Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11776	2021-08-25 10:11	4.jpg a47b5b874c854d84c5b7da81a06ae211 Antivirus VirusTotal Malware DNS		1	1		1.2		11	ZeroCERT

11777	2021-08-25 10:13	2.jpg f02159415aeb4025c8a7c5ca93d7cb8e VirusTotal Malware					0.4		4	ZeroCERT

11778	2021-08-25 10:13	1.jpg ce84ceaeaf1cc750e79d1ce57c439639 VirusTotal Malware					0.4		4	ZeroCERT

11779	2021-08-25 10:15	6cd26f8134bcddd31b61ed0a7.exe addf66c224aff122d02e27adb6f5830b Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	36	ZeroCERT

11780	2021-08-25 10:18	lv.exe fdb87cedd4a67744dbd55009c66d010c Emotet Gen1 NPKI Gen2 Generic Malware Malicious Library UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P p VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			6.4	M	33	ZeroCERT

11781	2021-08-25 10:20	BIN.exe 5d4344f2c377b22297ddeb0c98fa3e4b RAT Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key	8 Keyword trend analysis Info http://www.lifestylebykendra.com/n8ba/?nJ=fB7/mPW/ruvPmtL6yqh18GEo+pmrDDvkC2/sjgfP5cDoKdtRPCAp8bKliJ6x32STw1Q/kqMf&FX=5jUhfzdH4nzh1Hy http://www.effthisshit.com/n8ba/?nJ=wvsH14ZSz0siwCJ0WZ7f577/2+XlynZuqKUxNHapwnMaKOPmHki2oQq42X6xgcg0wJFGMxWg&FX=5jUhfzdH4nzh1Hy http://www.teamtacozzzz.com/n8ba/?nJ=uqosld0zfpGxpF7GdKEGpsNAFVDy7sF9OlzkJIZYKKMkxYJdqG4dKl671u+Sw1rnVpvrEbSg&FX=5jUhfzdH4nzh1Hy http://www.realestatetriggers.com/n8ba/?nJ=n8TD7XnX89zuSbP58nBeh3tzZAQgQeWKsc2+IkWBltSEviQ+PLSZjVJvy6KT3dkrgmsNkIj4&FX=5jUhfzdH4nzh1Hy http://www.luvlauricephotography.com/n8ba/?nJ=aWNKG/taKBNfCTuu4Vj0SXUYkQfuxKmtF2ZiRSbsdtsSpEbKckOota+0q4X8rvKC1g36gkpu&FX=5jUhfzdH4nzh1Hy http://www.wata-6-rwem.net/n8ba/?nJ=3L5ihXTb1ZAIiZeQQ1ofy4E3vvyAqMsnNRcELDg21zBW0aHgJVTBKs4AxgBVBpUYHrcqdaDW&FX=5jUhfzdH4nzh1Hy http://www.narrowpathwc.com/n8ba/?nJ=RqoVB/kTevwYNrpQ68VGCKAD0SwVXhGBA25gncTDeHVSc/TtzgJJgXlZbrh2RaVrYM4D7bqC&FX=5jUhfzdH4nzh1Hy - rule_id: 4154 http://www.wowmovies.today/n8ba/?nJ=aMSSVD0nNfZbrhMjVgmTME26uPdJofKdhkPkwitatQPtKeCql0jRJLGvKH9x7dpkGf+IfgZ0&FX=5jUhfzdH4nzh1Hy	18 Info www.shopliyonamaaghin.net() - mailcious www.teamtacozzzz.com(34.102.136.180) www.luvlauricephotography.com(208.91.197.13) www.aprendelspr.com() - mailcious www.nycabl.com() www.realestatetriggers.com(34.98.99.30) www.effthisshit.com(184.168.131.241) www.lifestylebykendra.com(34.102.136.180) www.wowmovies.today(99.83.154.118) www.wata-6-rwem.net(163.43.122.116) www.narrowpathwc.com(182.50.132.242) 163.43.122.116 208.91.197.13 - mailcious 184.168.131.241 - mailcious 34.102.136.180 - mailcious 99.83.154.118 - mailcious 182.50.132.242 - mailcious 34.98.99.30 - phishing	1	1	10.6	M	39	ZeroCERT

11782	2021-08-25 10:23	safman_setup.exe 72bbac2c87dff558073e6306f1552a39 RAT Gen1 Malicious Library UPX PE File PE32 OS Processor Check PE64 VirusTotal Malware Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check					2.8		13	ZeroCERT

11783	2021-08-25 10:50	0824_2382378251.doc 7a8e664b6f6c528baeb7535fd67e266d Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	1 Keyword trend analysis	4	1		7.2	M		guest

11784	2021-08-25 10:50	0824_5462188871.doc 5c30204489626cb763f29c04e82f9e74 Generic Malware VBA_macro MSOffice File unpack itself					1.6			guest

11785	2021-08-25 11:08	mmserv32.exe e0ef479792b1fbbea0b7504a910e186d RAT Generic Malware Antivirus Malicious Packer PE File PE64 VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.0		21	ZeroCERT

11786	2021-08-25 23:00	vbc.bin 24c4788a737cda143d0edac9c711994d UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Tofsee	1 Keyword trend analysis	2	2		2.2		17	guest

11787	2021-08-26 05:53	http://equusrunvineyards.com/I... 2d7eff43e6fe7e7b4985625183560f69 DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	4		4.6		50	guest

11788	2021-08-26 08:29	svchost.exe 483289c26f2b9e864a886572aea47f0c RAT Generic Malware Malicious Library PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0		49	ZeroCERT

11789	2021-08-26 08:30	ZXCXZCsssssssssssASDFasdfEWSDF... ca8ed36764b826bde1321643b68f439f RAT Generic Malware DNS Socket Create Service BitCoin Escalate priviledges KeyLogger Code injection ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 PE64 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows ComputerName Firmware		2			12.0		34	ZeroCERT

11790	2021-08-26 08:31	vbc.exe 61d4b8cc54596921d5cbed6d4209377f Generic Malware PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	9.0	M	46	ZeroCERT