NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
04.30 06:04
[RSAC 2025 현장 리포트–DAY ...
04.30 06:04
Tracking APT SideWinde...
04.30 06:04
Researchers link Polyf...
04.30 06:04
대천브루어리, 대한민국 국제 맥주 대회서...
04.30 06:04
[RSAC 2025 현장 리포트–DAY ...
04.30 06:04
Startup Electric Plane...
04.30 06:04
에듀피디, 2025 경남교육공무직 채용시...
04.30 06:04
해피달링, 720도 아기 세면대 수전 워...
04.30 06:04
애브포인트, 데이터 보안 태세 관리(DS...
04.30 06:04
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.185.174.178	Active	Moloch
217.160.0.127	Active	Moloch
38.26.152.100	Active	Moloch

Name	Response	Post-Analysis Lookup
www.seementor.com	A 38.26.152.100	38.26.152.100
www.euromarketinfinity.com	A 217.160.0.127	217.160.0.127
www.knowan.space
darley.ml	A 192.185.174.178	192.185.174.178

TCP Requests

UDP Requests

GET 200 http://darley.ml/h/Zzrfmn_Kyaogqlh.bmp

GET 200 http://www.seementor.com/sn12/?9rJtvBQ=RtVC6loscM06usO/YI21fDXq59XBLcz9umfGdy2oQXWdI6QalDB8sFa/aIWAp2MtXDbGM+xQ&2d54=eT8xe2NpddJ86tL

GET 404 http://www.euromarketinfinity.com/sn12/?9rJtvBQ=/wE2iff+KL+/ERRZNsMlaCyYzWgq8VOttP75WoZBJ+TwHPTujVyF9hPb5PrQrqya+LxTGX7m&2d54=eT8xe2NpddJ86tL

ICMP traffic

No ICMP traffic performed.

IRC traffic

Command	Params	Type
ERROR	404: ARCHIVO NO ENCONTRADO	client

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:60117 -> 164.124.101.2:53	2025106	ET INFO DNS Query for Suspicious .ml Domain	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 192.185.174.178:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 192.185.174.178:80	2031091	ET HUNTING Request to .ML Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 192.185.174.178:80	2032988	ET INFO HTTP Request to a *.ml domain	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 38.26.152.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 38.26.152.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 38.26.152.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 217.160.0.127:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 217.160.0.127:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 217.160.0.127:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts