Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
49141	2020-07-08 10:56	https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit crashed	3 Keyword trend analysis	4			8.6	M	1

49142	2020-07-08 10:38	https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed	1 Keyword trend analysis	2			3.6	M	1

49143	2020-07-08 10:35	https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces AppData folder malicious URLs Interception Windows DNS	3 Keyword trend analysis	8			9.8	M

49144	2020-07-08 10:12	https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e

49145	2020-07-08 09:13	http://lesiga.elaborando.co/23... VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows DNS	10 Keyword trend analysis Info http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgSnpbKtCqR9Oin%2BnzJgtszNYw%3D%3D http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0ACT6jyC8wXTpAKkoAAAAJPqM%3D http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D http://ocsp.trustwave.com//MFQwUjBQME4wTDAJBgUrDgMCGgUABBRKUAJ27jxxuy1zYtpUHfLy0MHHugQUys4dGAN3HhzzfFiymnCoCIAW9K4CEwb1lQKy2rx%2FS5DWa947FkCgQKA%3D http://ocsp.trustwave.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQ1mI4Ww4R5LZiQ295pj4OF%2F44yyAQUyk7dWyc1Kdn27sPlU%2B%2BkwBmWHa8CEQCSuHRPcc7Q4mxyo9jV2SWy http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgTSs3CjOsOyJKAgGftTb%2BwMBQ%3D%3D https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml	14 Info ocsp.trustwave.com(23.67.53.106) iecvlist.microsoft.com(117.18.232.200) o.ss2.us(52.84.186.192) www.download.windowsupdate.com(23.76.153.42) r20swj13mr.microsoft.com(117.18.232.200) ocsp.int-x3.letsencrypt.org(119.207.65.27) 104.18.25.243 117.18.232.200 119.207.65.33 119.207.65.56 23.67.53.106 23.76.153.50 52.84.186.192 65.55.252.93			5.0	M

49146	2020-07-08 09:13	http://xaxiefei.com/ 1c1c8fcc809bd6e89e59b53e6c860900 Code Injection unpack itself Windows utilities malicious URLs Windows DNS	5 Keyword trend analysis Info http://xaxiefei.com/ http://clkfeed.com/adServe/feed?pid=277439&cid=294967874220200708081033&ip=175.208.134.150&q=xaxiefei.com&ref=http%3A%2F%2Fclick.com.cn&num=1&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+6.1%3B+Trident%2F4.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+3.0.30729%3B+Media+Center+PC+6.0%3B+InfoPath.2%29&ar=sr&format=jsonp&callback=jCallBack http://makemoneynowwith.me/landclick17?utm_id=10893&utm_campaign=Worldwidepop&utm_source=417235576&utm_cost=0.0017 http://infopicked.com/aS/feedclick?s=Ilxxar-4JDjHYSZnQRV0rUoLXZk8gkPQ5BTSTVNwlg_EcH_5IZLpRatmSGSPIFZmrtKGeLDN2bDp6O7CY8H5ouesbwTUN9D1Q57WzBF2czkWE365F5gTS3p_DRrQ0jsCiUnMKG1xv31r6HPqc5_T5XfmENYXbWzNNl6RGTsBSkkzkyjOB5NnOmVb26hfmQjmjzvTmT6JS1_xKaYYZZeh_oVaWsixJpTpLuxbHBKxXA7m61BEDHiI1V8ptnTyEbsEGGDXAJap5xJuOeOQ6gD3fs7kC3HE3UIAAb9tD7LjOrF4Zr1gnX0HwmYPITySsyMJylr5MusyoXq5tSTdtDgqKpEUHgF9kCYPS3q_D_M-5Q2cdVEUUr0dpbAp51uWVMZzrCUxMFFlAIqgtBkKB3pzBw17I52regNsmERACmm9d1Ar8jUKVL8MC2uLkB_zAuq4DrwnbX_aH98cC1jP3kON5sIUhPpu1fzC07xhVm_ZDHMNfSCZ_OrqiBjbpHLnlbm7t8EljdB1wTCr3ff4CXsYLaw16dV_7cSFe6AXyTV1Mj4021iRjhq0zPQR89DHepzU0dJ4XhCwnchKP8F2xpZnSxy9xkUuu-1iO451azUsFrAJuSZRcLZAjB3Mq_pfyLQ1rspeev3iQyNedYMOrVh4CjrYPna_NpWi-FFxzHCJPtm1cNimtqvoKsygnS7C3oWvb2oIM_L2gn0l4LPMrDTlsJu-qym460YmQeS_dk78u8zRGprfPkBBRV_ClGp7JnH1zSw2k5tHm8gbyQwruC5xGcDgyEVNneyr2Y7T2L3HqYmHjAb-IV5tvFLnfaG-JlFNtuA-nianKmc1A05lvHBb3aWIkI-WU_4tbEEwYO1pENukM7GKy5PSvkItgkOAbPTwOjjtRy6dmYKWwX0XkOz5n0nhcq3cKF0FjEHEEZG7lPyuCRjflWqghpJ6vXPNlnrkzDeyMVBEo-asv_VFB38okakGLrTdGVtaFymS2zSzkH7h8R3jd6QQOBWUV3P-qG0ARh4RoyTzuxlEaGTUWqawcKkxi-HG-ZDQEIFcOnMcBLESMbhRwllXtEdAmmzLFXubGzGiJrZ7x4IIY6NnDXd2qd8MnJ3rKTMr3jrzvbiu2GRFrxW_XL0h9aJbzIrK5N9EDHnHSYmooPtl7L1_mn3dolxYCQoQrZsb86DWeLZBr6kGEejNLwFYbWV5N0AYi2b61KcGh0vxxm_l7_yFLjmCLv2a5UBa2qvEZevwfdilhqttoTkcPX6zUV1om0jH8I2-X1zDEHW1o0Qo8xpHgyinH5_iQUXPZOZ-taS5vcYAwqstWdowuwHbKKZb8exLESuKoaUHiPUX6HbKf70TcBPp14Lv_8H7bRG9HxJYyiw7L494lbwGVfAxIxDRhA8AunqQAxWbcitV4EWvoC4Yt4DAzlx_HS2HdDiRyeFB0MtdlH4N7tv-O8QND_md4fXkyGztdQsz098JuOT1ttHk-cffIvmd4fXkyGztdQsz098JuOSB5CspTdSC5hllyTqztqQ8EwrLEAaOW_haSOzCCeLHIgX2GF8JC6gH http://p277439.infopicked.com/adServe/domainClick?ai=oVptmhAYB-2XmlauIlmKVoO-mcJ3GLX19Key8xfvkO5-7UOYsYXG3SMGIeUYEwmz3FA9ypzPA3eWHlqNvGorkndKGCIeuwWhD3YRp9_wtT58zMU0lt9xPpZaYOBYWX8UjQ9mH6USLMQjeRAqbTvnp_07QYY01tXuDfBKEZ56SwxiVnQIGgxQDiU7ugF2M-yuCHABN4kydf0k-MFSMweLFJs35mYWkieF8jhBPm9BxET7neJIZRNdp2aye5aMrKJmW2jB4zFuRTFWdau7IN9FdV9I9zFVCeL5p92cp-vkcPmEf3qd4ONyUKC7q00sm1d_81VZTL6WTs8WO4QP-Vi7zRe7zzBJbLAQvEGFQ0jWJkN4bvlPQArirXHpAiEoSXb7bgejlzf67IHJhBqnpFAYjy8XSwgU20thPr3DzM-L5AvCYpcix__7rogqsUMnR3TtAARrDJYAm5k&ui=Ilxxar-4JDjHYSZnQRV0rY-50-QI18VbLWXp3on882KiNKxwAofaTKesgDqN0Bcm_70dYyKxODVFtUJS6-xgFwO7jXgE1DaB4coOf03NbTGvgG-REX2lQu5UjdehP7Cu_QOJJbXglw4&si=1&oref=d3c2837da0e02e3a4a67f0afabcb8712&rb=ejKb-f9jF6I&rr=1&isco=t	10			4.2	M

49147	2020-07-08 09:05	QUOTATION_49027352-pdf.exe 2714c2eac0417bec3b7186c77a5ad059 VirusTotal Malware					1.4		15

49148	2020-07-08 01:16	https://onedrive.live.com/down... VirusTotal Malware Code Injection Creates executable files unpack itself Windows utilities malicious URLs Windows	15 Keyword trend analysis Info https://onedrive.live.com/download?cid=4FFF64405FCF9FDD&resid=4FFF64405FCF9FDD!114&authkey=ADGLVWUghO_shw8 https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002//maincss_ko-b5537a5b.css https://p.sfx.ms/h/c7.png https://p.sfx.ms/h/logos5o.png https://p.sfx.ms/is/invis.gif https://p.sfx.ms/images/OneDriveLogoLight4.png https://p.sfx.ms//SoftBlock/v1/main.png https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/jquery-1.7.2-39eeb07e.js https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy_s_legacy-e428f2e2.js https://p.sfx.ms/h/command5.png https://p.sfx.ms/images/favicon.ico https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy1-1a09fb82.js https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy0-e2cc9701.js https://onedrive.live.com/handlers/clientstring.mvc?mkt=ko-KR&group=wlive&v=19.419.0221.2001&useRequiresJs=False https://onedrive.live.com/log	6			3.8	M

49149	2020-07-08 01:10	http://attach.mail.daum.net/bi... ede82a5e35c84e768b37ae6ada83f964 Code Injection exploit crash unpack itself Windows utilities malicious URLs Windows Exploit crashed	2 Keyword trend analysis Info http://maildn.daumcdn.net/mail_bigfile/tks2235%40hanmail.net/attach/159410489534638/70755005_1/QUOTATION_49027352-pdf.z?Expires=1594138381&TWGServiceId=mail_bigfile&Signature=wF%2Bm27ZK8CpD1XqFteNKD6jPvZo%3D&x-content-disposition=attachment http://attach.mail.daum.net/bigfile/v1/urls/d/dRVyZnkLSyGHYvsxnzdge2KKrb4/SbyLEvWd4N7XpModWBWN2Q	4			3.2	M

49150	2020-07-07 22:07	167.exe 161e0b9b80e449fd4b0497cde4167c42 VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory buffers extracted unpack itself malicious URLs sandbox evasion ComputerName DNS crashed	1 Keyword trend analysis	1			8.8	M	41

49151	2020-07-07 21:52	167.exe 161e0b9b80e449fd4b0497cde4167c42 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1			13.6	M	41

49152	2020-07-07 21:46	http://lesiga.elaborando.co/23... 9b07dc25e1b69a9548ccfd15a541f2c2 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit crashed	1 Keyword trend analysis	2			4.4	M

49153	2020-07-07 21:42	rgnd.rtf 65be1e3712805bb0356f7e85c861f924 VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself malicious URLs Exploit crashed	3 Keyword trend analysis	4			4.2	M	29

49154	2020-07-07 21:41	233.exe 9b07dc25e1b69a9548ccfd15a541f2c2 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Interception Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1			14.2	M	41

49155	2020-07-07 21:38	http://lesiga.elaborando.co/23... 9b07dc25e1b69a9548ccfd15a541f2c2 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	3			5.0	M