NetWork | ZeroBOX

IP Address	Status	Action
103.224.182.242	Active	Moloch
104.21.73.18	Active	Moloch
156.241.118.187	Active	Moloch
160.124.149.174	Active	Moloch
162.0.216.71	Active	Moloch
164.124.101.2	Active	Moloch
203.146.252.150	Active	Moloch
208.91.197.91	Active	Moloch
209.74.108.198	Active	Moloch
213.186.33.5	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.smonique.com	A 162.0.216.71	162.0.216.71
www.vernshandmade.com	A 203.146.252.150 CNAME vernshandmade.com	203.146.252.150
www.didgaulab2.net
www.youruaect.com	A 208.91.197.91	208.91.197.91
www.manly-inc.net	A 103.224.182.242	103.224.182.242
www.stickscollar.com	A 209.74.108.198	209.74.108.198
www.progress-storage.com	A 156.241.118.187	156.241.118.187
www.disneyy.online	A 104.21.73.18 A 172.67.137.72	104.21.73.18
www.socialcrayons.com	CNAME socialcrayons.com A 34.102.136.180	34.102.136.180
www.ymhw.red	A 160.124.149.174	160.124.149.174
www.cestvotrejourdechance.com
www.lychee.solutions	A 213.186.33.5	213.186.33.5

TCP Requests

UDP Requests

GET 302 http://www.manly-inc.net/tgdh/?oXL=T2hyiT4yGRSJySXgvQ92ynvHZeFzcAvRrmHKTRNyhOIVdtUvfNniaBMnD2YE3Kp/ivsTupKs&GFNL6=9rzX0zMPGJe

GET 301 http://www.progress-storage.com/tgdh/?oXL=1JFI+sqiJ53F/4r74AU6bnX0zMJGF2EjLTuIZSF/OAKO4l5yELQ4TKKxTaKAtUH5lAUlWY7l&GFNL6=9rzX0zMPGJe

GET 302 http://www.lychee.solutions/tgdh/?oXL=UlKbuswi2Y15wEsv3lQ89d1PQ+7W2P8S37KfK5fMXAO8xBwAZ7A9X+0QBphQ8KC7Yj0SKJjN&GFNL6=9rzX0zMPGJe

GET 200 http://www.youruaect.com/tgdh/?oXL=tZMPgU44/UyTvdlqydmrTmAWwCRIROfEbKPJDsOmrPCduNJSVa0bYRNrW2VwMflX5av73nuO&GFNL6=9rzX0zMPGJe

GET 301 http://www.vernshandmade.com/tgdh/?oXL=bQnQKnB1Ss+iIFTY4P53xmPXEpjrMWsWSs3GF18+WwXvqWynx9MRCd3hJcujecrJ+mv2Gevf&GFNL6=9rzX0zMPGJe

GET 301 http://www.disneyy.online/tgdh/?oXL=yTnVb2tg7ARKFX050KVe//mT5Ff12juh011QKHkYix65bxDVqf807Xrt0Hcx6eNyVazFzzpR&GFNL6=9rzX0zMPGJe

GET 404 http://www.smonique.com/tgdh/?oXL=6IzDNvq36e1W8CiJ1NlVZuy5vYNCYHHTzCVE35nOSEe2qUNdEDdqHjuFWccjs6VEiGwwaE+o&GFNL6=9rzX0zMPGJe

POST 405 http://www.socialcrayons.com/tgdh/

GET 403 http://www.socialcrayons.com/tgdh/?oXL=AkIp2eED1pFiXkYOGYOKBgSrvoJlM7uPGyhWbVOCo5bSOQOUdmVeAfL8gFnbOTwfh1JuFvs5&GFNL6=9rzX0zMPGJe&5yJZ=qPX87RDh

POST 404 http://www.stickscollar.com/tgdh/

GET 404 http://www.stickscollar.com/tgdh/?oXL=acGlUfVkWmWVflw+xL35pCNy6pbIrLuDAngQu8VWTg1Pd/+K/gQWDJIUeRN5jeJoZfAMJ4xt&GFNL6=9rzX0zMPGJe&NHpC=KtxXAba0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49168 -> 213.186.33.5:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 213.186.33.5:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 213.186.33.5:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 156.241.118.187:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 156.241.118.187:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 203.146.252.150:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 156.241.118.187:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 203.146.252.150:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 203.146.252.150:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 208.91.197.91:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 208.91.197.91:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 208.91.197.91:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 34.102.136.180:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 209.74.108.198:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 162.0.216.71:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 162.0.216.71:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 162.0.216.71:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 103.224.182.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 103.224.182.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 103.224.182.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 104.21.73.18:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 104.21.73.18:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 104.21.73.18:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts