NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.15 03:11
국내 최대 애니메이션 X 게임 축제 'A...
11.15 03:11
잉카엔트웍스-모리사와코리아-라티스글로벌커...
11.15 03:11
유병완 지란지교데이터 대표, 대전 일자리...
11.15 03:11
에코맘스, 겨울철 필수품 ‘공기청정기’ 출시
11.15 03:11
Retro Calculator Build...
11.15 03:11
김포시아동보호전문기관, 우리아이마음해결사...
11.15 03:11
에스넷시스템, 2024년 3분기 실적 발...
11.15 03:11
SK쉴더스, HD현대일렉트릭과 OT/IC...
11.15 03:11
Samsung Stock Rises Mo...
11.15 03:11
삼정, 가전제품 구독(렌탈) 서비스 도입

NetWork | ZeroBOX

IP Address	Status	Action
138.34.28.219	Active	Moloch
185.56.76.108	Active	Moloch
185.56.76.28	Active	Moloch
185.56.76.72	Active	Moloch
185.56.76.94	Active	Moloch
204.138.26.60	Active	Moloch
24.162.214.166	Active	Moloch
38.110.100.104	Active	Moloch
38.110.103.124	Active	Moloch
38.110.103.136	Active	Moloch
60.51.47.65	Active	Moloch
74.85.157.139	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://24.162.214.166/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 404 https://38.110.103.124/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 200 https://60.51.47.65/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 302 https://138.34.28.219/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 302 https://138.34.28.219/cookiechecker?uri=/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 302 https://138.34.28.219/index.html

GET 200 https://138.34.28.219/login.cgi?uri=/index.html

GET 404 https://38.110.103.136/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 200 https://38.110.100.104/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 404 https://38.110.103.136/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 404 https://38.110.103.124/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

GET 200 https://38.110.100.104/rob112/TEST22-PC_W617601.FFDA4B5123BB5AAFD6D6B3F691D7C683/5/file/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49172 -> 38.110.103.136:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49169 -> 38.110.103.124:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49173 -> 38.110.100.104:443	2404316	ET CNC Feodo Tracker Reported CnC Server group 17	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 74.85.157.139:443	2404321	ET CNC Feodo Tracker Reported CnC Server group 22	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 24.162.214.166:443	2404315	ET CNC Feodo Tracker Reported CnC Server group 16	A Network Trojan was detected
TCP 192.168.56.103:49173 -> 38.110.100.104:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49167 -> 24.162.214.166:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49170 -> 60.51.47.65:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 38.110.100.104:443 -> 192.168.56.103:49173	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 24.162.214.166:443 -> 192.168.56.103:49167	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 60.51.47.65:443 -> 192.168.56.103:49170	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.103:49176 -> 38.110.103.136:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49171 -> 138.34.28.219:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49177 -> 38.110.103.124:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49172 38.110.103.136:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:6C:22:98/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:6C:22:98/emailAddress=support@ubnt.com	ba:d7:95:38:aa:e6:8c:48:3e:83:06:69:20:ec:3a:a2:9c:0c:61:47
TLSv1 192.168.56.103:49169 38.110.103.124:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:EC:48:A1/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:EC:48:A1/emailAddress=support@ubnt.com	e6:60:4a:40:4a:b9:63:85:da:e8:fc:ec:75:e2:1a:7e:85:1f:49:1e
TLSv1 192.168.56.103:49173 38.110.100.104:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.103:49167 24.162.214.166:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.103:49170 60.51.47.65:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02
TLSv1 192.168.56.103:49176 38.110.103.136:443	None	None	None
TLSv1 192.168.56.103:49171 138.34.28.219:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-F4:92:BF:D6:1C:49/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-F4:92:BF:D6:1C:49/emailAddress=support@ubnt.com	0f:6c:9c:c8:a9:10:1e:c8:98:3f:01:df:32:ad:f1:7f:5d:d0:4c:54
TLSv1 192.168.56.103:49177 38.110.103.124:443	None	None	None

Snort Alerts

No Snort Alerts