Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12451	2021-09-15 12:37	Virtual private network.js f1680aa55c88220bcf83e24d89628cc9 VirusTotal Malware ComputerName					1.0		25	ZeroCERT

12452	2021-09-15 13:47	ec.exe 4ab2935ce1e3b2e7032cc505f0850809 Malicious Library UPX AntiDebug AntiVM PE64 PE File VirusTotal Malware Code Injection Creates executable files Windows utilities suspicious process WriteConsoleW Windows					5.2	M	40	ZeroCERT

12453	2021-09-15 13:50	test3.exe fa0c8c44a1586d075fe128e07844ef1d RAT PWS .NET framework Generic Malware Malicious Packer UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiV VirusTotal Malware Code Injection AppData folder WriteConsoleW Tofsee ComputerName DNS		3	2		5.8	M	32	ZeroCERT

12454	2021-09-15 13:56	12332123331.exe f6b0a679d3821681191512265666d981 RAT PWS .NET framework Generic Malware Malicious Packer UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiV VirusTotal Malware Code Injection Check memory AppData folder WriteConsoleW Tofsee ComputerName DNS		3	2		6.6		34	ZeroCERT

12455	2021-09-15 16:01	loadetc.exe 2bd18b0ce7aa8dfaee0e922090aae138 Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 Malware download VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Creates executable files Windows utilities suspicious process WriteConsoleW Windows DNS Downloader	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	7.8	M	38	r0d

12456	2021-09-15 18:13	phorm.exe 400fc2e410b02fb12db7634c8221f51c Worm Phorpiex Malicious Library PE File PE32 VirusTotal Malware AutoRuns PDB Windows					3.0		34	ZeroCERT

12457	2021-09-15 18:14	svch.exe ddc1e4f7216d422e2534c4cbc2ff34d5 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Downloader	2 Keyword trend analysis	5	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0		25	ZeroCERT

12458	2021-09-15 18:15	setup.exe 498d616eef919be56eb9760a0d749500 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0		28	ZeroCERT

12459	2021-09-15 18:17	sorptions.exe f8146a71dedc3eeeaa1624d6832c39a4 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName	18 Keyword trend analysis Info http://www.colourfulcollective.travel/vuja/?tFQh=NeXfqbQBn00G7cicH7UB6xXl0LHypMJrE00CST2UIZFtAwAwj0eoKNg/2XDqkkXBp6wnS3m8&CTvX=cvUlPjex http://www.fizzandfun.com/vuja/ http://www.6144prestoncircle.com/vuja/ http://www.dressmids.com/vuja/?tFQh=mgzvXufa+90TG6R5SOMfQOc1unGQJGuCHGeN9AMDomfxeIRgjda1q2PXtdJf4iXUkYYT1jt2&CTvX=cvUlPjex http://www.casualwearus.com/vuja/ http://www.mckinleyacreage.com/vuja/?tFQh=9G9Onih7skeaW/ZE8vE8lBBj0mn4hV1hY34vlaK/oE7qJOC24/89nTu+owKUtYPkoEk7FLz3&CTvX=cvUlPjex http://www.seifenliebe.info/vuja/ http://www.seifenliebe.info/vuja/?tFQh=j4rn8y5wLXnljnCO2PBw1xYGB35MNQ6urzEBF/7gq/0pELoaCLD5ksrZvEnQjTzQa0aOSEeG&CTvX=cvUlPjex http://www.reebootwithjoe.com/vuja/ http://www.mckinleyacreage.com/vuja/ http://www.colourfulcollective.travel/vuja/ http://www.fizzandfun.com/vuja/?tFQh=JqmZ/5yCnXgdAKqAW7o9T7IOlu7elTN3lBWcIOIjYuG4cvTF7FtaFO6S8AL7YL3P1d1sQBYN&CTvX=cvUlPjex http://www.casualwearus.com/vuja/?tFQh=mxtan7FRl9X+yS8KhP5hSONLXvZcIEMjVDlTSbR1irRPqNRN5pncm/+YsSOpAWjjS5/QmgyI&CTvX=cvUlPjex http://www.thecoastalhomeshop.com/vuja/?tFQh=o7u44W4wSqglJiH0Hkz0GJyhxbwgX4vbxtomYdD15gH9DWV+e7d8xHWMnkdr1XCW9VT4lnMk&CTvX=cvUlPjex http://www.thecoastalhomeshop.com/vuja/ http://www.6144prestoncircle.com/vuja/?tFQh=cexc7msAl8Bekj82ch8DlEtwlrb7vERlnZPJr7vypF80BFBf38xl7xfBBBPuZzAzf5LM2Vgt&CTvX=cvUlPjex http://www.dressmids.com/vuja/ http://www.reebootwithjoe.com/vuja/?tFQh=Twl0vVhxCYX+WwcUMjdhaSOjZMxHdKOvh7b++vC075l05tLtCmhhCzBeyMPLUujHWAZb+Igo&CTvX=cvUlPjex	17 Info www.mckinleyacreage.com(99.83.154.118) www.6144prestoncircle.com(34.98.99.30) www.dressmids.com(34.98.99.30) www.colourfulcollective.travel(122.201.127.227) www.goodgrrrldesign.com() www.thecoastalhomeshop.com(198.54.117.218) www.fizzandfun.com(99.83.154.118) www.reebootwithjoe.com(34.98.99.30) www.seifenliebe.info(81.169.145.160) www.casualwearus.com(72.52.179.175) www.racanelliestimating.com() 122.201.127.227 81.169.145.160 - mailcious 198.54.117.215 - mailcious 99.83.154.118 - mailcious 34.98.99.30 - phishing 72.52.179.175 - mailcious	1		10.6		20	ZeroCERT

12460	2021-09-15 18:55	vbc.exe 4c658db84a58ce7ec0c2f2eb9f14c97c RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 GIF Format Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder human activity check Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	2		14.2		27	ZeroCERT

12461	2021-09-16 08:57	3r.jpeg 3eb3bb1d54b8be3ca1c573e82c5ae51e								ZeroCERT

12462	2021-09-16 08:58	enquiry_6307300022png.exe e552183d16e0d6629c88a4a163d266fc RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName crashed					11.2		23	ZeroCERT

12463	2021-09-16 09:00	vbc.exe 495f38b437ff5fc9f49d2d77842fe53b Lokibot PWS Loki[b] Loki.m Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0	M	24	ZeroCERT

12464	2021-09-16 09:04	qwerty123123.html 31c4efdb18099a92f2f4c6cd82a05263 Antivirus AntiDebug AntiVM MSOffice File PNG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	31 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/blogin.g?blogspotURL=https://johonathahogyaabagebarhomeintum.blogspot.com/p/qwerty123123.html&type=blog https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.google-analytics.com/analytics.js https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=lrBN8HXfW_IYqUwtlpmBqJlzkN0vwBgYV_uLsPG37u0 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8965474558532949541&zx=71c606ab-b45e-40a8-94e8-2127ee2c3eba https://resources.blogblog.com/img/anon36.png https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/p/qwerty123123.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/p/qwerty123123.html%26type%3Dblog%26bpli%3D1&passive=true&go=true https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://resources.blogblog.com/img/blank.gif https://www.google.com/js/bg/lrBN8HXfW_IYqUwtlpmBqJlzkN0vwBgYV_uLsPG37u0.js https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff https://www.blogger.com/static/v1/jsbin/1621653182-comment_from_post_iframe.js https://www.blogger.com/static/v1/widgets/1667664774-css_bundle_v2.css https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=8191441499381901671&blogspotRpcToken=7334942 https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/jsbin/2520659415-cmt__en_gb.js https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fqwerty123123.html&type=blog&bpli=1 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D8191441499381901671%26blogspotRpcToken%3D7334942%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D8191441499381901671%26blogspotRpcToken%3D7334942%26bpli%3D1&passive=true&go=true https://www.blogger.com/static/v1/widgets/4164007864-widgets.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=8191441499381901671&blogspotRpcToken=7334942&bpli=1	16 Info resources.blogblog.com(216.58.220.137) www.google.com(172.217.27.68) www.gstatic.com(216.58.220.131) fonts.googleapis.com(172.217.31.170) accounts.google.com(172.217.26.13) www.google-analytics.com(142.250.196.110) fonts.gstatic.com(172.217.25.67) www.blogger.com(216.58.220.137) 216.58.200.78 216.58.200.77 172.217.31.233 172.217.174.201 172.217.24.68 142.250.199.67 142.250.66.67 142.250.199.74	2		4.2			ZeroCERT

12465	2021-09-16 09:06	vbc.exe 4399c694e88f3f32d22d91c6c4a173ed UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization Remote Code Execution					4.2	M	37	ZeroCERT