Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
10441	2023-07-10 07:10	http://dhqidctjo3ugevk9u5sev1r... Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2		4.6		Allae

10442	2023-07-08 14:16	rggrggrggrggrggrggrggrggrggrgg... c07d78c079d6fb8d98501c7c42b7a67c MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2	3		4.6	30	ZeroCERT

10443	2023-07-08 14:15	IE_NET.hta 44b47a2cd519068596c0e8cfcb401904 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.2	6	ZeroCERT

10444	2023-07-08 14:15	win.exe 261fad7a9f8939250bf2c3c1406f0fe9 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		7.6	49	ZeroCERT

10445	2023-07-08 14:12	new64x.dll b63f57d948b00f885ce27af54503df3a Malicious Library DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself Remote Code Execution DNS		2			2.4	5	ZeroCERT

10446	2023-07-08 14:12	norway_cr.exe d6c9402d8f40026fd013020ea8b4c598 UPX Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed					2.6	33	ZeroCERT

10447	2023-07-08 14:10	kudizx.doc c11126e9450b2d9e8717182e077f26ac MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	35	ZeroCERT

10448	2023-07-08 14:10	3qN9jJaXKsSA8e0LiGHt.exe 173f2817975d278fcc3163d9b5302467 .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.4	39	ZeroCERT

10449	2023-07-08 14:10	conhost.exe 197cf1b5f5228af677c04341b43b58f0 Emotet Generic Malware Suspicious_Script_Bin task schedule Downloader UPX Malicious Library Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Co VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key	7 Keyword trend analysis Info https://raw.githubusercontent.com/S1lentHashhh/watchdog/main/WatchDog.exe https://github.com/S1lentHashhh/watchdog/raw/main/WatchDog.exe https://raw.githubusercontent.com/S1lentHashhh/WinRing/main/WinRing0x64.sys https://github.com/S1lentHashhh/xmrig/raw/main/xmrig.exe https://pastebin.com/raw/btyX5Ze4 https://raw.githubusercontent.com/S1lentHashhh/xmrig/main/xmrig.exe https://github.com/S1lentHashhh/WinRing/raw/main/WinRing0x64.sys	6	1		12.6	33	ZeroCERT

10450	2023-07-08 14:09	bv6.jpg.ps1 59a8cad944c41d6673ca0550b0177016 Generic Malware Antivirus powershell AutoRuns Check memory unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		5.6		ZeroCERT

10451	2023-07-08 14:07	Aas.EXE c3baac987bee5800b92b7e2d6d42db1a Emotet Suspicious_Script_Bin Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX CAB PE File PE32 DLL VirusTotal Malware AutoRuns PDB Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution crashed		2			7.6	22	ZeroCERT

10452	2023-07-08 14:07	bnhost.exe a3be2d1b0cdf0bb7aa40cf2cbe054a51 .NET EXE PE File PE32 Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	3		10.4	36	ZeroCERT

10453	2023-07-08 14:07	PTT_20230707-WA01120xlsx.exe 74c5ede3fd6bf983ae8bf512cdab90ad AgentTesla Generic Malware UPX .NET framework(MSIL) Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		12.8	39	ZeroCERT

10454	2023-07-08 14:05	class-wp-image-editors.php 2796bf32abbebdd11a35603f3453214d Generic Malware task schedule UPX Malicious Library Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	8 Keyword trend analysis Info https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys - rule_id: 34841 https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://pastebin.com/raw/PTNbBX9V - rule_id: 34840 https://pastebin.com/raw/PTNbBX9V https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe	4	1	4	15.2	37	ZeroCERT

10455	2023-07-08 14:03	rcoekta.exe a4341997cbad7d63be6f3a07b9783804 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	2		7.4	42	ZeroCERT