Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12736	2021-09-23 18:51	0922_2502147027478.doc 2d494d83bef839234bbc2494159f1459 hancitor VBA_macro Generic Malware MSOffice File GIF Format VirusTotal Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	2 Keyword trend analysis	4	1	1	8.8	M	17	ZeroCERT

12737	2021-09-23 18:51	68yhrfd.exe 61d5e32562d1c70daf0a3112f7888258 NPKI Generic Malware Malicious Packer UPX Anti_VM Malicious Library PE64 PE File VirusTotal Malware unpack itself					2.2		37	ZeroCERT

12738	2021-09-23 18:55	index.html 8ef5732ffbcb81b40b6e629800fbecb5 AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		1	2		5.0	M	28	ZeroCERT

12739	2021-09-23 18:57	flashplayer_cn.exe 019ccf0b6861a90e950379ac4a6c1c83 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PNG Format PE64 VirusTotal Malware PDB Check memory buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces Tofsee Advertising ComputerName Remote Code Execution DNS crashed	10 Keyword trend analysis Info http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s84788878115848?AQB=1&pccr=true&vidn=30A62733A1239123-40000CE0A1B73BD3&ndh=1&t=23%2F8%2F2021%2023%3A52%3A29%204%20-540&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5Cwindows%5Ctemp%5Cflashplayerpp_install_cn.exe%2F160&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=ko_kr&c5=ko_kr%3Aacdc_fp_adm_launched&v18=new&v22=thursday%20-%208%3A30am&v73=acdc_flashplayer&s=1024x768&c=32&j=1.5&v=Y&k=N&bw=654&bh=401&ct=lan&hp=N&AQE=1 http://121.4.249.122:8888/j.ad http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s84788878115848?AQB=1&ndh=1&t=23%2F8%2F2021%2023%3A52%3A29%204%20-540&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5Cwindows%5Ctemp%5Cflashplayerpp_install_cn.exe%2F160&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=ko_kr&c5=ko_kr%3Aacdc_fp_adm_launched&v18=new&v22=thursday%20-%208%3A30am&v73=acdc_flashplayer&s=1024x768&c=32&j=1.5&v=Y&k=N&bw=654&bh=401&ct=lan&hp=N&AQE=1 http://121.4.249.122:8888/GwEZ https://www.flash.cn/cdm/en/flashplayerpp.xml https://api.flash.cn/cdm/getoffer-new?guid=0 https://api.flash.cn/cdm/ueip https://www.flash.cn/cdm/en/helperservice.xml https://www.flash.cn/cdm/en/application.xml https://fusionpings.adobe.com/dlm/dlm.gif?adm_name=Adobe%20Flash%20Player&adm_vers=3.0.0.593s¤tFilename=flashplayerpp_install_cn.exe&os=win&os_loc=ko_KR&os_ver=6.1.1&runbyfc=0&site=live&startWorkflow=1&type=install	8	1		7.4		36	ZeroCERT

12740	2021-09-23 18:58	invoice attachment.docm 4e3fe2ad8dc94dbf82847aa9c18e7efd VBA_macro AntiDebug AntiVM Word 2007 file format(docx) VirusTotal Malware Code Injection Creates executable files RWX flags setting unpack itself DNS crashed	1 Keyword trend analysis	1			7.8		20	ZeroCERT

12741	2021-09-23 19:03	decrypted-Alert_6285.docx 47cbf19af54979b0b8461e8ce2e832ee VBA_macro Word 2007 file format(docx) VirusTotal Malware					2.0		25	ZeroCERT

12742	2021-09-23 19:07	NM4lE9Vw59alNfu.exe 7528f2a0af07a1b7f6be8bdacbbe5461 PWS Loki[b] Loki.m .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .ga Domain ET INFO HTTP Request to a .ga domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		14.6		29	ZeroCERT

12743	2021-09-23 19:10	decrypted-Alert_6285.docx 47cbf19af54979b0b8461e8ce2e832ee VBA_macro Word 2007 file format(docx) VirusTotal Malware RWX flags setting					2.4		25	ZeroCERT

12744	2021-09-23 20:11	specification-1160098069.xls b63a72edba4e940e745ddc599acc2d40 MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	4		3.6			guest

12745	2021-09-23 20:15	specification-1166509884.xls 54c4dc30ccb92a8bd18241c7dedef0b3 MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	4		3.6			guest

12746	2021-09-24 09:03	vbc.exe 517a12b2eb17c1c0f3c8b61d0963a083 Generic Malware Malicious Packer UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution					2.4		24	ZeroCERT

12747	2021-09-24 09:03	imagess.exe 546b3cc7640a0c3105f6674fd9e2debf UPX Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee crashed		2	2		2.2		27	ZeroCERT

12748	2021-09-24 09:05	vbc.exe 44af6dd32a5f7d9077f00fd4d0d97bc4 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.4		29	ZeroCERT

12749	2021-09-24 09:05	706012088801.exe ff77d7b1fa1099ec7bb3215ad2be0871 KeyBase RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1		2.8		19	ZeroCERT

12750	2021-09-24 09:07	BRL_2451020032016.exe 4660dca1c3905ea903c4cb3bd9f73733 KeyBase RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1		3.0	M	24	ZeroCERT