Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-07-17 11:01	Rkfptszekvzzkfszsixzgcxwmkzusp... f976eb9842d206b69aa1da8a50ef51cd PWS Loki[b] Loki[m] Admin Tool (Sysinternals etc ...) UPX DNS AntiDebug AntiVM PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Software	2 Keyword trend analysis	4	10 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a .tk domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to a *.tk domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		14.0	M	39	ZeroCERT

First
1
Last
Total : 1cnts