Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10156	2023-07-20 07:34	idbkiidbkidibkidibkidbkidibki%... 072892874a099e1dc789a8c94a38ce7b MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	3		4.6		31	ZeroCERT

10157	2023-07-20 07:03	smbscanlocal-1bf850b4d9587c101... 1bf850b4d9587c1017a75a47680584c4 UPX PE File PE32 VirusTotal Malware WriteConsoleW					3.0	M	56	guest

10158	2023-07-20 06:58	smbscanlocal-1bf850b4d9587c101... 1bf850b4d9587c1017a75a47680584c4 UPX PE File PE32 VirusTotal Malware WriteConsoleW					3.0	M	56	guest

10159	2023-07-19 15:41	smbscanlocal-1bf850b4d9587c101... 1bf850b4d9587c1017a75a47680584c4 UPX PE File PE32 VirusTotal Malware WriteConsoleW					3.0	M	56	ZeroCERT

10160	2023-07-19 15:39	watchdog.exe 8e67f58837092385dcf01e8a2b4f5783 UPX PE File PE32 VirusTotal Malware Creates executable files WriteConsoleW Trojan DNS		1			4.6	M	58	ZeroCERT

10161	2023-07-19 15:38	ChromeSetup.exe 70462b94519e8f0354cdde7584e536ce NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Creates executable files RWX flags setting unpack itself AppData folder Windows Email ComputerName crashed	1 Keyword trend analysis	4	2		6.8	M	39	ZeroCERT

10162	2023-07-19 15:36	dollzx.exe 948b8c028268c704b439071a9fe65538 Formbook UPX .NET framework(MSIL) AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	3 Keyword trend analysis Info http://www.qcekilps.cfd/xy18/?tVm0=CobHos0ThlylGiAR2zv9RvzHI+kC/8Rc/SjBmoL5wtzyxr1JtCEg9O7v3RA+ey7kApaOT51Q&U48Ho=NtetP4UP-6iH6twP http://www.ktkequipment.com/xy18/?tVm0=rlnqg79HyDd2tQF7x0KFF1quRFOsgzpqr/yEKpdcbBK9rQNvTE641ocQblQ5wb+rgoxEVrgd&U48Ho=NtetP4UP-6iH6twP http://www.ex-sideproject.com/xy18/?tVm0=X56z6+zy1MKrxoKWKU//XnGdtRx6ueWJln4Kjq7+x+gu62rHDZsWTxOq5YLIV5B2+0bJxpLu&U48Ho=NtetP4UP-6iH6twP	6	1		8.6	M	30	ZeroCERT

10163	2023-07-19 15:35	11.sfx.exe 1ac19ec30a52e2b8c80bd93f8aab003a UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Creates executable files Remote Code Execution					2.8		34	ZeroCERT

10164	2023-07-19 15:03	File_pass1234.7z 46ad54c4ee3c4d92f87f62c0d7ca7c38 Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself IP Check PrivateLoader Tofsee Fabookie Stealer Windows Remote Code Execution Trojan DNS Downloader	27 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://zzz.fhauiehgha.com/m/okka25.exe http://aa.imgjeoogbb.com/check/safe - rule_id: 34652 http://aa.imgjeoogbb.com/check/safe http://176.113.115.84:8080/4.php - rule_id: 34795 http://176.113.115.84:8080/4.php http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://45.15.156.229/api/tracemap.php http://87.120.88.198/g.exe - rule_id: 35229 http://87.120.88.198/g.exe http://aa.imgjeoogbb.com/check/?sid=461810&key=12d22f1e6641af4b6121fa40717f1c68 - rule_id: 34651 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 http://77.91.68.3/home/love/index.php - rule_id: 35049 http://www.google.com/ http://194.169.175.138:3002/file.exe - rule_id: 35230 https://vk.com/doc808950829_664443643?hash=BMSfO07vvSfVgzBLa3AhQ2T8ZfTsYk5klLKtxOZyNZT&dl=PkFfe0R1U4A4nZCFzzMLIHdvp6Lpl8cZoPyc3f4s1g0&api=1&no_preview=1#3 https://sun6-22.userapi.com/c909218/u808950829/docs/d53/58e33ed5db21/h8d337t1s6ya.bmp?extra=CPXirvuFil6wae1g7IzRKLCuKaBG5TMNvah7vd8GEz_qhtFRRku91mgqgiq76or0u2ti2o0zTN89ctJv3eG53ZlBxfMxw-IYA776yUdrGBSY26Z4EfetiDoRLEeWerrhtc2_i9f6b90E94we8g https://sun6-22.userapi.com/c237331/u808950829/docs/d28/86e75507997e/PMmp.bmp?extra=gA4zaT6Xr3h2ftzx9AuPCMbqvjUtc-wRsrEKNOhevLqt_SZZwdVTPal8iTx6xd2U97xgKU53JupP_eejmSYNdmzSQRzU982T2aZornEsede4YUpcvteGCqHEQW4bsNatQleffyY9lAwLiXRnZg https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-22.userapi.com/c237031/u808950829/docs/d38/ea4433a2b522/RisePro_0_2_9rOsvaKa1eDf138eBlTl.bmp?extra=DnpHLlKvtxovB1KUV49UCSmwoMRpKlllUvvs5vFdMDd9kEn--_oArRN2soMPvOpEI-bb2dSpQpeWyz19HgECB7QD057wQXbgM_yxe6Qe4PwZmwkS5S0weMFY6E7oO0zeiqN5poXsMtje8Ga45g https://sun6-21.userapi.com/c236331/u808950829/docs/d20/0cef145379dd/3.bmp?extra=sissnLmA8_-6n9mrlaFvFGqsuE8xRQHYK27yqnUnxwCijQuiveAV-H1daYlYFGiEZwSXhdTHhRGRsJ1mxNlypFuQCV04gy5jZ4xe1_1nBm9bazUTI_xskEd39VLXPyTmLgdCohnnm6fC-d9b4Q	60 Info www.maxmind.com(104.17.215.67) iplis.ru(148.251.234.93) - mailcious www.google.com(142.250.76.132) api.myip.com(104.26.9.59) hugersi.com(91.215.85.147) - malware camoverde.pw() - malware sun6-22.userapi.com(95.142.206.2) zzz.fhauiehgha.com(156.236.72.121) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) aa.imgjeoogbb.com(154.221.26.108) - mailcious us.imgjeoigaa.com(103.100.211.218) - mailcious iplogger.org(148.251.234.83) - mailcious fastpool.xyz(213.91.128.133) - mailcious astergo.in(194.195.113.17) db-ip.com(104.26.4.15) vk.com(87.240.137.164) - mailcious vanaheim.cn(46.173.215.12) api.db-ip.com(104.26.5.15) 87.120.88.198 - malware 148.251.234.93 - mailcious 194.169.175.128 - mailcious 154.221.26.108 - mailcious 91.215.85.147 - malware 62.122.184.92 104.26.5.15 176.123.9.85 - mailcious 80.66.75.254 45.12.253.74 - malware 80.66.75.4 172.67.75.163 77.91.68.56 - mailcious 77.91.124.40 - malware 194.26.135.162 - mailcious 87.240.132.67 - mailcious 157.254.164.98 - mailcious 46.173.215.12 34.117.59.81 142.251.220.36 176.113.115.84 - mailcious 176.113.115.85 194.169.175.138 - malware 148.251.234.83 176.113.115.135 176.113.115.136 194.195.113.17 94.142.138.131 - mailcious 176.123.9.142 - mailcious 104.17.214.67 156.236.72.121 - mailcious 45.15.156.229 - mailcious 104.26.4.15 147.135.165.22 - mailcious 163.123.143.4 - mailcious 95.142.206.1 - mailcious 45.143.201.238 77.91.68.3 - malware 95.142.206.2 103.100.211.218 - malware 213.91.128.133 - mailcious	27 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.pw domain - Likely Hostile ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO TLS Handshake Failure ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET DROP Spamhaus DROP Listed Traffic Inbound group 27 ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY Cryptocurrency Miner Checkin ET DROP Dshield Block Listed Source group 1	12 Info http://94.142.138.131/api/firegate.php http://hugersi.com/dl/6523.exe http://zzz.fhauiehgha.com/m/okka25.exe http://aa.imgjeoogbb.com/check/safe http://176.113.115.84:8080/4.php http://45.15.156.229/api/tracemap.php http://87.120.88.198/g.exe http://aa.imgjeoogbb.com/check/ http://94.142.138.131/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg http://77.91.68.3/home/love/index.php http://194.169.175.138:3002/file.exe	7.0	M		ZeroCERT

10165	2023-07-19 14:41	미군 구인공고 웹사이트 주소 및 사용방법 안내.zip... 6277fee38a64f218291c73db5326e1bf ZIP Format VirusTotal Malware					0.4		7	ZeroCERT

10166	2023-07-19 14:31	dma.hta 9302aa42d7bd92c8bfe93a441fe7b147 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed			2		9.2		17	ZeroCERT

10167	2023-07-19 09:38	CTFMON.EXE 842b0d0eb01716a9f526acd866d8bad3 Emotet Gen1 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware Malicious Traffic Check memory unpack itself	1 Keyword trend analysis	2	1		2.6		25	ZeroCERT

10168	2023-07-19 09:26	Multi National Recruitment Sys... 3c5aacd54c4f9baa9a58423b3fe0969d Antivirus AntiDebug AntiVM GIF Format VirusTotal Malware Code Injection Creates shortcut suspicious process WriteConsoleW					2.4		3	ZeroCERT

10169	2023-07-19 09:16	Document_of_file_newshipment_p... 5d13e163a153f92e5f656a1fd26269df VirusTotal Malware wscript.exe payload download Check virtual network interfaces Tofsee DNS crashed	3 Keyword trend analysis	5	2		3.0		20	ZeroCERT

10170	2023-07-19 09:15	DIEN TT_SACOMBANK 15052023_907... e70e36db9a2ee974d0f245b469b0b7c7 Suspicious_Script_Bin UPX Malicious Library PE File PE32 PNG Format DLL OS Processor Check PE64 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed					3.8		39	ZeroCERT