Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
14371	2021-11-01 15:34	1.rtf 847446bc1b6221de28dc78cef9d34623 Malicious Packer Anti_VM RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed		2			3.0	27	guest

14372	2021-11-01 16:24	1.rtf 847446bc1b6221de28dc78cef9d34623 Malicious Packer Anti_VM RTF File doc VirusTotal Malware buffers extracted exploit crash unpack itself Exploit crashed		2			3.0	27	guest

14373	2021-11-01 17:57	1.rtf 847446bc1b6221de28dc78cef9d34623 Malicious Packer Anti_VM RTF File doc VirusTotal Malware					1.2	27	guest

14374	2021-11-01 17:57	top.exe a065b00d113e42d89bcb0ef082862094 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB Remote Code Execution					2.0	30	guest

14375	2021-11-01 17:58	instd.exe eea1c3d1ab9dd50b3dae826b35c8b138 Malicious Packer Malicious Library PE File PE32 VirusTotal Malware					1.8	46	guest

14376	2021-11-01 17:59	instd.exe eea1c3d1ab9dd50b3dae826b35c8b138 task schedule Malicious Packer Malicious Library Code injection AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files unpack itself Windows utilities suspicious process sandbox evasion WriteConsoleW Windows ComputerName					7.6	46	guest

14377	2021-11-01 18:00	instd.exe eea1c3d1ab9dd50b3dae826b35c8b138 Malicious Packer Malicious Library PE File PE32 VirusTotal Malware					1.8	46	guest

14378	2021-11-01 18:21	pub3.exe 2abbb910ba6b974e574842637c05dad6 Malicious Library UPX PE File OS Processor Check PE32 PDB Remote Code Execution					1.0		ZeroCERT

14379	2021-11-01 18:21	open.exe dffc949523ddd2ac73b8a498979c836a Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB Remote Code Execution					1.6	28	ZeroCERT

14380	2021-11-01 18:21	177.exe 6093a7ccaec758a86ee4fb3bd81636db RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware					0.8	23	ZeroCERT

14381	2021-11-01 18:22	180.exe e0f1da55d595ccd8fa30eb7488b71ca2 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware					1.0	33	ZeroCERT

14382	2021-11-01 18:24	180.exe e0f1da55d595ccd8fa30eb7488b71ca2 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware					1.0	33	ZeroCERT

14383	2021-11-01 18:25	screenshot.exe 3ea0aeb40da1e753c6b9ce2981d25e51 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself suspicious TLD DNS	18 Keyword trend analysis Info http://www.203040302.xyz/pufi/?w8l=SazsJgrzUpUyryEoRzL3ozLk5u53xI01dS37dEHagUSA7M4+pBFoADpSCFKEyXWsPLe4UTZI&Tl8=YvIp http://www.dailygossiping.com/pufi/?w8l=GXvFuzK1bbdgitiLy2HfWnxGjRuymxDWMFylOe4VKkbB997oiWy8PH6Pu7w9CriLIOiICFqr&Tl8=YvIp - rule_id: 7279 http://www.dailygossiping.com/pufi/?w8l=GXvFuzK1bbdgitiLy2HfWnxGjRuymxDWMFylOe4VKkbB997oiWy8PH6Pu7w9CriLIOiICFqr&Tl8=YvIp http://www.afroonline.net/pufi/ http://www.203040302.xyz/pufi/ http://www.robinbirrell.top/pufi/ http://www.afroonline.net/pufi/?w8l=N7/n59X1cLHAFWzBtTRt3ZdT6K0UB/kzW/M+XSUtFpOZsEcgix3fZuiXDLxe7X+kmnoPuhMQ&Tl8=YvIp http://www.nishiki-sougou.com/pufi/?w8l=L8fDVh1OUVeer350YRvQBaLd51y9m5TNxA7YU60IN4EJ7RSsSlr3SNitagTtpEnQ6WCpTHPd&Tl8=YvIp http://www.nishiki-sougou.com/pufi/ http://www.kendyraedesigns.com/pufi/?w8l=tyBibEgV9BF8lhDUumdSbiwxJd/yWJodcxFJJHcxLIxJ1DyLBhy/9s4vPvFRgquLiJJ7Ab52&Tl8=YvIp http://www.fusiongroupgames.net/pufi/?w8l=Yj2fkJ3hMx7Dj1IUZFJkgptD6MOKyPCfhg3dVOGvv7ktDtub2qghAhcvcPhz3PhhxomID+bC&Tl8=YvIp http://www.dailygossiping.com/pufi/ - rule_id: 7279 http://www.dailygossiping.com/pufi/ http://www.fusiongroupgames.net/pufi/ http://www.silvanaribeirocake.com/pufi/ http://www.kendyraedesigns.com/pufi/ http://www.silvanaribeirocake.com/pufi/?w8l=KVpxRsxBLGyR/dA5dRco2gV7HLwBacBO7g/vDRrLDRjj50ANKbl2DTrEUGdcD8sCaL2jKW82&Tl8=YvIp http://www.robinbirrell.top/pufi/?w8l=KMyirDow+KPwtdDw/kGLMWCitL++77C3zt6Mb8hkt5NrfBnR4V8iGfReT3CiprEVgM50jtZg&Tl8=YvIp	17 Info www.fusiongroupgames.net(162.241.203.25) www.robinbirrell.top(162.241.27.32) www.kendyraedesigns.com(23.227.38.74) www.nishiki-sougou.com(156.234.138.185) www.203040302.xyz(44.227.76.166) www.avalche.com() www.afroonline.net(154.23.98.181) www.silvanaribeirocake.com(139.162.67.26) www.dailygossiping.com(74.220.199.6) 139.162.67.26 156.234.138.185 44.227.65.245 - mailcious 162.241.203.25 - phishing 74.220.199.6 - mailcious 154.23.98.181 23.227.38.74 - mailcious 162.241.27.32 - mailcious	5	2	9.8	30	ZeroCERT

14384	2021-11-01 18:28	180.exe e0f1da55d595ccd8fa30eb7488b71ca2 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		13.6	33	ZeroCERT

14385	2021-11-01 18:29	pub3.exe 2abbb910ba6b974e574842637c05dad6 Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself Remote Code Execution					1.4		ZeroCERT