Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-10-05 17:59	esmallruby.png 27b1967b1a15a26dbdc9863068c44799 Malicious Library PE File PE32 OS Processor Check Dridex TrickBot Malware suspicious privilege buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed		6	1		6.8	M		ZeroCERT

2	2021-10-05 17:56	eflyairplane.png c3e61b2bd99de2bc800e680eed9eaa75 Emotet Gen1 Malicious Library AntiDebug AntiVM PE File PE32 OS Processor Check Dridex TrickBot Malware Report suspicious privilege MachineGuid Code Injection Malicious Traffic buffers extracted ICMP traffic RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	8 Keyword trend analysis Info http://ipinfo.io/ip https://194.190.18.122/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/5/kps/ https://194.190.18.122/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/ https://194.190.18.122/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/14/user/test22/0/ https://103.140.207.110/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/5/pwgrabb64/ https://194.190.18.122/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CFreeLiteDownload19XJ%5Ceflyairplane.exe/0/ https://194.190.18.122/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/14/NAT%20status/client%20is%20behind%20NAT/0/ https://194.190.18.122/lib158/TEST22-PC_W617601.C3B7726919B1BB253F714EB3974575A5/0/Windows%207%20x64%20SP1/1108/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/hh1w4kTqDMTNM6UBLxIey1uynq3IpJv/	7	6 Info ET POLICY Signed TLS Certificate with md5WithRSAEncryption ET POLICY curl User-Agent Outbound ET POLICY External IP Lookup ipinfo.io ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 1 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)		11.8			ZeroCERT

First
1
Last
Total : 2cnts