 95.142.206.3 - mailcious 95.142.206.2 - mailcious 172.67.139.220 211.168.53.110 193.106.175.190 - malware 95.142.206.1 - mailcious	34 Info ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO DNS Query for Suspicious .icu Domain ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious services.exe in URI ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO HTTP POST Request to Suspicious *.icu domain ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	8 Info http://94.142.138.131/api/firegate.php http://45.15.156.229/api/tracemap.php http://94.142.138.131/api/tracemap.php http://185.172.128.69/newumma.exe http://45.15.156.229/api/firegate.php http://zexeq.com/test2/get.php http://94.142.138.113/api/tracemap.php http://171.22.28.226/download/Services.exe	7.0	M		ZeroCERT

9163	2023-11-02 10:48	WJveX71agmOQ6Gw_1698762642.jpg... 83c130bed712ef7ac4297b9c9d5f70e9 Generic Malware Antivirus .NET DLL PE File DLL PE32 VirusTotal Malware PDB					1.0		8	ZeroCERT

9164	2023-11-02 10:32	10dsb.vbs d58c876cdf890b6b626d3018a865bbbc Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.8		7	ZeroCERT

9165	2023-11-02 10:31	Vbs-File0008765putty.vbs 359f4448782994c2b42aa0027ee021db LokiBot Generic Malware Antivirus Socket ScreenShot PWS DNS AntiDebug AntiVM PowerShell FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Software	2 Keyword trend analysis	3	1	1	16.2	M	17	ZeroCERT