Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1006	2024-08-17 22:18	tuesdayequitossssdroiudMPDW-co... 7a3fa640d6740b436c7fb40056e94edc Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	3	1		8.2		2	ZeroCERT

1007	2024-08-17 22:18	file1.exe a107fbd4b2549ebb3babb91cd462cec8 Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 PowerShell OS Processor Check PE64 DLL Browser Info Stealer Malware download VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW anti-virtualization installed browsers check Tofsee CryptBot Windows Discord Browser ComputerName DNS Cryptographic key crashed	8 Keyword trend analysis Info http://tvezx20pt.top/v1/upload.php http://194.58.114.223/d/385104 - rule_id: 41929 http://58yongzhe.com/parts/setup1.exe - rule_id: 42034 http://91.121.59.207/Files/6ec431703915b7c3a66be6ef8e2bf8f9.exe http://91.121.59.207/Files/Channel1.exe https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://cdn.discordapp.com/attachments/1272578305203110022/1274336696627892317/setup.exe?ex=66c1e208&is=66c09088&hm=d301fab09c009c8ddf7bbdaccf84e9e284b1d644909338534cae1eab5b7ee0ef&	12 Info tvezx20pt.top(77.232.42.234) 58yongzhe.com(62.133.62.93) - malware pastebin.com(172.67.19.24) - mailcious yip.su(104.21.79.77) - mailcious cdn.discordapp.com(162.159.133.233) - malware 91.121.59.207 77.232.42.234 104.21.79.77 - phishing 162.159.135.233 - malware 62.133.62.93 194.58.114.223 - mailcious 172.67.19.24 - mailcious	13 Info ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 ET HUNTING Redirect to Discord Attachment Download	4	19.8	M	56	ZeroCERT

1008	2024-08-17 22:17	sss.exe f93a30378f7682e1bf9f4adfbe5729be Generic Malware Malicious Library Malicious Packer .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check JPEG Format VirusTotal Malware Telegram Malicious Traffic Windows utilities IP Check Tofsee Windows DNS	2 Keyword trend analysis	7	7 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET POLICY IP Check Domain (icanhazip. com in HTTP Host) ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com) ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed Wifi Geolocation Domain (api .mylnikov .org in TLS SNI)		3.4		60	ZeroCERT

1009	2024-08-17 22:16	gsprout.exe 92ae7a1286d992e104c0072f639941f7 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Malicious Traffic DNS	1 Keyword trend analysis	1			3.0	M	51	ZeroCERT

1010	2024-08-17 22:14	zzzz1.exe a5c740eb48fafb9b25d06c22b6f4a7e9 Gen1 Generic Malware Malicious Library UPX Antivirus Malicious Packer Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.2	M	41	ZeroCERT

1011	2024-08-17 22:14	seethesmoothofbutterburnwhicht... d18067e4be9ca434241869dda26c5f8f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	39	ZeroCERT

1012	2024-08-17 22:12	1111.exe 7b0e99178f36fa152761f55ccd20a2ab Malicious Library PE File PE64 Check memory Checks debugger unpack itself Windows Cryptographic key crashed					1.2	M		ZeroCERT

1013	2024-08-17 10:20	contorax.exe 771b8e84ba4f0215298d9dadfe5a10bf Malicious Library PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					2.0		21	ZeroCERT

1014	2024-08-16 18:36	Mnemonic.chm 55c6005f361c9011182379ba8f7a875f Gen1 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM CHM Format PE Fil VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows					5.4		42	ZeroCERT

1015	2024-08-16 18:35	님.jse 7756b4230adfa16e18142d1dbe6934af ROMCOM RAT Generic Malware Suspicious_Script_Bin Hide_EXE Antivirus Malicious Library UPX Anti_VM PDF AntiDebug AntiVM PowerShell ZIP Format PE File DLL PE64 DllRegisterServer dll OS Processor Check MSOffice File VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Ransomware Interception Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	7	1		15.8		26	ZeroCERT

1016	2024-08-16 18:31	베트남 녹지원 상춘재 행사 견적서.hwp .exe... 35d60d2723c649c97b414b3cb701df1c Generic Malware Malicious Library UPX HWP PE File DllRegisterServer dll MSOffice File PE32 OS Processor Check DLL VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Remote Code Execution crashed	2 Keyword trend analysis	3	1		5.6		55	ZeroCERT

1017	2024-08-16 18:20	Doc1.docm 0fee354732496cdbdb4e78ecb218a81a VBA_macro Word 2007 file format(docx) ZIP Format VirusTotal Malware unpack itself Windows utilities Windows	1 Keyword trend analysis	2			4.8		17	ZeroCERT

1018	2024-08-16 18:16	bb.jpg.ps1 35cc87966b1583d624d2be67dd4c5a91 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection BitCoin Internet API Browser Info Stealer VirusTotal Malware powershell MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself powershell.exe wrote malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName Cryptographic key crashed	1 Keyword trend analysis				9.2		8	ZeroCERT

1019	2024-08-16 18:04	new_image.jpg.exe 9bc67a353e3056bac82436a1667350ab Malicious Library UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB					1.4		43	ZeroCERT

1020	2024-08-16 17:56	ChaveBB-2024.exe d46fbf03a71245869dc5c89805e6d8f1 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware PDB					0.6		8	ZeroCERT