Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9766	2021-07-07 18:39	0706_5212302001979.doc fd70a32ed976a9a2dd46a8569b043149 VBA_macro OS Processor Check MSOffice File unpack itself					1.6			guest

9767	2021-07-07 18:42	wininit.exe fb7b2bec96a0b729f4fa0c0034d133e7 PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.4	M	15	guest

9768	2021-07-07 18:45	InvoicePO-03092021.jar 88811d5b8004bca2c3166e3cedd10fe3 NPKI OS Processor Check PE File DLL PE32 Malware download NetWireRC VirusTotal Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD IP Check Windows Java ComputerName DNS crashed	1 Keyword trend analysis	10	4		9.6		6	guest

9769	2021-07-07 22:34	0706_5212302001979.doc fd70a32ed976a9a2dd46a8569b043149 VBA_macro OS Processor Check MSOffice File unpack itself					1.6			ZeroCERT

9770	2021-07-07 22:55	0706_5212302001979.doc fd70a32ed976a9a2dd46a8569b043149 VBA_macro OS Processor Check MSOffice File unpack itself					1.6			ZeroCERT

9771	2021-07-07 22:59	0706_2354713505898.doc cb09a047963adcee78e1e33e2fe2271f VBA_macro OS Processor Check MSOffice File VirusTotal Malware unpack itself					2.4		25	ZeroCERT

9772	2021-07-07 23:04	SCO-Cyber-Advisory.docm ab5dac030dc5fc9ed802c0322168558b VBA_macro Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2			6.4		15	ZeroCERT

9773	2021-07-07 23:04	sysWow64.exe 60d234d54c25dcef19a64ded3a587072 PE File OS Processor Check PE32 VirusTotal Malware AutoRuns Windows ComputerName DNS		1			3.0		56	ZeroCERT

9774	2021-07-07 23:04	SOA-456612.exe 3c2a2030b37abcf39f1ad1af970360cf PWS .NET framework RAT Generic Malware Malicious Packer ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.6		43	ZeroCERT

9775	2021-07-07 23:11	require.06.30.21.doc ae17389c50df966455179ec5b5c3c75a VBA_macro AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception		2			6.6		29	ZeroCERT

9776	2021-07-07 23:16	InvoicePO-03092021.jar 88811d5b8004bca2c3166e3cedd10fe3 NPKI PE File DLL OS Processor Check PE32 Malware download NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD IP Check Tofsee Windows Java Email ComputerName DNS crashed	3 Keyword trend analysis Info http://ip-api.com/json/ http://edgedl.me.gvt1.com/edgedl/release2/chrome/ANHii5UY3d-4EiotgE5WL8M_91.0.4472.124/91.0.4472.124_chrome_installer.exe https://update.googleapis.com/service/update2?cup2key=10:1185578559&cup2hreq=210abae0c0bf4c085ef3a032bf41ca5b683c508249b56d231bc6b32b3afcc509	12 Info edgedl.me.gvt1.com(34.104.35.123) repo1.maven.org(199.232.196.209) github.com(52.78.231.108) - mailcious github-releases.githubusercontent.com(185.199.111.154) ip-api.com(208.95.112.1) str-master.pw() - mailcious 52.78.231.108 - malware 208.95.112.1 151.101.40.209 34.104.35.123 185.199.111.154 46.183.221.118 - mailcious	7 Info ET JA3 Hash - Possible Malware - Java Based RAT ET DNS Query to a *.pw domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET MALWARE STRRAT CnC Checkin ET POLICY External IP Lookup ip-api.com		11.0		6	ZeroCERT

9777	2021-07-07 23:18	포트폴리오_210628(경력사항도 같이 기재하였습니다 ... 586d6732d8c8d4045b05276f2a0cbf53 Malicious Library PE File PE32 VirusTotal Malware Check memory unpack itself DNS crashed		1			3.8		44	ZeroCERT

9778	2021-07-08 08:57	4126176342.pdf 44a2b52f7d137b07e12ff23e015ce6bf						M		ZeroCERT

9779	2021-07-08 08:59	MSBuild.exe 6c6fff843a38f7e8e39194e0c639ba70 Gen1 PE File OS Processor Check PE32 DLL JPEG Format Browser Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS	9 Keyword trend analysis Info http://103.153.76.164/we/duva/ http://103.153.76.164/we/duva//1.jpg http://103.153.76.164/we/duva//3.jpg http://103.153.76.164/we/duva//2.jpg http://103.153.76.164/we/duva//4.jpg http://103.153.76.164/we/duva//6.jpg http://103.153.76.164/we/duva//main.php http://103.153.76.164/we/duva//5.jpg http://103.153.76.164/we/duva//7.jpg	1			10.6	M		ZeroCERT

9780	2021-07-08 08:59	MSBuild.exe 9ffc562fb2a6e705358345db65c7782a Gen1 PE File OS Processor Check PE32 DLL JPEG Format Browser Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName DNS	9 Keyword trend analysis Info http://103.153.76.164/we/bles//5.jpg http://103.153.76.164/we/bles//7.jpg http://103.153.76.164/we/bles/ http://103.153.76.164/we/bles//1.jpg http://103.153.76.164/we/bles//3.jpg http://103.153.76.164/we/bles//2.jpg http://103.153.76.164/we/bles//4.jpg http://103.153.76.164/we/bles//6.jpg http://103.153.76.164/we/bles//main.php	1			10.2	M		ZeroCERT