Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
46081	2020-10-19 11:16	https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	2		7.0	M		admin

46082	2020-10-19 11:16	https://docsecure.top/111.exe ff47e6eb2602178a4306e4fcecb15b7d Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report suspicious privilege Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit ComputerName DNS crashed	2 Keyword trend analysis	7	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 24 ET DNS Query to a *.top domain - Likely Hostile ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 23 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)		8.4			admin

46083	2020-10-19 11:13	OperaSetup.exe ff4661ec5bef09ac7fcf479c933d2d81 Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee Remote Code Execution DNS	5 Keyword trend analysis Info https://autoupdate.geo.opera.com/v2/netinstaller/Stable/windows/x64 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://autoupdate.geo.opera.com/geolocation/ https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://download.opera.com/download/get/?id=51078&autoupdate=1&ni=1&stream=stable&utm_campaign=(direct)_via_opera_com_https&utm_medium=doc&utm_site=opera_com&utm_source=(direct)_via_opera_com&utm_tryagain=yes&niuid=9ff42522-a862-4912-b63e-6c2e545f3ad4 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://download.opera.com/download/get/?id=51081&autoupdate=1&ni=1 https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary https://desktop-netinstaller-sub.osp.opera.software/v1/binary	4	1		5.4			guest

46084	2020-10-19 10:55	https://docsecure.top/xls/0051... 1857ec35df81a3cb7fe02c9382ba3be7 Dridex TrickBot Vulnerability VirusTotal Malware MachineGuid Code Injection Malicious Traffic Checks debugger exploit crash unpack itself Windows utilities Tofsee Kovter Windows Exploit DNS crashed	3 Keyword trend analysis Info http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://docsecure.top/xls/00517069.xls https://194.36.191.177/sim/sim.php?Rd=Nb&Rf=fb5f7e13&Rk=test22-PC@@TEST22-PC@@test22@@*192.168.56.101%3A%3A%5B00000007%5D%20Intel%28R%29%20PRO/1000%20MT%20Desktop%20Adapter@@Standalone%20Workstation@@@@no%20LDAP%3B%3ASUM%3A0%3A&1623214863	3	4		7.2	M		admin

46085	2020-10-19 10:54	Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 unpack itself					0.8			guest

46086	2020-10-19 10:53	Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 unpack itself malicious URLs					1.6			guest

46087	2020-10-19 10:53	Document13177.xlsb 136d90dfdc8d28ccfc090f1d09c9bd18 Dridex Malware Creates executable files unpack itself malicious URLs Tofsee DNS	1 Keyword trend analysis	1	3		4.6			guest

46088	2020-10-19 10:47	8yPNq.exe 72f119c6e945eace409d20d7e6973804 Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	1			5.8			admin

46089	2020-10-19 10:46	pegasun.exe e202bc7ccc1682624be91fe0b86d10ce MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Windows Browser ComputerName Cryptographic key					5.8	M		admin

46090	2020-10-19 10:42	http://google.com 5c8e481fca1860d15244132ca413e8ea Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS	10 Keyword trend analysis Info http://ssl.gstatic.com/gb/images/i1_1967ca6a.png http://www.google.com/ http://www.google.com/favicon.ico http://google.com/ http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://id.google.com/verify/AHGvNow70cKTzJ4YAiZ9bQ-bGyUfv6hsoNbwOSaa3e4cSAOdXAQTzx4UfvQpPWuCQmp-bGiRcdgi8qIkwFg0Kwf0zip6VLRqLyFEfG-W5XRBBI3VW3PX5w https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://www.google.com/gen_204?atyp=i&zx=1603071699078&ogsr=1&ei=3O6MX86NFJGS0gSGmo-QDw&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0	5	1		3.6			admin

46091	2020-10-19 10:40	http://google.com 7c5b5c860e570c3a102b9ad3b70d5250 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Tofsee Windows DNS	14 Keyword trend analysis Info http://ssl.gstatic.com/gb/images/i1_1967ca6a.png http://www.google.com/ http://www.google.com/favicon.ico http://google.com/ http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://id.google.com/verify/AHGvNoz67299XAAw47xz8dx2N0jUdvDfJPI-xpYa0-aMA903QE7EmGdb5HLbauvbTfQrEfQmuaVNT7l8BXkflu72YB62QyZfILm_k1UFFTLGmPcwVzPOMg https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://www.google.com/gen_204?atyp=i&zx=1603071496312&ogsr=1&ei=Eu6MX7erObG2mAXImrzYDQ&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.40L1XIQnUK4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo87VqKnhJy5DXHDJekiAyngLi-Q2w/cb=gapi.loaded_0 https://www.gstatic.com/og/_/ss/k=og.og2.PgfxfGqQF7o.L.I9.O/m=lg/excm=in,fot/d=1/ed=1/ct=zgms/rs=AA2YrTtXOZGBi97nSWVF5_lQHggN-0axqA https://www.gstatic.com/og/_/js/k=og.og2.en_US.aNy2w8E-FIo.O/rt=j/m=lat/exm=in,fot,def/d=1/ed=1/rs=AA2YrTtYt4kBIDdFLRAEBm_mSuG9eV0NzA https://ssl.gstatic.com/gb/images/a/911e3628e6.png https://ssl.gstatic.com/gb/images/p1_e53fc7b4.png	6	1		3.6			admin

46092	2020-10-19 10:37	test2.hta d8c6560478cca57bb84a2c37228c44bf Code Injection RWX flags setting unpack itself Windows utilities Windows					2.2			admin

46093	2020-10-19 10:34	Wkhuldcw8s2x4nsXa.exe 684ba2ea81a8e9ab031260cbf0dd5db8 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	1			6.6		26	admin

46094	2020-10-19 09:29	eh.exe 4d0f2cb16083c2c99e05cdb59f2d3243 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					8.6	M	27	admin

46095	2020-10-19 09:28	https://docsecure.top/xls/0061... 92e79228771983699fc0cfe8dfa7f407 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	2		7.4	M		guest