Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11506	2023-07-15 08:12	...............dot d553bd422c8d3621e21049ccc2ebe680 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1			4.2	M	40	guest

11507	2023-07-14 17:27	File_pass1234.7z 55d5b448bf5e678fc628f7ea9f132a8f Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Fabookie Stealer Windows RisePro Trojan DNS Downloader	26 Keyword trend analysis Info http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://content.elite-hacks.ru/test/setStats.php?id=_start http://content.elite-hacks.ru/test/setStats.php?id=_stop http://hugersi.com/dl/6523.exe - rule_id: 32660 http://aa.imgjeoogbb.com/check/?sid=562266&key=6c3f7f1320704c1ed0fe959fab6bbb7f - rule_id: 34651 http://aa.imgjeoogbb.com/check/safe - rule_id: 34652 http://77.91.124.40/info/photo540.exe - rule_id: 35119 http://85.208.136.10/api/firegate.php - rule_id: 32663 http://95.179.141.133:3002/ http://apps.identrust.com/roots/dstrootcax3.p7c http://45.66.230.164/g.exe - rule_id: 34813 http://www.maxmind.com/geoip/v2.1/city/me http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 http://77.91.68.3/home/love/index.php - rule_id: 35049 http://85.208.136.10/api/tracemap.php - rule_id: 32662 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 https://camoverde.pw/setup294.exe - rule_id: 34973 https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://sun6-21.userapi.com/c235131/u808950829/docs/d53/3d058453faef/31bhpef20u5o7.bmp?extra=Sk2iuVbY1H06rVGdYq-mFzpkK_0K54Gg304PtafLqXDLbIVHsUda81wvOQqwPGl5F5ajfnCZvZEvpAw4lsO9Lafy7X84d3kyUdFOsITm9TUbfSVrOYpinKz5ihN_utW0swYRZB_Q_Osd8rEOmg https://sun6-22.userapi.com/c237331/u808950829/docs/d28/ae3bfa00ff0c/PMmp.bmp?extra=J2TWIaPG8nt7VFEEdsoRjaML2uGBOoaWesHpn7S_rEt-8bLY3h8kXOzdKGgyiYkFZ7JQENAekGCG-l1lSB3HmNet-idXGM_O0g3h0VW1MYvH5OuvyNOkFVJKbZ4kwaqz6Fe9_skefq-ZiIhePg https://sun6-23.userapi.com/c240331/u808950829/docs/d25/b34ec3f5108d/5.bmp?extra=lFuRArKUHaROGi5k6FRvAaY3SvE8fmJ3SopiS96x7YJ6ZQ2Wy0azMyoNTaksC1wWJzsMi2bYWTlngyI951fFVKRMueQKDUHhUQZqsO0U-TbobXmLzjcX84L_-YfHFSphcnp155z-sEpMc5huqA https://vk.com/doc808950829_664243581?hash=WrzMcu5sQcHQStZvqHgs8NvpTBzI6rH0dAPO5bEZbSw&dl=Ceos7VtAG6OZQeZpZU7obenLsizYQEUV1F7MXPI7iZX&api=1&no_preview=1#rise_test https://psv4.userapi.com/c909328/u808950829/docs/d27/600eab1b51d3/StealerClient.bmp?extra=xlq-trvJdrtcA1tFaPPMJmS1s2mGKoF5FnF9zt8L_nNVY0MZAD6oDkSrnYia0AJFI5xLlH6KjSP8etm9qtPQpQSD2cdNxi_KwzjuOBY4NiOfYSeioqmtzlRNFcoJz9lre6BVANxgbE_CAop5aA https://vk.com/doc808950829_664207170?hash=kMt7FUJyRMXd3utd25izhIrZbfZfaKJzCnFJqUmY3Sw&dl=uZ3GDnIBuaFj1FCG7xA3gziJZ6Zba8NMATPW6Lqrzb0&api=1&no_preview=1	54 Info www.maxmind.com(104.17.215.67) sun6-23.userapi.com(95.142.206.3) psv4.userapi.com(87.240.190.76) api.db-ip.com(104.26.4.15) api.myip.com(172.67.75.163) hugersi.com(91.215.85.147) - malware iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) db-ip.com(104.26.5.15) zzz.fhauiehgha.com(156.236.72.121) - mailcious ipinfo.io(34.117.59.81) aa.imgjeoogbb.com(154.221.26.108) - mailcious us.imgjeoigaa.com(103.100.211.218) - mailcious bitbucket.org(104.192.141.1) - malware camoverde.pw(172.67.128.35) - malware vk.com(87.240.129.133) - mailcious iplogger.org(148.251.234.83) - mailcious content.elite-hacks.ru(104.21.56.191) - malware sun6-21.userapi.com(95.142.206.1) - mailcious transfer.sh(144.76.136.153) - malware 148.251.234.93 - mailcious 194.169.175.128 - mailcious 154.221.26.108 - mailcious 91.215.85.147 - malware 176.123.9.85 - mailcious 45.12.253.74 - malware 172.67.75.163 95.179.141.133 77.91.124.40 - malware 194.26.135.162 - mailcious 85.208.136.10 - mailcious 157.254.164.98 - mailcious 34.117.59.81 87.240.137.164 - mailcious 148.251.234.83 172.67.128.35 104.21.56.191 - malware 87.240.137.134 45.66.230.164 - malware 104.192.141.1 - mailcious 104.17.214.67 156.236.72.121 - mailcious 45.15.156.229 - mailcious 104.26.4.15 147.135.165.22 - mailcious 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 77.91.68.48 - mailcious 121.254.136.27 77.91.124.31 - mailcious 77.91.68.3 - malware 95.142.206.2 103.100.211.218 - malware	25 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DNS Query to a *.pw domain - Likely Hostile ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET INFO EXE - Served Attached HTTP ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Observed DNS Query to RisePro Domain (elite-hacks .ru) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET DROP Spamhaus DROP Listed Traffic Inbound group 27	12 Info http://45.15.156.229/api/tracemap.php http://hugersi.com/dl/6523.exe http://aa.imgjeoogbb.com/check/ http://aa.imgjeoogbb.com/check/safe http://77.91.124.40/info/photo540.exe http://85.208.136.10/api/firegate.php http://45.66.230.164/g.exe http://us.imgjeoigaa.com/sts/imagc.jpg http://77.91.68.3/home/love/index.php http://85.208.136.10/api/tracemap.php http://zzz.fhauiehgha.com/m/okka25.exe https://camoverde.pw/setup294.exe	6.6	M		ZeroCERT

11508	2023-07-14 17:08	Inv_LCC_Scan_4.exe 01f50ef4b9419013f3a3967d7ed734cf UPX OS Processor Check PE64 PE File VirusTotal Malware Malicious Traffic unpack itself	1 Keyword trend analysis	2			2.4		17	ZeroCERT

11509	2023-07-14 17:08	Inv_LCC_Scan_2.exe 9d526a12a1dd2520282bd306e9805559 UPX OS Processor Check PE64 PE File VirusTotal Malware Malicious Traffic unpack itself	1 Keyword trend analysis	2			2.6		26	ZeroCERT

11510	2023-07-14 17:07	idki.hta 391704abc77b7aeb83bcd9e38ad665c2 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed			2		8.4		17	ZeroCERT

11511	2023-07-14 17:07	IBSIBWIBSIBWIBSIBSWIBSIBW%23%2... 0f68f36e7275b4bdcb316a29e1d5fcfb MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Generic .bin download from Dotted Quad		4.6	M	30	ZeroCERT

11512	2023-07-14 17:06	cmsh.hta 3c38f1318767a3b84a619187e7e78646 Antivirus VirusTotal Malware unpack itself crashed					1.0		5	ZeroCERT

11513	2023-07-14 17:05	dwmnj.exe f8cfc631cdbba89be07229acfa3bc367 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB					2.0	M	33	ZeroCERT

11514	2023-07-14 17:03	IE_NET.hta ab46abca955700f1d0f904cda6442b7c Antivirus VirusTotal Malware unpack itself crashed					1.0		5	ZeroCERT

11515	2023-07-14 17:02	IBWIBMWBIWIBWIBWIBWIBW%23%23%2... 6e5cd22b7ce011487f8a178ec60a3941 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	3		4.2	M	30	ZeroCERT

11516	2023-07-14 17:02	wins.exe 2456675bfe2e68d6149c840b1d11dd61 UPX Malicious Library PE File PE32 JPEG Format DLL PE64 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.8		7	ZeroCERT

11517	2023-07-14 16:55	wins.EXE a8a27695f1bc25512354f2c6b5e9d037 UPX Malicious Library PE File PE32 JPEG Format DLL PE64 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.8	M	6	ZeroCERT

11518	2023-07-14 16:54	maximan2.1.exe d534b629964d561e1e0deccf08ff6687 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder ComputerName	3 Keyword trend analysis Info http://www.cabecompetency.com/dh08/?tZU4=6zMJpal1jELWyVXE7kHb6wwT7/dU/IFboNnwxgqTXGKMHLLlLHTleu9daJ1rUWDkLY7oYrRx&Ult8E=GTgP1na8nVYlWF http://www.futurefmexpo.com/dh08/?tZU4=5gv4dgY5t2k2OqiJ2pc959383q9hiAV1qWA1rKNuG9NjkIQrUUmCD9VJnBdN/x2t6vjHDOZQ&Ult8E=GTgP1na8nVYlWF http://www.tgecosystem.com/dh08/?tZU4=A2V9+T/OcVJ+R/N/A9wtV6HjqQDkHgT/bH3QOw4mF+D+JFEk4yQjTLfggiip6Wi3+INi1Nnf&Ult8E=GTgP1na8nVYlWF	7	1		4.6		31	ZeroCERT

11519	2023-07-14 16:53	rh111.exe a662ba3492a7d218908f5d851841ed96 Malicious Library PE File PE32 VirusTotal Malware PDB					1.8		24	ZeroCERT

11520	2023-07-14 16:50	ICUICUICUICUICUIUCIUCIUCIUCIU%... f4c34ac923fc067a8342b62b8a8259a7 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	3		4.6		30	ZeroCERT