Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-11-01 19:37	Biacs.exe 8bbba1d1448825a0c428dc296573cf8d Formbook AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious TLD Windows DNS Cryptographic key	21 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.prosourcegraniteinc.com/kniu/?hGC=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&iOwKE=__tE6 - rule_id: 36717 http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.theartboxslidell.com/kniu/?hGC=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&iOwKE=__tE6 - rule_id: 36718 http://www.tsygy.com/kniu/?hGC=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&iOwKE=__tE6 - rule_id: 36721 http://192.3.64.154/1906/Pxgltvs.pdf http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.frefire.top/kniu/?hGC=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&iOwKE=__tE6 - rule_id: 36723 http://www.frefire.top/kniu/ - rule_id: 36723 http://www.xxkxcfkujyeft.xyz/kniu/?hGC=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&iOwKE=__tE6 - rule_id: 36719 http://www.flyingfoxnb.com/kniu/ - rule_id: 36725 http://www.palatepursuits.cfd/kniu/?hGC=hbIoOV/dmdXO2xpIn07o59QoAXcFh8OwL7wE3CCbwPL4DaTNKf4A6Fx93MICWs67Kq9ozN+vd0WYpt+cGdGxDSTpWz7Z0RqHqaDgDUU=&iOwKE=__tE6 - rule_id: 36726 http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.palatepursuits.cfd/kniu/ - rule_id: 36726 http://192.3.64.154/1906/HtmlIEcleanerHistory.exe http://www.onlyleona.com/kniu/?hGC=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&iOwKE=__tE6 - rule_id: 36720 http://www.flyingfoxnb.com/kniu/?hGC=2khzscf+uoNd4qXDJMvMlsCGRf74adwr4dCZmsSaM5bi7vY8OWwGY+oUQIQbfdmtzbAFku/2CGFb1XO6VHKJWfD6Hx+uzWgInko6T2A=&iOwKE=__tE6 - rule_id: 36725 http://www.poultry-symposium.com/kniu/?hGC=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&iOwKE=__tE6 - rule_id: 36722	24 Info www.palatepursuits.cfd(104.21.21.57) - mailcious www.onlyleona.com(104.21.13.143) - mailcious www.prosourcegraniteinc.com(216.239.32.21) - mailcious www.pengeloladata.click() - mailcious www.xxkxcfkujyeft.xyz(142.171.29.133) - mailcious www.theartboxslidell.com(23.82.12.35) - mailcious www.8956kjw1.com(103.71.154.243) www.frefire.top(67.223.117.37) - mailcious www.tsygy.com(23.104.137.185) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.flyingfoxnb.com(216.40.34.41) - mailcious www.siteapp.fun() - mailcious 142.171.29.133 192.3.64.154 - mailcious 23.104.137.185 - mailcious 67.223.117.37 - mailcious 172.67.196.133 - mailcious 216.40.34.41 - mailcious 23.82.12.35 103.71.154.243 45.33.6.223 216.239.36.21 - phishing 172.67.132.228 - mailcious 85.128.134.237 - mailcious	12 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET INFO Dotted Quad Host PDF Request SURICATA HTTP unable to match response to request ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers	18 Info http://www.onlyleona.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.tsygy.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.theartboxslidell.com/kniu/ http://www.frefire.top/kniu/ http://www.frefire.top/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.tsygy.com/kniu/ http://www.palatepursuits.cfd/kniu/ http://www.onlyleona.com/kniu/ http://www.flyingfoxnb.com/kniu/ http://www.poultry-symposium.com/kniu/	11.0	M	30	ZeroCERT

2	2023-08-03 10:18	IBS_Cortana.exe 08defe80ace1f032875c8127ae5e4481 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder		1			2.4		21	ZeroCERT

3	2023-08-03 10:14	Regasm.exe 11918dee7fc7db0c4b2c9bee96e9f9d9 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.4		21	ZeroCERT

First
1
Last
Total : 3cnts