NetWork | ZeroBOX

IP Address	Status	Action
108.62.12.61	Active	Moloch
164.124.101.2	Active	Moloch
194.5.212.190	Active	Moloch

Name	Response	Post-Analysis Lookup
nutsstats.com

TCP Requests

UDP Requests

GET 200 http://194.5.212.190/load/trendmicro2.dll

GET 200 http://108.62.12.61/home2

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49171 -> 194.5.212.190:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 194.5.212.190:80 -> 192.168.56.103:49171	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 194.5.212.190:80 -> 192.168.56.103:49171	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49184 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49192 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49192 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49186 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49186 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49204 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49204 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49202 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49202 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49207 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49190 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49207 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49190 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49209 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49191 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49209 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49191 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49195 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49210 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49195 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49210 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49197 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49199 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49199 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49193 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49193 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49189 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49200 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49189 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49200 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49201 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49201 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49194 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49194 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49205 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49205 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49196 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49196 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49206 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49206 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49198 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49198 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49203 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49203 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49211 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49211 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 192.168.56.103:49208 -> 108.62.12.61:99	2033658	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49208 -> 108.62.12.61:99	2033928	ET MALWARE Cobalt Strike Beacon Activity (GET)	A Network Trojan was detected
TCP 108.62.12.61:99 -> 192.168.56.103:49196	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49195	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49194	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49190	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49200	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49202	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49207	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49186	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49192	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49189	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49184	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49208	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49211	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49206	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49203	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49193	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49198	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49201	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49205	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49204	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49191	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49197	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49199	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49209	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49210	2033009	ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts