NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
04.30 09:04
Kt 엠모바일(ktm 모바일) 유심보호서...
04.30 09:04
New Slips version v1.1...
04.30 09:04
Secrets leaks increase...
04.30 09:04
UK Grocer Co-op Suffer...
04.30 09:04
Marcelo Claure Expands...
04.30 09:04
IT Sicherheitsnews tae...
04.30 09:04
Nach Durows Festnahme:...
04.30 09:04
Dell schützt PowerProt...
04.30 09:04
[NEU] [mittel] IBM Ope...
04.30 09:04
[NEU] [mittel] Docker ...

NetWork | ZeroBOX

IP Address	Status	Action
103.224.182.210	Active	Moloch
104.21.5.119	Active	Moloch
162.0.230.89	Active	Moloch
164.124.101.2	Active	Moloch
172.255.36.136	Active	Moloch
173.201.181.53	Active	Moloch
210.188.240.5	Active	Moloch
62.149.128.45	Active	Moloch
66.96.160.152	Active	Moloch
66.96.162.146	Active	Moloch
76.164.193.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.theboemia.net	A 66.96.162.146	66.96.162.146
www.topings33.com	A 162.0.230.89	162.0.230.89
www.spaceokara.com	A 210.188.240.5	210.188.240.5
www.mcgillinvestigation.com
www.beam-birds.com	A 173.201.181.53 CNAME beam-birds.com	173.201.181.53
www.tripnii.com	A 172.255.36.136	172.255.36.136
www.venerems.com	CNAME venerems.com A 62.149.128.45	62.149.128.45
www.animefnix.com	A 103.224.182.210	103.224.182.210
www.freerenoadvice.com	A 66.96.160.152	66.96.160.152
www.rwbbrwe1.com
www.dadagrin.com	A 76.164.193.180	76.164.193.180
www.bupabii.site	A 104.21.5.119 A 172.67.133.98	104.21.5.119

TCP Requests

UDP Requests

GET 404 http://www.topings33.com/ud5f/?inz0rV1h=P+kGyZmw/z1ZAcm1xeipQpdUp3lv0Y7Tq/O4l4d0IAxx4Y1WARDjicwyInmPULGK5Gjn0H9W&SP=cnxTbjA0

POST 301 http://www.bupabii.site/ud5f/

POST 301 http://www.bupabii.site/ud5f/

GET 301 http://www.bupabii.site/ud5f/?inz0rV1h=ALfx5VHPAmLJvR2PmDqxYgHynhZL+44fq/2dYcj3tIi9cyGy7ldYS7x5wMMPmf8J2NKK6TeT&SP=cnxTbjA0&TYIw=rpdlONf8

POST 301 http://www.freerenoadvice.com/ud5f/

POST 301 http://www.freerenoadvice.com/ud5f/

GET 301 http://www.freerenoadvice.com/ud5f/?inz0rV1h=/TToMDCW2ncgJ5LJRlT2wMaIAe2sglICrt5t2dOu5wDbuzlS1GgQ+Leahz1eY796FlJ1opun&SP=cnxTbjA0&WJ3E=oZND1hW0

POST 302 http://www.animefnix.com/ud5f/

POST 302 http://www.animefnix.com/ud5f/

GET 302 http://www.animefnix.com/ud5f/?inz0rV1h=pYnsP4TjgnW1+o0bXQyX3o5D0burLT7omwvH8WaVCOfXXYLrtXboQfHSoV7j4k06LzvKDu0l&SP=cnxTbjA0&U4mX=N8uT8DAX

POST 302 http://www.theboemia.net/ud5f/

POST 302 http://www.theboemia.net/ud5f/

GET 302 http://www.theboemia.net/ud5f/?inz0rV1h=vNc4qngUhMPfsLhaAtSRbB5tdicAwtCMMZptOOPPQtFj7cp5P6Xrt98T3jq+QQVFaJGPuwgy&SP=cnxTbjA0&qUDS=VPNpdVLh

POST 0 http://www.tripnii.com/ud5f/

GET 301 http://www.tripnii.com/ud5f/?inz0rV1h=N/pZwD3ciGRaBalB/st9KLrJwOHrAZcHEe9LScJkFQBh3cF/5u3uILtBrpiUdDWYV9t+nT9+&SP=cnxTbjA0&2CUR=pBZ0_xbH

POST 302 http://www.spaceokara.com/ud5f/

POST 302 http://www.spaceokara.com/ud5f/

GET 302 http://www.spaceokara.com/ud5f/?inz0rV1h=9CmrMn0GGtbXxXIdiJK6yWXZmlYii/OvswjFNfGMD5AzzaTP0I9tRoOX3ga04w9g87gTygof&SP=cnxTbjA0&JwlX=xvm4fvGX

POST 404 http://www.beam-birds.com/ud5f/

POST 404 http://www.beam-birds.com/ud5f/

GET 404 http://www.beam-birds.com/ud5f/?inz0rV1h=ncbEUbCk5kXcAL9fRpg+ceSXdryDB81gU2FCCsNIW8XHrZFrTQ1tXPDPVckwIBJ0r5CrHMmR&SP=cnxTbjA0&Ab0L=afGp2vvx

POST 404 http://www.venerems.com/ud5f/

POST 404 http://www.venerems.com/ud5f/

GET 404 http://www.venerems.com/ud5f/?inz0rV1h=K9u45/YQVGyEc9geHpEqgOMQoavn+DquAoSlVotvwrnEr+O2nsnegj4yqkliPvOpIqD7rz2g&SP=cnxTbjA0&nrzA=4hvtwR70

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49172 -> 103.224.182.210:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 66.96.160.152:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49187 -> 62.149.128.45:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 66.96.162.146:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 210.188.240.5:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49184 -> 173.201.181.53:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 162.0.230.89:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 162.0.230.89:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 162.0.230.89:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 172.255.36.136:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.5.119:80	2031413	ET MALWARE FormBook CnC Checkin (POST) M2	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts