Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-05-02 09:13	IE.exe d55af7419949eb1630bf0e6b3684166e PWS[m] Gen1 RAT Cryptocurrency Miner Generic Malware task schedule CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credenti VirusTotal Cryptocurrency Miner Malware VBScript Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Tofsee Windows Browser ComputerName RCE Firmware DNS Cryptographic key DDNS crashed Dropper CoinMiner	5 Keyword trend analysis	74 Info muslada2251.myvnc.com() marena9201.3utilities.com() niogem1171.servemp3.com() niogem1171.servepics.com() muslada2251.ddnsking.com(0.0.0.0) - mailcious niogem1171.viewdns.net() muslada2251.3utilities.com(3.1.85.243) muslada2251.servequake.com() muslada2251.serveirc.com() marena9201.gotdns.ch() muslada2251.sytes.net() muslada2251.servegame.com() niogem1171.freedynamicdns.net(0.0.0.0) - mailcious muslada2251.redirectme.net() muslada2251.onthewifi.com() rinot972.ddnsking.com(41.103.107.68) niogem1171.redirectme.net() pool.hashvault.pro(131.153.76.130) - mailcious marena9201.ddnsking.com() muslada2251.viewdns.net() marena9201.bounceme.net() muslada2251.servemp3.com() niogem1171.3utilities.com(0.0.0.0) - mailcious niogem1171.serveirc.com() muslada2251.servehalflife.com() niogem1171.ddnsking.com(0.0.0.0) - mailcious niogem1171.hopto.org(0.0.0.0) niogem1171.myftp.org(0.0.0.0) marena9201.freedynamicdns.net() marena9201.freedynamicdns.org() niogem1171.gotdns.ch(0.0.0.0) muslada2251.myftp.org() muslada2251.hopto.org() niogem1171.servebeer.com() niogem1171.webhop.me(0.0.0.0) pastebin.com(104.20.68.143) - mailcious muslada2251.servehttp.com() muslada2251.ddns.net() - mailcious muslada2251.serveblog.net() muslada2251.webhop.me() niogem1171.zapto.org(0.0.0.0) muslada2251.servebeer.com() niogem1171.serveftp.com() niogem1171.ddns.net() - mailcious niogem1171.onthewifi.com() niogem1171.freedynamicdns.org(3.1.85.243) - mailcious niogem1171.servehttp.com() muslada2251.serveminecraft.net() muslada2251.bounceme.net() niogem1171.servegame.com() muslada2251.serveftp.com() niogem1171.bounceme.net(0.0.0.0) - mailcious marena9201.ddns.net() niogem1171.myftp.biz(0.0.0.0) niogem1171.sytes.net() rinot972.ddns.net() muslada2251.gotdns.ch() muslada2251.freedynamicdns.org() muslada2251.myftp.biz() muslada2251.servecounterstrike.com() niogem1171.servequake.com() niogem1171.serveblog.net(0.0.0.0) muslada2251.freedynamicdns.net() muslada2251.servepics.com() muslada2251.zapto.org() niogem1171.servecounterstrike.com() niogem1171.serveminecraft.net() niogem1171.servehalflife.com() niogem1171.myvnc.com(0.0.0.0) 3.1.85.243 41.103.107.68 54.254.238.33 - malware 104.20.67.143 - mailcious 131.153.76.130 - mailcious	32 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY DNS Query to DynDNS Domain .ddns .net ET POLICY DNS Query to DynDNS Domain .3utilities .com ET POLICY DNS Query to DynDNS Domain .ddnsking .com ET POLICY DNS Query to DynDNS Domain .bounceme .net ET POLICY DNS Query to DynDNS Domain .freedynamicdns .org ET POLICY DNS Query to DynDNS Domain .myftp .org ET POLICY DNS Query to DynDNS Domain .onthewifi .com ET POLICY DNS Query to DynDNS Domain .servegame .com ET POLICY DNS Query to DynDNS Domain .viewdns .net ET POLICY DNS Query to DynDNS Domain .serveftp .com ET POLICY DNS Query to DynDNS Domain .servehttp .com ET POLICY DNS Query to DynDNS Domain .servehalflife .com ET POLICY DNS Query to DynDNS Domain .serveminecraft .net ET POLICY DNS Query to DynDNS Domain .zapto .org ET POLICY DNS Query to DynDNS Domain .freedynamicdns .net ET POLICY DNS Query to DynDNS Domain .redirectme .net ET POLICY DNS Query to DynDNS Domain .serveblog .net ET POLICY DNS Query to DynDNS Domain .servecounterstrike .com ET POLICY DNS Query to DynDNS Domain .servemp3 .com ET POLICY DNS Query to DynDNS Domain .servepics .com ET POLICY DNS Query to DynDNS Domain .hopto .org ET INFO DYNAMIC_DNS Query to a Suspicious .myftp.biz Domain ET INFO Observed DNS Query to .biz TLD ET POLICY DNS Query to DynDNS Domain .serveirc .com ET POLICY DNS Query to DynDNS Domain .myvnc .com ET POLICY DNS Query to DynDNS Domain .servebeer .com ET POLICY DNS Query to DynDNS Domain .servequake .com ET POLICY DNS Query to DynDNS Domain *.webhop .me ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)		10.0	M	47	ZeroCERT

First
1
Last
Total : 1cnts