Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13321	2021-10-08 11:59	dodi.exe 514bedb49ac9d508f800035c04819bab Malicious Packer Malicious Library PE64 PE File VirusTotal Malware Code Injection buffers extracted					3.2	M	42	ZeroCERT

13322	2021-10-08 11:59	vbc.exe 8c7ed5bf68dd9a6f76be57eb9ab80ae7 Loki PWS Loki[b] Loki.m .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	22	ZeroCERT

13323	2021-10-08 12:01	Rasomware2.0.exe 7d17a868abac9de81fe79087eee31471 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.4	M	46	ZeroCERT

13324	2021-10-08 12:01	OUTLOOK.exe 003fe2caa607d38d3434be33898f4001 Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware MachineGuid Checks debugger unpack itself					2.0	M	13	ZeroCERT

13325	2021-10-08 12:03	office.exe a4fd453636d07090a43331648719838c Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.0	M	30	ZeroCERT

13326	2021-10-08 12:03	new.exe e13c7ba670a1ceb573c5d297b888df6c NSIS Malicious Library PE File PE32 OS Processor Check DLL VirusTotal Malware Code Injection Check memory WMI Creates executable files RWX flags setting unpack itself AppData folder ComputerName crashed					6.4	M	36	ZeroCERT

13327	2021-10-08 12:05	rollerkind2.exe d3b22e04e71c617eb8ce39e91803088c Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					1.8	M	19	ZeroCERT

13328	2021-10-08 12:11	doc-1655656043.xls b3d2bab83100fdd3a65921dc29a67545 Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	2		4.0			guest

13329	2021-10-08 12:14	doc-165613473.xls e9c12db7ee30e5ffc7d11ddbe09c0884 Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	2		4.0			guest

13330	2021-10-08 12:16	doc-1655895980.xls 73ed45ad6fd7c7d64a631f8ba9c8920a Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	2		4.0			guest

13331	2021-10-08 13:29	CLoader.exe 5358e3c10a13dacc3c34d118abf7fac9 Anti_VM Malicious Library PE File PE32 VirusTotal Malware					1.2	M	24	ZeroCERT

13332	2021-10-08 14:36	Manulife_policy.xls 128a2d6105360896238515c941c67f88 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself DNS		1			2.8	M	25	guest

13333	2021-10-08 14:43	Manulife_policy.xls 128a2d6105360896238515c941c67f88 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself DNS		1			2.8	M	25	guest

13334	2021-10-08 14:47	Manulife_policy.xls 128a2d6105360896238515c941c67f88 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself DNS		1			2.8	M	25	guest

13335	2021-10-08 14:56	http://103.167.93.12/0000/vbc.... 8c7ed5bf68dd9a6f76be57eb9ab80ae7 PWS .NET framework Generic Malware DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffice File Malware download VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.2	M	22	ZeroCERT