NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe

Latest News
11.18 09:11
[AIS 2024 영상] 윤두식 이로운앤...
11.18 09:11
Samsung Jumps as Surpr...
11.18 09:11
한국장학진흥원, 반려동물장례지도사 자격증...
11.18 09:11
키르시 블렌딩 X 마인드어데이, 콜라보레...
11.18 09:11
글로벌 포장 용기 제조기업 수창티피에스,...
11.18 09:11
Hackaday Links: Novemb...
11.18 09:11
Nvidia Faces New Chip ...
11.18 09:11
아이케미스트, '2024 창업 경진대회'...
11.18 09:11
[AIS 2024 영상] 정일옥 이글루코...
11.18 09:11
[AIS 2024 영상] 이승훈 퓨쳐시스...

NetWork | ZeroBOX

IP Address	Status	Action
103.21.58.196	Active	Moloch
103.45.161.247	Active	Moloch
160.124.160.201	Active	Moloch
164.124.101.2	Active	Moloch
172.67.178.31	Active	Moloch
199.34.228.176	Active	Moloch
65.254.250.106	Active	Moloch

Name	Response	Post-Analysis Lookup
www.buylandintexas.net	A 65.254.250.106	65.254.250.106
www.altcultpromotions.com
www.panchmitramultitrade.com	CNAME panchmitramultitrade.com A 103.21.58.196	103.21.58.196
www.juxing666.com	A 160.124.160.201	160.124.160.201
www.9158cs.xyz	A 103.45.161.247	103.45.161.247
www.myspoiledbytchcreations.com	A 199.34.228.176	199.34.228.176
www.anamentor.com	A 104.21.51.95 A 172.67.178.31	104.21.51.95

TCP Requests

UDP Requests

POST 404 http://www.panchmitramultitrade.com/shjn/

GET 404 http://www.panchmitramultitrade.com/shjn/?XB6tXRHx=8WqcexsfKUWkq5tYBHZdr0ot6NZJON05OcQzq9lL/GT+T7lqOGecLjbNJrRoakSPF/XTY3En&cb=VTCliXcp7BAXgP_

POST 404 http://www.buylandintexas.net/shjn/

GET 404 http://www.buylandintexas.net/shjn/?XB6tXRHx=o0/ZFA5/NjNeJUceXZiaA93LxVWNVqV+R2eXTAns2CJToiS5dhBilGQGkI+7ENHSibyFFmvO&cb=VTCliXcp7BAXgP_

POST 0 http://www.myspoiledbytchcreations.com/shjn/

GET 302 http://www.myspoiledbytchcreations.com/shjn/?XB6tXRHx=olO/4/34fTDYblSo6PVzSieAYEWJ8QjPszux+JGlGKA6HcH4zxO2wCejPiuwsk00ELnYHVXi&cb=VTCliXcp7BAXgP_

POST 0 http://www.anamentor.com/shjn/

GET 301 http://www.anamentor.com/shjn/?XB6tXRHx=tv0gbh/H/soz9i/0EOOET4kbqB9H6LwHpkop0tG7g7gxjFABywsjhwxqrYIUZa09c3SMOexP&cb=VTCliXcp7BAXgP_

POST 404 http://www.juxing666.com/shjn/

GET 404 http://www.juxing666.com/shjn/?XB6tXRHx=K/kJnCMp55Nr7CzjCMYHb2wBG0h2/00yoaONhBuwcuPCyBbSbeWE3cQd7FQe5fWs+E2NmgAC&cb=VTCliXcp7BAXgP_

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49209 -> 172.67.178.31:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 172.67.178.31:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 172.67.178.31:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 199.34.228.176:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 199.34.228.176:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 199.34.228.176:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 160.124.160.201:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 160.124.160.201:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 160.124.160.201:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 65.254.250.106:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 65.254.250.106:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 65.254.250.106:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 103.21.58.196:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 103.21.58.196:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 103.21.58.196:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts