Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-06-16 10:36	1234.exe 4d85d7bdb9b2d6163ebc289af01f023d HermeticWiper Generic Malware PhysicalDrive Malicious Packer Malicious Library Downloader UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges PWS Internet API AntiDebug AntiVM PE File PE32 CAB OS Processor Check DllRegisterSer PDB Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk China anti-virtualization VM Disk Size Check Tofsee Windows Remote Code Execution	8 Keyword trend analysis Info http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=653&tdl=653&tds=653&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|653,P2PS\|0,PDMode\|2&tfl=653&tp=t&tst=1&ttdl=653&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Sam.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153 http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Sam.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=2C4D1463A89D6C425729E1EBD92D9A08&p2p=1&t_id=360TS_Setup.exe&tads=17298256&tdl=103789536&tds=17316439&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|23,HttpNum\|18,DnFailCount\|22,FStatus\|1,P2SS\|103789536,P2PS\|0,PDMode\|3&tfl=103789536&tp=t&tst=1&ttdl=103789536&ttm=6062&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://sd.p.360safe.com/8F105DD2B73CEC44783794041478D929FC616836.trt http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1105.exe https://orion.ts.360.com/installapp?c=&ch=WW.Sam.CPI202405&sch=0&ver=11.0.0.1105&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1718502664&checksum=10FC50695A77DD5E36A7B75A	20 Info sd.p.360safe.com(54.230.169.32) tr.p.360safe.com(54.76.174.118) int.down.360safe.com(54.230.176.104) orion.ts.360.com(82.145.215.156) iup.360safe.com(54.230.61.95) st.p.360safe.com(54.77.42.29) s.360safe.com(54.255.136.181) 54.230.61.65 54.255.136.181 54.230.176.36 54.76.174.118 54.77.42.29 54.230.176.22 54.230.169.19 54.230.61.95 82.145.215.156 54.230.176.105 54.230.176.104 54.230.61.39 54.230.61.34	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		6.6	M		ZeroCERT

2	2024-06-01 09:02	360TS_Setup_Mini_WW.Peter.CPI2... 2de14d82238bf5395e0b95e551ab8e00 HermeticWiper Generic Malware PhysicalDrive Malicious Library Downloader Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges PWS Internet API AntiDebug AntiVM PE File PE32 CAB OS Processor Check DLL PNG Format VirusTotal Malware PDB Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk China anti-virtualization VM Disk Size Check human activity check Tofsee Windows Remote Code Execution	8 Keyword trend analysis Info http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Peter.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153 http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|656,P2PS\|0,PDMode\|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Peter.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=20754835&tdl=103774176&tds=21074244&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|24,HttpNum\|19,DnFailCount\|23,FStatus\|1,P2SS\|103774176,P2PS\|0,PDMode\|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=5000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS https://orion.ts.360.com/installapp?c=&ch=WW.Peter.CPI202405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1717228204&checksum=B8925F61EE911EB0BB940A15	21 Info sd.p.360safe.com(54.230.169.19) tr.p.360safe.com(54.76.174.118) int.down.360safe.com(13.225.114.95) st.p.360safe.com(54.77.42.29) iup.360safe.com(54.230.61.34) orion.ts.360.com(82.145.215.152) s.360safe.com(54.255.136.181) 54.230.61.65 13.225.114.36 13.225.114.95 54.254.196.234 54.255.136.181 54.77.42.29 54.76.174.118 13.225.114.61 82.145.215.156 54.230.61.95 54.230.169.8 13.225.114.50 54.230.61.39 54.230.61.34	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		7.8		2	ZeroCERT

3	2024-01-28 10:05	360TS_Setup_Mini_WW.Ginmobi.CP... 3016285c9eb979ba1703d25012457567 HermeticWiper PhysicalDrive Generic Malware Malicious Library Malicious Packer Downloader UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges PWS Internet API AntiDebug AntiVM PE32 PE File CAB OS Processor Check DLL DllRegiste VirusTotal Malware PDB Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk China anti-virtualization VM Disk Size Check Tofsee Windows Remote Code Execution DNS keylogger	8 Keyword trend analysis Info http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=5AB68050645C22B305C3DDFD067536BA&p2p=1&t_id=360TS_Setup.exe&tads=16865916&tdl=101195496&tds=17031830&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|23,HttpNum\|18,DnFailCount\|22,FStatus\|1,P2SS\|101195496,P2PS\|0,PDMode\|3&tfl=101195496&tp=t&tst=1&ttdl=101195496&ttm=6063&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Ginmobi.CPI202401&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9 http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1073.exe http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|655,P2PS\|0,PDMode\|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Ginmobi.CPI202401&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153 http://sd.p.360safe.com/6F79A56EEE9CC4E090829186AED7661C24328656.trt https://orion.ts.360.com/installapp?c=&ch=WW.Ginmobi.CPI202401&sch=0&ver=11.0.0.1073&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1706411816&checksum=6FC809A9E95941BB8F2BC53F	22 Info sd.p.360safe.com(54.230.169.15) tr.p.360safe.com(54.76.174.118) int.down.360safe.com(99.86.207.61) orion.ts.360.com(82.145.215.156) iup.360safe.com(54.230.61.39) st.p.360safe.com(54.77.42.29) s.360safe.com(54.255.136.181) 54.230.61.65 54.255.136.181 99.86.207.15 54.254.196.234 99.86.207.68 54.230.169.15 54.77.42.29 82.145.215.152 54.76.174.118 54.230.61.95 54.230.61.39 54.230.61.34 99.86.207.16 99.86.207.61 125.253.92.50	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		8.6		3	ZeroCERT

First
1
Last
Total : 3cnts