NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...
11.18 03:11
디저트39, 필리핀·미국에 이어 몽골 진출
11.18 03:11
Beyoncé to Join Netfli...
11.18 03:11
에스엠해썹, 2024 스마트공장 지원사업...
11.18 03:11
삼진벽난로, 알펜시아 에스테이트 초프리미...
11.18 03:11
Analog Shift Register ...
11.18 03:11
엠기어스, BMW 통합 호환…신제품 엠스...
11.18 02:11
상상력집단, 고양시 시니어 맞춤형 AI ...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
209.17.116.163	Active	Moloch
217.147.89.90	Active	Moloch
34.102.136.180	Active	Moloch
54.251.187.76	Active	Moloch

Name	Response	Post-Analysis Lookup
www.poeticdaily.com	CNAME poeticdaily.com A 34.102.136.180	34.102.136.180
www.olitusd.com	CNAME jlyuiy-423453729.ap-southeast-1.elb.amazonaws.com A 54.251.187.76 A 3.1.17.53	54.251.187.76
www.rthearts.com	A 209.17.116.163	209.17.116.163
www.patsanchezelpaso.com
www.okdahotel.com	CNAME okdahotel.com A 217.147.89.90	217.147.89.90

TCP Requests

UDP Requests

GET 403 http://www.olitusd.com/nk6l/?xh6pFFa8=A96J2yqZ15MRy9jQ1ShVttrHs3hZu5ufOYENCH+AED1FqV/nHh3IRBYvDz8bZEr5XGiorOrH&CR=CpCdU0E

GET 400 http://www.rthearts.com/nk6l/?xh6pFFa8=aQJ/5obTpOHNVgnCvNgrcEt00DsX5EewgNz5JOfO7ljBuP/TG6sC4VyDa90vv4w4T6a/FBxt&CR=CpCdU0E

GET 404 http://www.okdahotel.com/nk6l/?xh6pFFa8=7Cx7t3AZ2id/O6OwSSjkUz51aeTB+IK9J6vBgt2n544Oy/iasIcSWdfBUkGyM4lqaa8FXgYE&CR=CpCdU0E

GET 403 http://www.poeticdaily.com/nk6l/?xh6pFFa8=rVD8+QajG6hBV5DMpuwEZ0RCKhEDH8x71UIWoVFRrcLN1VQdus1DI2AqPYOGAxFyY53e8M0A&CR=CpCdU0E

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 217.147.89.90:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 217.147.89.90:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 217.147.89.90:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 54.251.187.76:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 54.251.187.76:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 54.251.187.76:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 209.17.116.163:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 209.17.116.163:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 209.17.116.163:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts