Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
811	2020-07-21 09:32	http://bloomcareltd.co.uk/wp-c... e4cd8d3e82fae709c00e457fb0f91bcc Malware download VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit WordPress DNS crashed Downloader	1 Keyword trend analysis	1	3		6.4

812	2020-07-21 09:45	http://88.218.16.20/ztYQWLnqiK... 4af9079a6228f2857a84e35b098d6bdd VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	4		5.0

813	2020-07-21 09:49	https://class.britishonline.co... dcf7add878e1e15a80ae49a24f193a33 Dridex VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities malicious URLs Tofsee Windows DNS	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:805381821&cup2hreq=dfb3cffb99639d08f359b20dd1b8622d9c97bd65e0f4596baa0061204c71a66b	3	3		4.6

814	2020-07-21 10:06	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.nalara1220.o-r.kr/main.jpg http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg http://www.nalara1220.o-r.kr/favicon.ico http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	8	3		4.6

815	2020-07-21 10:07	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.nalara1220.o-r.kr/main.jpg http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg http://www.nalara1220.o-r.kr/favicon.ico http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	8	3		4.6

816	2020-07-21 10:13	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.nalara1220.o-r.kr/main.jpg http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg http://www.nalara1220.o-r.kr/favicon.ico http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	8	3		4.6

817	2020-07-21 10:22	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.nalara1220.o-r.kr/main.jpg http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg http://www.nalara1220.o-r.kr/favicon.ico http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js	8	3		4.6

818	2020-07-21 10:29	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg http://www.nalara1220.o-r.kr/favicon.ico http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jpg	8	3		4.6

819	2020-07-21 10:41	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg http://www.nalara1220.o-r.kr/favicon.ico http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/main.jpg	8	3		4.6

820	2020-07-21 10:42	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	8	3		4.6

821	2020-07-21 10:46	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://www.nalara1220.o-r.kr/main.jsp http://www.nalara1220.o-r.kr/CSS/mainC.css	8	3		4.6

822	2020-07-21 10:54	http://www.nalara1220.o-r.kr/ c032bb944d6fba21799bd5a4df5b6122 Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/main.jsp http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/CSS/css/lightslider.css http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml	3	3		4.6

823	2020-07-21 11:15	index6.doc 62be29234e8acd4eedec3badcd6645bd Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://124.45.106.173:443/XDmDaH7BRLIgwZ/JT7KbXlWHHj7TLWaM/5VatXmN9b/ http://fijipiscinas.com/wp-admin/ympm/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3186187910&cup2hreq=287cfa612ac65c4e59d91e26d73a62854e4c2f86edbae3488bcb2fc99aa24736	5	5		5.2		19

824	2020-07-21 11:24	SCAN.exe fadf68763da300c57f81f7b7bc1f193e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis Info https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:3640900435&cup2hreq=a6d6dcc4f704eb77c22519df2fe1c3374044430d2d7d7716611b5e02dc8cc2a5	2	1		8.8		51

825	2020-07-21 11:28	index6.doc 62be29234e8acd4eedec3badcd6645bd Emotet Malware download Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://fijipiscinas.com/wp-admin/ympm/ http://124.45.106.173:443/DC3QmO5DYcDe6N/ZFrCWzCYf6pjPHezq/WmlNmhe5a/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201 https://update.googleapis.com/service/update2?cup2key=10:4111116801&cup2hreq=3445430328d78f23a52b4ccff1ed656f1ee52c4dbe2988de7b5b588c491258f1	5	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET POLICY HTTP traffic on port 443 (POST) ET MALWARE Win32/Emotet CnC Activity (POST) M8		5.2		19

First
Previous
51
52
53
54
55
56
57
58
59
60
Next
Last
Total : 48,198cnts