NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
CISA Adds One Known Ex...
09.20 03:09
Talk of election secur...
09.20 03:09
Lathe Outfitted with E...
09.20 03:09
Musk’s X Tells Top Bra...
09.20 03:09
Wherever There's Ranso...
09.20 03:09
CISA Adds One Known Ex...
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...

NetWork | ZeroBOX

IP Address	Status	Action
160.124.142.64	Active	Moloch
164.124.101.2	Active	Moloch
213.186.33.5	Active	Moloch
81.17.18.195	Active	Moloch

Name	Response	Post-Analysis Lookup
www.szlandas.com	A 160.124.142.64	160.124.142.64
www.theircouture.com	A 81.17.18.195	192.187.111.220
www.guniverse.net	A 213.186.33.5	213.186.33.5

TCP Requests

UDP Requests

GET 302 http://www.theircouture.com/wlns/?SVE=vbQ70DSOjBu6wXqoiLl8xulYFqbBUo6FNBZyPPsJA5VA6onbJOTBpmYGjXjMfEPpp2tfldem&oX=Txo8n04xDBsp

GET 0 http://www.szlandas.com/wlns/?SVE=GKZWCMEw3T5aOBpNO42YjE/TaP1B6pPd2pbjYzDF3p7yhpxX2M2GLn3QuEoCBwC+72ICaQ2c&oX=Txo8n04xDBsp

GET 302 http://www.guniverse.net/wlns/?SVE=obmV34E+VnU01louI7hyDBOk8azyZSyy8u3EY5X02UVoxZoekQW179fH12awdQjVw+iljCJU&oX=Txo8n04xDBsp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 160.124.142.64:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 160.124.142.64:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 160.124.142.64:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 213.186.33.5:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 213.186.33.5:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 213.186.33.5:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 81.17.18.195:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 81.17.18.195:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 81.17.18.195:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts