Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
2311	2020-10-26 10:47	64.exe fcbb520e5c66b1f024440e4eea650686 VirusTotal Malware Buffer PE AutoRuns PDB buffers extracted Creates executable files unpack itself Disables Windows Security suspicious process AppData folder malicious URLs Firewall state off IP Check Windows	71 Keyword trend analysis Info http://okdoekeoehghaoer.ws/4 http://faugzeazdezgzgfr.ws/1 http://api.wipmania.com/ http://feuhdeuhduhuehdr.ws/1 http://feuhdeuhduhuehdr.ws/2 http://feuhdeuhduhuehdr.ws/3 http://feuhdeuhduhuehdr.ws/4 http://feuhdeuhduhuehdr.ws/5 http://seuufhehfueugher.ws/4 http://eafueudzefverrgr.ws/1 http://seuufhehfueugher.ws/1 http://eafueudzefverrgr.ws/3 http://efeuafubeubaefur.ws/4 http://efeuafubeubaefur.ws/3 http://efeuafubeubaefur.ws/2 http://efeuafubeubaefur.ws/1 http://worm.ws/corp/20.txt http://seuufhehfueugher.ws/3 http://eafueudzefverrgr.ws/2 http://worm.ws/sexesss/n.txt http://eafueudzefverrgr.ws/5 http://worm.ws/4 http://worm.ws/5 http://worm.ws/2 http://worm.ws/3 http://worm.ws/1 http://efuheruhdehduhgr.ws/2 http://efuheruhdehduhgr.ws/3 http://icanhazip.com/ http://efuheruhdehduhgr.ws/1 http://efuheruhdehduhgr.ws/4 http://efuheruhdehduhgr.ws/5 http://feauhueudughuurr.ws/4 http://wduufbaueeubffgr.ws/2 http://wduufbaueeubffgr.ws/3 http://wduufbaueeubffgr.ws/1 http://feauhueudughuurr.ws/3 http://wduufbaueeubffgr.ws/4 http://wduufbaueeubffgr.ws/5 http://fheuhdwdzwgzdggr.ws/4 http://fheuhdwdzwgzdggr.ws/5 http://faugzeazdezgzgfr.ws/3 http://faugzeazdezgzgfr.ws/2 http://faugzeazdezgzgfr.ws/5 http://faugzeazdezgzgfr.ws/4 http://worm.ws/corp/n.txt http://fheuhdwdzwgzdggr.ws/1 http://eafueudzefverrgr.ws/4 http://fheuhdwdzwgzdggr.ws/2 http://gaueudbuwdbuguur.ws/2 http://gaueudbuwdbuguur.ws/3 http://gaueudbuwdbuguur.ws/1 http://gaueudbuwdbuguur.ws/4 http://gaueudbuwdbuguur.ws/5 http://deauduafzgezzfgr.ws/1 http://deauduafzgezzfgr.ws/3 http://deauduafzgezzfgr.ws/2 http://deauduafzgezzfgr.ws/5 http://deauduafzgezzfgr.ws/4 http://fheuhdwdzwgzdggr.ws/3 http://okdoekeoehghaoer.ws/5 http://worm.ws/sexesss/129.txt http://okdoekeoehghaoer.ws/3 http://okdoekeoehghaoer.ws/2 http://okdoekeoehghaoer.ws/1 http://feauhueudughuurr.ws/5 http://seuufhehfueugher.ws/2 http://efeuafubeubaefur.ws/5 http://feauhueudughuurr.ws/1 http://seuufhehfueugher.ws/5 http://feauhueudughuurr.ws/2	23 Info yahoo.com(74.6.231.21) seuufhehfueugher.ws(64.70.19.203) wduufbaueeubffgr.ws(64.70.19.203) feuhdeuhduhuehdr.ws(64.70.19.203) api.wipmania.com(212.83.168.196) gaueudbuwdbuguur.ws(64.70.19.203) fheuhdwdzwgzdggr.ws(64.70.19.203) worm.ws(217.8.117.10) - malware efeuafubeubaefur.ws(64.70.19.203) faugzeazdezgzgfr.ws(64.70.19.203) efuheruhdehduhgr.ws(64.70.19.203) deauduafzgezzfgr.ws(64.70.19.203) okdoekeoehghaoer.ws(64.70.19.203) icanhazip.com(147.75.47.199) mta5.am0.yahoodns.net(67.195.204.79) feauhueudughuurr.ws(64.70.19.203) eafuebdbedbedggr.ws(64.70.19.203) eafueudzefverrgr.ws(64.70.19.203) 136.144.56.255 64.70.19.203 - suspicious 212.83.168.196 217.8.117.10 - suspicious 67.195.228.106	3		12.8	M	54	admin

2312	2020-10-26 10:47	officeorning.exe 656c7d3ebfbda0f059b3d4d87fe1eb01 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key					10.4	M	27	admin

2313	2020-10-26 11:00	p.exe e879df3fc1421ae6fddb927b080a8544 VirusTotal Malware Buffer PE AutoRuns PDB buffers extracted Creates executable files Disables Windows Security suspicious process AppData folder malicious URLs Firewall state off IP Check Windows	163 Keyword trend analysis Info http://feuhdeuhduhuehdr.ws/2 http://worm.ws/2 http://efuheruhdehduhgu.ws/3 http://efuheruhdehduhgu.ws/2 http://efuheruhdehduhgu.ws/1 http://efeuafubeubaefur.ws/4 http://efeuafubeubaefur.ws/3 http://efeuafubeubaefur.ws/2 http://efeuafubeubaefur.ws/1 http://efuheruhdehduhgu.ws/4 http://efaeduvedvzfufuu.ws/1 http://wdkowdohwodhfhfu.ws/5 http://wdkowdohwodhfhfu.ws/4 http://wdkowdohwodhfhfu.ws/1 http://wdkowdohwodhfhfu.ws/3 http://wdkowdohwodhfhfu.ws/2 http://edhuaudhuedugufr.ws/1 http://edhuaudhuedugufr.ws/2 http://edhuaudhuedugufr.ws/3 http://edhuaudhuedugufr.ws/4 http://edhuaudhuedugufr.ws/5 http://eafuebdbedbedggr.ws/4 http://feuhdeuhduhuehdr.ws/4 http://worm.ws/tldr.php?inf=1 http://feuhdeuhduhuehdr.ws/5 http://deauduafzgezzfgu.ws/5 http://gaueudbuwdbuguur.ws/2 http://gaueudbuwdbuguur.ws/3 http://gaueudbuwdbuguur.ws/1 http://gaueudbuwdbuguur.ws/4 http://gaueudbuwdbuguur.ws/5 http://okdoekeoehghaoer.ws/5 http://okdoekeoehghaoer.ws/4 http://okdoekeoehghaoer.ws/3 http://okdoekeoehghaoer.ws/2 http://okdoekeoehghaoer.ws/1 http://deauduafzgezzfgu.ws/1 http://worm.ws/1 http://worm.ws/corp/118.txt http://worm.ws/sexesss/934.txt http://efaeduvedvzfufur.ws/1 http://efaeduvedvzfufur.ws/2 http://efaeduvedvzfufur.ws/3 http://efaeduvedvzfufur.ws/4 http://efaeduvedvzfufur.ws/5 http://eafueudzefverrgr.ws/1 http://eafueudzefverrgr.ws/3 http://eafueudzefverrgr.ws/2 http://eafueudzefverrgr.ws/5 http://efeuafubeubaefur.ws/5 http://eafuebdbedbedggu.ws/5 http://efuheruhdehduhgr.ws/2 http://efuheruhdehduhgr.ws/3 http://efuheruhdehduhgr.ws/1 http://efuheruhdehduhgu.ws/5 http://efuheruhdehduhgr.ws/4 http://efuheruhdehduhgr.ws/5 http://deauduafzgezzfgu.ws/4 http://wdkowdohwodhfhfr.ws/1 http://wdkowdohwodhfhfr.ws/2 http://wdkowdohwodhfhfr.ws/3 http://wdkowdohwodhfhfr.ws/4 http://wdkowdohwodhfhfr.ws/5 http://deauduafzgezzfgu.ws/2 http://deauduafzgezzfgu.ws/3 http://deauduafzgezzfgr.ws/1 http://deauduafzgezzfgr.ws/3 http://deauduafzgezzfgr.ws/2 http://deauduafzgezzfgr.ws/5 http://deauduafzgezzfgr.ws/4 http://seuufhehfueugher.ws/3 http://seuufhehfueugher.ws/2 http://seuufhehfueugher.ws/1 http://seuufhehfueugher.ws/5 http://seuufhehfueugher.ws/4 http://feauhueudughuuru.ws/1 http://feauhueudughuuru.ws/2 http://feauhueudughuuru.ws/3 http://feauhueudughuuru.ws/4 http://efeuafubeubaefuu.ws/4 http://worm.ws/5 http://feuhdeuhduhuehdr.ws/1 http://eafuebdbedbedggr.ws/5 http://feuhdeuhduhuehdr.ws/3 http://eafuebdbedbedggr.ws/3 http://eafuebdbedbedggr.ws/2 http://eafuebdbedbedggr.ws/1 http://efeuafubeubaefuu.ws/3 http://eafuebdbedbedggu.ws/4 http://wduufbaueeubffgu.ws/4 http://eafuebdbedbedggu.ws/2 http://eafuebdbedbedggu.ws/3 http://eafuebdbedbedggu.ws/1 http://worm.ws/sexesss/n.txt http://wduufbaueeubffgu.ws/3 http://wduufbaueeubffgu.ws/2 http://wduufbaueeubffgu.ws/1 http://efeuafubeubaefuu.ws/5 http://efeuafubeubaefuu.ws/2 http://worm.ws/3 http://wduufbaueeubffgu.ws/5 http://efeuafubeubaefuu.ws/1 http://eafueudzefverrgu.ws/4 http://eafueudzefverrgu.ws/5 http://icanhazip.com/ http://eafueudzefverrgu.ws/1 http://eafueudzefverrgu.ws/2 http://eafueudzefverrgu.ws/3 http://wduufbaueeubffgr.ws/2 http://wduufbaueeubffgr.ws/3 http://wduufbaueeubffgr.ws/1 http://wduufbaueeubffgr.ws/4 http://wduufbaueeubffgr.ws/5 http://fheuhdwdzwgzdggr.ws/4 http://fheuhdwdzwgzdggr.ws/5 http://fheuhdwdzwgzdggr.ws/1 http://fheuhdwdzwgzdggr.ws/2 http://fheuhdwdzwgzdggr.ws/3 http://faugzeazdezgzgfu.ws/4 http://faugzeazdezgzgfu.ws/5 http://faugzeazdezgzgfu.ws/1 http://faugzeazdezgzgfu.ws/2 http://faugzeazdezgzgfu.ws/3 http://feauhueudughuurr.ws/5 http://feauhueudughuurr.ws/4 http://feauhueudughuurr.ws/1 http://feauhueudughuurr.ws/3 http://feauhueudughuurr.ws/2 http://okdoekeoehghaoeu.ws/4 http://okdoekeoehghaoeu.ws/5 http://okdoekeoehghaoeu.ws/2 http://okdoekeoehghaoeu.ws/3 http://okdoekeoehghaoeu.ws/1 http://api.wipmania.com/ http://seuufhehfueugheu.ws/5 http://eafueudzefverrgr.ws/4 http://feuhdeuhduhuehdu.ws/5 http://feuhdeuhduhuehdu.ws/4 http://feuhdeuhduhuehdu.ws/1 http://feuhdeuhduhuehdu.ws/3 http://feuhdeuhduhuehdu.ws/2 http://faugzeazdezgzgfr.ws/1 http://faugzeazdezgzgfr.ws/3 http://faugzeazdezgzgfr.ws/2 http://faugzeazdezgzgfr.ws/5 http://faugzeazdezgzgfr.ws/4 http://worm.ws/corp/n.txt http://worm.ws/4 http://gaueudbuwdbuguuu.ws/3 http://gaueudbuwdbuguuu.ws/2 http://gaueudbuwdbuguuu.ws/1 http://gaueudbuwdbuguuu.ws/5 http://gaueudbuwdbuguuu.ws/4 http://seuufhehfueugheu.ws/2 http://seuufhehfueugheu.ws/3 http://seuufhehfueugheu.ws/1 http://seuufhehfueugheu.ws/4 http://feauhueudughuuru.ws/5 http://fheuhdwdzwgzdggu.ws/1 http://fheuhdwdzwgzdggu.ws/3 http://fheuhdwdzwgzdggu.ws/2 http://fheuhdwdzwgzdggu.ws/5 http://fheuhdwdzwgzdggu.ws/4	42 Info feuhdeuhduhuehdr.ws(64.70.19.203) gaueudbuwdbuguuu.ws(64.70.19.203) gaueudbuwdbuguur.ws(64.70.19.203) eafuebdbedbedggu.ws(64.70.19.203) fheuhdwdzwgzdggr.ws(64.70.19.203) edhuaudhuedugufr.ws(64.70.19.203) fheuhdwdzwgzdggu.ws(64.70.19.203) efuheruhdehduhgr.ws(64.70.19.203) icanhazip.com(136.144.56.255) eafuebdbedbedggr.ws(64.70.19.203) wduufbaueeubffgr.ws(64.70.19.203) wduufbaueeubffgu.ws(64.70.19.203) worm.ws(217.8.117.10) - malware feauhueudughuuru.ws(64.70.19.203) seuufhehfueugheu.ws(64.70.19.203) feuhdeuhduhuehdu.ws(64.70.19.203) efeuafubeubaefuu.ws(64.70.19.203) deauduafzgezzfgr.ws(64.70.19.203) seuufhehfueugher.ws(64.70.19.203) efuheruhdehduhgu.ws(64.70.19.203) faugzeazdezgzgfu.ws(64.70.19.203) efaeduvedvzfufur.ws(64.70.19.203) faugzeazdezgzgfr.ws(64.70.19.203) mta7.am0.yahoodns.net(67.195.228.110) eafueudzefverrgr.ws(64.70.19.203) feauhueudughuurr.ws(64.70.19.203) deauduafzgezzfgu.ws(64.70.19.203) yahoo.com(74.6.143.26) api.wipmania.com(212.83.168.196) wdkowdohwodhfhfu.ws(64.70.19.203) okdoekeoehghaoer.ws(64.70.19.203) efeuafubeubaefur.ws(64.70.19.203) eaffuebudbeudbbr.ws(64.70.19.203) okdoekeoehghaoeu.ws(64.70.19.203) wdkowdohwodhfhfr.ws(64.70.19.203) eafueudzefverrgu.ws(64.70.19.203) efaeduvedvzfufuu.ws(64.70.19.203) 136.144.56.255 64.70.19.203 - suspicious 212.83.168.196 217.8.117.10 - suspicious 67.195.228.111	3		12.8	M	60	admin

2314	2020-10-26 11:42	officeorning.exe 656c7d3ebfbda0f059b3d4d87fe1eb01 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key	2 Keyword trend analysis	4			11.2	M	27	admin

2315	2020-10-26 13:23	FARA_3VJQAXBD0.doc d61a47be392a0a7af4b6777057503911 Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	6 Keyword trend analysis Info http://www.chapelknollestates.com/cgi-bin/Xr9RkLq/ - malware http://akdparivar.com/css/J/ - malware http://ffbutik.com/wp-includes/tb/ http://200.116.145.225:443/fCjnth4T60/kJmvtvAcq6/h49QjWAMJg8SLp2/ - mailcious https://inspiresint.com/wp-admin/4qNS8hW/ https://rallyemas.com/wp-content/x51/ - mailcious	15 Info www.chapelknollestates.com(131.153.44.4) - malware akdparivar.com(13.234.68.224) - malware ffbutik.com(109.232.217.183) inspiresint.com(172.67.136.156) swiftbusinesspay.com(68.66.248.54) - malware www.sc2gym.com(145.239.84.108) - malware rallyemas.com(88.99.145.163) - mailcious 88.99.145.163 - suspicious 13.234.68.224 - suspicious 131.153.44.4 - suspicious 104.27.162.9 200.116.145.225 - suspicious 109.232.217.183 - suspicious 68.66.248.54 - suspicious 145.239.84.108 - suspicious	8 Info ET CNC Feodo Tracker Reported CnC Server group 13 ET POLICY HTTP traffic on port 443 (POST) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP		6.4	M	37	guest

2316	2020-10-26 14:40	vbc.exe e71652ac1d472828524b5a43962b3348 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					10.0		32	guest

2317	2020-10-26 18:53	FJfhy2V8.exe d2d2e7674d84b1585a53317135e34ea4 VirusTotal Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1		7.4		13	guest

2318	2020-10-26 18:58	DAT 20201026 027.doc e1f273a4b0fd69772722315d5085d45d Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Windows DNS	2 Keyword trend analysis	4	4		6.4		17	guest

2319	2020-10-26 19:04	C6X.exe 3ebb229c5f6cd3f52d20579656542e79 RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		4.2			guest

2320	2020-10-26 19:12	zzf.exe 729345ea251d77b62ce4651faea91c84 PDB malicious URLs					1.4			guest

2321	2020-10-26 22:12	October Invoice.doc d02aacd9c1bce2fa523b6a45342a5a74 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	2 Keyword trend analysis	5	5		4.6	M	19	guest

2322	2020-10-26 22:23	OSW.exe 0212c8d940b054a6213a15685124f471 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows	1 Keyword trend analysis	2	1		9.6	M	25	guest

2323	2020-10-26 22:24	ABU.exe 974acc695d86bd5417dab90eba289404 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows	1 Keyword trend analysis	2	1		9.6	M	21	guest

2324	2020-10-26 22:25	priscabby.exe d9c2a3e11415e630a160e7a474e30bcf Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed					7.6	M	20	guest

2325	2020-10-26 22:27	NUl1riRhXoQYQ.exe a895ac0dd9f7ce54053c8933f59b721a Malware Report Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1		7.2	M		guest

First
Previous
151
152
153
154
155
156
157
158
159
160
Next
Last
Total : 48,289cnts