Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
2896	2020-11-12 13:51	blessme.exe f5965e74cd4f98349e4e006263075be6 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8		25	admin

2897	2020-11-12 14:12	kkk.exe a460a9167a4740e4254ebd26dd4c42eb Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key crashed					9.0		15	SFPark

2898	2020-11-12 15:12	http://magicview.ga/webxpo/gat... VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	1 Keyword trend analysis	3	3		4.2	M		admin

2899	2020-11-12 15:47	http://148.163.12.101/WMndFrdk... d41d8cd98f00b204e9800998ecf8427e Dridex Malware MachineGuid Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare malicious URLs VMware anti-virtualization Tofsee Windows Exploit ComputerName Remote Code Execution DNS crashed	19 Keyword trend analysis Info http://213.159.203.207/images/captcha.png?mod=attachment&u=031b6a96945ca486137255b81668357c - mailcious http://213.159.203.207/favicon.ico - mailcious http://213.159.203.207/views/n38649ud7d7hrhcdq1l4k5rjbg.html - mailcious http://213.159.203.207/views/jn5kgukihejpf99lj0m4mf0un8.swf - mailcious http://213.159.203.207/views/1qn2tpm7jflk78bnhdn61ifcfc.html - mailcious http://213.159.203.207/pubs/wiki.php?id=9d7ff5d3278fa0c48d633cc3a5373c71 - mailcious http://213.159.203.207/js/esup933f6th8hkdhl2jm2mdhmc.js - mailcious http://213.159.203.207/views/esi3aq4ajb2rehh8alkj4mcjsg.wav - mailcious http://213.159.203.207/views/35k57geph3csv0fitbv2bfc538.wav - mailcious http://213.159.203.207/static/encrypt.min.js - mailcious http://213.159.203.207/pubs/servlet.php?fp=2abeac5282f2ae091db572603cbaa02e&lang=ko&token=&id=49602&sign=da49baf34e111efb5c0b0227b761e890&validate=d7fe0d0a97078b9117d08404ea740333 - mailcious http://213.159.203.207/static/tinyjs.min.js - mailcious http://213.159.203.207/views/e3fk0lcff2qi26689h6g7jkpqs.html - mailcious http://213.159.203.207/pubs/article.php?id=6a43534cee618086bff1b8d24d10f025 - mailcious http://213.159.203.207/js/dp1tcvgs1qgutu4hevsmk8d494.js - mailcious http://148.163.12.101/WMndFrdk?keyword=Other&cost=0.00100&ad_campaign_id=262704&source=145866 - mailcious http://213.159.203.207/logo.swf - mailcious http://213.159.203.207/index.php?ad_campaign_id=262704&browser=Internet+Explorer&browser_version=9.0&country=KR&id=698&os=Windows&os_version=7 - mailcious https://app.getmoney.tech/jrwtRpMp?cost={cost}¤cy=usd&external_id=${SUBID}&creative_id={bannerid}&ad_campaign_id={campaignid}&source={zoneid}	8	7 Info ET EXPLOIT_KIT Underminer EK Resource File Download M1 ET POLICY Outdated Flash Version M1 ET EXPLOIT_KIT Underminer EK Resource File Download M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET EXPLOIT_KIT Underminer EK SWF Request		11.0	M		admin

2900	2020-11-12 15:52	document3.doc d5c72a79881e7245bcb3fe135d4143f5 LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself Windows Exploit Trojan DNS crashed	2 Keyword trend analysis	3	13 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP	1	4.4	M	33	admin

2901	2020-11-12 16:29	document3.doc d5c72a79881e7245bcb3fe135d4143f5 Malware download VirusTotal Malware exploit crash unpack itself Windows Exploit DNS crashed		2	4		3.6	M	33	admin

2902	2020-11-12 16:32	new.exe c0bd12ba651f8b291161a4e1886a6081 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1			10.0		24	SFPark

2903	2020-11-12 16:39	document3.doc d5c72a79881e7245bcb3fe135d4143f5 LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit Trojan DNS crashed	1 Keyword trend analysis	3	13 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP	1	5.2	M	33	admin

2904	2020-11-12 16:50	ohms.exe 9fb233f62041871884ea5a8235a8b6c2 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		13.6	M	40	SFPark

2905	2020-11-12 17:22	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			9.0			admin

2906	2020-11-12 17:23	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		2			9.0			admin

2907	2020-11-12 17:50	oscjgfhwvvas.exe 9c4dae36c101af2a1bf1b1de16ee5868 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows					7.4	M	45	SFPark

2908	2020-11-12 17:51	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		2			9.0			admin

2909	2020-11-12 17:55	ohms.exe 9fb233f62041871884ea5a8235a8b6c2 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		12.6	M	40	admin

2910	2020-11-12 18:04	xyy.exe 9c6fb8746b6cccb65cee1d12cfe9dd67 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					10.8	M	18	SFPark

First
Previous
191
192
193
194
195
196
197
198
199
200
Next
Last
Total : 48,317cnts