Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
15016	2023-03-05 08:03	http://182.56.230.21:60403/i PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15017	2023-03-05 08:02	http://123.5.173.192:37668/bin... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.2			guest

15018	2023-03-05 08:00	http://195.3.223.120:443/admin... AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1			4.8			guest

15019	2023-03-05 07:56	http://159.69.80.167/auth AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1			4.8			guest

15020	2023-03-05 07:55	http://107.182.129.73/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://107.182.129.73/gui/nicepage.css http://107.182.129.73/gui/nicepage.js http://107.182.129.73/auth http://107.182.129.73/favicon.ico http://107.182.129.73/gui/Auth.css http://107.182.129.73/gui/jquery.js https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	4		5.6			guest

15021	2023-03-05 07:54	http://109.172.45.197/auth 589e2f016cd825eee95246c61c7595d6 AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://109.172.45.197/gui/jquery.js http://109.172.45.197/gui/Auth.css http://109.172.45.197/favicon.ico http://109.172.45.197/gui/nicepage.css http://109.172.45.197/gui/nicepage.js http://109.172.45.197/auth https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		4.6			guest

15022	2023-03-05 07:54	http://77.91.77.67/auth PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15023	2023-03-05 07:53	http://185.219.220.239/auth PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.4			guest

15024	2023-03-05 07:53	http://199.247.24.79/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://199.247.24.79/gui/Auth.css http://199.247.24.79/gui/jquery.js http://199.247.24.79/gui/nicepage.css http://199.247.24.79/favicon.ico http://199.247.24.79/auth http://199.247.24.79/gui/nicepage.js https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		5.6			guest

15025	2023-03-05 07:52	http://94.142.138.100/auth PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8			guest

15026	2023-03-05 07:51	http://171.38.220.94:43196/i PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15027	2023-03-05 07:51	http://163.172.13.53/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://163.172.13.53/gui/nicepage.js http://163.172.13.53/gui/jquery.js http://163.172.13.53/auth http://163.172.13.53/gui/Auth.css http://163.172.13.53/gui/nicepage.css http://163.172.13.53/favicon.ico https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		5.6			guest

15028	2023-03-05 07:50	http://94.142.138.73/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://94.142.138.73/auth http://94.142.138.73/gui/Auth.css http://94.142.138.73/gui/nicepage.css http://94.142.138.73/favicon.ico http://94.142.138.73/gui/nicepage.js http://94.142.138.73/gui/jquery.js https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		5.6			guest

15029	2023-03-05 07:49	http://37.220.87.13/auth 589e2f016cd825eee95246c61c7595d6 AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://37.220.87.13/gui/Auth.css http://37.220.87.13/gui/nicepage.js http://37.220.87.13/gui/nicepage.css http://37.220.87.13/gui/jquery.js http://37.220.87.13/auth http://37.220.87.13/favicon.ico https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	2		4.6			guest

15030	2023-03-05 07:49	http://61.3.102.15:46494/mozi.... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest