NetWork | ZeroBOX

IP Address	Status	Action
134.122.133.171	Active	Moloch
164.124.101.2	Active	Moloch
178.18.193.120	Active	Moloch
192.185.131.113	Active	Moloch
207.97.200.47	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.ideemimarlikinsaat.com	A 178.18.193.120	178.18.193.120
www.newstodayupdate.com	CNAME newstodayupdate.com A 34.102.136.180	34.102.136.180
www.playstarexch.com	CNAME playstarexch.com A 34.102.136.180	34.102.136.180
www.roleconstructora.com	CNAME roleconstructora.com A 192.185.131.113	192.185.131.113
www.dxxlewis.com	A 207.97.200.47	207.97.200.47
www.6233v.com	CNAME twyg-9639v.com.txwlcdn13.com CNAME pflvcllbpf.bigbackbone.com CNAME pflvcllbpf.hellomyai.com A 134.122.133.171	134.122.133.171
www.thesewhitevvalls.com
www.bjyxszd520.xyz
www.avito-rules.com
www.elliotpioneer.com	CNAME elliotpioneer.com A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

POST 301 http://www.ideemimarlikinsaat.com/b2c0/

GET 301 http://www.ideemimarlikinsaat.com/b2c0/?5j=BhwIz8la4HUVi1nMBiVIC5A9YxwCbjsxx995Kt+xQMqbSybskl546EwbcvTy7pfoVmGr2lPQ&vTd8K=LHQx

POST 302 http://www.dxxlewis.com/b2c0/

GET 302 http://www.dxxlewis.com/b2c0/?5j=9ahEnHZeeTorCCf1BxWsn/rXQiL42ezX5ROQBOh91FMP3dxhyP3zcRxjW2sluygknGFgWtoi&vTd8K=LHQx

POST 0 http://www.6233v.com/b2c0/

GET 200 http://www.6233v.com/b2c0/?5j=TXWnycs9/xQM88J50NGMQUHmzvUS8Ow5beoaBntAR1L12gyUTl4Vs8xkkPbSltJIhMz7f2PR&vTd8K=LHQx

POST 404 http://www.roleconstructora.com/b2c0/

GET 404 http://www.roleconstructora.com/b2c0/?5j=1K0N61gHDa1dphA2mScjseGlMpXBLPWPRyroe9GKqjCieTRKzq19FpKJorkSVL2IbFhLWsH/&vTd8K=LHQx

POST 405 http://www.newstodayupdate.com/b2c0/

GET 403 http://www.newstodayupdate.com/b2c0/?5j=ngE3zTESEmF1TlzaI1JtRqVv6LVi69c0ageAEF+ggQEJgbQkBMu6yGJsOdi7lkxHgRVmVRi9&vTd8K=LHQx

POST 405 http://www.playstarexch.com/b2c0/

GET 403 http://www.playstarexch.com/b2c0/?5j=F+Gco1RrSA+q6KRKzyydjUzXzSLtfZhJDsnZ0YatH9yILxLZnbeI6GZ7F32+m8aTJR9d/lLK&vTd8K=LHQx

POST 405 http://www.elliotpioneer.com/b2c0/

GET 403 http://www.elliotpioneer.com/b2c0/?5j=/Ci6lA1yaE3CUS8uYzq6dZWl1lKVRbc/m6rjse/j6toaEbYIMAGoPQ/GjZ3pODpgFVgK+X0m&vTd8K=LHQx

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49210 -> 192.185.131.113:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 192.185.131.113:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 192.185.131.113:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 134.122.133.171:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 134.122.133.171:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 134.122.133.171:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 207.97.200.47:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 207.97.200.47:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 207.97.200.47:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 178.18.193.120:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 178.18.193.120:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 178.18.193.120:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts