Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
10081	2020-07-22 12:41	Inv-XBGH1130_23212865.doc c2e592fbfb05a17f76becd999e52a01b Vulnerability VirusTotal Malware unpack itself Tofsee DNS	1 Keyword trend analysis	1	1		3.4		19

10082	2020-07-22 12:37	Inv ET5808_565971217.doc e83403331092ea4ebf89495eb3823deb Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3600143997&cup2hreq=d6ba3fa9c72673912a7188b0e5b14c328b9ff53bc9f86ff5eedf251cdf1cc49b	2	1		4.2		19

10083	2020-07-22 12:33	http://systemidentifytheprotoc... 16dc050b380c8161b7973a01b8c7b879 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs Tofsee Windows Exploit Browser Email ComputerName Trojan DNS Cryptographic key Software crashed	3 Keyword trend analysis Info http://systemidentifytheprotocolwindowsserverse.duckdns.org/bdds/svchost.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:2361864108&cup2hreq=4aa23fae9d2c72400de0f4942172c054fd7571e90dd7d91e71f8713bd25138b7	3	4		15.6		8

10084	2020-07-22 11:16	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	3	3		4.6

10085	2020-07-22 11:09	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	3	3		4.6

10086	2020-07-21 18:27	https://class.britishonline.co... 02032a73a8b1788cdcc567b749812444 Dridex VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities malicious URLs Tofsee Windows DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3707306346&cup2hreq=c6650cc85daddb70cb5a15cc5b595ca756623b68fd207a5b82b48c27753b4697	3	3		4.4

10087	2020-07-21 18:18	F_UUW_070120_VNF_072120.doc 0cd06145a71c3f2bab7722fd5788579d Emotet Malware download Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ http://fijipiscinas.com/wp-admin/ympm/ http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3085698260&cup2hreq=36dd01ca863135a0fcc19a814c372b19579f151cdf003292659415797bbe952c	5	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET POLICY HTTP traffic on port 443 (POST) ET MALWARE Win32/Emotet CnC Activity (POST) M8		5.4		20

10088	2020-07-21 18:18	https://bloomcareltd.co.uk/wp-... 85321df51c43c38d4bc6927ee7cea7a9 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS		1	3		3.2

10089	2020-07-21 18:17	FILE-2020_07_21-195317.doc 589ee490769a1737f7365d7c5655008e Vulnerability Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4039676881&cup2hreq=00ab76e6bd8dbeb018fa1aa7d74b24303a0f5bcc3abe6436c03ac71ae149bf77	4	3		3.6

10090	2020-07-21 14:28	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:655737552&cup2hreq=002ee30e1176121f00b9eb338c474169f91320cfd3f0e9a4d5fee500a87a838a	2	1		3.0		20

10091	2020-07-21 14:23	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:2387805627&cup2hreq=5454ed19c95f66fa17bec024b06636f6045cc341c7a2dd617f379c96e2f6a971	2	1		3.0		20

10092	2020-07-21 14:19	qes48.exe 9c6cfc58709751f6e90b4c9be2d7aef2 Emotet Malware download VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Tofsee Windows Advertising ComputerName DNS Cryptographic key	3 Keyword trend analysis Info http://74.207.230.187:8080/aC2ofMcBWgbLj6/ecV8/teBZyacEeGNOPK7/jv6Vrenj/2egZ/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4273442666&cup2hreq=5d322bd6b1dc761e2a73a0527f95aed928ce885b06ee206898c16e86a29303ff	4	2		8.0	M	26

10093	2020-07-21 13:38	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	3	3		4.6

10094	2020-07-21 13:09	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jsp	3	3		4.6

10095	2020-07-21 12:53	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	3	3		4.6

First
Previous
671
672
673
674
675
676
677
678
679
Last
Total : 10,173cnts