Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
10021	2020-10-06 14:01	FILE-982.doc 967f1d69e065008f106804ee61098f1c Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself Tofsee Windows DNS	2 Keyword trend analysis	4	6 Info ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 17 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP		5.8	M	40	guest

10022	2020-09-29 11:21	zxcv.EXE 92821d6dd83105f5f2d08c43f28fa309 Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed Downloader	24 Keyword trend analysis Info http://ferreira.ac.ug/index.php http://nadia.ac.ug/ http://nadia.ac.ug/freebl3.dll http://cnmotoparts.online/gate/libs.zip http://cnmotoparts.online/gate/libs.zip http://nadia.ac.ug/mozglue.dll http://nadia.ac.ug/msvcp140.dll http://cnmotoparts.online/gate/libs.zip http://nadia.ac.ug/nss3.dll http://ferreira.ac.ug/ac.exe http://ferreiranadii.ac.ug/ds1.exe http://ferreira.ac.ug/rc.exe http://ferreira.ac.ug/ds1.exe http://cnmotoparts.online/gate/libs.zip http://ferreiranadii.ac.ug/ac.exe http://ferreiranadii.ac.ug/rc.exe http://ferreira.ac.ug/index.php http://nadia.ac.ug/sqlite3.dll http://cnmotoparts.online/file_handler4/file.php?hash=6cdfdf419af0bd0a62dd40155eca58436ab12ba0&js=6695ee24e4a8273aee2ea33a2bde08662448549b&callback=http://cnmotoparts.online/gate http://ferreira.ac.ug/ds2.exe http://nadia.ac.ug/vcruntime140.dll http://cnmotoparts.online/gate/sqlite3.dll http://nadia.ac.ug/softokn3.dll http://nadia.ac.ug/main.php http://cnmotoparts.online/gate/log.php http://ferreiranadii.ac.ug/ds2.exe http://cnmotoparts.online/gate/libs.zip https://telete.in/brikitiki https://cdn.discordapp.com/attachments/752128569169281083/760175342396112916/Acdk123	6	10 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE AZORult v3.3 Server Response M2 ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative) ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2		28.6	M	26	admin

10023	2020-09-29 10:34	raw.exe 2d46889b6d794ac1fcf58bf340c4666a VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Tofsee ComputerName DNS	1 Keyword trend analysis	1	1		4.6		29	guest

10024	2020-09-26 09:46	https://www.urban-vpn.network/... 01527bfc480e2a2d52be7fc1f3a792a8 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.2			guest

10025	2020-09-25 14:03	https://www.sanambakshi.com/wp... 5c50a1af9fe8c9136fc5738a3154b3ec Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.4			guest

10026	2020-09-25 07:46	http://198.12.66.108/jojo.exe ad6564701054b692bcf47b5feb6324a2 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Windows Exploit Browser Email ComputerName DNS Cryptographic key crashed keylogger	7 Keyword trend analysis Info http://198.12.66.108/jojo.exe http://crt.comodoca.com/COMODORSAAddTrustCA.crt http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://paste.nrecom.net/view/raw/19b8a0c3 https://paste.nrecom.net/view/raw/f4b7e260 https://paste.nrecom.net/view/raw/c8cdc044 https://api.ipify.org/	5	4		16.8	M		guest

10027	2020-09-24 22:29	jojo.exe ad6564701054b692bcf47b5feb6324a2 Browser Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key crashed keylogger	5 Keyword trend analysis	3	1		15.0			admin

10028	2020-09-24 08:11	http://srksmaisw.org/manufactu... e09eef5b5566f81b46ac3ac201d6b794 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis	2	3		4.2			guest

10029	2020-09-23 10:10	http://gooddns.ir/bobbyx/XefEz... Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		5.4	M		admin

10030	2020-09-23 09:53	http://gooddns.ir/ashleyx/solu... Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		5.4			admin

10031	2020-09-23 07:53	https://www.victoryuae.co/soon... b33e40c5c4ded6d3c5cd00bbe0c9c9bf Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.2	M		guest

10032	2020-09-22 15:50	REP_IA1J49KDNZR9PQE.doc 5f3a967f8c5bb8925e8754a04f22f9d8 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS	2 Keyword trend analysis	3	1		5.4		30	admin

10033	2020-09-22 13:36	https://k.top4top.io/p_1671u02... 63c74e45cb4ba38e8ba6089425a6abd8 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		5.2	M	46	admin

10034	2020-09-22 11:25	rc.exe a205712a031be2c61db9cd98c1c29a14 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs Tofsee Interception Windows DNS	1 Keyword trend analysis	3	1		12.0	M	47	admin

10035	2020-09-22 10:10	MAIN.exe 7c357e54f775f0042c2d8e36d0c38fa9 Dridex TrickBot VirusTotal Malware PDB Malicious Traffic unpack itself Check virtual network interfaces malicious URLs Tofsee Kovter ComputerName DNS	3 Keyword trend analysis Info http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt https://172.98.192.214/cSVlo1FeFAInvJDJkZ9P99GLwSTqIGUF https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books https://www.amazon.com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	3	2		5.8	M	48	admin

First
Previous
661
662
663
664
665
666
667
668
669
670
Next
Last
Total : 10,206cnts