NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 04:11
클라우드 MSP 기업 제노솔루션, 고객 ...
11.20 04:11
체크멀, 앱체크 프로 v3.0 ‘SW제품...
11.20 04:11
[사전규격공개] 2025년 중소기업 IS...
11.20 03:11
케이부스터, '저스트 미라클' 이름으로 ...
11.20 03:11
동탄 하이픈 입시 전문 학원, 재수종합반 런칭
11.20 03:11
정보보호 관리체계 인증 의무대상자 조사 ...
11.20 03:11
Most Extreme Hypergrav...
11.20 03:11
[사전규격공개] 정보보호산업지원센터 개소...
11.20 02:11
Apple Releases Urgent ...
11.20 02:11
Oracle Warns of Agile ...

NetWork | ZeroBOX

IP Address	Status	Action
110.172.137.20	Active	Moloch
103.146.232.154	Active	Moloch
103.75.32.173	Active	Moloch
139.255.65.170	Active	Moloch
36.95.23.89	Active	Moloch
36.91.186.235	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://139.255.65.170/lib176/TEST22-PC_W617601.04F75BDCBFBEA97F589B337531FD97BF/5/kps/

GET 404 https://103.146.232.154/lib176/TEST22-PC_W617601.04F75BDCBFBEA97F589B337531FD97BF/5/kps/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49165 -> 36.91.186.235:443	2404314	ET CNC Feodo Tracker Reported CnC Server group 15	A Network Trojan was detected
TCP 192.168.56.103:49170 -> 103.75.32.173:443	2404301	ET CNC Feodo Tracker Reported CnC Server group 2	A Network Trojan was detected
TCP 192.168.56.103:49170 -> 103.75.32.173:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49169 -> 103.75.32.173:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 103.75.32.173:443 -> 192.168.56.103:49170	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 103.75.32.173:443 -> 192.168.56.103:49169	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49168 -> 103.75.32.173:443	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49168 -> 103.75.32.173:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 139.255.65.170:443 -> 192.168.56.103:49164	2015686	ET POLICY Signed TLS Certificate with md5WithRSAEncryption	Misc activity
TCP 192.168.56.103:49164 -> 139.255.65.170:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 139.255.65.170:443 -> 192.168.56.103:49164	2015686	ET POLICY Signed TLS Certificate with md5WithRSAEncryption	Misc activity
TCP 192.168.56.103:49167 -> 103.146.232.154:443	2404300	ET CNC Feodo Tracker Reported CnC Server group 1	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 103.146.232.154:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 103.146.232.154:443 -> 192.168.56.103:49167	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49164 139.255.65.170:443	ST=none	ST=none	4b:a1:31:ba:f6:c3:4d:30:82:b5:b1:2f:02:e6:f4:15:b1:93:15:aa
TLSv1 192.168.56.103:49167 103.146.232.154:443	C=US, ST=IL, O=Internet Widgits Pty Ltd	C=US, ST=IL, O=Internet Widgits Pty Ltd	92:9c:54:61:4b:3c:f9:b4:92:51:95:d0:aa:d5:6b:b5:51:ab:1d:47

Snort Alerts

No Snort Alerts