NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.21 02:11
Detecting Pacific Rim ...
11.21 02:11
Senate Hearing Highlig...
11.21 02:11
Over 21K Equinox patie...
11.21 02:11
Misconfigured Jupyter ...
11.21 02:11
Meow, INC Ransom gangs...
11.21 02:11
Alleged Finastra breac...
11.21 02:11
Progress Kemp LoadMast...
11.21 02:11
GAO finds gaps in TSA'...
11.21 02:11
IT Sicherheitsnews stü...
11.21 02:11
Don't Get In the Way o...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
35.185.181.239	Active	Moloch

Name	Response	Post-Analysis Lookup
www.getmavin.com	CNAME custom.convertri.com A 35.185.181.239	35.185.181.239
www.project-global-corp.us

TCP Requests
- 192.168.56.101:49170 35.185.181.239:80
  www.getmavin.com

UDP Requests

GET 307 http://www.getmavin.com/ad6n/?p0G=OjJsxC4geh8I7FqpHa9UrgAH/E1KMhjJ+gcNVa/pzu129pZ482obDOVio5WqFRS9BSrfkXt2&DXEXx=X6jPuRePGH0PXF8P

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49170 -> 35.185.181.239:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 35.185.181.239:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 35.185.181.239:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts