Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-10-11 18:11	Ooseha.exe cb75f58a8d5e9ab38bf5e6afdb09d7c8 Formbook UPX .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	16 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.frefire.top/kniu/ - rule_id: 36723 http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.prosourcegraniteinc.com/kniu/?WvaMk96=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&tP=06tUJ - rule_id: 36717 http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.theartboxslidell.com/kniu/?WvaMk96=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&tP=06tUJ - rule_id: 36718 http://23.95.106.3/479/Kodviywuey.mp3 http://www.tsygy.com/kniu/?WvaMk96=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&tP=06tUJ - rule_id: 36721 http://www.onlyleona.com/kniu/?WvaMk96=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&tP=06tUJ - rule_id: 36720 http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.xxkxcfkujyeft.xyz/kniu/?WvaMk96=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&tP=06tUJ - rule_id: 36719 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip http://www.frefire.top/kniu/?WvaMk96=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&tP=06tUJ - rule_id: 36723 http://www.poultry-symposium.com/kniu/?WvaMk96=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&tP=06tUJ - rule_id: 36722	19 Info www.onlyleona.com(172.67.132.228) - mailcious www.prosourcegraniteinc.com(216.239.34.21) - mailcious www.xxkxcfkujyeft.xyz(216.240.130.67) - mailcious www.frefire.top(67.223.117.37) - mailcious www.8956kjw1.com(103.71.154.243) www.theartboxslidell.com(199.59.243.225) - mailcious www.tsygy.com(23.104.137.185) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.pengeloladata.click() - mailcious 216.239.38.21 - phishing 23.104.137.185 - mailcious 23.95.106.3 - mailcious 199.59.243.225 67.223.117.37 - mailcious 85.128.134.237 - mailcious 216.240.130.67 - mailcious 104.21.13.143 103.71.154.243 45.33.6.223	12 Info SURICATA HTTP unable to match response to request ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers	14 Info http://www.onlyleona.com/kniu/ http://www.frefire.top/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.tsygy.com/kniu/ http://www.onlyleona.com/kniu/ http://www.tsygy.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.frefire.top/kniu/ http://www.poultry-symposium.com/kniu/	11.4	M	43	ZeroCERT

2	2023-08-10 07:54	AdobeSettings.exe e781ca8ce0cf2ede3c242c2bdc1ea2a4 NSIS UPX Malicious Library PE File PE32 DLL AppData folder					0.6	M		ZeroCERT

3	2023-06-08 17:43	wininit.exe 8f25fe4c31de1a795ca154d7dacad298 UPX Malicious Library PE File PE32 JPEG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed					3.6	M	28	ZeroCERT

First
1
Last
Total : 3cnts