Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
76	2020-07-21 11:31	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	8	3		4.6

77	2020-07-21 11:35	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	8	3		4.6

78	2020-07-21 11:39	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	3	3		4.6

79	2020-07-21 12:53	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	3	3		4.6

80	2020-07-21 13:09	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jsp	3	3		4.6

81	2020-07-21 13:38	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	3	3		4.6

82	2020-07-21 14:19	qes48.exe 9c6cfc58709751f6e90b4c9be2d7aef2 Emotet Malware download VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Tofsee Windows Advertising ComputerName DNS Cryptographic key	3 Keyword trend analysis Info http://74.207.230.187:8080/aC2ofMcBWgbLj6/ecV8/teBZyacEeGNOPK7/jv6Vrenj/2egZ/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4273442666&cup2hreq=5d322bd6b1dc761e2a73a0527f95aed928ce885b06ee206898c16e86a29303ff	4	2		8.0	M	26

83	2020-07-21 14:23	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:2387805627&cup2hreq=5454ed19c95f66fa17bec024b06636f6045cc341c7a2dd617f379c96e2f6a971	2	1		3.0		20

84	2020-07-21 14:28	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:655737552&cup2hreq=002ee30e1176121f00b9eb338c474169f91320cfd3f0e9a4d5fee500a87a838a	2	1		3.0		20

85	2020-07-21 18:17	FILE-2020_07_21-195317.doc 589ee490769a1737f7365d7c5655008e Vulnerability Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4039676881&cup2hreq=00ab76e6bd8dbeb018fa1aa7d74b24303a0f5bcc3abe6436c03ac71ae149bf77	4	3		3.6

86	2020-07-21 18:18	https://bloomcareltd.co.uk/wp-... 85321df51c43c38d4bc6927ee7cea7a9 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS		1	3		3.2

87	2020-07-21 18:18	F_UUW_070120_VNF_072120.doc 0cd06145a71c3f2bab7722fd5788579d Emotet Malware download Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ http://fijipiscinas.com/wp-admin/ympm/ http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3085698260&cup2hreq=36dd01ca863135a0fcc19a814c372b19579f151cdf003292659415797bbe952c	5	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET POLICY HTTP traffic on port 443 (POST) ET MALWARE Win32/Emotet CnC Activity (POST) M8		5.4		20

88	2020-07-21 18:27	https://class.britishonline.co... 02032a73a8b1788cdcc567b749812444 Dridex VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities malicious URLs Tofsee Windows DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3707306346&cup2hreq=c6650cc85daddb70cb5a15cc5b595ca756623b68fd207a5b82b48c27753b4697	3	3		4.4

89	2020-07-22 11:09	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	3	3		4.6

90	2020-07-22 11:16	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	3	3		4.6

First
Previous
1
2
3
4
5
6
7
8
9
10
Next
Last
Total : 10,197cnts