Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
46591	2020-11-10 16:11	test email.zip 16abd345adfc077c7a2399aa7799617a DNS		1			0.6			admin

46592	2020-11-10 16:04	http://175.208.134.150:8282/te... 5c8e2fed189e7b7f7f1d9e756fd072f8 Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	3		4.8			admin

46593	2020-11-10 15:54	http://148.163.12.101/WMndFrdk... d41d8cd98f00b204e9800998ecf8427e Dridex Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	3		5.2	M		admin

46594	2020-11-10 15:51	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	59	admin

46595	2020-11-10 15:31	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	59	admin

46596	2020-11-10 15:28	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	59	admin

46597	2020-11-10 15:26	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	59	admin

46598	2020-11-10 15:25	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	59	admin

46599	2020-11-10 15:24	http://148.163.12.101/WMndFrdk... d41d8cd98f00b204e9800998ecf8427e Dridex Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	3		5.2	M		admin

46600	2020-11-10 15:20	http://148.163.12.101/WMndFrdk... d41d8cd98f00b204e9800998ecf8427e Dridex Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	3		5.2	M		admin

46601	2020-11-10 15:15	http://148.163.12.101/WMndFrdk... d41d8cd98f00b204e9800998ecf8427e Dridex Malware MachineGuid Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare malicious URLs VMware anti-virtualization Tofsee Windows Exploit ComputerName Remote Code Execution DNS crashed	19 Keyword trend analysis Info http://213.159.203.207/views/skrn6qr44d66b4su7l4mb7fn9g.html - mailcious http://213.159.203.207/favicon.ico - mailcious http://213.159.203.207/js/6mp75mrcneiao6mv9bs2hu4dio.js - mailcious http://213.159.203.207/views/39568v88okflvrm32vjbpjhifk.wav - mailcious http://213.159.203.207/js/5ufk8dm79f970m12eg3s3ve668.js - mailcious http://213.159.203.207/pubs/wiki.php?id=c6ace51877562f71afd4cde337219bca - mailcious http://213.159.203.207/views/cqav0036cnsnbu6kd838mercoc.html - mailcious http://213.159.203.207/views/6hs75l43nq5ncs5sofsoju488c.wav - mailcious http://213.159.203.207/static/encrypt.min.js - mailcious http://213.159.203.207/images/captcha.png?mod=attachment&u=074b10c4a67782261787d41480dbf00f - mailcious http://213.159.203.207/views/h1lmonj5nh7hp739nba7h35jd4.html - mailcious http://148.163.12.101/WMndFrdk?keyword=Other&cost=0.00100&ad_campaign_id=262704&source=145866 - mailcious http://213.159.203.207/index.php?ad_campaign_id=262704&browser=Internet+Explorer&browser_version=9.0&country=KR&id=698&os=Windows&os_version=7 - mailcious http://213.159.203.207/logo.swf - mailcious http://213.159.203.207/pubs/servlet.php?fp=2abeac5282f2ae091db572603cbaa02e&lang=ko&token=&id=49602&sign=938bd0beadca9b848022cf434d97cb8d&validate=a34aa5353b547a91cf614c3ecc315917 - mailcious http://213.159.203.207/views/b2se621smc4mffu2dics90qo04.swf - mailcious http://213.159.203.207/static/tinyjs.min.js - mailcious http://213.159.203.207/pubs/article.php?id=4e50e2ab1e3c1563c7977f5d98129804 - mailcious https://app.getmoney.tech/jrwtRpMp?cost={cost}¤cy=usd&external_id=${SUBID}&creative_id={bannerid}&ad_campaign_id={campaignid}&source={zoneid}	8	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET EXPLOIT_KIT Underminer EK Resource File Download M1 ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY Outdated Flash Version M1 ET EXPLOIT_KIT Underminer EK SWF Request ET EXPLOIT_KIT Underminer EK Resource File Download M2		11.0	M		admin

46602	2020-11-10 15:08	http://151.80.220.125/mmc/2684... fdd3a5dc6e98c570521c21ebb03d57d8 VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.6	M		admin

46603	2020-11-10 15:06	http://151.80.220.125/mmc/2684... fdd3a5dc6e98c570521c21ebb03d57d8 VirusTotal Malware Code Injection Malicious Traffic Creates executable files unpack itself Windows utilities Windows DNS	1 Keyword trend analysis	1	3		4.0	M		admin

46604	2020-11-10 15:02	http://151.80.220.125/mmc/2684... fdd3a5dc6e98c570521c21ebb03d57d8 VirusTotal Malware Code Injection Malicious Traffic Creates executable files unpack itself Windows utilities Windows DNS	1 Keyword trend analysis	1	3		4.0	M		admin

46605	2020-11-10 14:58	http://151.80.220.125/mmc/2684... fdd3a5dc6e98c570521c21ebb03d57d8 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.0	M	43	SFPark