Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12106	2021-09-06 08:39	7iyjgopen.exe b5d53c4dbacaa04350366e05b7222e7f NPKI Generic Malware UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName					3.2		41	ZeroCERT

12107	2021-09-06 08:39	0831_3314378773.doc ca29d350e363b21d507ba30cb65413ce Generic Malware VBA_macro MSOffice File GIF Format VirusTotal Malware Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName	4 Keyword trend analysis	8	1		9.2		12	ZeroCERT

12108	2021-09-06 08:42	0902_6686864155.doc b4095bc22ff3f27dd088852a49338c08 Generic Malware VBA_macro MSOffice File GIF Format VirusTotal Malware Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName	4 Keyword trend analysis	8	1		10.0		17	ZeroCERT

12109	2021-09-06 12:02	bypass.txt.ps1 9a5efb3abce6346200b089761fff1688 VirusTotal Malware crashed					0.6	M	1	ZeroCERT

12110	2021-09-06 12:14	Request for Quote 30-08-2021·p... 612bb2a0321b426e684e268ed72e9776 UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization Tofsee Advertising Google Remote Code Execution	1 Keyword trend analysis	2	1		3.4		33	ZeroCERT

12111	2021-09-06 13:39	Request for Quote 30-08-2021·p... 612bb2a0321b426e684e268ed72e9776 GuLoader UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization Tofsee Advertising Google Remote Code Execution		2	1		4.0	M	33	r0d

12112	2021-09-06 14:23	Food Insecurity in DPRK 2021 (... d5af4f0d18eb820d379879b1691436c9 PDF								Kim.GS

12113	2021-09-06 17:46	davidhillzx.exe e4774645eabe1266293642b96a2c85ec Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					8.4		16	ZeroCERT

12114	2021-09-06 18:01	vbc.exe 3ae5d6fb7cb61a90903606a5f8889960 Generic Malware PE File .NET EXE PE32 Check memory Checks debugger unpack itself Windows Cryptographic key					1.0	M		ZeroCERT

12115	2021-09-06 18:04	vbc.exe 35ffee4482ae6ca8ce58f107fbb259c3 Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	7 Keyword trend analysis Info http://www.renatradingbv.com/nthe/ http://www.americanstonesusa.com/nthe/?9rq=TiWkgH4T5Cm5Jtj7mtcRQySnot/hSP0U84YZk1QGO5z/hARin1ng6opCrYPb3jK2RkhLtCY1&OtxhCR=wZR8DbS8cnCHrX http://www.renatradingbv.com/nthe/?9rq=KsaFJiGgjonHpO4ehIk3tgTIaP0b2cy5xyNJFw2jBqxV5zHIUO5SdTSTzfRxsFXba+9mBw8e&OtxhCR=wZR8DbS8cnCHrX http://www.hanlansmojitovillage.net/nthe/ - rule_id: 4898 http://www.denme.net/nthe/?9rq=uFP+K1eRqtahOHqCLa01gYXXRVAJ4EEw5MzhZglrAvjJJOPoqHEm/zZwt34iZ5MGEHDchxnH&OtxhCR=wZR8DbS8cnCHrX http://www.hanlansmojitovillage.net/nthe/?9rq=54OfAHeNbwRIeCfiK96ZbDhctG36f6+/FiUzkHshmPfrtcl9VWH+3r9WBXmbjhC4FqUNXJfm&OtxhCR=wZR8DbS8cnCHrX - rule_id: 4898 http://www.americanstonesusa.com/nthe/	9 Info www.youcanaskmeto.review(99.83.154.118) www.hanlansmojitovillage.net(34.102.136.180) www.renatradingbv.com(81.169.145.92) www.americanstonesusa.com(192.99.131.252) www.denme.net(91.195.240.94) 81.169.145.92 - mailcious 192.99.131.252 - mailcious 34.102.136.180 - mailcious 91.195.240.94 - phishing	1	2	8.0	M	18	ZeroCERT

12116	2021-09-06 18:05	kernel.exe 5eba11fd37f1a4e7fb244675bd88b85c Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key	8 Keyword trend analysis Info http://www.thechikspot.com/imi7/?yh3pw8MP=jfKrbmqtKIROC3jopnAexMxZvl6PPYgwjS2bdZjPmKFEaqZDOvTGYe16sPKJ4BMCd6t9dzlO&Tj=CpCL http://www.centerforcommonground.com/imi7/?yh3pw8MP=YIJxH2qMsszJDWRat1FWAyyBgkCetiUnfSIgxqU4fMzgZJb49d9IfvA+Tkx18KDkxz1oCxjg&Tj=CpCL http://www.michaelhavemeyer.com/imi7/?yh3pw8MP=dGxYOlUZEb8CdsQ8nc6zI4yoFv4614+15rcfthsf6tIOfVvWhpCfc0EcQqsOm3j1ib7D3Pg9&Tj=CpCL http://www.dogloveya.com/imi7/?yh3pw8MP=T9Hn1ejqmupgNID7LSmEzzyeQuqG+1BC5C+znv1UgT+8/r2oBOZwduZwY3jpIqhQKVmA5iEm&Tj=CpCL http://www.hasanmedicalservice.com/imi7/?yh3pw8MP=36a/pWAUo31W6XoGvo/EFTJaRW8hdP7wY8dwAf89+AmPJeYNnKnA1bZm+urrEDalaZ6CShBz&Tj=CpCL - rule_id: 4773 http://www.snowbirdsrus.com/imi7/?yh3pw8MP=iRpoU8uFUSqXL+AxSdTxwNNnuXFsoIJYx/BxEip71OfgOL+fpxLcDN9rZqDy4xW1QCzoPaNO&Tj=CpCL http://www.plucknplace.com/imi7/?yh3pw8MP=gZAQBlns3fHfYlT2vm4W/qy6vp010Mj1FdyDzNui+FDZWIHfJokhWsVo88cHConYgvYgNcLO&Tj=CpCL http://www.card05pay.site/imi7/?yh3pw8MP=nSaRJKeZecJidfWP+63vuBEL2RmhvFlJwjcN95OObN9p2Rvebmagz5JzwepqmCP3yFpdjwAH&Tj=CpCL	15 Info www.centerforcommonground.com(34.102.136.180) www.thechikspot.com(209.99.40.222) www.plucknplace.com(18.213.250.117) www.hasanmedicalservice.com(209.99.40.222) www.dogloveya.com(198.54.117.218) www.snowbirdsrus.com(34.102.136.180) www.carlsbadbeachwear.com() www.michaelhavemeyer.com(34.98.99.30) www.card05pay.site(58.64.137.69) 58.64.137.69 198.54.117.211 - phishing 18.215.128.143 - suspicious 209.99.40.222 - mailcious 34.102.136.180 - mailcious 34.98.99.30 - phishing	1	1	9.4	M	15	ZeroCERT

12117	2021-09-06 18:05	sefile2.exe 80c223af51fcaa9cd18394d64f08e20e Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	29	ZeroCERT

12118	2021-09-06 18:06	ghjk.exe be1aaef37143496d75cb83643ff63f8c PWS Loki[b] Loki.m Raccoon Stealer Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer ScreenShot Http API Steal credential DNS Socket KeyLogger HTTP Internet API AntiDebug AntiVM PE File PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted WMI Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware OskiStealer Stealer Windows Browser Email ComputerName DNS crashed Password	13 Keyword trend analysis Info http://mazooyaar.ac.ug/mozglue.dll http://mazooyaar.ac.ug/softokn3.dll http://mazooyaar.ac.ug/sqlite3.dll http://94.158.245.173/ http://mazooyaar.ac.ug/main.php http://mazooyaar.ac.ug/freebl3.dll http://mazooyaar.ac.ug/nss3.dll http://mazoyer.ac.ug/index.php http://mazooyaar.ac.ug/msvcp140.dll http://mazooyaar.ac.ug/ http://mazooyaar.ac.ug/vcruntime140.dll http://94.158.245.173//l/f/nxZPunsBPvGyIjkLqZcB/8a1a766b0ff5cb7f52f8e96a8dfe79ada77eeb30 https://telete.in/brikitiki - rule_id: 4181	6	9 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 25 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE AZORult v3.3 Server Response M3 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	1	19.2	M	48	ZeroCERT

12119	2021-09-06 18:06	rc.exe e0fcb3e605e5fffbb4e30deed0af01cb Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	1 Keyword trend analysis	8	1		12.6	M	45	ZeroCERT

12120	2021-09-06 18:08	Vids.exe 07d8a630c42701bd47b10d5a15059720 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	28	ZeroCERT