Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11086	2021-08-09 22:28	제4기AMP 안내자료.pdf 70294ac8b61bfb936334bcb6e6e8cc50 Kimsuky Gen2 Emotet Gen1 Javascript ShellCode Malicious Packer Malicious Library Escalate priviledges KeyLogger HTTP Internet API ScreenShot Http API Downloader PDF AntiDebug AntiVM PNG Format JPEG Format MSOffice File OS Processor Check VirusTotal Malware Code Injection Windows utilities malicious URLs Tofsee Windows	8 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/2100520060/AcroRdrDCUpd2100520060_MUI.msp http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip https://armmf.adobe.com/arm-manifests/win/ArmManifest3.msi https://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi https://armmf.adobe.com/arm-updates/win/ARM/1.8.x/AdobeARM_1824420176.msi	6	2		3.6		27	ZeroCERT

11087	2021-08-09 22:58	2.pdf de2a8a728f81d44562bfd3e91c95f002 Kimsuky Javascript ShellCode PDF VirusTotal Malware heapspray unpack itself Windows utilities Windows Java					4.0		25	ZeroCERT

11088	2021-08-09 22:59	제4기AMP 안내자료.pdf 70294ac8b61bfb936334bcb6e6e8cc50 Kimsuky Javascript ShellCode PDF VirusTotal Malware Windows utilities Windows	4 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip	2			2.2		27	ZeroCERT

11089	2021-08-09 23:09	제4기AMP 안내자료.pdf 70294ac8b61bfb936334bcb6e6e8cc50 Kimsuky Javascript ShellCode PDF VirusTotal Malware Windows utilities Windows	4 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip				2.2		27	ZeroCERT

11090	2021-08-09 23:12	Build.exe 6143734a8c9cae36bfde4f4b67f3c604 PE File PE32 Browser Info Stealer VirusTotal Malware Browser ComputerName crashed		2			3.2		52	ZeroCERT

11091	2021-08-09 23:22	MLH.exe ad365f7953b7891b8b5c703ab9e8c945 Generic Malware Malicious Packer DNS AntiDebug AntiVM .NET EXE PE File PE32 Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName		2			13.6	M		ZeroCERT

11092	2021-08-09 23:22	lv.exe 8e8258209ae39ffdcc54b4f0190ba3aa NPKI Emotet Gen1 Gen2 Malicious Library UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiD VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			6.6	M	28	ZeroCERT

11093	2021-08-09 23:24	nlx.exe 6eb36d8a4c53a3fe89764aa87d468d02 PWS Loki[b] Loki[m] Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory ICMP traffic installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		7.8	M	58	ZeroCERT

11094	2021-08-09 23:24	KLU.exe ca408fde171ddf4743447c9dd35cb252 Generic Malware Malicious Packer DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName		2			13.2	M	14	ZeroCERT

11095	2021-08-09 23:26	csharp.dll b3c0cbd7c18d20146969aef2475a3d73 RAT Generic Malware DLL .NET DLL PE File PE32 VirusTotal Malware					0.6	M	5	ZeroCERT

11096	2021-08-09 23:27	vbc.exe ec234effdb4a0bf8257f2bb41fd784aa RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware powershell Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key	6 Keyword trend analysis Info http://www.oakbridgefundservices.com/att3/?XPc=hiNOSbUBW5FChimA4zuFi+QxzIN/AqIS2eL8iYiuLPj9AAy0+oxIEsnuAQCJzAr/+2agS+Lo&Hpq=V6ALd0O0qBwxW6 http://www.jantiprojeekspertiz.com/att3/?XPc=WylKie7ZuGRHdboNj59VKS3Us1tLq4iOEOoUma+CMbvVdqqmWHdIUmTSk9Uwh0lyC/JiO05f&Hpq=V6ALd0O0qBwxW6 http://www.oakbridgefundservices.com/att3/ http://www.jantiprojeekspertiz.com/att3/ http://www.learnfrommymentor.com/att3/ http://www.learnfrommymentor.com/att3/?XPc=00edmMcfgbccvNOU86Xq/CrM7W5c3dWw/m/+zURftQyCd0bfVbjwQ7UP8371MWYSthQkr5Dk&Hpq=V6ALd0O0qBwxW6	9	1		12.2		18	ZeroCERT

11097	2021-08-09 23:28	vbc.exe 2388f7145e8227797c2f91591d6dcedd UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	9 Keyword trend analysis Info http://www.vavasoo.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=L6FmBYjw7cVSaM7tjd7yzq8hOevfuspHLpfdDnc52TruiYexi+NazlV02JBIGq337vnCCtcu http://www.marcuslafond.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=DiI3F0Ylam/cMh+wU0CjHhRfuntJ8nyjZcT4nMx9uSVUWqMW4wZqmzUPNc4P48XCZ8APIRdm - rule_id: 3895 http://www.fanbase.fan/6mam/?EnLl8PgP=9d5C1xs5i//XDxr4dB0bA7JyBPYNineSxbWNYqwR1mLnXlE7iqxwCfAfIH0GmtdYbidcrtDB&QV2x=WV483Zph9XMhr2T - rule_id: 3780 http://www.qvcrx.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=aWN5x0Kp8xBtGX2Q76RjnXBpBhNLN34ywNRINkcd4snySO79CQb6y+64KWnJz4+Hsozeu18e http://www.mobiessence.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S - rule_id: 3578 http://www.moneyfollowsaction.com/6mam/?EnLl8PgP=zGPdt6Y6U6BF0n0EiNB1H9jn1sJuxPe97d1XCx7HLaEBeIzn3US5NFdVnP0bl0oZHcuqZOwN&QV2x=WV483Zph9XMhr2T https://pxoeww.sn.files.1drv.com/y4mfys91LxjhSgYLNLs8DTyAJNuqgNwqUvMV35hzbt2FMd1aSdw_v3L0s4eHyhWucn29tnxc01rF4r4HnDL06sbn66hVOxngIGgd-NliWTZJ-zoSE0bGb-IxSbgTC47i8ygSO02R2DTsciSPtXOREPf6lMUHaJ2v5y6kAVnfclQ3BJnS0uaQCVQYN5_cddF71w1ZIr-3TlCc6nyIKEHVzBFBw/Tiidiqvnvgasgxkjidrcwjirjtqrlwb?download&psid=1 https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21118&authkey=AEV8YfGHi3KOjl4 https://pxoeww.sn.files.1drv.com/y4mqPLRcV-rNPXpELmYtACxBZSaILkWJm5_ARd0rN-xrBkgltEQ-sbCNiWxYg26M5_5GmVWDMCuIWYMQ_2K_c84NqX-YiiJRarP5lJNBIKamqZFR3-75JOmQTiHZNP1pTE52qeCFywjIytWQj96NNbmx7K5WwG1GmfD-SFREOh44vuI4FI54H06d_H8-dMqAyCZlUsxkFlPXyirZkwovJe0og/Tiidiqvnvgasgxkjidrcwjirjtqrlwb?download&psid=1	22 Info pxoeww.sn.files.1drv.com(13.107.42.12) onedrive.live.com(13.107.42.13) - mailcious www.moneyfollowsaction.com(198.54.117.217) www.mobiessence.com(52.58.78.16) www.vavasoo.com(64.190.62.111) www.mayartpaints.com(192.155.172.18) - mailcious www.paypalticket5396173.info() - mailcious www.marcuslafond.com(104.247.218.105) www.freehypnosisevent.com() - mailcious www.ramseybusinessinstitute.info() www.fanbase.fan(34.102.136.180) www.titanusedcarsworth.com() - mailcious www.qvcrx.com(91.195.240.94) 104.247.218.105 - mailcious 198.54.117.212 - mailcious 91.195.240.94 - phishing 52.58.78.16 - mailcious 13.107.42.13 - mailcious 13.107.42.12 - malware 192.155.172.18 - mailcious 34.102.136.180 - mailcious 64.190.62.111 - mailcious	2	3	11.6	M	12	ZeroCERT

11098	2021-08-09 23:30	classscript.bytes 52636e2354ea0e4f6848633556235257 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

11099	2021-08-09 23:31	assadzx.exe ae20ae4b8b36170ee0fb8654902d962e RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		12.8	M	23	ZeroCERT

11100	2021-08-09 23:32	gacconfig.bytes 042d7c686567f1fdfb433747e795fb42 DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest