Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-05-23 17:21	bld_3s.exe 44b65c0e74a1c608b202a663318f966d Emotet PWS .NET framework Loki_b RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key	15 Keyword trend analysis Info http://94.142.138.111/concerts/2.php - rule_id: 32678 http://94.142.138.111/concerts/13.php - rule_id: 32689 http://94.142.138.111/concerts/10.php - rule_id: 32686 http://ip-api.com/json/ http://94.142.138.111/concerts/9.php - rule_id: 32685 http://94.142.138.111/concerts/11.php - rule_id: 32687 http://94.142.138.111/concerts/8.php - rule_id: 32684 http://94.142.138.111/concerts/6.php - rule_id: 32682 http://94.142.138.111/concerts/4.php - rule_id: 32680 http://94.142.138.111/concerts/1.php - rule_id: 32677 http://94.142.138.111/concerts/12.php - rule_id: 32688 http://94.142.138.111/concerts/7.php - rule_id: 32683 http://94.142.138.111/concerts/5.php - rule_id: 32681 http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php - rule_id: 32679	5	1	13 Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://94.142.138.111/concerts/3.php	5.6	M	44	ZeroCERT

2	2023-05-23 09:21	bld_3.exe e2ca6f8e77cbaa4a7adf56242880a30c RAT Emotet PWS .NET framework Loki_b UPX Malicious Packer .NET EXE PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key	16 Keyword trend analysis Info http://94.142.138.111/concerts/2.php - rule_id: 32678 http://94.142.138.111/concerts/13.php - rule_id: 32689 http://94.142.138.111/concerts/10.php - rule_id: 32686 http://ip-api.com/json/ http://94.142.138.111/concerts/9.php - rule_id: 32685 http://94.142.138.111/concerts/11.php - rule_id: 32687 http://94.142.138.111/concerts/8.php - rule_id: 32684 http://94.142.138.111/concerts/6.php - rule_id: 32682 http://94.142.138.111/concerts/4.php - rule_id: 32680 http://94.142.138.111/concerts/1.php - rule_id: 32677 http://94.142.138.111/software/bld_3s.exe http://94.142.138.111/concerts/12.php - rule_id: 32688 http://94.142.138.111/concerts/7.php - rule_id: 32683 http://94.142.138.111/concerts/5.php - rule_id: 32681 http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php - rule_id: 32679	5	5 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com	13 Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://94.142.138.111/concerts/3.php	7.6	M	34	ZeroCERT

First
1
Last
Total : 2cnts