Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
15256	2023-03-05 08:02	http://123.5.173.192:37668/bin... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.2			guest

15257	2023-03-05 08:00	http://195.3.223.120:443/admin... AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1			4.8			guest

15258	2023-03-05 07:56	http://159.69.80.167/auth AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1			4.8			guest

15259	2023-03-05 07:55	http://107.182.129.73/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://107.182.129.73/gui/nicepage.css http://107.182.129.73/gui/nicepage.js http://107.182.129.73/auth http://107.182.129.73/favicon.ico http://107.182.129.73/gui/Auth.css http://107.182.129.73/gui/jquery.js https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	4		5.6			guest

15260	2023-03-05 07:54	http://109.172.45.197/auth 589e2f016cd825eee95246c61c7595d6 AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://109.172.45.197/gui/jquery.js http://109.172.45.197/gui/Auth.css http://109.172.45.197/favicon.ico http://109.172.45.197/gui/nicepage.css http://109.172.45.197/gui/nicepage.js http://109.172.45.197/auth https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		4.6			guest

15261	2023-03-05 07:54	http://77.91.77.67/auth PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15262	2023-03-05 07:53	http://185.219.220.239/auth PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.4			guest

15263	2023-03-05 07:53	http://199.247.24.79/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://199.247.24.79/gui/Auth.css http://199.247.24.79/gui/jquery.js http://199.247.24.79/gui/nicepage.css http://199.247.24.79/favicon.ico http://199.247.24.79/auth http://199.247.24.79/gui/nicepage.js https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		5.6			guest

15264	2023-03-05 07:52	http://94.142.138.100/auth PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8			guest

15265	2023-03-05 07:51	http://171.38.220.94:43196/i PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15266	2023-03-05 07:51	http://163.172.13.53/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://163.172.13.53/gui/nicepage.js http://163.172.13.53/gui/jquery.js http://163.172.13.53/auth http://163.172.13.53/gui/Auth.css http://163.172.13.53/gui/nicepage.css http://163.172.13.53/favicon.ico https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		5.6			guest

15267	2023-03-05 07:50	http://94.142.138.73/auth 589e2f016cd825eee95246c61c7595d6 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://94.142.138.73/auth http://94.142.138.73/gui/Auth.css http://94.142.138.73/gui/nicepage.css http://94.142.138.73/favicon.ico http://94.142.138.73/gui/nicepage.js http://94.142.138.73/gui/jquery.js https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	3		5.6			guest

15268	2023-03-05 07:49	http://37.220.87.13/auth 589e2f016cd825eee95246c61c7595d6 AntiDebug AntiVM MSOffice File Malware download Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Aurora Stealer Windows Exploit DNS crashed	7 Keyword trend analysis Info http://37.220.87.13/gui/Auth.css http://37.220.87.13/gui/nicepage.js http://37.220.87.13/gui/nicepage.css http://37.220.87.13/gui/jquery.js http://37.220.87.13/auth http://37.220.87.13/favicon.ico https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i\|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i	3	2		4.6			guest

15269	2023-03-05 07:49	http://61.3.102.15:46494/mozi.... PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		5.8			guest

15270	2023-03-05 07:48	http://182.119.228.190:56810/i AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		1			4.8			guest