Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
11596	2023-07-12 08:07	notice_11_jul_7701757.js 5dc5797adb91fb7c0609d3d6a7b7184a WMI ComputerName				1.0		ZeroCERT

11597	2023-07-12 07:51	20AC0B78.Png bd461f69d8fc3e476a4c4a03080ca481 Malicious Library CAB MSOffice File VirusTotal Malware				1.0	39	ZeroCERT

11598	2023-07-12 07:49	blblbllblbblblblblbkblkblbklbk... c363485726353a04555f2042cd5ceb23 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself suspicious TLD Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	4	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Generic .bin download from Dotted Quad ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a *.top domain - Likely Hostile	5.0	30	ZeroCERT

11599	2023-07-12 07:49	20AC0B78.Png 9c84926dac4e5e7037747c49f58f1724 Malicious Library CAB MSOffice File VirusTotal Malware				1.2	45	ZeroCERT

11600	2023-07-12 07:48	setup.jpg 20bec50362e877fa5935cb1fc67012f9 Generic Malware Malicious Library Antivirus OS Processor Check CAB MSOffice File VirusTotal Malware				1.0	33	ZeroCERT

11601	2023-07-12 07:47	mpomzx.doc 45bc6b0241b35b2b24e44e624280b598 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	36	ZeroCERT

11602	2023-07-12 07:45	centoscentosnetocosnetocentosn... 32ac431fbfa6ede6a96784bc956a6434 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	3	6 Info ET POLICY IP Check Domain (showip in HTTP Host) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.4	28	ZeroCERT

11603	2023-07-12 07:45	secdivinezx.doc f7c101969fb10e121abf500446015d73 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	34	ZeroCERT

11604	2023-07-12 07:44	ibmibmibmibmibmibmibmibmibbimb... 84d01d5aa89f99aeeffaa21cde19abb6 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	2 Keyword trend analysis	5	7 Info SURICATA Applayer Detect protocol only one direction ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY IP Check Domain (showip in HTTP Host)	5.2	32	ZeroCERT

11605	2023-07-12 07:44	hussanzx.doc a83e6f6df3139c61ceacd87c890e809a MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	2	10 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	5.0	35	ZeroCERT

11606	2023-07-12 07:44	YoDo_Fake.exe 10adfd55d2fe1b14553f911adc389e89 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware Checks debugger Tofsee Discord DNS crashed		2	3	1.4	32	ZeroCERT

11607	2023-07-12 07:44	hussanzx.exe d963fa6b125fcb22bcb5357a203f6e24 LokiBot Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	14.0	24	ZeroCERT

11608	2023-07-12 07:43	pablozx.doc 6bad9606e870b69823f32c9255c194c4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed				3.2	35	ZeroCERT

11609	2023-07-12 07:40	win.exe db69af7fee69d61e4eb0268afb7cd9f8 UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.4	20	ZeroCERT

11610	2023-07-12 07:40	secdivinezx.exe 23896fb7fd3c88ed96f3dc35e58c9d28 AgentTesla Generic Malware .NET framework(MSIL) Antivirus KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	15.6	49	ZeroCERT