Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
91	2025-04-03 17:57	setup0324_or.msi d7f7fab6a91f6b2db5d9a3e95a7a679d Generic Malware Malicious Library CAB MSOffice File OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName Trojan	5 Keyword trend analysis Info http://sysoieaosgwoeesa.xyz:443/api/client_hello - rule_id: 43783 http://sysoieaosgwoeesa.xyz:443/api/client/new - rule_id: 44067 http://sysoieaosgwoeesa.xyz:443/tasks/collect - rule_id: 44068 http://sysoieaosgwoeesa.xyz:443/avast_update - rule_id: 44069 http://sysoieaosgwoeesa.xyz:443/tasks/get_worker - rule_id: 44070	2	2	5	3.0	M	17	ZeroCERT

92	2025-04-03 10:55	wecaninsertforgoodforeeturnche... d7a6bc4df00171791fbcbf33763bf5cb Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM VBScript powershell suspicious privilege Code Injection Check memory Checks debugger wscript.exe payload download Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper	3 Keyword trend analysis	3	1	1	10.0			ZeroCERT

93	2025-04-03 10:40	한국군사학논총.lnk 2f431c4e65af9908d2182c6a093bf262 PDF Suspicious Link Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.6		36	guest

94	2025-04-03 10:22	가상자산 사업자 자금세탁방지 감독 방향.hwp.lnk... c22068289f1b610f5f6398ee2a2b2b32 Generic Malware Suspicious_Script_Bin Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8		18	ZeroCERT

95	2025-04-03 10:12	20250402_62842.hwp.lnk f97ee8a4bfe37d23914da3e63a5bb1b5 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Java ComputerName Cryptographic key					8.2		18	ZeroCERT

96	2025-04-03 10:09	2paodhpl52.exe 7b5f98de297dfb4e0430e04d806f641b Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget DllRegisterServer dll VirusTotal Malware Check memory Creates executable files unpack itself					3.2		40	ZeroCERT

97	2025-04-03 09:59	Adobe.vbs 607e7e4b5eee718c11d6305f99fc7b4f VirusTotal Malware VBScript wscript.exe payload download Tofsee Cloudflare DNS Dropper	1 Keyword trend analysis	2	4		10.0		7	ZeroCERT

98	2025-04-03 09:50	new.exe 325000275f677b4b4d1911e89cdebe46 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Checks debugger unpack itself Tofsee Cloudflare DNS	1 Keyword trend analysis	2	4		2.2	M	36	ZeroCERT

99	2025-04-03 09:48	panel1.exe ff81b94210bd528750ae6b2d29c66031 Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.2	M	12	ZeroCERT

100	2025-04-03 09:46	pxcc.exe a6799120a6cd0a439e69cef0b39766f1 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB					1.0	M	22	ZeroCERT

101	2025-04-03 09:44	main.bat dd4f1247ad6c16dd9970f765d03817d5 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.2		14	ZeroCERT

102	2025-04-03 09:44	windowupdate.exe 5f7d59ec828c269904fcacb56ea65c1c Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					3.8	M	60	ZeroCERT

103	2025-04-03 09:42	swecaninsertforgoodforeeturnch... 2f4a299657e1c91c2761d4966250dd68 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible HTA Application Download ET INFO Dotted Quad Host HTA Request ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)		6.0	M	37	ZeroCERT

104	2025-04-03 09:40	captcha.exe 3528bab3defbb275613071b56b382dc6 Browser Login Data Stealer Generic Malware Malicious Library Antivirus Malicious Packer UPX Anti_VM PE File PE64 ftp OS Processor Check VirusTotal Malware					1.2		40	ZeroCERT

105	2025-04-03 09:39	random.exe bb5db889590bda43732d55cf4b69de5e Themida UPX PE File PE32 VirusTotal Malware Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows crashed					5.4	M	44	ZeroCERT