NetWork | ZeroBOX

IP Address	Status	Action
121.254.136.27	Active	Moloch
172.67.188.70	Active	Moloch
152.32.213.254	Active	Moloch
162.213.251.164	Active	Moloch
164.124.101.2	Active	Moloch
2.57.90.16	Active	Moloch
207.180.207.140	Active	Moloch
3.134.153.35	Active	Moloch
66.210.173.37	Active	Moloch
81.169.145.84	Active	Moloch

Name	Response	Post-Analysis Lookup
www.conferencecloud-sek.net
www.wloss5.site	A 207.180.207.140 CNAME wloss5.site	207.180.207.140
www.yuanchengkefu.com	A 152.32.213.254	152.32.213.254
www.androidviews.info	CNAME androidviews.info A 162.213.251.164	162.213.251.164
www.vidacompany.online	A 2.57.90.16 CNAME vidacompany.online	2.57.90.16
www.statuspropertyservices.com	CNAME cname.appraiserxsites.com A 66.210.173.37	66.210.173.37
www.paymenttoken.exchange	A 3.133.215.23 A 3.130.123.90 CNAME prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com A 3.134.153.35	3.133.215.23
www.fahrdienste-mattes.com	A 81.169.145.84 CNAME fahrdienste-mattes.com	81.169.145.84
www.seeyoursitemap.com

TCP Requests

UDP Requests

GET 200 http://www.yuanchengkefu.com/emc3/?ETmlgZ0=5dOpH4ZLXu7gqsZ1flpEJSy5/LdZ10xjI/yeO+bfe65iP0yAbHsFfKBj2VicXLRb9n8+MeCp&VR-D4=3fgT8DnpTzVxuFb0

GET 301 http://www.statuspropertyservices.com/emc3/?ETmlgZ0=L+osWNdBydeTWGsDxkWeGaaIoWhBVYSxnk3gwfJ7GUe0C6XIFVSc6vAKacCYfLhhZ3toJh8T&VR-D4=3fgT8DnpTzVxuFb0

GET 404 http://www.paymenttoken.exchange/emc3/?ETmlgZ0=In3q5fcwqfPUvIHvOEXuZgrE0wtHaKVHhhvBmOU+LsTRa5uEC8dn2fxMD9iffVuCL4HwS9wl&VR-D4=3fgT8DnpTzVxuFb0

GET 404 http://www.fahrdienste-mattes.com/emc3/?ETmlgZ0=VWGEB2RJN0aBlqpDnbPaL1ZYx8rb1HY+Lg9+s9DCK846PkwUCCnDgE7CEHdlA8yVzzXekGKY&VR-D4=3fgT8DnpTzVxuFb0

GET 404 http://www.vidacompany.online/emc3/?ETmlgZ0=Wr+JZRbgWq8n141kzlZzfyAzhWF5y3sTWd/JKuONDjuieCbQIZ0fkxqUUD3uLS1bgZ3dn43u&VR-D4=3fgT8DnpTzVxuFb0

GET 308 http://www.androidviews.info/emc3/?ETmlgZ0=e45CG1ebRoxFNLB0uj39KBwfUwRmjh7RGoMQSbWlusxAluE+iEx7u65RPUKqZmZtHm0ABwKd&VR-D4=3fgT8DnpTzVxuFb0

GET 404 http://www.wloss5.site/emc3/?ETmlgZ0=tutBWMuEJTf8A7Qc2ebCBrBxG29piEEoH/p8OEQeRwYbe/gCmuxD82r91jZBNY0a3k8CYQHG&VR-D4=3fgT8DnpTzVxuFb0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49166 -> 66.210.173.37:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 66.210.173.37:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 66.210.173.37:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 162.213.251.164:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 162.213.251.164:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 162.213.251.164:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 81.169.145.84:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 81.169.145.84:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 81.169.145.84:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 207.180.207.140:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 207.180.207.140:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 207.180.207.140:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 3.134.153.35:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 3.134.153.35:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 3.134.153.35:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 152.32.213.254:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 152.32.213.254:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 152.32.213.254:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts