Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-09-28 16:24	jol.exe 51195e0d79dacd68acd8b5bcbc356ab1 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Downloader	19 Keyword trend analysis Info http://www.jmrrve.com/mjyv/?jL04lH=MugnLanDZ3SAjzNGVYbYT4Dv9bUq7VTPAUXZDjWlHe9ioe8xswTkcd0N7hIbRG1/aAPOZqOJ&w0G=mfZ8ixbxe8Q4 http://www.livinglovinglincoln.com/mjyv/?jL04lH=v6+mrmhO2D69c29A/GgIjudjrVDrCDx9nnSs75EQfHkZ3AKYNDn6ZLLROHAwtRRZFNrkSLmU&w0G=mfZ8ixbxe8Q4 http://www.localagentlab.com/mjyv/ http://www.krveop.com/mjyv/ http://www.georges-lego.com/mjyv/ http://www.localagentlab.com/mjyv/?jL04lH=MgSBGe4UfRsxE+vcY6lCnzsJdaRn2Tt2te4kufH0BbtC9PnAxa6ttLLgFfm6oaBPxXTKCyZA&w0G=mfZ8ixbxe8Q4 http://www.brandqrcodes.com/mjyv/ http://www.car-insurance-rates-x2.info/mjyv/ http://www.krveop.com/mjyv/?jL04lH=HyN26CoozcigRUDs6U0prJ5eBZfzn97g/8B9IGyhoA6SSk6Sl3gieBOJFuTEwLYMjZXl5Kk/&w0G=mfZ8ixbxe8Q4 http://www.livinglovinglincoln.com/mjyv/ http://www.lkkogltoyof4.xyz/mjyv/ http://www.jmrrve.com/mjyv/ http://www.car-insurance-rates-x2.info/mjyv/?jL04lH=JsVmDLitPD5sN21NuRjxCxYGWX6Zun1yL1UzMyeyoC0PN1VTm+kRrJp4mrpqyvRLfa8C5kJ3&w0G=mfZ8ixbxe8Q4 http://www.dubaibiologicdentist.com/mjyv/?jL04lH=BKHfsn/GYCC1h//vT8riYCukHI0Zyw57gwlmm1nTEYp+2eyN1NLV8AZGtmaXrDVZIiSg94F5&w0G=mfZ8ixbxe8Q4 http://www.lkkogltoyof4.xyz/mjyv/?jL04lH=EAnvUfdnxtXwjiMmXogoEpuHKt07Q8tnkdGiEhG/REbOr3I/vzDeldegz5vqjtC9vgo6Xl7J&w0G=mfZ8ixbxe8Q4 http://www.dubaibiologicdentist.com/mjyv/ http://www.brandqrcodes.com/mjyv/?jL04lH=UrRdFqIHIOT9TTwqrgiD5IQ8ICq4EZmeq8Qf7hTdESXU5u+H11XJP7uPtyUjrGxObxoE2Pl7&w0G=mfZ8ixbxe8Q4 http://www.georges-lego.com/mjyv/?jL04lH=IZUq8fC9aIDt6XI/MpfblzTmEBhmcMRnvlVpbIF889hbhAnbHw7SbsJeBBLvviP4WChYzMnM&w0G=mfZ8ixbxe8Q4 https://cdn.discordapp.com/attachments/888348114673598475/890866414997635092/TNG.dll	25 Info www.jmrrve.com(104.21.2.49) www.livinglovinglincoln.com(34.102.136.180) www.wenyuexuan.com() www.dubaibiologicdentist.com(198.54.117.210) www.lkkogltoyof4.xyz(150.95.255.38) www.brandqrcodes.com(99.86.207.38) www.babybox.media() www.reemletenleafy.com() www.krveop.com(172.67.158.14) www.car-insurance-rates-x2.info(66.29.132.69) www.thehauntdepot.com() www.localagentlab.com(34.102.136.180) cdn.discordapp.com(162.159.135.233) - malware www.georges-lego.com(192.0.78.24) www.miyonbuilding.com() 162.159.134.233 - malware 104.21.2.49 198.54.117.211 - phishing 104.21.49.26 34.102.136.180 - mailcious 150.95.255.38 - mailcious 66.29.132.69 99.86.207.37 192.0.78.24 - mailcious 31.210.20.22 - malware	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers		10.0	M	14	ZeroCERT

2	2021-09-28 16:00	es.exe 59a50d997d0b4a35bfacdea5d1ce1851 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Downloader	4 Keyword trend analysis Info http://www.rlgbsuilds.com/hp6s/?CPG=Fw5YSRn6B6q7Vo6CTsfssUahdbXa4r2ZD7nmGGCHLkY8GDkOmUQxWePCsmLEOuwwrsL9h5YF&3f=Yn9ps0vxNLc http://www.fuyrew.online/hp6s/?CPG=2bYopOGPOIVcz7tJsXUx3GFEgu0QV8cVsQS3JlFK1exizYXGI9lPCJa/BJy6fy+FVLDUc5Qt&3f=Yn9ps0vxNLc http://www.sadguruenterprisesindia.com/hp6s/?CPG=dcOC7cI3oFnEfS9GsSVSHnbVWf/igqk97prd+XkG3EO6PgEaTghsJ+vTu1hjJo0Q2PG/bv5y&3f=Yn9ps0vxNLc https://cdn.discordapp.com/attachments/888348114673598475/890866414997635092/TNG.dll	9	8 Info ET MALWARE FormBook CnC Checkin (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Possible MalDoc Payload Download Nov 11 2014 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		9.2	M	32	ZeroCERT

First
1
Last
Total : 2cnts