Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12166	2021-09-07 19:13	rac.exe 16838d8c5d81830caba15fdef47b3015 Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					1.8	M	24	ZeroCERT

12167	2021-09-07 19:14	vbc.exe f1bb297d01ba31319a9e7e9a38ad42c0 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key	16 Keyword trend analysis Info http://www.rusmumrik.com/24ng/?ulmX=m7TGHaUMYwN31UVWgWF/s8Sfddvio/h+yp1zpCFRls/S5r6TGFuyVzwEYxvC5L41qSn/G2Me&D8ODAr=jfIXkDKpiPY8e6tp http://www.rusmumrik.com/24ng/ http://www.myfreezic.com/24ng/ http://www.inanavcifitnessclub.com/24ng/ - rule_id: 4825 http://www.greenexpress24.com/24ng/ http://www.myfreezic.com/24ng/?ulmX=YF1kztGDlRJpsfA9HLEjfHWM3KfZfu6pVivDrAZmlPi8ADA1cW10jKFzSf6SS65dyB8FAXy7&D8ODAr=jfIXkDKpiPY8e6tp http://www.wandallia.com/24ng/ http://www.wandallia.com/24ng/?ulmX=J2684jHzx1ks1z1g6UlnDqtB+rIWpEKzrrtDNmORcAxr0eWboAwg5tQUAmR9ZYmGMe6nI1qo&D8ODAr=jfIXkDKpiPY8e6tp http://www.mercurydatas.com/24ng/?ulmX=73RKxnoEEGPHaiqYHtD+jTsNxYvkw6Ei3DrZaFJsPwj3AJHixVrZdfXfQY48NHPO2bpqzq2Z&D8ODAr=jfIXkDKpiPY8e6tp - rule_id: 4594 http://www.ibggroupkerala.com/24ng/ http://www.mercurydatas.com/24ng/ - rule_id: 4594 http://www.ibggroupkerala.com/24ng/?ulmX=Z5oHB8hUZvRhg9blaFXqK6c4wn9BH2EGRbhw5ERI5LiMf/uXJIEUSWuKFSUYehnKAlq2TlpW&D8ODAr=jfIXkDKpiPY8e6tp http://www.inanavcifitnessclub.com/24ng/?ulmX=7B/mxEe684X+Fe8GJ5WQJKEToqxOKLoYRHSlnqT22Suhy7fkAEyyqsV6IsAMnECK+ppvVgFJ&D8ODAr=jfIXkDKpiPY8e6tp - rule_id: 4825 http://www.greenexpress24.com/24ng/?ulmX=2e6wYlryEa0vLTPjfN4r58Bshi9ru1qRbjT+bhMZ3EXC/MDmTGKly4nIEkqr25AZupeddAYD&D8ODAr=jfIXkDKpiPY8e6tp http://www.stellarsoundsandevents.com/24ng/ http://www.stellarsoundsandevents.com/24ng/?ulmX=LBlxLjx1erJtyf7XMF1eHh63aPll/IBCmifS69HlewcLnWxqS/UmvMQdGifiaPD188nh048y&D8ODAr=jfIXkDKpiPY8e6tp	16 Info www.ibggroupkerala.com(209.99.40.222) www.stellarsoundsandevents.com(172.217.174.115) www.mercurydatas.com(91.194.91.202) www.wandallia.com(85.128.134.235) www.routrays.com() www.inanavcifitnessclub.com(209.99.40.222) www.myfreezic.com(103.139.0.32) www.greenexpress24.com(208.91.197.46) www.rusmumrik.com(160.121.109.52) 103.139.0.32 - mailcious 172.217.163.243 85.128.134.235 208.91.197.46 - mailcious 209.99.40.222 - mailcious 160.121.109.52 91.194.91.202 - mailcious	2	4	9.4	M	24	ZeroCERT

12168	2021-09-07 19:15	clip.exe 483715033eb4f12ab5c3d9a7e2953221 Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	35	ZeroCERT

12169	2021-09-07 19:15	usermasabikzx.exe ed32e8f2f6119552321f3ed79a730320 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.4	M	17	ZeroCERT

12170	2021-09-07 19:17	kernel.exe e2178538425f24c99cc460d888733e28 Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key Downloader	2 Keyword trend analysis	3	1		10.0	M	30	ZeroCERT

12171	2021-09-07 19:17	vbc.exe 3e7e25ad1c141f146e5ef2b18e624886 PE File PE32 VirusTotal Malware Tofsee	1 Keyword trend analysis	2	2		0.8	M	23	ZeroCERT

12172	2021-09-07 19:20	stl.exe 66a8fb0b8be4768c062c24b7313a457a Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB					1.8	M	47	ZeroCERT

12173	2021-09-07 19:22	SupplierRemittance.jar 65970fb1339deb21897524771d86da04 VirusTotal Malware Check memory heapspray unpack itself Java					2.2	M	10	ZeroCERT

12174	2021-09-07 19:24	blaqzx.exe b93fe30991e5ca36666d7f6d79db4bf3 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					8.6	M	20	ZeroCERT

12175	2021-09-07 19:46	SupplierRemittance.jar 65970fb1339deb21897524771d86da04 NPKI Malicious Library Malicious Packer PE File PE32 OS Processor Check DLL Malware download NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Windows Java Email ComputerName DNS DDNS crashed	1 Keyword trend analysis	10	4		8.8	M	10	ZeroCERT

12176	2021-09-08 09:06	kvi.exe 010394a473e77f7d72f63507b383f05c Generic Malware UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution					2.2		19	ZeroCERT

12177	2021-09-08 09:12	북한의 최근 정세와 우리의 안보.doc... baa9b34f152076ecc4e01e35ecc2de18 Generic Malware VBA_macro DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself malicious URLs Tofsee Exploit crashed	1 Keyword trend analysis	2	1		6.0		25	ZeroCERT

12178	2021-09-08 09:30	sadexe.exe 8884881ff19c34d3974a042004249d5f Gen2 Gen1 RAT Generic Malware Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution crashed					8.6		51	ZeroCERT

12179	2021-09-08 09:31	PAYMENT.exe d16088a5dce52983fccd16363d805cf7 PE File PE32 VirusTotal Malware unpack itself Tofsee	1 Keyword trend analysis	2	2		1.0		18	ZeroCERT

12180	2021-09-08 09:35	vbc.exe 1ad28c768524311e68f7db00b34e9c29 Generic Malware PE File PE32 VirusTotal Malware unpack itself Tofsee	1 Keyword trend analysis	2	2		1.4	M	33	r0d