Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14266	2023-03-24 18:20	30..................30........... f3f27539efc7350df9dc444676687f9b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6	M	31	ZeroCERT

14267	2023-03-24 18:19	ndt5tk.exe 9ce5895cf7087cd578519a76e9eadb7c UPX Malicious Library PWS[m] AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName crashed					7.6	M	32	ZeroCERT

14268	2023-03-24 18:18	rc.exe 50e9958bb2a5b6ae6ed8da1b1d97a5bb UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File GIF Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName	3 Keyword trend analysis	2			10.2	M	32	ZeroCERT

14269	2023-03-24 18:17	20............................... 3d64a167c2f313bac10c89b3d591be13 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting					2.6	M	30	ZeroCERT

14270	2023-03-24 18:15	1.vbs 0302835269c55903e8af7326a27ca898 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8	M	2	ZeroCERT

14271	2023-03-24 18:15	vbc.exe 1207e0b55db1b38405c49fc57209fc38 PWS .NET framework RAT UPX .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself DNS crashed		1			3.2	M	33	ZeroCERT

14272	2023-03-24 18:13	vbc.exe 1651e40eaf343b2e9ceaea5f1aef2fae NPKI RAT UPX PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself					1.6	M	29	ZeroCERT

14273	2023-03-24 18:12	huilang.exe f1ec2cf6256a7c8543586065a07da47a UPX PE32 PE File Malware download VirusTotal Open Directory Malware AutoRuns Malicious Traffic Check memory Creates executable files RWX flags setting AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Exploit Browser DNS		1	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP		9.4	M	56	ZeroCERT

14274	2023-03-24 18:12	creal.exe 2120b49043ad53c0a73cbf60bc110f8e Gen1 Emotet Generic Malware UPX Malicious Library Anti_VM Malicious Packer Admin Tool (Sysinternals etc ...) OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files					2.2	M	34	ZeroCERT

14275	2023-03-24 18:11	vbc.exe 52960f977b511bb88664a0177320a26a PWS .NET framework RAT Generic Malware Antivirus .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.4	M	28	ZeroCERT

14276	2023-03-24 18:10	1.vbs 8207f9bb21566a55e65885d18172fe00 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8		2	ZeroCERT

14277	2023-03-24 18:09	98.exe 719082dcc3c017e5b675c8b9ec74b6a1 RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Browser Info Stealer FTP Client Info Stealer Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Collect installed applications AntiVM_Disk IP Check VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		3			12.6	M		ZeroCERT

14278	2023-03-24 17:51	ndt5tk.exe 9ce5895cf7087cd578519a76e9eadb7c UPX Malicious Library PWS[m] AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName crashed					7.6		32	ZeroCERT

14279	2023-03-24 11:31	svchost.exe 8ec922c7a58a8701ab481b7be9644536 Gen2 Gen1 UPX Malicious Packer PE64 PE File PDB Remote Code Execution					0.6			guest

14280	2023-03-24 09:47	vbc.exe b9e1bfbf09491bfb164214ce2618acb7 UPX Malicious Library PE32 PE File VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	22 Keyword trend analysis Info http://www.white-hat.uk/u2kb/?79FhHqw=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&LXnA_A=9E8yrtswxhM - rule_id: 28001 http://www.un-object.com/u2kb/ - rule_id: 28137 http://www.avisrezervee.com/u2kb/?79FhHqw=Nu51DycidcThoi6HkGUnEqF2p/VUHSNCO5CXk0BEdmcXpSXgg1RqTlXk86f8MRtZRxUedaYGJ7PZrk0hQ2YUaALzgSFDdx3OJyeNMnM=&LXnA_A=9E8yrtswxhM http://www.thewildphotographer.co.uk/u2kb/?79FhHqw=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&LXnA_A=9E8yrtswxhM - rule_id: 28007 http://www.222ambking.org/u2kb/ - rule_id: 28004 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip http://www.gritslab.com/u2kb/ - rule_id: 28002 http://www.un-object.com/u2kb/?79FhHqw=pRDkJdNDOVoQCU+9NmsXxtV7Hl5B2fjCZpxzdvjpnmqfDHzh6n+FRjrKmvNay2X+ZHc+W0Q0dfC9yhNaGgRfmUucMWCv4S2l11PhWJ0=&LXnA_A=9E8yrtswxhM - rule_id: 28137 http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009 http://www.avisrezervee.com/u2kb/ http://www.thedivinerudraksha.com/u2kb/?79FhHqw=im5SXjRwbJIZeY2yetpTdO7N29MJtck2UhYi2fNZ2Kf/X7lq2SPRiB6LR8y/FeM3y7tdA/WTtliq4uHTfapDkaA0PJ0fXInXaKlPglI=&LXnA_A=9E8yrtswxhM - rule_id: 28009 http://www.younrock.com/u2kb/ - rule_id: 28006 http://www.energyservicestation.com/u2kb/?79FhHqw=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&LXnA_A=9E8yrtswxhM - rule_id: 28005 http://www.thewildphotographer.co.uk/u2kb/ - rule_id: 28007 http://www.bitservicesltd.com/u2kb/ - rule_id: 28003 http://www.bitservicesltd.com/u2kb/?79FhHqw=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&LXnA_A=9E8yrtswxhM - rule_id: 28003 http://www.shapshit.xyz/u2kb/ - rule_id: 28008 http://www.gritslab.com/u2kb/?79FhHqw=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&LXnA_A=9E8yrtswxhM - rule_id: 28002 http://www.222ambking.org/u2kb/?79FhHqw=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&LXnA_A=9E8yrtswxhM - rule_id: 28004 http://www.shapshit.xyz/u2kb/?79FhHqw=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&LXnA_A=9E8yrtswxhM - rule_id: 28008 http://www.younrock.com/u2kb/?79FhHqw=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&LXnA_A=9E8yrtswxhM - rule_id: 28006 http://www.energyservicestation.com/u2kb/ - rule_id: 28005	24 Info www.thewildphotographer.co.uk(72.14.185.43) - mailcious www.gritslab.com(78.141.192.145) - mailcious www.fclaimrewardccpointq.shop() - mailcious www.avisrezervee.com(31.186.11.254) www.shapshit.xyz(199.192.30.147) - mailcious www.energyservicestation.com(213.145.228.111) - mailcious www.un-object.com(192.185.17.12) - mailcious www.222ambking.org(91.195.240.94) - mailcious www.bitservicesltd.com(161.97.163.8) - mailcious www.thedivinerudraksha.com(85.187.128.34) - mailcious www.white-hat.uk(94.176.104.86) - mailcious www.younrock.com(192.187.111.222) - mailcious 91.195.240.94 - phishing 85.187.128.34 - mailcious 78.141.192.145 - mailcious 192.185.17.12 - mailcious 45.79.19.196 - mailcious 31.186.11.254 - mailcious 213.145.228.111 - mailcious 81.17.29.149 - mailcious 94.176.104.86 - mailcious 161.97.163.8 - mailcious 45.33.6.223 199.192.30.147 - mailcious	1	19 Info http://www.white-hat.uk/u2kb/ http://www.un-object.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.222ambking.org/u2kb/ http://www.gritslab.com/u2kb/ http://www.un-object.com/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.younrock.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.gritslab.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.younrock.com/u2kb/ http://www.energyservicestation.com/u2kb/	4.4	M	34	ZeroCERT