Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2020-07-16 17:42	http://www.megafile.co.kr/webh... 64b3d8176d57912781321f74bbc64e89 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info http://www.megafile.co.kr/webhard/update/ManualInstall.php http://www.megafile.co.kr/webhard/update/new/1.0.8.10/Megafile_ManualInstall.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	2	2		4.6		10

2	2020-07-16 17:47	http://www.megafile.co.kr/webh... 64b3d8176d57912781321f74bbc64e89 Dridex VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Exploit Browser ComputerName DNS crashed	3 Keyword trend analysis	3	5		12.6

3	2020-07-16 19:12	http://www.haeunkim.com/5626.e... f9329056c318c4b1be6931135dc76f9e Emotet Dridex VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security AppData folder malicious URLs Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	9 Keyword trend analysis Info http://www.haeunkim.com/5626.exe http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://support.apple.com/ https://support.apple.com/etc/designs/support/publish/JS/pattern/head.js https://ldrmars.casa/ https://ldrmars.casa/background.png https://support.microsoft.com/ https://support.microsoft.com/socbundles/jsll https://australiansdefence.best/image/?id=017EE2D6508B61F01F0000000000FF40000006	9	14 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		11.4

4	2020-07-16 19:30	http://abass.ir/ugobuild/chuck... c469fab03c1ec27ab64b8b4fa35e3182 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files exploit crash unpack itself Windows utilities malicious URLs sandbox evasion installed browsers check Tofsee Windows Exploit Browser ComputerName DNS Software crashed	3 Keyword trend analysis Info http://abass.ir/ugobuild/chucksloki.exe http://195.69.140.147/.op/cr.php/GusoLuXSTqSR4 http://195.69.140.147/.op/cr.php/GusoLuXSTqSR4 https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	11 Info ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		13.0	M	31

5	2020-07-17 09:59	http://filehon.com/app/Filehon... b7ea646522c23ec09c73ad415107faa1 Dridex VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Firewall state off installed browsers check Tofsee Windows Exploit Browser ComputerName DNS crashed	2 Keyword trend analysis	3	5		12.0

6	2020-07-17 10:44	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	2	2		6.6

7	2020-07-17 10:54	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Windows Exploit Browser ComputerName DNS crashed keylogger	8 Keyword trend analysis Info http://client.winamp.com/update?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&lang=en-US http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe http://client.winamp.com/update?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://client.winamp.com/update/client_session.php?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://client.winamp.com/update/latest-version.php?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&lang=en-US https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe	4	3		15.0

8	2020-07-17 11:33	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis Info http://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	2		4.6

9	2020-07-17 11:37	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis Info http://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	2		4.6

10	2020-07-17 11:44	http://111.90.148.23/100720.do... 7677a0501aa639d98781a5eb58a91324 VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities Tofsee Windows DNS	3 Keyword trend analysis Info http://111.90.148.23/100720.doc http://111.90.148.23/ http://111.90.148.23/ http://111.90.148.23/100720.doc http://111.90.148.23/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	2	4		4.2	M	16

11	2020-07-17 11:50	http://19workfineanotherrainbo... VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	1	2		3.8	M

12	2020-07-17 14:22	http://jdtrusttrading.org/4656... 02bb1837b843f982b3a5c49aad515e10 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	2	2		16.2	M	33

13	2020-07-17 14:24	http://bsskillwsdyemmulatorsde... ddaff9daff983a3a13f51eff8a6f17bc Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Windows Exploit Browser ComputerName DNS Software crashed	3 Keyword trend analysis Info http://195.69.140.147/.op/cr.php/QQ9RX53CNTMRH http://195.69.140.147/.op/cr.php/QQ9RX53CNTMRH http://bsskillwsdyemmulatorsdevelovercommunity.duckdns.org/bssdoc/win32.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	15 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		14.6	M

14	2020-07-17 14:26	http://sevea-fr.com/july13o.ex... 0bb3bf0a178fcc963a51ee4f39ecb20d Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	2	2		15.2	M	46

15	2020-07-17 14:27	https://angelsdetour.com/mscwo... d150e39d9782a0bfff4a8c44a188e33c Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS		1	4		3.2	M

First
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 10,173cnts