Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
15196	2023-03-05 05:16	http://117.255.188.234:55791/M... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.4			guest

15197	2023-03-05 05:13	http://115.63.8.150:40448/bin.... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.4			guest

15198	2023-03-05 05:12	http://182.116.103.159:45110/i eec5c6c219535fba3a0492ea8118b397 Eir D1000 routers Vulnerability Mozi Botnet IoT AntiDebug AntiVM ELF Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1	1		3.4	M		guest

15199	2023-03-05 05:11	http://185.246.221.126/bins/bi... af4268c094f2a9c6e6a85f8626b9a5c7 PWS[m] Downloader Malicious Packer UPX Malicious Library Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSO Malware download Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader		1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Possible MalDoc Payload Download Nov 11 2014 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure		5.6	M		guest

15200	2023-03-05 05:10	http://115.56.9.79:44767/Mozi.... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.2			guest

15201	2023-03-05 05:09	http://respekt5568.com/aN7jD0q... 1fb93933fd087215a3c7b0800e6bb703 PWS[m] Gen1 Downloader UPX Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File OS Processor Check Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	4		5.2			guest

15202	2023-03-05 05:08	http://94.26.226.51/panel/new_... 4c5768de9e9eee56eab5ec888e1d0a2d AntiDebug AntiVM DLL PE File PE64 Malware Code Injection Malicious Traffic exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1	2		3.8	M		guest

15203	2023-03-05 05:07	http://respekt5568.com/aN7jD0q... f67d08e8c02574cbc2f1122c53bfb976 UPX Malicious Library AntiDebug AntiVM OS Processor Check DLL PE32 PE File Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed	1 Keyword trend analysis	2	2		4.2			guest

15204	2023-03-05 05:07	http://sjunmel.org/yakfileload... 3c407f3c0117608c59b2feab8b6086a4 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	2		4.8			guest

15205	2023-03-05 05:05	http://107.148.149.21/dot.gif PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15206	2023-03-05 05:05	http://timenow.pw/exe/WindowsL... AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		3.8			guest

15207	2023-03-05 05:04	http://190.109.236.187:37981/i eec5c6c219535fba3a0492ea8118b397 Eir D1000 routers Vulnerability Mozi Botnet IoT AntiDebug AntiVM ELF Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1	1		3.4	M		guest

15208	2023-03-05 05:02	https://a.pomf.cat/ytxecu.hts AntiDebug AntiVM JPEG Format MSOffice File PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	5	2		3.8			guest

15209	2023-03-05 05:02	https://urlintimacygoomb.blogs... AntiDebug AntiVM MSOffice File PNG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	6 Keyword trend analysis Info http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1820142442&utmhn=urlintimacygoomb.blogspot.com&utmcs=utf-8&utmsr=1365x1024&utmvp=1365x899&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=13.0%20r0&utmdt=%EB%B8%94%EB%A1%9C%EA%B7%B8%EB%A5%BC%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%8A%B5%EB%8B%88%EB%8B%A4.&utmhid=1086800438&utmr=-&utmp=%2Fatom.xml&utmht=1677906144214&utmac=UA-18003-7&utmcc=__utma%3D80793811.307553299.1677906144.1677906144.1677906144.1%3B%2B__utmz%3D80793811.1677906144.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=544208289&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ https://ssl.google-analytics.com/ga.js https://resources.blogblog.com/img/blogger-logo-small.png https://www.blogger.com/static/v1/v-css/3896558673-new_ui_static_pages.css https://themes.googleusercontent.com/static/fonts/opensans/v6/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff	12 Info resources.blogblog.com(142.250.206.233) themes.googleusercontent.com(142.250.206.225) ssl.google-analytics.com(142.250.207.104) linkhelp.clients.google.com(172.217.25.174) urlintimacygoomb.blogspot.com(172.217.25.161) - mailcious www.blogger.com(142.250.206.233) 172.217.25.8 142.250.204.33 142.251.220.97 142.250.204.137 172.217.27.9 172.217.31.14	1		4.2	M		guest

15210	2023-03-05 04:59	https://108.165.178.43:9091/ma... d41d8cd98f00b204e9800998ecf8427e PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	3		4.8			guest