NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.01 02:05
LoginMain(1)
05.01 02:05
LoginMain
05.01 02:05
veneziaLogin.js.pobrane
05.01 02:05
troubleshot-modal-info...
05.01 02:05
LoginMain(4)
05.01 02:05
LoginMain(3)
05.01 02:05
LoginMain(2)
05.01 02:05
LoginMain(6)
05.01 02:05
LoginMain(5)
05.01 02:05
background

Latest News
05.01 04:05
Steganography Analysis...
05.01 04:05
North Korea Stole Your...
05.01 04:05
SonicWall Confirms Act...
05.01 04:05
Elektronische Patiente...
05.01 04:05
Anzeige: Digitale Souv...
05.01 02:05
Vintage Stereo Stack B...
05.01 02:05
Key Saudi Rule Change ...
05.01 01:05
티오리, 옥타(Okta)와 협력…신원 기...
05.01 01:05
Tesla Board Started Se...
05.01 12:05
RSAC: AI may force a r...

NetWork | ZeroBOX

IP Address	Status	Action
103.75.201.2	Active	Moloch
103.75.201.4	Active	Moloch
146.59.226.45	Active	Moloch
158.69.222.101	Active	Moloch
162.214.118.104	Active	Moloch
177.87.70.10	Active	Moloch
185.157.82.211	Active	Moloch
185.4.135.27	Active	Moloch
192.99.251.50	Active	Moloch
195.154.133.20	Active	Moloch
217.182.143.248	Active	Moloch
31.24.158.56	Active	Moloch
5.9.116.246	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

No traffic

ICMP traffic

Source	Destination	ICMP Type	Data
91.189.249.139	192.168.56.103	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49167 -> 146.59.226.45:443	2404305	ET CNC Feodo Tracker Reported CnC Server group 6	A Network Trojan was detected
TCP 192.168.56.103:49173 -> 103.75.201.2:443	2404301	ET CNC Feodo Tracker Reported CnC Server group 2	A Network Trojan was detected
TCP 192.168.56.103:49167 -> 146.59.226.45:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49173 -> 103.75.201.2:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49181 -> 158.69.222.101:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49180 -> 158.69.222.101:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 146.59.226.45:443 -> 192.168.56.103:49168	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 158.69.222.101:443 -> 192.168.56.103:49182	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 192.99.251.50:443	2404310	ET CNC Feodo Tracker Reported CnC Server group 11	A Network Trojan was detected
TCP 192.168.56.103:49166 -> 146.59.226.45:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49172 -> 103.75.201.2:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 103.75.201.2:443 -> 192.168.56.103:49174	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts