Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10141	2024-05-01 16:59	wearegoingtobegoodwithmebecaus... f34f96b8cd842e5709a476360c30a4d2 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader		1	7 Info ET MALWARE Possible MalDoc Payload Download Nov 11 2014 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	37	ZeroCERT

10142	2024-05-01 16:57	realtekmonitor.exe 6adbec7e5713644931e8e5815ed56356 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware					1.4	M	24	ZeroCERT

10143	2024-05-01 16:57	iwanttokiswithlotoflovesheismy... d1ff78be8248efe25e0710b7508f4d59 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2		5.0	M	37	ZeroCERT

10144	2024-05-01 16:56	shitload.exe 36010b83bccfcd1032971df9fc5082a1 Worm Phorpiex Generic Malware Malicious Library Downloader Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware Buffer PE AutoRuns Malicious Traffic Checks debugger buffers extracted Creates executable files ICMP traffic Disables Windows Security AppData folder Windows Update DNS	9 Keyword trend analysis	25 Info www.update.microsoft.com(20.72.235.82) 109.74.69.43 188.212.231.63 213.246.19.117 185.215.113.66 - malware 92.47.143.130 189.222.182.86 31.186.54.5 176.15.59.1 193.233.132.177 - malware 213.230.126.39 151.234.226.175 178.184.11.31 5.238.133.220 20.72.235.82 92.46.174.254 189.190.10.16 134.35.173.140 92.124.148.61 89.43.220.234 5.234.235.21 91.202.233.141 95.59.235.26 46.35.86.48 151.233.21.215	4	3	13.8	M	57	ZeroCERT

10145	2024-05-01 16:55	svchostMon.exe f5a52d7f38e29a3749139aef116c1809 PE64 PE File Malware download Amadey VirusTotal Cryptocurrency Miner Malware Malicious Traffic unpack itself DNS CoinMiner SilentCryptoMiner	1 Keyword trend analysis	5	3		3.0	M	54	ZeroCERT

10146	2024-04-30 10:06	PAP46E1UkZ.exe bb1cb5cd557cac752ccea3f4ba806709 Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE64 PE File ftp OS Processor Check DLL PE32 ZIP Format VirusTotal Malware Check memory Creates executable files AppData folder Ransomware					4.0	M	37	ZeroCERT

10147	2024-04-30 09:58	wintheheartofgirlwithagreatach... e2472b7b35b13c00ae9bdf975d0c97a9 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2		5.0	M	35	ZeroCERT

10148	2024-04-30 09:56	bim.msi f83ed040b4e52088817df73ef51fe0d3 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName DNS		1			3.2		4	ZeroCERT

10149	2024-04-30 09:53	TelemetryBridge32.exe 9dff1716e2e555ff3c468ff97cae7879 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself DNS crashed		2			2.6	M	19	ZeroCERT

10150	2024-04-30 09:53	2503.msi 455bf264e54b9c7b8d0ff9b37443930f Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check Tofsee ComputerName	15 Keyword trend analysis Info http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAooSZl45YmN9AojjrilUug%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt http://cacerts.digicert.com/DigiCertTrustedRootG4.crt https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9d755037-90b8-4efb-a244-0c93cfed1d39&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=10d6f7ca-f3ad-47d4-9eb3-644f1fff3fa9&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9136a7bb-a943-4340-87ea-3d7007e9ae9c&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d906b067-e718-4b04-847f-7ab206d48dd6&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0eabdbf1-beaf-4272-a144-a84870a9d7df&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/36.7/AgentPackageAgentInformation.zip?+NlMC3zhv2neysJ0KxWrVu4y9D3I3oIn2psIKH5NnT/5nIlqdiP+ExkXbXUrK5Ez https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/819da2a6-9fa4-4574-be40-60b373c39516/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d3cb1d72-57ed-43aa-99ca-eed7fe302eb3&tr=35&tt=17144381852163526&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/819da2a6-9fa4-4574-be40-60b373c39516/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f0b99e74-7fd7-4a1e-8b4b-0fe005b09115&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/819da2a6-9fa4-4574-be40-60b373c39516/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=43a100d6-9441-4853-b22e-5183c58cb1c7&tt=0&uuid=819da2a6-9fa4-4574-be40-60b373c39516 https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/819da2a6-9fa4-4574-be40-60b373c39516/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a5094973-27d3-469c-96e6-85b45f0479b7&tr=35&tt=17144381874729437&uuid=819da2a6-9fa4-4574-be40-60b373c39516	9	1		4.2		10	ZeroCERT

10151	2024-04-30 09:52	LPE_ALL.exe fc36ebc7382bec2df0e88995a1cec452 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware PDB suspicious process WriteConsoleW					2.0	M	27	ZeroCERT

10152	2024-04-30 09:50	index.php 87f8958f40e487f7d816cd1aaf52fa84 NSIS Generic Malware Malicious Library UPX PE File PE32 OS Processor Check suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName					5.2	M		ZeroCERT

10153	2024-04-30 09:49	SharpHound.exe aaf1146ec9c633c4c3fbe8091f1596d8 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					3.0	M	56	ZeroCERT

10154	2024-04-30 07:43	procexp64.exe 7e7eaa8aebc4026be3b56b965b0d8947 Emotet Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE64 PE File OS Processor Check PDB Check memory RCE crashed					0.8	M		ZeroCERT

10155	2024-04-30 07:41	sdp.exe aaece4bfe9aef86a5af44fd1bd5d7b1b PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW ComputerName					2.4	M	42	ZeroCERT