Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9706	2024-05-28 09:32	asdf.exe 851b09408fb8c6d26d4bba579cc8a8ab AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		14 Info camo.githubusercontent.com(185.199.109.133) fonts.googleapis.com(142.250.196.106) widget.uservoice.com(104.17.27.92) www.google-analytics.com(142.250.206.238) 142.251.222.202 104.17.29.92 142.250.204.142 104.17.30.92 142.251.222.206 104.17.27.92 104.17.28.92 104.17.31.92 185.199.108.133 - mailcious 172.217.27.42	2		6.2	M		ZeroCERT

9707	2024-05-28 09:32	applovin_exo_ic_check.xml 73928838d0c864ea6c4b14e8b0df2e1c AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

9708	2024-05-28 09:32	applovin_exo_ic_audiotrack.xml e1b5ef9041ed0efcfa6414254aade698 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

9709	2024-05-28 09:32	applovin_exo_edit_mode_logo.xm... ae7a03fae5a74e7a34963cad7e012a47 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

9710	2024-05-28 08:57	applovin_exo_edit_mode_logo.xm... ae7a03fae5a74e7a34963cad7e012a47 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

9711	2024-05-24 10:58	iscsicli.exe ed7336086b1e5267c0d4863325956be2 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS		19 Info www.primeplay88.org(91.195.240.19) - mailcious www.touchclean.top(67.223.117.189) www.mrart.co.kr(183.111.183.31) - mailcious www.99b6q.xyz() - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.85) - mailcious www.besthomeincome24.com() - mailcious www.ibistradingco.com(93.127.196.51) www.terelprime.com(66.96.161.166) - mailcious www.kinkynerdspro.blog(54.38.220.85) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 194.9.94.86 - mailcious 67.223.117.189 66.96.161.166 - mailcious 45.33.6.223 93.127.196.151 183.111.183.31 - mailcious 94.23.162.163 198.12.241.35 - mailcious	3	12 Info http://www.aceautocorp.com/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.kinkynerdspro.blog/ufuh/ http://www.terelprime.com/ufuh/ http://www.primeplay88.org/ufuh/ http://www.terelprime.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.primeplay88.org/ufuh/ http://www.kinkynerdspro.blog/ufuh/	11.4	M	51	r0d

9712	2024-05-24 10:44	123.456 7b207ce9f9d71dfc2eaa2e959634a54d Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check VirusTotal Malware PDB Checks debugger					1.6	M	30	ZeroCERT

9713	2024-05-24 10:41	loudzx.scr ed7336086b1e5267c0d4863325956be2 Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser		15 Info www.primeplay88.org(91.195.240.19) www.mrart.co.kr(183.111.183.31) www.99b6q.xyz() www.besthomeincome24.com() www.xn--matfrmn-jxa4m.se(194.9.94.85) www.aceautocorp.com(198.12.241.35) www.kinkynerdspro.blog(54.38.220.85) www.terelprime.com(66.96.161.166) 91.195.240.19 - mailcious 54.38.220.85 - mailcious 66.96.161.166 45.33.6.223 194.9.94.85 - mailcious 183.111.183.31 198.12.241.35	1		10.4	M	51	ZeroCERT

9714	2024-05-24 10:07	tE6.xls 72b684c764f3fa2b4f7ecbc3a572c7a5 RedLine stealer Generic Malware Malicious Library PE File DLL PE32 .NET DLL VirusTotal Malware PDB					1.4	M	48	ZeroCERT

9715	2024-05-24 09:51	tE6.xls 72b684c764f3fa2b4f7ecbc3a572c7a5 RedLine stealer Generic Malware Malicious Library PE File DLL PE32 .NET DLL VirusTotal Malware PDB					1.4		48	ZeroCERT

9716	2024-05-24 09:44	room4.hta 409f1bada32d81974fd8606be4cbc943 Generic Malware Antivirus Malicious Library PowerShell PE File PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows Browser ComputerName DNS Cryptographic key	16 Keyword trend analysis Info http://20.86.128.223/room/rooma.exe http://www.antonio-vivaldi.mobi/fo8o/?I0NK=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&Lw8=oat1oSv http://www.magmadokum.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.goldenjade-travel.com/fo8o/?I0NK=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&Lw8=oat1oSv http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip http://www.rssnewscast.com/fo8o/ http://www.techchains.info/fo8o/ http://www.3xfootball.com/fo8o/?I0NK=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&Lw8=oat1oSv http://www.magmadokum.com/fo8o/?I0NK=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&Lw8=oat1oSv http://www.rssnewscast.com/fo8o/?I0NK=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&Lw8=oat1oSv http://www.kasegitai.tokyo/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.techchains.info/fo8o/?I0NK=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&Lw8=oat1oSv http://www.antonio-vivaldi.mobi/fo8o/ http://www.kasegitai.tokyo/fo8o/?I0NK=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&Lw8=oat1oSv	17 Info www.liangyuen528.com() www.magmadokum.com(85.159.66.93) www.techchains.info(66.29.149.46) www.kasegitai.tokyo(202.172.28.202) www.3xfootball.com(154.215.72.110) www.goldenjade-travel.com(116.50.37.244) www.antonio-vivaldi.mobi(46.30.213.191) www.rssnewscast.com(91.195.240.94) 202.172.28.202 85.159.66.93 - mailcious 116.50.37.244 46.30.213.191 - mailcious 66.29.149.46 91.195.240.94 - phishing 45.33.6.223 20.86.128.223 - malware 154.215.72.110	5 Info ET MALWARE FormBook CnC Checkin (GET) M5 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		14.6	M	27	ZeroCERT

9717	2024-05-24 09:44	lionisthekingofjunglewhoruleth... b03fb70c3be411363c911037b610df82 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2		4.2	M	38	ZeroCERT

9718	2024-05-24 09:41	lionsarekingbitmapimagesarebea... 292fc41f2ca899c90c5cf89ae7bb6852 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2		4.2	M	36	ZeroCERT

9719	2024-05-24 09:39	HHAMMOFATHEATBBDNN.jpg 3c79a6180ae2590450d46359924cb9c1 ZIP Format VirusTotal Malware					0.6	M	18	ZeroCERT

9720	2024-05-24 09:39	lionisthekingbuttigertrytobeco... 7450c0dcd0bafd974d4d9b976b84089b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2		4.2	M	34	ZeroCERT