Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
9931	2020-10-28 10:17	https://valenciaexpresslaundry... 09ecf62b70523317e0631ad7d50b669b Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		3	3		4.8			admin

9932	2020-10-28 10:02	lilbaa.exe 51400134bdd5b0eae07a5685c3560771 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	4	5		12.2	M	25	admin

9933	2020-10-28 09:34	Adobe.pdf.exe bbad437e472d66b7702a2c7671260b27 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces malicious URLs WriteConsoleW VMware anti-virtualization Tofsee Windows ComputerName Cryptographic key Software	2 Keyword trend analysis	2	1		10.0		44	guest

9934	2020-10-28 09:03	Inv. 0655554.doc 240b691234655ab6f8d51f62d3ea7d71 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee DNS	3 Keyword trend analysis	6	1		6.8		17	guest

9935	2020-10-27 18:23	rep_0HHSEI8DAP5IFU0.doc f0ff84c95b97ee41cf9869d9bc25eb15 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS	4 Keyword trend analysis	10 Info www.theginlibrary.de(37.17.224.143) toorak.ie(104.31.82.230) pottershousedurban.co.za(102.130.121.16) - mailcious homewatchamelia.com(172.67.148.194) - mailcious 67.163.161.107 - suspicious 104.31.82.230 102.130.121.16 - suspicious 37.17.224.143 104.28.23.149 - suspicious 107.170.146.252 - suspicious	1		6.0	M	19	guest

9936	2020-10-27 18:19	FILE-2020_10_27-YE455729.doc e6df4c6ce89b90689352e5f18778cd5d Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	3 Keyword trend analysis	6	5 Info ET CNC Feodo Tracker Reported CnC Server group 18 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		6.0		19	guest

9937	2020-10-27 17:41	joj.exe 75c4f2a3e9f895a4d684e41edbc665b6 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	4	1		15.4	M	39	admin

9938	2020-10-27 17:34	joj.exe 75c4f2a3e9f895a4d684e41edbc665b6 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Tor ComputerName crashed	2 Keyword trend analysis	2	1		12.0	M	39	guest

9939	2020-10-27 17:33	udi.exe 6c928c0bb16fbe2a4b655cbbdd08c226 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	4	1		15.2	M	22	guest

9940	2020-10-27 14:23	October Invoice.doc 6417e13118cf88c3a42ed070cae0e8ce Vulnerability Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS	2 Keyword trend analysis	3	1		4.4			admin

9941	2020-10-27 09:22	BDK_100120_VLM_102720.doc 34cf2c044e2803cb74c2439f759d3dcc Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee	5 Keyword trend analysis	18 Info braceyourself.us(139.59.104.96) - mailcious carl99a.com(184.154.69.125) - malware nhatcuong.xyz(104.31.92.104) - mailcious fitthemes.com(172.67.177.180) - mailcious goodherbwebmart.com(141.98.10.47) nakanoyoi5.com(150.95.54.162) - malware 360digest.beyondb-school.com(44.228.91.252) - mailcious arpe-samois.fr(155.133.142.4) - mailcious seitaiken.net(150.95.54.237) - malware 44.228.91.252 - suspicious 184.154.69.125 - suspicious 172.67.177.180 - suspicious 150.95.54.237 - suspicious 139.59.104.96 - suspicious 155.133.142.4 - suspicious 141.98.10.47 150.95.54.162 - suspicious 104.31.93.104	3		5.0	M	21	guest

9942	2020-10-27 08:52	INV_XI2FZ0I0ME.doc 933023dcade70fbac0a87f509997a9b1 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee	5 Keyword trend analysis	18 Info braceyourself.us(139.59.104.96) carl99a.com(184.154.69.125) nhatcuong.xyz(172.67.200.82) fitthemes.com(172.67.177.180) goodherbwebmart.com(141.98.10.47) nakanoyoi5.com(150.95.54.162) 360digest.beyondb-school.com(44.228.91.252) arpe-samois.fr(155.133.142.4) seitaiken.net(150.95.54.237) 44.228.91.252 184.154.69.125 172.67.177.180 104.31.92.104 150.95.54.237 139.59.104.96 155.133.142.4 141.98.10.47 150.95.54.162 - suspicious	3		4.2		21	guest

9943	2020-10-27 07:30	https://redesuperpops.com.br/k... 74558ab0b6c9a3d2202b149413178595 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		3	3		4.2			guest

9944	2020-10-26 23:09	YTWHQ07D.doc c2d9ba63fdb20492d829a91e82d61153 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS	3 Keyword trend analysis	17 Info polaroidamsterdam.nl(64.225.66.100) www.si-batangaspremier.org(35.185.239.65) computerjungle.it(104.18.51.138) www.lixko.com(49.235.244.65) needhelp.gr(185.70.76.234) bopetsupplies.com(181.215.182.169) vitrinapyme.com(200.54.18.149) maturisampietro.ch(164.138.68.247) 164.138.68.247 104.18.50.138 201.238.235.2 64.225.66.100 35.185.239.65 185.70.76.234 49.235.244.65 181.215.182.169 154.91.33.137	2		4.6		19	admin

9945	2020-10-26 22:32	https://fullelectronica.com.ar... a9cbc59987ec442437ffea45aade05ba Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		3	3		4.8			admin

First
Previous
661
662
663
664
665
666
667
668
669
670
Next
Last
Total : 10,206cnts