Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
47236	2020-07-24 22:34	http://heliosphere.us/temp/ter... cfd7c1f8740ca02f97a919d1ad537a1d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit ComputerName DNS Cryptographic key crashed	5 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://heliosphere.us/temp/terfdcv.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3	1	1		12.8		28

47237	2020-07-24 22:16	http://www.agarca.donaines.pt/... 6728e83545ea749e33ad6e83f90b6ba6 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed	1 Keyword trend analysis	1	1		4.6

47238	2020-07-24 21:50	Letter 07-24-2020.exe ab4c1217935f026ffae7a6abd9a3ade5 VirusTotal Malware Code Injection buffers extracted unpack itself malicious URLs sandbox evasion crashed					6.2		35

47239	2020-07-24 21:50	https://tenders-dz.com/license... 2ba9f02e8685e6d19b5386513083ce64 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS		1	3		3.2

47240	2020-07-24 18:37	BAL_VYM_070120_CRY_072320.doc 57729287c932cb6e7c1224615a6870d1 Vulnerability VirusTotal Malware unpack itself	4 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3				2.6	M	27

47241	2020-07-24 18:36	FILE_3J39WXUI4VR.doc da20b2dd780f1fd677465123adfec8d6 Vulnerability VirusTotal Malware unpack itself	4 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3				2.8	M	30

47242	2020-07-24 17:06	cursor.png.exe 0c84e3949e3e8908425b234112350e0f Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself malicious URLs Kovter ComputerName DNS	5 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 https://185.99.2.66/tot774/WIN7-PC_W617601.2BCE833F2CFCD82352C920360F3C5FD1/5/spk/	6	4		5.6

47243	2020-07-24 17:03	http://3.234.249.4/nass.exe d38d581e5121cf771f9324ab15c7c29a VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed	5 Keyword trend analysis Info http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:03daaf8e-3c0a-468c-bc36-def7e5313f47 http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://3.234.249.4/nass.exe http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:8f903919-fac4-4af5-ab32-015dce9aafba http://192.168.56.104:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3	1	3		5.0

47244	2020-07-24 14:25	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows	6 Keyword trend analysis	4			3.0

47245	2020-07-24 14:20	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files unpack itself Windows utilities Windows	6 Keyword trend analysis	4			2.6

47246	2020-07-24 14:15	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows	6 Keyword trend analysis	4			3.0

47247	2020-07-24 11:05	mes_GD5559.doc 8a772a0c761c9e8341ff2b004e98e275 Vulnerability VirusTotal Malware unpack itself					2.6		29

47248	2020-07-24 11:03	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting unpack itself Windows utilities Windows	6 Keyword trend analysis	4			3.0

47249	2020-07-24 11:02	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed	7 Keyword trend analysis Info http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	6			3.6

47250	2020-07-23 16:51	c926c7de61dd7fe8_name.exe 26215c779ed936ff0a62924e15602969 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows					6.0	M	19