Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10936	2021-08-05 11:08	제4기AMP 안내자료.pdf 70294ac8b61bfb936334bcb6e6e8cc50 Kimsuky PDF VirusTotal Malware					0.6		11	r0d

10937	2021-08-05 11:08	nxj.exe e8ff2b3aaa1cbbb761ef70c8cd54b706 PWS Loki[b] Loki[m] Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		7.4	M	59	ZeroCERT

10938	2021-08-05 11:12	1.pdf a0c7e9dc69e439cb431e6dea9f0d5930 Kimsuky PDF VirusTotal Malware					0.4		7	r0d

10939	2021-08-05 11:12	win22.exe b0b10fba5fb00e775dba208440e027a1 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) UPX .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.4		30	ZeroCERT

10940	2021-08-05 11:13	2.pdf de2a8a728f81d44562bfd3e91c95f002 Kimsuky PDF VirusTotal Malware Java					1.4		18	r0d

10941	2021-08-05 12:30	제4기AMP 안내자료.pdf 70294ac8b61bfb936334bcb6e6e8cc50 Kimsuky Javascript ShellCode PDF VirusTotal Malware					0.6		11	r0d

10942	2021-08-05 13:13	1.pdf a0c7e9dc69e439cb431e6dea9f0d5930 Kimsuky Javascript ShellCode PDF VirusTotal Malware					0.6		19	r0d

10943	2021-08-05 14:01	termination-letter-college.doc... 74fa8961827639d1b481a4eea50863e5 VBA_macro GIF Format VirusTotal Malware Creates shortcut Creates executable files RWX flags setting unpack itself Tofsee		2	2		3.8		26	ZeroCERT

10944	2021-08-05 17:40	al.exe 3c657b42330d1a7ddf6242024474fbef NPKI Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE File PE32 OS Processor VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			9.4		5	ZeroCERT

10945	2021-08-05 17:41	edi.exe 6a1e010d4b1a7f82ebf0dd330155fe77 AgentTesla RAT browser info stealer Generic Malware Google Chrome User Data UPX Antivirus ScreenShot Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM .NET EXE PE File PE32 PNG Format MSOffice File Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key crashed keylogger	1 Keyword trend analysis	6	3		17.4		10	ZeroCERT

10946	2021-08-05 17:42	javase.exe 5cae01aea8ed390ce9bec17b6c1237e4 UPX Malicious Library PE64 OS Processor Check PE File PDB Check memory unpack itself Remote Code Execution					1.4			ZeroCERT

10947	2021-08-05 17:42	img270.jpg 68222440e7fab33d7b5ec1b6e2672962 UPX PE File PE32 VirusTotal Malware					1.4		35	ZeroCERT

10948	2021-08-05 17:44	vbc.exe 0a3c9c8db267f60127cc80272e8d0b7a Generic Malware UPX Malicious Library OS Processor Check PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	8.6	M	18	ZeroCERT

10949	2021-08-05 17:45	miner.EXE 9618279667a233d19c843a54cf2e1c81 Emotet Gen1 UPX Malicious Library Antivirus PE64 PE File VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					6.2	M	13	ZeroCERT

10950	2021-08-05 17:46	test5.exe 2ef1f2fd600af1cea8690b76de3fafe9 RAT Generic Malware DNS Socket Create Service BitCoin Escalate priviledges KeyLogger Code injection ScreenShot AntiDebug AntiVM PE64 PE File VirusTotal Cryptocurrency Miner Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Firmware DNS CoinMiner	2 Keyword trend analysis	8	3		13.8	M	43	ZeroCERT