Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11521	2021-08-19 10:34	vol.exe 57a6406937efbc6179b63b77404f9bc1 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	9 Keyword trend analysis Info http://www.mybodysaver.com/wufn/?X2MxjFW0=iAyrziyFF9RqM6kqTrR2Gz8v85ou6HqcZ1qFLOyqSC08U8XZpeh2g5fFjWykbq8K9Lt/Vzcu&blv=UVIpczGhMZ0t - rule_id: 3227 http://www.intoxickiss.com/wufn/?X2MxjFW0=eFcjLRgeiIUzDbHmwTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IKkLX7W57Fxdc9GGy5Q6&blv=UVIpczGhMZ0t - rule_id: 3564 http://www.goteclift.com/wufn/?X2MxjFW0=em0DFdLl6esmbY8UPc/uZDIcKySfcb/lSoae1pTrnNJVgQ0OOt09p+wnf9M0i6X3i3/It/+2&blv=UVIpczGhMZ0t - rule_id: 3801 http://www.fafene.com/wufn/?X2MxjFW0=q/nZ/0xlcjzfYRCf5lAcwW207Vt55gufSh16C11IQhOATpN5dzVRCn9ZCCtSRwIl23yr9iWQ&blv=UVIpczGhMZ0t - rule_id: 3499 http://www.theroseofsharonsalon.com/wufn/?X2MxjFW0=OadTn2uJtzT8oubefSjMAoLtzsAZKEPGGNEB1Q92m5bHHV2MxPvD7WU/WfzEYQpZzBC6ZQgQ&blv=UVIpczGhMZ0t - rule_id: 2913 http://www.gaigoilaocai.com/wufn/?X2MxjFW0=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&blv=UVIpczGhMZ0t - rule_id: 2912 http://www.frystmor.city/wufn/?X2MxjFW0=eWg3OYora75B6Z+tLCzm5f6Ri2Qy6T4wPAbOFkNyDPrqSJvJlKf467sJrNVRbgaUTepkudSS&blv=UVIpczGhMZ0t - rule_id: 3223 http://www.sctsmney.com/wufn/?X2MxjFW0=bgpBNLPP7hI3v1LrgYKk77lPEM/XQI3JOeeuLIWJixoyMYkisk08k3bXnhP9JsfjQ6Ko94TZ&blv=UVIpczGhMZ0t http://www.pon.xyz/wufn/?X2MxjFW0=TjHmMFEWoC7f3AvZD4fy73K0u4EyZw5fKqkeqDjs9aj0G9oQA4BDCe56sbMIcecYmi82gg8d&blv=UVIpczGhMZ0t - rule_id: 3803	19 Info www.intoxickiss.com(151.101.192.119) www.sctsmney.com(216.239.34.21) - mailcious www.theroseofsharonsalon.com(198.49.23.144) www.mybodysaver.com(172.67.177.211) www.pon.xyz(199.59.242.153) www.collegevillepaareahomes.com(75.2.37.224) - mailcious www.gaigoilaocai.com(172.67.187.204) www.goteclift.com(209.99.40.222) www.fafene.com(205.198.175.70) www.frystmor.city(198.54.117.212) 198.54.117.218 - mailcious 216.239.32.21 - mailcious 209.99.40.222 - mailcious 199.59.242.153 - mailcious 172.67.177.211 - mailcious 172.67.187.204 - mailcious 151.101.128.119 198.185.159.145 - mailcious 205.198.175.70 - mailcious	2	8	8.2	M	28	ZeroCERT

11522	2021-08-19 10:36	CrtCommonwinbroker.exe 080dea74b4e8c480a3dc1be07c13eeeb RAT Generic Malware UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File OS Processor Check .NET EXE VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk suspicious TLD WriteConsoleW VM Disk Size Check Windows ComputerName DNS crashed	2 Keyword trend analysis Info http://account-shop.pp.ru/KL0ND1K3.php?v8HlHCxd=trxGQz7cOd5MfqOMUJ9ww4YVzclJm&8c54382121f9bf4d734eebd68c06e5db=78dd1f8ee390015a0d526951cf4f9234&2422f6afd71ca221c47841fde7834bfb=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&v8HlHCxd=trxGQz7cOd5MfqOMUJ9ww4YVzclJm http://account-shop.pp.ru/KL0ND1K3.php?v8HlHCxd=trxGQz7cOd5MfqOMUJ9ww4YVzclJm&2a3fa548e2b25f007493037ef4216a1c=QYlRjM3UmZlZTMmdTMhJTM5IjY5QTZzEmZhFzYhFWNjlTZ0YzYhZWZ0cjMzATM4MzMxQDM3cTM&2422f6afd71ca221c47841fde7834bfb=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&97bad0ae15ec709213b97cf003b1de89=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOigTMmRzYhJGNyUWZ4kzNjZGZ4MDO3EmM5QmN5gzN4ITOiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOicDZhhDZiRTNkRzY2IzYyUGOhBzMiZ2MykzN3EGZ4QWNis3W&8484aff792e729c4157ee527a52b4ca6=0VfiIiOiMDNhVTYjFDOkhTNwgjZzY2Y4Y2Y5EGZmVjZkR2MzczNiwiIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOigTMmRzYhJGNyUWZ4kzNjZGZ4MDO3EmM5QmN5gzN4ITOiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOicDZhhDZiRTNkRzY2IzYyUGOhBzMiZ2MykzN3EGZ4QWNisHL9JSOKl2YsR2VZVnRXR1ZwcVW5RmMilnQslkNJlHZ2JVbiBHZGZFRGtWSzl0UXl2bqlUdsdlYrZEMjBnSDxUa0sWS2k0UihmTtlFbkFzYwp0QMl2aslkNJNlW1lzRhdXOtNmasdFV6xWbJNXSpNGbOhlVzYVbUl2bqlESGVkVpdXaJBDbtF1ZRpmTnRDMTd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJhmVtNmd0VUSvJFWkZnTGlEdBNkWsxWbaBnTXp1dOhUSwkTbUl2bqlkbKNjYpdXaJVzZU1Ee0knT5VERMlXRE1UM0knT6lUaPlWTyI2cKNETplUMTl2bqlUNKhEZ1Z1MipmSDxUa3dFZ2ZlMVl2bqlUd5cVYuZVbjl2dplUMkdFToJ0MaVXOyUVavpWS1IFWhpmSDxUaBRlT4RzQOpXRqxENBpWT1VleOhXSp9UaBhVYpNnbPlGOtpVdsV0YKp0QMlWSq1EMOhlWwoUaPlWVXJGa1s2Ys5EWWl2dplERCZFT5lERWRlVFZVavpWSsFzVZ9kTFVVa3lWS4RzQOVXUqlkNJl2YspFbjxmWuNGbOxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMDNhVTYjFDOkhTNwgjZzY2Y4Y2Y5EGZmVjZkR2MzczNiwiIkVjZmVjY0UzMhFDOjljY2cTOmFmZ5EjMhZTN3MzMjhDMzADZxUzYiJiOigTMmRzYhJGNyUWZ4kzNjZGZ4MDO3EmM5QmN5gzN4ITOiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOicDZhhDZiRTNkRzY2IzYyUGOhBzMiZ2MykzN3EGZ4QWNis3W	3			9.6	M	44	ZeroCERT

11523	2021-08-19 11:49	0818_1021705814.doc f27f5cc5b05fda2a64ae1feb6319a3a8 VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	1 Keyword trend analysis	4	1		8.2	M		guest

11524	2021-08-19 11:49	0818_7617422488.doc fe8a21f222386b42ffad96a8673e7829 VBA_macro MSOffice File unpack itself					1.6			guest

11525	2021-08-19 14:49	Setup.exe 2f32cfb886b28c28958054d20060e56c Emotet Gen1 Generic Malware UPX Malicious Library PE File PE32 OS Processor Check PE64 DLL Check memory Checks debugger Creates executable files unpack itself AppData folder					2.2			Kim.GS

11526	2021-08-19 16:30	0818_7617422488.doc fe8a21f222386b42ffad96a8673e7829 VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	1 Keyword trend analysis	4	1		8.2	M		ZeroCERT

11527	2021-08-19 19:06	vbc.exe 3044a22ab226af46ec2210a6b599580d UPX Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	24	ZeroCERT

11528	2021-08-19 19:06	ASD.exe c15054e5947f36efff29a07bd9cd6744 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	4		16.4	M	22	ZeroCERT

11529	2021-08-19 19:08	toolspab2.exe fa371744e181b2857a6038e1bca60fff UPX Malicious Library AntiDebug AntiVM PE File PE32 Malware PDB Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution					6.2			ZeroCERT

11530	2021-08-19 19:08	TER.exe d7328ec415afead8ac14fdb4b9645c1b Generic Malware Admin Tool (Sysinternals etc ...) Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					10.6	M	20	ZeroCERT

11531	2021-08-19 19:11	dllhost.exe 016a2ec587bcda6c0df1e5188bfeca7b RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	1 Keyword trend analysis	3	1		8.2	M	28	ZeroCERT

11532	2021-08-19 19:11	vbc.exe 843aed3eb5b9f0cd4696da19242924c1 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1	1	10.4	M	22	ZeroCERT

11533	2021-08-19 19:13	.svchost.exe 83cc8405d694c0e1b3d7211202265f00 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process Windows DNS Cryptographic key		3			8.8	M	23	ZeroCERT

11534	2021-08-19 19:15	pub1.exe 9a055238742093cce2d43b885779cdb2 UPX Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution DNS		5			2.6	M	22	ZeroCERT

11535	2021-08-19 19:15	vbc.exe 2698e6b35f99ca40641a595ae9ffe1d0 RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware powershell Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	6	2		13.2	M	26	ZeroCERT