OPTIONAL: Sandbox SMTP Report

LAST UPDATED: 2023-08-30

THIS REPORT IS DISCONTINUED

This report summarizes the email sent by each of the malicious binaries when they were run in our sandbox system.

It is specifically generated by running a malicious binary in our sandbox system. The malware attempts either to email or utilize an email server that was referenced in the report. It does not mean that the access was successful or that your system is compromised at the time of the report, just that a piece of malware attempted either to utilize your infrastructure or to send an email to it.

Fields

md5hash

MD5 has of the binary that was run
email

Email addresses used by the binary
sender

Return email address used by the binary
smtp_inet

IP of the remote SMTP server
smtp_port

Remote port used
smtp_host

Hostname resolution of the IP address

Sample

Our 125 Report Types

API: ASN and Network Queries
API: Documentation
API: Malware Query
API: Reports Query
API: Research
API: Scan/SSL
API: Trusted Programs Query
Accessible FTP Report
CRITICAL: Accessible ADB Report
CRITICAL: Accessible Cisco Smart Install Report
CRITICAL: Accessible Docker Service Report
CRITICAL: Accessible ICS Report
CRITICAL: Compromised Account Report
CRITICAL: Compromised SSH Host Special Report
CRITICAL: Compromised Website Report
CRITICAL: Honeypot Brute Force Events Report
CRITICAL: Honeypot DDoS Events Report
CRITICAL: Honeypot ICS Scanner Events Report
CRITICAL: Malware URL Report
CRITICAL: Microsoft Sinkhole Events Report
CRITICAL: Netcore/Netis Router Vulnerability Scan Report
CRITICAL: Sinkhole Events Report
CRITICAL: Sinkhole HTTP Events Report
CRITICAL: Sinkhole HTTP Referer Events Report
CRITICAL: Synful Scan Report
CRITICAL: Vulnerable Exchange Server Report
CRITICAL: Vulnerable HTTP Report
CRITICAL: Vulnerable Ivanti Connect Secure Special Report
CRITICAL: Vulnerable SMTP Report
Exposed F5 iControl REST API Special Report
HAFNIUM Exchange Victim Special Report
HIGH: Accessible AFP Report
HIGH: Accessible Apple Remote Desktop (ARD) Report
HIGH: Accessible CouchDB Report
HIGH: Accessible Erlang Port Mapper Daemon Report
HIGH: Accessible Hadoop Report
HIGH: Accessible Kubernetes API Server Report
HIGH: Accessible MS-RDPEUDP
HIGH: Accessible MySQL Server Report
HIGH: Accessible PostgreSQL Server Report
HIGH: Accessible RDP Report
HIGH: Accessible Radmin Report
HIGH: Accessible SIP Report
HIGH: Accessible SLP Service Report
HIGH: Accessible SMB Report
HIGH: Accessible VNC Report
HIGH: Accessible XDMCP Service Report
HIGH: DDoS Participant Report
HIGH: Darknet Events Report
HIGH: Honeypot ADB Scanner Events Report
HIGH: Honeypot HTTP Scanner Events Report
HIGH: Honeypot IKEv2 Scanner Events Report
HIGH: Honeypot RDP Scanner Events Report
HIGH: Honeypot RocketMQ Scanner Events Report
HIGH: Honeypot SMB Scanner Events Report
HIGH: Loop DoS Report
HIGH: Open BGP Service Report
HIGH: Open BGP Service Report
HIGH: Open DB2 Discovery Service Report
HIGH: Open DVR DHCPDiscover Report
HIGH: Open Elasticsearch Report
HIGH: Open IPMI Report
HIGH: Open IPP Report
HIGH: Open LDAP Report
HIGH: Open LDAP TCP Report
HIGH: Open MS-SQL Server Resolution Service Report
HIGH: Open Memcached Report
HIGH: Open MongoDB Report
HIGH: Open NAT-PMP Report
HIGH: Open NetBIOS Report
HIGH: Open Redis Report
HIGH: Open SNMP Report
HIGH: Open SSDP Report
HIGH: Open Ubiquiti Report
HIGH: Post-Exploitation Framework Report
INFO: Accessible HTTP Report
INFO: Accessible QUIC Report
INFO: Accessible SMTP Report
INFO: Accessible SSH Report
INFO: Accessible SSL Report
INFO: Device Identification Report
INFO: Honeypot DDoS Target Events Report
INFO: Honeypot Amplification DDoS Events Report
INFO: Ransomware Victim Report
INFO: Sinkhole DNS Events Report
LOW: Accessible HTTP Proxy Report
LOW: Block List Report
LOW: SSL FREAK Report
LOW: SSL POODLE Report
LOW: Spam URL Report
MEDIUM: Accessible AMQP Report
MEDIUM: Accessible ActiveMQ Service Report
MEDIUM: Accessible CoAP Report
MEDIUM: Accessible MSMQ Service Report
MEDIUM: Accessible Rsync Report
MEDIUM: Accessible SOCKS 4/5 Proxy Report
MEDIUM: Accessible STUN Service Report
MEDIUM: Accessible Telnet Report
MEDIUM: Accessible WS-Discovery Service Report
MEDIUM: DNS Open Resolvers Report
MEDIUM: IP Spoofer Events Report
MEDIUM: NTP Monitor Report
MEDIUM: NTP Version Report
MEDIUM: Open CWMP Report
MEDIUM: Open CharGen Report
MEDIUM: Open HTTP Proxy Report
MEDIUM: Open MQTT Report
MEDIUM: Open Portmapper Report
MEDIUM: Open QOTD Report
MEDIUM: Open TFTP Report
MEDIUM: Open mDNS Report
MEDIUM: Vulnerable DDoS Middlebox Report
Microsoft Sinkhole HTTP Events Report
OPTIONAL: Sandbox Connection Report
OPTIONAL: Sandbox IRC Report
OPTIONAL: Sandbox URL Report
Qakbot Historical Bot Infections Special Report
Vulnerable Exchange Servers Special Report #1
Vulnerable Exchange Servers Special Report #2
Vulnerable Exchange Servers Special Report #3
Vulnerable Exchange Servers Special Report #4
Vulnerable Exchange Servers Special Report #5
Vulnerable Fortinet Special Report
Vulnerable ISAKMP Report
Vulnerable Log4j Servers Special Report

« Back to Network Reporting