Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-06-03 09:40	AppGate2103v01.exe 9905d4c0f3aaf44c8f7a0f6c4b4d3543 Emotet North Korea Generic Malware UPX Malicious Library .NET framework(MSIL) Malicious Packer Downloader Admin Tool (Sysinternals etc ...) Socket ScreenShot Steal credential DNS Code injection Anti_VM AntiDebug AntiVM PE64 PE File PE32 OS Process Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Check virtual network interfaces malicious URLs Firewall state off IP Check Tofsee Windows Browser ComputerName Remote Code Execution DNS crashed	15 Keyword trend analysis Info http://5.42.66.10/download/th/retail.php - rule_id: 39943 http://176.111.174.109/google http://185.172.128.69/download.php?pub=inte - rule_id: 39937 http://185.172.128.69/download.php?pub=inte http://5.42.66.10/download/th/space.php - rule_id: 39944 http://5.42.99.177/api/crazyfish.php http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://147.45.47.149:54674/rade/kano.exe http://185.172.128.159/dl.php - rule_id: 39941 http://5.42.66.10/download/th/getimage12.php - rule_id: 39942 http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe - rule_id: 39939 http://5.42.99.177/api/twofish.php http://5.42.66.10/download/123p.exe - rule_id: 39935 https://db-ip.com/demo/home.php?s=	26 Info f.123654987.xyz() - malware db-ip.com(172.67.75.166) monoblocked.com(45.130.41.108) - malware api64.ipify.org(104.237.62.213) api.myip.com(104.26.9.59) lop.foxesjoy.com(104.21.66.124) - malware ipinfo.io(34.117.186.192) vk.com(87.240.132.72) - mailcious 176.111.174.109 61.111.58.34 - malware 5.42.99.177 104.26.9.59 104.26.4.15 172.67.159.232 34.117.186.192 45.130.41.108 - malware 147.45.47.149 94.232.45.38 - malware 104.237.62.213 185.172.128.69 - malware 87.240.132.67 - mailcious 5.42.66.10 - malware 185.172.128.159 - malware 91.202.233.232 - mailcious 5.42.65.116 149.88.76.85 - malware	18 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 1 SURICATA Applayer Mismatch protocol both directions ET DROP Spamhaus DROP Listed Traffic Inbound group 14 ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET DROP Dshield Block Listed Source group 1 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	8 Info http://5.42.66.10/download/th/retail.php http://185.172.128.69/download.php?pub=inte http://5.42.66.10/download/th/space.php http://94.232.45.38/eee01/eee01.exe http://185.172.128.159/dl.php http://5.42.66.10/download/th/getimage12.php http://91.202.233.232/o2i3jroi23joj23ikrjokij3oroi.exe http://5.42.66.10/download/123p.exe	18.4	M	14	ZeroCERT

First
1
Last
Total : 1cnts