Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-05-15 05:08	Gnwpizngkfaxnrdperkromddykwmea... 6331736d5de348e92aa8ac377de8275d UPX Malicious Library Admin Tool (Sysinternals etc ...) PE32 PE File VirusTotal Malware unpack itself Tofsee crashed	2 Keyword trend analysis Info https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1652558890&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3DDCD4F5588DB45110%26resid%3DDCD4F5588DB45110%2521117%26authkey%3DABNcDCFEJJwt5GE&lc=1033&id=250206&cbcxt=sky&cbcxt=sky https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1652558891&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3DDCD4F5588DB45110%26resid%3DDCD4F5588DB45110%2521117%26authkey%3DABNcDCFEJJwt5GE&lc=1033&id=250206&cbcxt=sky&cbcxt=sky	4	1		3.6	M	56	guest

2	2021-07-20 20:23	Gnwpizngkfaxnrdperkromddykwmea... 6331736d5de348e92aa8ac377de8275d PWS Loki[b] Loki[m] Admin Tool (Sysinternals etc ...) UPX DNS AntiDebug AntiVM PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted RWX flags setting unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName Software	3 Keyword trend analysis Info http://sspmoct.xyz/tkrr/T1/w2/fre.php https://onedrive.live.com/download?cid=DCD4F5588DB45110&resid=DCD4F5588DB45110%21117&authkey=ABNcDCFEJJwt5GE https://wpvs9g.dm.files.1drv.com/y4mc0N8aDVLbrOM0t-d4cLVzNXwptl4Op7AR8ROq--p8oHeGmWMXrT1GoIBzhmm87yiZqdmUnYbgfXiqPul9CKScrZdghDE1U3zTdf7kKOLcxsJQJxrRT4vQVgyRVBjk4ffhbnUHhZzb4UUF-Wa5kALGYrn2tnREsC6rxRuhBsPvRMwxounz2G7lp8IoMC2SSAq_moi14WCS2PtHLJdDnLspA/Gnwpizngkfaxnrdperkromddykwmeaa?download&psid=1	6	8 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.2	M	25	ZeroCERT

First
1
Last
Total : 2cnts