NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
05.01 07:05
Alleged ‘Scattered Spi...
05.01 07:05
메타인프렙, 5월 AP 수학·과학 시험 ...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
Salt Typhoon hacks ‘a ...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
Restaurant Software Ma...
05.01 07:05
EBay Projects Solid Sa...
05.01 06:05
Chinese Hacking Compet...

NetWork | ZeroBOX

IP Address	Status	Action
103.145.13.158	Active	Moloch
164.124.101.2	Active	Moloch
193.122.6.168	Active	Moloch
62.197.136.165	Active	Moloch

Name	Response	Post-Analysis Lookup
kabos.xyz	A 103.145.13.158	103.145.13.158
checkip.dyndns.org	A 132.226.8.169 CNAME checkip.dyndns.com A 193.122.130.0 A 132.226.247.73 A 158.101.44.242 A 193.122.6.168	158.101.44.242

TCP Requests

UDP Requests

GET 200 http://checkip.dyndns.org/

GET 200 http://kabos.xyz/win32.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:55871 -> 164.124.101.2:53	2012758	ET INFO DYNAMIC_DNS Query to *.dyndns. Domain	Misc activity
TCP 192.168.56.101:49167 -> 193.122.6.168:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49168 -> 103.145.13.158:80	2022896	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016	A Network Trojan was detected
TCP 192.168.56.101:49168 -> 103.145.13.158:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 103.145.13.158:80 -> 192.168.56.101:49168	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 103.145.13.158:80 -> 192.168.56.101:49168	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 62.197.136.165:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49175 62.197.136.165:8080	CN=setup/OU=qwqdanchun/O=DcRat By qwqdanchun/L=SH/C=CN	CN=DcRat	65:7a:3d:40:2a:b1:77:51:d6:ad:1b:71:2a:06:f0:fa:d3:30:43:80

Snort Alerts

No Snort Alerts