popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 0 TCP 3 UDP 7 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
185.215.113.102 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 185.215.113.102:1234 -> 192.168.56.102:49165 2400024 ET DROP Spamhaus DROP Listed Traffic Inbound group 25 Misc Attack
TCP 192.168.56.102:49168 -> 185.215.113.102:1234 906200098 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) undefined
TCP 192.168.56.102:49167 -> 185.215.113.102:1234 906200098 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) undefined
TCP 192.168.56.102:49165 -> 185.215.113.102:1234 906200098 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) undefined
TCP 185.215.113.102:1234 -> 192.168.56.102:49165 2030724 ET MALWARE Observed Malicious SSL Cert (BitRAT CnC) Domain Observed Used for C2 Detected
TCP 185.215.113.102:1234 -> 192.168.56.102:49168 2030724 ET MALWARE Observed Malicious SSL Cert (BitRAT CnC) Domain Observed Used for C2 Detected
TCP 185.215.113.102:1234 -> 192.168.56.102:49167 2030724 ET MALWARE Observed Malicious SSL Cert (BitRAT CnC) Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.102:49168
185.215.113.102:1234 		CN=BitRAT CN=BitRAT aa:a8:0d:a0:d9:fb:84:90:ca:73:1e:67:ee:78:20:7e:bf:f4:75:3c
TLS 1.2
192.168.56.102:49167
185.215.113.102:1234 		CN=BitRAT CN=BitRAT aa:a8:0d:a0:d9:fb:84:90:ca:73:1e:67:ee:78:20:7e:bf:f4:75:3c
TLS 1.2
192.168.56.102:49165
185.215.113.102:1234 		CN=BitRAT CN=BitRAT aa:a8:0d:a0:d9:fb:84:90:ca:73:1e:67:ee:78:20:7e:bf:f4:75:3c

Snort Alerts

No Snort Alerts