NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
198.23.251.109	Active	Moloch
45.137.22.77	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.101:49204 198.23.251.109:80
- 192.168.56.101:49212 45.137.22.77:5888

UDP Requests

GET 200 http://198.23.251.109/kswb/vbc.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 198.23.251.109:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49204 -> 198.23.251.109:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 198.23.251.109:80 -> 192.168.56.101:49204	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 198.23.251.109:80 -> 192.168.56.101:49204	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 198.23.251.109:80 -> 192.168.56.101:49204	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49212 45.137.22.77:5888	None	None	None

Snort Alerts

No Snort Alerts