Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45391	2020-11-12 15:47	http://148.163.12.101/WMndFrdk... d41d8cd98f00b204e9800998ecf8427e Dridex Malware MachineGuid Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare malicious URLs VMware anti-virtualization Tofsee Windows Exploit ComputerName Remote Code Execution DNS crashed	19 Keyword trend analysis Info http://213.159.203.207/images/captcha.png?mod=attachment&u=031b6a96945ca486137255b81668357c - mailcious http://213.159.203.207/favicon.ico - mailcious http://213.159.203.207/views/n38649ud7d7hrhcdq1l4k5rjbg.html - mailcious http://213.159.203.207/views/jn5kgukihejpf99lj0m4mf0un8.swf - mailcious http://213.159.203.207/views/1qn2tpm7jflk78bnhdn61ifcfc.html - mailcious http://213.159.203.207/pubs/wiki.php?id=9d7ff5d3278fa0c48d633cc3a5373c71 - mailcious http://213.159.203.207/js/esup933f6th8hkdhl2jm2mdhmc.js - mailcious http://213.159.203.207/views/esi3aq4ajb2rehh8alkj4mcjsg.wav - mailcious http://213.159.203.207/views/35k57geph3csv0fitbv2bfc538.wav - mailcious http://213.159.203.207/static/encrypt.min.js - mailcious http://213.159.203.207/pubs/servlet.php?fp=2abeac5282f2ae091db572603cbaa02e&lang=ko&token=&id=49602&sign=da49baf34e111efb5c0b0227b761e890&validate=d7fe0d0a97078b9117d08404ea740333 - mailcious http://213.159.203.207/static/tinyjs.min.js - mailcious http://213.159.203.207/views/e3fk0lcff2qi26689h6g7jkpqs.html - mailcious http://213.159.203.207/pubs/article.php?id=6a43534cee618086bff1b8d24d10f025 - mailcious http://213.159.203.207/js/dp1tcvgs1qgutu4hevsmk8d494.js - mailcious http://148.163.12.101/WMndFrdk?keyword=Other&cost=0.00100&ad_campaign_id=262704&source=145866 - mailcious http://213.159.203.207/logo.swf - mailcious http://213.159.203.207/index.php?ad_campaign_id=262704&browser=Internet+Explorer&browser_version=9.0&country=KR&id=698&os=Windows&os_version=7 - mailcious https://app.getmoney.tech/jrwtRpMp?cost={cost}¤cy=usd&external_id=${SUBID}&creative_id={bannerid}&ad_campaign_id={campaignid}&source={zoneid}	8	7 Info ET EXPLOIT_KIT Underminer EK Resource File Download M1 ET POLICY Outdated Flash Version M1 ET EXPLOIT_KIT Underminer EK Resource File Download M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET EXPLOIT_KIT Underminer EK SWF Request		11.0	M		admin

45392	2020-11-12 15:12	http://magicview.ga/webxpo/gat... VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	1 Keyword trend analysis	3	3		4.2	M		admin

45393	2020-11-12 14:12	kkk.exe a460a9167a4740e4254ebd26dd4c42eb Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key crashed					9.0		15	SFPark

45394	2020-11-12 13:51	blessme.exe f5965e74cd4f98349e4e006263075be6 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8		25	admin

45395	2020-11-12 13:51	blessme.exe f5965e74cd4f98349e4e006263075be6 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8		25	admin

45396	2020-11-12 13:48	blessme.exe f5965e74cd4f98349e4e006263075be6 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8		25	admin

45397	2020-11-12 13:47	blessme.exe f5965e74cd4f98349e4e006263075be6 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8		25	guest

45398	2020-11-12 13:46	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			9.0			admin

45399	2020-11-12 13:44	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		2			9.0			admin

45400	2020-11-12 13:43	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			9.0			admin

45401	2020-11-12 13:35	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			9.0			admin

45402	2020-11-12 13:33	file.exe 8011d5c4b6f306a771fb66d90e565cdd Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1			10.2			SFPark

45403	2020-11-12 13:33	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself ComputerName Remote Code Execution DNS		2			8.0			SFPark

45404	2020-11-12 13:32	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			9.0			admin

45405	2020-11-12 13:29	b.exe 268f6a197a208cca3d28c81059a0267d Code Injection Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs ComputerName Remote Code Execution DNS		1			9.0			admin