NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll

Latest News
11.18 08:11
IT Sicherheitsnews woc...
11.18 08:11
IT Sicherheitsnews tae...
11.18 08:11
IT Sicherheitsnews stü...
11.18 08:11
[AIS 2024 영상] 최광희 세종 고...
11.18 08:11
Asia’s Richest Man Joi...
11.18 07:11
[AIS 2024 영상] 김기홍 샌즈랩 ...
11.18 07:11
Wall Street Bankers Sp...
11.18 07:11
Vor 40 Jahren: der Btx...
11.18 07:11
IT Sicherheitsnews stü...
11.18 06:11
US’s UFO-Hunting Aeria...

NetWork | ZeroBOX

IP Address	Status	Action
13.107.42.12	Active	Moloch
13.107.42.13	Active	Moloch
160.152.6.54	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
7tgopa.am.files.1drv.com	A 13.107.42.12 CNAME odc-am-files-geo.onedrive.akadns.net CNAME am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net CNAME odc-am-files-brs.onedrive.akadns.net CNAME am-files.fe.1drv.com CNAME l-0003.l-msedge.net	13.107.42.12
darkeye.hopto.org	A 160.152.6.54	160.152.6.54
onedrive.live.com	CNAME odc-web-geo.onedrive.akadns.net CNAME l-0004.l-msedge.net A 13.107.42.13 CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME odc-web-brs.onedrive.akadns.net	13.107.42.13

UDP Requests

GET 302 https://onedrive.live.com/download?cid=6BC744122027ACE8&resid=6BC744122027ACE8%21137&authkey=AHDc8B9P60uuA9c

GET 200 https://7tgopa.am.files.1drv.com/y4mgxpWp6MuASym9689Gu9OG8JBEZdImPuWF8Jt3g9nSjLfECHCRL9ygUaWQdsoG1GX0-oc9EDP1KXA0U4UdMMnZ8kM8ogtP2jsnNr1wzR6tdejAJLZCL5AiCF5ZZL_P57JUsM_YPvJWRlHFbJb3lM5Ylmk9lcGLwSt3VvC6t138iQKIUjqgUVF1kjo191ujlXuc_A7R_tpWhoCYDTb1KQ5tw/LIGHT.bin?download&psid=1

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:54056 -> 8.8.8.8:53	2028681	ET POLICY DNS Query to DynDNS Domain *.hopto .org	Potentially Bad Traffic
UDP 192.168.56.101:55450 -> 8.8.8.8:53	2028681	ET POLICY DNS Query to DynDNS Domain *.hopto .org	Potentially Bad Traffic
UDP 192.168.56.101:56977 -> 8.8.8.8:53	2028681	ET POLICY DNS Query to DynDNS Domain *.hopto .org	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 13.107.42.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:65329 -> 8.8.8.8:53	2028681	ET POLICY DNS Query to DynDNS Domain *.hopto .org	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49204 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e
TLSv1 192.168.56.101:49202 13.107.42.13:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=onedrive.com	50:2f:33:10:92:ac:27:7b:17:be:82:68:3b:e2:29:ad:97:41:b7:bb

Snort Alerts

No Snort Alerts