Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-09-28 13:59	build.exe 6bacb42179eb54d6afac2664cd0227d7 PWS Loki[b] Loki.m AgentTesla browser info stealer Malicious Library ScreenShot DGA DNS Socket Internet API Http API AntiDebug AntiVM PE File OS Processor Check PE32 Malware download Dridex Malware Microsoft AutoRuns PDB Code Injection Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities AppData folder malicious URLs suspicious TLD WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	8	12 Info ET INFO TLS Handshake Failure ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a .top domain - Likely Hostile ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible EXE Download From Suspicious TLD ET DNS Query for .to TLD		12.8	M		ZeroCERT

First
1
Last
Total : 1cnts