Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
51061	2020-11-05 12:44	abc.doc 9c4bc837af9308a9a4a89220ed106145 VirusTotal Malware buffers extracted exploit crash unpack itself malicious URLs Tofsee Exploit DNS crashed	3 Keyword trend analysis Info http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092 https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.327.342.0/x86/mpas-fe.exe https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86&eng=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092	5	1		5.4	M	31	admin

51062	2020-11-05 12:21	c7e640e2617d5fdaa6fc4d50d98ca3... 6400bca5e8d52210b733f79370449e3b VirusTotal Email Client Info Stealer Malware Malicious Traffic Checks debugger unpack itself malicious URLs suspicious TLD Tofsee Ransomware Email DNS	6 Keyword trend analysis	14 Info pattanitkpark.com(122.154.56.109) - malware notesever.com(208.109.9.44) - malware www.xxdaytoy.top(8.210.23.28) - malware babyshop.webdungsan.com() - malware huaibangchina.com(39.100.15.2) - malware superbetprediction.com(185.210.145.110) - malware nguyenlieuphachehanoi.com(103.101.161.23) - malware 8.210.23.28 - suspicious 39.100.15.2 - suspicious 208.109.9.44 - suspicious 185.210.145.110 122.154.56.109 - suspicious 172.217.25.14 - suspicious 103.101.161.23 - suspicious	2		6.2	M	29	guest

51063	2020-11-05 11:43	FILE_336.zip 47c75f290ec56d8450f333a4deed2494 Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		2			3.8			guest

51064	2020-11-05 11:22	온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs DNS		1			3.8	M	30	guest

51065	2020-11-05 11:11	Client.exe 1e5f3d37e050d773f8798da41b372984 malicious URLs WriteConsoleW					2.2			admin

51066	2020-11-05 10:58	Server.exe ad6e52e637e6265303f8dec3b5b79b66 VirusTotal Malware WriteConsoleW DNS		4	1		3.0		53	admin

51067	2020-11-05 10:47	https://chrise.xpleomedia.com/... 8331bb422758855644314f06ef8b6494 VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities AppData folder Tofsee Windows DNS	3 Keyword trend analysis	3	1		4.0	M	16	guest

51068	2020-11-05 09:59	https://firma.osgbpro.com/nvda... 8331bb422758855644314f06ef8b6494 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS		3	3		3.2			guest

51069	2020-11-05 09:57	https://leavereport.teamengine... 8331bb422758855644314f06ef8b6494 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS		3	3		3.2			guest

51070	2020-11-05 09:55	https://breeder-world.presstig... 8331bb422758855644314f06ef8b6494 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS		4	3		3.2			guest

51071	2020-11-05 09:53	https://tatatertib.binainsani.... f6e9f6de099449b84d37f8c9c959c0a3 Dridex VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS		3	4		3.4			guest

51072	2020-11-05 09:51	https://alapenho0221555.s3-eu-... 0d72220f2fa97baff0ce21e12e3e3de9 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows Advertising Google ComputerName DNS keylogger	4 Keyword trend analysis Info http://manaproducoes.com.br/site/core/xmen//?jama28nta http://erdempetrol.com.tr/fonts/awesome/9S7D2SP/OS97RJ10S.zip https://docs.google.com/document/d/1CHqiI-scmuRTdR3ZdzmIA0--QDfU6-L5z3cOCkEMtbQ//export?format=txt https://alapenho0221555.s3-eu-west-1.amazonaws.com/B0002221114788885522.zip - malware	9	2		9.8	M		guest

51073	2020-11-05 09:46	http://175.208.134.150:8282/te... 5c8e2fed189e7b7f7f1d9e756fd072f8 Code Injection RWX flags setting unpack itself Windows utilities Windows DNS	2 Keyword trend analysis	2			2.8			guest

51074	2020-11-05 09:40	msi.zip b7f761dd1023f9ce8fa7a3b53ebdd97a VirusTotal Malware DNS	1 Keyword trend analysis	4			1.8	M	22	guest

51075	2020-11-05 09:37	http://175.208.134.150:8282/te... 6479dedf0e74ba999f637e1acb7f86b2 suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Windows DNS	1 Keyword trend analysis	2	1		5.6			guest