NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
02.20 11:02
1042910952
02.20 07:02
111.txt
02.20 12:02
cabalmain.exe
02.20 12:02
helper.exe
02.20 12:02
setupis.msi
02.20 05:02
putty.exe
02.20 03:02
scan_doc_000_371.js
02.20 03:02
孟轩网1.0 64位.exe
02.20 03:02
cpa-back-2-15-25.txt
02.20 03:02
ssh.exe

Latest News
02.19 09:02
실버바 품절에 ’저중량 골드바’ 상품 구...
02.19 09:02
한국장학진흥원, 6시그마 GB/BB 자격...
02.19 09:02
아톤, 글로벌 솔루션 공급처 북미까지 확...
02.19 09:02
소중한생명, ‘소명’ 앱 통해 실시간 안...
02.19 09:02
edm유학센터, 제25회 ‘영국유학박람회...
02.19 09:02
A Unique Linear Positi...
02.19 09:02
Solving for Exponentia...
02.19 09:02
IT Sicherheitsnews tae...
02.19 09:02
IT Sicherheitsnews tae...
02.19 09:02
Keeper Security Launch...

NetWork | ZeroBOX

IP Address	Status	Action
138.34.28.219	Active	Moloch
154.58.23.192	Active	Moloch
164.124.101.2	Active	Moloch
185.56.76.108	Active	Moloch
185.56.76.28	Active	Moloch
185.56.76.94	Active	Moloch
217.115.240.248	Active	Moloch
24.162.214.166	Active	Moloch
38.110.100.142	Active	Moloch
38.110.103.18	Active	Moloch
45.36.99.184	Active	Moloch
60.51.47.65	Active	Moloch
68.69.26.182	Active	Moloch
97.83.40.67	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://60.51.47.65/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 200 https://97.83.40.67/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 302 https://38.110.100.142/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 302 https://38.110.100.142/cookiechecker?uri=/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 200 https://38.110.100.142/index.html

GET 404 https://38.110.103.18/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 200 https://24.162.214.166/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 404 https://217.115.240.248/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 200 https://45.36.99.184/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 302 https://138.34.28.219/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 302 https://138.34.28.219/cookiechecker?uri=/rob116/TEST22-PC_W617601.8B538ABB9337784DFF0195FB9533B201/5/file/

GET 302 https://138.34.28.219/index.html

GET 200 https://138.34.28.219/login.cgi?uri=/index.html

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49164 -> 60.51.47.65:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 60.51.47.65:443 -> 192.168.56.102:49164	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49169 -> 38.110.103.18:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49168 -> 38.110.100.142:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49166 -> 97.83.40.67:443	2404324	ET CNC Feodo Tracker Reported CnC Server group 25	A Network Trojan was detected
TCP 192.168.56.102:49172 -> 24.162.214.166:443	2404315	ET CNC Feodo Tracker Reported CnC Server group 16	A Network Trojan was detected
TCP 192.168.56.102:49175 -> 45.36.99.184:443	2404318	ET CNC Feodo Tracker Reported CnC Server group 19	A Network Trojan was detected
TCP 192.168.56.102:49166 -> 97.83.40.67:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49175 -> 45.36.99.184:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49172 -> 24.162.214.166:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 97.83.40.67:443 -> 192.168.56.102:49166	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 45.36.99.184:443 -> 192.168.56.102:49175	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 24.162.214.166:443 -> 192.168.56.102:49172	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49174 -> 217.115.240.248:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.102:49177 -> 138.34.28.219:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49164 60.51.47.65:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02
TLSv1 192.168.56.102:49169 38.110.103.18:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-B4:FB:E4:B8:30:7E/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-B4:FB:E4:B8:30:7E/emailAddress=support@ubnt.com	2e:0f:ca:9b:3e:95:2e:8f:f6:42:a6:1e:7a:21:66:83:0d:31:cb:c1
TLSv1 192.168.56.102:49168 38.110.100.142:443	C=US, ST=NY, L=New York, O=Ubiquiti Inc., OU=Technical Support, CN=UBNT-18:E8:29:1F:F2:01/emailAddress=support@ui.com	C=US, ST=NY, L=New York, O=Ubiquiti Inc., OU=Technical Support, CN=UBNT-18:E8:29:1F:F2:01/emailAddress=support@ui.com	f1:bf:98:64:45:62:e6:de:5f:a4:b5:d9:2a:11:e4:6f:21:99:7b:61
TLSv1 192.168.56.102:49166 97.83.40.67:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.102:49175 45.36.99.184:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.102:49172 24.162.214.166:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1 192.168.56.102:49174 217.115.240.248:443	C=US, ST=GA, L=Canton, O=LigoWave LLC, OU=R&D, CN=LigoWave SSL CA	C=US, ST=GA, L=Canton, O=LigoWave LLC, OU=R&D, CN=LigoWave SSL CA	d3:39:ab:71:76:bb:9c:d2:1c:3e:b1:17:92:c7:3f:25:1f:25:f8:88
TLSv1 192.168.56.102:49177 138.34.28.219:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-F4:92:BF:D6:1C:49/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-F4:92:BF:D6:1C:49/emailAddress=support@ubnt.com	0f:6c:9c:c8:a9:10:1e:c8:98:3f:01:df:32:ad:f1:7f:5d:d0:4c:54

Snort Alerts

No Snort Alerts