Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-11-04 15:10	ww_testLL_0211_single.exe 8ac9ae1dd3a33406003c4456359a9db4 RAT Gen1 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 PE64 DLL .NET EXE Browser Info Stealer Malware download Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW IP Check Tofsee Windows Browser ComputerName DNS crashed	25 Keyword trend analysis Info http://www.hzradiant.com/askhelp42/askinstall42.exe http://fouratlinks.com/installpartners/ShareFolder.exe http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe http://45.133.1.182/proxies.txt - rule_id: 6139 http://212.192.241.62/base/api/statistics.php http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://212.192.241.62/base/api/getData.php http://45.133.1.107/server.txt http://212.192.241.62/service/communication.php http://staticimg.youtuuee.com/api/?sid=2099253&key=fd52925171e83f42fc2ded8133aae222 - rule_id: 5258 https://f.gogamef.com/userhome/22/23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe https://cdn.discordapp.com/attachments/891006172130345095/905376099935080508/realV2_0301.bmp https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://yandex.ru/showcaptcha?cc=1&retpath=https%3A//yandex.ru/%3F_a09e8b000a282123c603bfc4a97c0306&t=2/1636005811/44697f40337ea4bdfd2de18621e47c54&u=7a6baacf-5dc3c4f0-2c5eb502-48cc2bf3&s=7586315df59045f770b5809e4db25d55 https://cdn.discordapp.com/attachments/896617596772839426/899593707228135434/Cube_WW14.bmp https://d.gogamed.com/userhome/22/any.exe https://yandex.ru/ https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	40 Info d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware www.hzradiant.com(194.163.158.120) t.gogamec.com(172.67.204.112) ip-api.com(208.95.112.1) iplis.ru(88.99.66.31) - mailcious cdn.discordapp.com(162.159.133.233) - malware eguntong.com(5.8.76.205) f.gogamef.com(104.21.72.228) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.64.55) ipinfo.io(34.117.59.81) twitter.com(104.244.42.65) dataonestorage.com(45.142.182.152) - malware telegram.org(149.154.167.99) yandex.ru(5.255.255.5) apps.identrust.com(23.216.159.81) fouratlinks.com(199.192.17.247) staticimg.youtuuee.com(45.136.151.102) - mailcious 162.159.133.233 - malware 23.32.56.144 5.8.76.205 149.154.167.99 45.142.182.152 88.99.66.31 - mailcious 45.133.1.107 - malware 104.21.72.228 34.117.59.81 45.136.113.13 - malware 104.244.42.65 - suspicious 45.133.1.182 - malware 52.219.66.59 208.95.112.1 45.136.151.102 - mailcious 194.163.158.120 - malware 5.255.255.5 121.254.136.27 212.192.241.62 199.192.17.247 172.67.204.112 172.67.185.110	11 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET INFO Packed Executable Download ET POLICY External IP Lookup ip-api.com	3	14.2	M		ZeroCERT

2	2021-11-04 15:09	ww_testFS_0211_single.exe 4ea672ca05b3c1e7d131ecc108c7e7f1 RAT Gen1 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 PE64 DLL Browser Info Stealer Malware download VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW IP Check Tofsee Windows Browser ComputerName DNS crashed	23 Keyword trend analysis Info http://staticimg.youtuuee.com/api/?sid=2098765&key=a7620f1fdb5530186e00465d6d97c1bb - rule_id: 5258 http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe http://45.133.1.182/proxies.txt - rule_id: 6139 http://212.192.241.62/base/api/statistics.php http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://212.192.241.62/base/api/getData.php http://45.133.1.107/server.txt http://212.192.241.62/service/communication.php http://www.hzradiant.com/askhelp42/askinstall42.exe https://f.gogamef.com/userhome/22/23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe https://cdn.discordapp.com/attachments/891006172130345095/905376099935080508/realV2_0301.bmp https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://cdn.discordapp.com/attachments/896617596772839426/899593707228135434/Cube_WW14.bmp https://d.gogamed.com/userhome/22/any.exe https://yandex.ru/ https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	38 Info d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.158.50) t.gogamec.com(104.21.85.99) apps.identrust.com(23.216.159.81) iplis.ru(88.99.66.31) - mailcious ip-api.com(208.95.112.1) eguntong.com(5.8.76.205) f.gogamef.com(104.21.72.228) ipinfo.io(34.117.59.81) twitter.com(104.244.42.65) dataonestorage.com(45.142.182.152) - malware telegram.org(149.154.167.99) cdn.discordapp.com(162.159.130.233) - malware yandex.ru(5.255.255.70) www.hzradiant.com(194.163.158.120) staticimg.youtuuee.com(45.136.151.102) - mailcious 52.219.156.6 119.207.65.81 - suspicious 172.67.136.94 5.8.76.205 5.255.255.70 149.154.167.99 45.142.182.152 88.99.66.31 - mailcious 45.133.1.107 - malware 34.117.59.81 45.133.1.182 - malware 23.216.159.81 208.95.112.1 45.136.151.102 - mailcious 162.159.134.233 - malware 194.163.158.120 - malware 45.136.113.13 - malware 212.192.241.62 104.244.42.193 - suspicious 172.67.204.112 104.21.59.236	10 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2 ET POLICY External IP Lookup ip-api.com	3	16.4	M	23	ZeroCERT

3	2021-11-04 14:53	ww15_testLL_0310_single.exe d6fe99dda423f5d46e37e8b803c36394 RAT Gen1 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 PE64 DLL .NET EXE Browser Info Stealer Malware download VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder suspicious TLD sandbox evasion WriteConsoleW IP Check Tofsee Windows Browser ComputerName DNS crashed	23 Keyword trend analysis Info http://www.hzradiant.com/askhelp42/askinstall42.exe http://fouratlinks.com/installpartners/ShareFolder.exe http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe http://45.133.1.182/proxies.txt - rule_id: 6139 http://staticimg.youtuuee.com/api/?sid=2038513&key=11f089e10a0c2265ea78807ce63e1d19 - rule_id: 5258 http://212.192.241.62/base/api/statistics.php http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://212.192.241.62/base/api/getData.php http://45.133.1.107/server.txt http://212.192.241.62/service/communication.php https://f.gogamef.com/userhome/22/23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://cdn.discordapp.com/attachments/896617596772839426/899593707228135434/Cube_WW14.bmp https://d.gogamed.com/userhome/22/any.exe https://yandex.ru/ https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	41 Info d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware www.hzradiant.com(194.163.158.120) t.gogamec.com(172.67.204.112) apps.identrust.com(119.207.65.81) iplis.ru(88.99.66.31) - mailcious cdn.discordapp.com(162.159.135.233) - malware eguntong.com(5.8.76.205) f.gogamef.com(104.21.72.228) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.62.87) connectini.net(162.0.210.44) - mailcious ipinfo.io(34.117.59.81) twitter.com(104.244.42.1) dataonestorage.com(45.142.182.152) - malware telegram.org(149.154.167.99) ip-api.com(208.95.112.1) fouratlinks.com(199.192.17.247) yandex.ru(77.88.55.55) staticimg.youtuuee.com(45.136.151.102) - mailcious 182.162.106.26 172.67.136.94 52.219.158.38 45.133.1.107 - malware 149.154.167.99 45.142.182.152 88.99.66.31 - mailcious 162.0.210.44 - mailcious 5.8.76.205 34.117.59.81 45.133.1.182 - malware 104.21.85.99 208.95.112.1 45.136.151.102 - mailcious 162.159.134.233 - malware 194.163.158.120 - malware 45.136.113.13 - malware 212.192.241.62 104.244.42.193 - suspicious 199.192.17.247 5.255.255.5 104.21.59.236	11 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2 ET INFO TLS Handshake Failure ET INFO Packed Executable Download ET POLICY External IP Lookup ip-api.com	3	16.0	M	25	ZeroCERT

First
1
Last
Total : 3cnts