Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-07-26 08:08	wininit.exe 99566b51018706a1b36b1440dc9b9d23 Formbook .NET framework(MSIL) AntiDebug AntiVM .NET EXE PE File PE32 Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS	14 Keyword trend analysis Info http://www.sisbom.online/pta7/ - rule_id: 35245 http://www.playcups.life/pta7/ - rule_id: 35250 http://www.sisbom.online/pta7/?fjoqq6=9K+XUf37kaVDuc0IEb/en1sQBc6oG59LX1JpxUbzLe92mNGRZFlQ32afb7pO3FMoswo/Nr7Bt7+lgxXjhaaHcK0lGMXqPnmX0dOCo/8=&QWzs=CeDXTsS6HepRd8sX - rule_id: 35245 http://www.playcups.life/pta7/?fjoqq6=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&QWzs=CeDXTsS6HepRd8sX - rule_id: 35250 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.yh66985.com/pta7/?fjoqq6=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&QWzs=CeDXTsS6HepRd8sX - rule_id: 35249 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.selfstorage.koeln/pta7/ - rule_id: 35247 http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.maytag36.com/pta7/?fjoqq6=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&QWzs=CeDXTsS6HepRd8sX - rule_id: 35246 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.selfstorage.koeln/pta7/?fjoqq6=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&QWzs=CeDXTsS6HepRd8sX - rule_id: 35247 http://www.cosmicearthgoddess.com/pta7/?fjoqq6=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&QWzs=CeDXTsS6HepRd8sX - rule_id: 35248	13 Info www.sisbom.online(162.240.81.18) - mailcious www.yh66985.com(154.215.247.58) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.maytag36.com(76.223.26.96) - mailcious 74.208.236.61 - mailcious 154.215.247.58 - mailcious 81.169.145.157 - mailcious 13.248.148.254 - mailcious 45.33.6.223 162.240.81.18 - mailcious 203.161.58.192 - mailcious	2	12 Info http://www.sisbom.online/pta7/ http://www.playcups.life/pta7/ http://www.sisbom.online/pta7/ http://www.playcups.life/pta7/ http://www.yh66985.com/pta7/ http://www.yh66985.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.maytag36.com/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.cosmicearthgoddess.com/pta7/	8.8	M		ZeroCERT

2	2023-07-26 07:58	secdukaszx.exe 410dec2d786b542c67397ab8cc7ecaf3 .NET framework(MSIL) AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself	12 Keyword trend analysis Info http://www.purelyunorthodox.com/mcon/ http://www.fagallery.com/mcon/?gN=rJW8o27P/gqPRSI0wuqXCcBWV3MCPe3Qi8ROeqUr40lzOd+BRDuNmyU/daBjpYLNNDfdIaWQHB2/zU0cdz0dSZCY/Bbb6xMd8kQ8zBA=&i50Q=_ezxJv-JovO9 http://www.fagallery.com/mcon/ http://www.bc081.com/mcon/ http://www.purelyunorthodox.com/mcon/?gN=JxkY46YC9LBm3OkL8orXF7D68oVhabe0uO4APku638FfxldkBjOvcbwo9sb38aK0GSbzu/P0eNN4w2ybAPlnTHOTDB1A0VrJVW01pJA=&i50Q=_ezxJv-JovO9 http://www.triplemshipssupplies.com/mcon/ http://www.paybillnow.info/mcon/?gN=6l2bJH3lYuggsJGye7Ek7Djc2AhxQovbvd2YkjgUuVZ2vqa0aW8Pwj2WXOk/QoHCXwbnfhEZTCtL08rWUqnG/IhfnQVtlui9LEQGFPc=&i50Q=_ezxJv-JovO9 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip http://www.bc081.com/mcon/?gN=pskxmoRFchsAbXFIn6Ds6WJWm93GPZXrd/fIfWEPkz26aGEkZ87oGPy24JF+yxwF1h0P/zwK8gLwn+yMtUteEtVFAkBJqDM7Jup+RKc=&i50Q=_ezxJv-JovO9 http://www.superxwin.app/mcon/?gN=zXOJUe1DiQqRpKX/iPrmQy7/Wg64w+pTL1bjt+yOL2NGV+wW4eH3xNfsFSFyKke75OeaWtpTehrF3ed1/bJdwY3kBcAY+jnnbA/ldzE=&i50Q=_ezxJv-JovO9 http://www.superxwin.app/mcon/ http://www.paybillnow.info/mcon/	13 Info www.paybillnow.info(162.0.225.178) www.bc081.com(170.178.212.131) www.fagallery.com(156.234.49.125) www.purelyunorthodox.com(154.204.19.73) www.superxwin.app(91.195.240.94) www.triplemshipssupplies.com(173.254.104.74) 173.254.104.74 154.204.19.73 91.195.240.94 - phishing 45.33.6.223 156.234.49.125 170.178.212.131 162.0.225.178 - mailcious			9.0	M	19	ZeroCERT

First
1
Last
Total : 2cnts