Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
48436	2020-07-22 12:37	INVOICE LXQ977_276688832.doc 14d86378e0250e64120d6985bd846056 Vulnerability VirusTotal Malware unpack itself					2.4		18

48437	2020-07-22 12:37	Inv ET5808_565971217.doc e83403331092ea4ebf89495eb3823deb Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3600143997&cup2hreq=d6ba3fa9c72673912a7188b0e5b14c328b9ff53bc9f86ff5eedf251cdf1cc49b	2	1		4.2		19

48438	2020-07-22 12:33	http://systemidentifytheprotoc... 374fb48a959a96ce92ae0e4346763293 Malware download FTP Client Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit Trojan DNS Software crashed Downloader	1 Keyword trend analysis	1	4		7.6		4

48439	2020-07-22 12:33	http://systemidentifytheprotoc... 16dc050b380c8161b7973a01b8c7b879 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs Tofsee Windows Exploit Browser Email ComputerName Trojan DNS Cryptographic key Software crashed	3 Keyword trend analysis Info http://systemidentifytheprotocolwindowsserverse.duckdns.org/bdds/svchost.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:2361864108&cup2hreq=4aa23fae9d2c72400de0f4942172c054fd7571e90dd7d91e71f8713bd25138b7	3	4		15.6		8

48440	2020-07-22 11:16	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	3	3		4.6

48441	2020-07-22 11:09	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	3	3		4.6

48442	2020-07-22 10:22	http://braxmedia.nl/test/invoi... d418ef78fa11b92cd7b01bbe0a90d3cf VirusTotal Malware DNS	4 Keyword trend analysis	1			1.4

48443	2020-07-21 18:29	http://t-lawadvisors.com/aviso... 7159a277e9012d98d6877c5efe6c4ba7 VirusTotal Malware suspicious privilege Code Injection buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit ComputerName DNS crashed	1 Keyword trend analysis	2	1		9.0		39

48444	2020-07-21 18:27	https://class.britishonline.co... 02032a73a8b1788cdcc567b749812444 Dridex VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities malicious URLs Tofsee Windows DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3707306346&cup2hreq=c6650cc85daddb70cb5a15cc5b595ca756623b68fd207a5b82b48c27753b4697	3	3		4.4

48445	2020-07-21 18:18	F_UUW_070120_VNF_072120.doc 0cd06145a71c3f2bab7722fd5788579d Emotet Malware download Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ http://fijipiscinas.com/wp-admin/ympm/ http://124.45.106.173:443/v697hn969KD/SdW4m7CyGF7fO/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3085698260&cup2hreq=36dd01ca863135a0fcc19a814c372b19579f151cdf003292659415797bbe952c	5	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET POLICY HTTP traffic on port 443 (POST) ET MALWARE Win32/Emotet CnC Activity (POST) M8		5.4		20

48446	2020-07-21 18:18	https://bloomcareltd.co.uk/wp-... 85321df51c43c38d4bc6927ee7cea7a9 Dridex VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS		1	3		3.2

48447	2020-07-21 18:17	FILE-2020_07_21-195317.doc 589ee490769a1737f7365d7c5655008e Vulnerability Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://r8---sn-3u-bh2sd.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe?cms_redirect=yes&mh=eA&mip=175.208.134.150&mm=28&mn=sn-3u-bh2sd&ms=nvh&mt=1595322864&mv=m&mvi=8&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/chrome/AIHcSO5F2NZdUg_Cy-Cbgy8_84.0.4147.89/84.0.4147.89_chrome_installer.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4039676881&cup2hreq=00ab76e6bd8dbeb018fa1aa7d74b24303a0f5bcc3abe6436c03ac71ae149bf77	4	3		3.6

48448	2020-07-21 14:29	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware unpack itself					1.2	M	20

48449	2020-07-21 14:28	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:655737552&cup2hreq=002ee30e1176121f00b9eb338c474169f91320cfd3f0e9a4d5fee500a87a838a	2	1		3.0		20

48450	2020-07-21 14:23	doc-5382.docm ae18ed686e82ba41cebc162245c7fc42 VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:2387805627&cup2hreq=5454ed19c95f66fa17bec024b06636f6045cc341c7a2dd617f379c96e2f6a971	2	1		3.0		20