Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
3736	2020-12-15 09:57	5555555555.jpg.1.exe dea15b8a17ac4f78c996d37606d6d625 Check memory unpack itself crashed					1.4			guest

3737	2020-12-15 09:59	https://motlolidk.blogspot.com... 2db656fc18c4717337f9d581296601d2 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	26 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://motlolidk.blogspot.com/favicon.ico https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6181590366086872420&zx=b215f827-8398-4dd3-82f5-d0ee5f578811 https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js https://www.gstatic.com/og/_/js/k=og.qtm.en_US.QgY6lxWvAPk.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvod91nzEJFOvvfJUrn6_vLwwY0bw https://www.gstatic.com/og/_/ss/k=og.qtm.y0v8--8W2Xg.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtSLvQ9QxDR2uHIB3mSbhYF7uJInw https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/blogin.g?blogspotURL=https://motlolidk.blogspot.com/p/266.html https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://motlolidk.blogspot.com/p/266.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://motlolidk.blogspot.com/p/266.html%26bpli%3D1&passive=true&go=true https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/widgets/2195516358-widgets.js https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fmotlolidk.blogspot.com%2Fp%2F266.html&bpli=1 https://ssl.gstatic.com/gb/images/p1_799229b0.png https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CcmyUNBPTBtz4hsH0C6OHKqodVQ/cb=gapi.loaded_0	21 Info ssl.gstatic.com(172.217.25.195) resources.blogblog.com(172.217.26.41) www.google.com(172.217.161.36) www.gstatic.com(172.217.25.67) fonts.googleapis.com(172.217.175.10) motlolidk.blogspot.com(172.217.161.33) - mailcious accounts.google.com(172.217.175.77) www.google-analytics.com(172.217.24.142) apis.google.com(216.58.197.206) fonts.gstatic.com(172.217.161.67) www.blogger.com(172.217.26.41) 172.217.31.233 216.58.197.97 216.58.199.4 - suspicious 172.217.161.173 142.250.199.78 216.58.199.105 216.58.199.106 172.217.161.174 - mailcious 172.217.24.67 142.250.199.67	3		5.0	M		guest

3738	2020-12-15 10:10	5555555555.jpg.exe dea15b8a17ac4f78c996d37606d6d625 Check memory unpack itself crashed					1.4			guest

3739	2020-12-15 10:13	AQW.exe fa2d232572f85b32aa2145cca35d13ff VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs Windows ComputerName DNS Cryptographic key crashed keylogger		2			15.4	M	36	guest

3740	2020-12-15 11:04	DELYG8nMFe9RxD9lR6.exe 69db731bb7943d8f8b20995d0dbf64e2 Report ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key		7	5		7.2			r0d

3741	2020-12-15 12:58	bin.exe 9b61c80ef5a2c160718ef3550985be43 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key					9.4	M	22	ZeroCERT

3742	2020-12-15 12:58	bin2.exe 4c512f97ee6ca51c5e68d7b3d107bc61 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					8.4	M	24	ZeroCERT

3743	2020-12-15 13:05	bin.exe 9b61c80ef5a2c160718ef3550985be43 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows Cryptographic key	6 Keyword trend analysis Info http://www.thedancehalo.com/bw82/ http://www.mgg360.com/bw82/ http://www.lakegastonautoparts.com/bw82/?OVolp=juBLB0WqzeXPFoNXoiaKUMHcPI3xC2bTDg9jeDe0t8cj29/tW+mLTBuOwrYIlHJeRY+fWQQT&lhv4=H0DTRf2P8nD0BN http://www.mgg360.com/bw82/?OVolp=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&lhv4=H0DTRf2P8nD0BN http://www.thedancehalo.com/bw82/?OVolp=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&lhv4=H0DTRf2P8nD0BN http://www.lakegastonautoparts.com/bw82/	6			12.6	M	22	ZeroCERT

3744	2020-12-15 13:06	bin2.exe 4c512f97ee6ca51c5e68d7b3d107bc61 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key	9 Keyword trend analysis Info http://www.woodlandpizzahartford.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=EgjYCCjbkfVj9ehGxTuHAhcpQboFBLSXtFcJRUu6FmW11AJT4F0+EqeE2EWzm0j+z/EHekc6 http://www.rizrvd.com/bw82/?KzrtE=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&p0G=kJEPdT4h62WlCf http://www.cbrealvitalize.com/bw82/ http://www.mgg360.com/bw82/ http://www.mgg360.com/bw82/?KzrtE=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&p0G=kJEPdT4h62WlCf http://www.cbrealvitalize.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ http://www.woodlandpizzahartford.com/bw82/ http://www.gdsjgf.com/bw82/ http://www.gdsjgf.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB	10			10.2	M	24	ZeroCERT

3745	2020-12-15 14:33	binl.exe 963f555140e20e291c2fac67a5186c15 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					8.6	M	18	ZeroCERT

3746	2020-12-15 14:33	cax.exe a88c0408e7888f549e40940279758fa6 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs Tofsee Interception DNS crashed	1 Keyword trend analysis	4	1		6.4	M	38	ZeroCERT

3747	2020-12-15 14:40	DEKK.scr 96415c7cc22dc59c3c112c02b3fecf2e VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis	2	1		5.6	M	32	ZeroCERT

3748	2020-12-15 14:41	binl.exe 963f555140e20e291c2fac67a5186c15 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key	12 Keyword trend analysis Info http://www.mrcabinetkitchenandbath.com/bw82/ http://www.xn--oi2b190cymc.com/bw82/ http://www.xn--oi2b190cymc.com/bw82/?7ntl9Tfh=u3mIEO7S2jpcCNzGap3V7GnWoZ6byXdDGQc9TZtHwlHE0/S/m+Ek+z3BS3DZiW4dRqN2gVn1&Ppd=Hb04qRX8xpNdMl http://www.exlineinsurance.com/bw82/?7ntl9Tfh=BmIsBEloLc/PpxxxkqeO/+wp1eRqaF5UDtwx0wOakOw3DMvjZvU2EPbm5c7g7p6k7NfDBGcL&Ppd=Hb04qRX8xpNdMl http://www.sedaskincare.com/bw82/ http://www.wmarquezy.com/bw82/ http://www.okcpp.com/bw82/?7ntl9Tfh=Mfpkxl91HSlRqF4UwnoLlCSItQE/DRVdVWsqLGW7UZi4jMe9Kfon6cyi45I/1E+fR8PCPduN&Ppd=Hb04qRX8xpNdMl http://www.okcpp.com/bw82/ http://www.wmarquezy.com/bw82/?7ntl9Tfh=/EPqbtSARGzilFdTRYE1urAc3bDaNMBRSm6tJpb+ckA41wFrw7Re59/hr+veajPbLei9XJ0s&Ppd=Hb04qRX8xpNdMl http://www.sedaskincare.com/bw82/?7ntl9Tfh=Tct1hGrTsO4wXuX+7y4OUHCQTPZT/SHKJbEPAo1kRuxvuV11m4iT8otUrtDadXdmrqCWO0Rp&Ppd=Hb04qRX8xpNdMl http://www.exlineinsurance.com/bw82/ http://www.mrcabinetkitchenandbath.com/bw82/?7ntl9Tfh=DoywHH0WXa0EuUiczFl753h8vUVk6pV7PwGnyHKpGozX/qYK04L54TieHAYPaGFoh+Tr5rtG&Ppd=Hb04qRX8xpNdMl	13 Info www.okcpp.com(3.134.22.63) www.xn--oi2b190cymc.com(112.175.185.27) www.sedaskincare.com(208.91.197.27) www.wmarquezy.com(192.0.78.24) www.exlineinsurance.com(182.50.132.242) www.mrcabinetkitchenandbath.com(108.167.156.42) www.joeisono.com() 3.134.22.63 208.91.197.27 - mailcious 112.175.185.27 - mailcious 182.50.132.242 - mailcious 192.0.78.25 - mailcious 108.167.156.42			9.8	M	18	ZeroCERT

3749	2020-12-15 14:44	DOC_69061004.doc ce9a45e819d63dfea62902796a33a307 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee	1 Keyword trend analysis	15 Info datvietquan.com(103.97.125.60) - malware ypddf.org(172.96.189.174) - malware daisyboots.co.uk(31.220.16.209) - mailcious albasisgroup.com(205.144.171.109) - mailcious asmaraloka.com(139.162.2.200) - mailcious www.asmaraloka.com(139.162.2.200) - mailcious subramanyatemple.org(103.212.121.63) - mailcious thanhthatbadinh.com(150.95.110.87) - malware 103.212.121.63 - mailcious 205.144.171.109 - mailcious 139.162.2.200 - mailcious 103.97.125.60 - malware 150.95.110.87 - malware 172.96.189.174 - malware 31.220.16.209 - mailcious	3		4.6	M	44	ZeroCERT

3750	2020-12-15 15:02	DIEN CT AP001-2020-DEC15.scr cdb5263c2d9c614ff624decc25c2d15b Browser Info Stealer Email Client Info Stealer Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Windows Browser Email ComputerName DNS		1			16.2			guest

First
Previous
241
242
243
244
245
246
247
248
249
250
Next
Last
Total : 48,320cnts