NetWork | ZeroBOX

IP Address	Status	Action
103.126.216.86	Active	Moloch
103.224.241.74	Active	Moloch
103.41.204.169	Active	Moloch
103.71.99.57	Active	Moloch
103.85.95.4	Active	Moloch
104.248.225.227	Active	Moloch
128.199.217.206	Active	Moloch
139.196.72.155	Active	Moloch
139.59.80.108	Active	Moloch
164.124.101.2	Active	Moloch
165.232.185.110	Active	Moloch
174.138.33.49	Active	Moloch
175.126.176.79	Active	Moloch
178.238.225.252	Active	Moloch
178.62.112.199	Active	Moloch
188.165.79.151	Active	Moloch
188.225.32.231	Active	Moloch
190.145.8.4	Active	Moloch
196.44.98.190	Active	Moloch
198.199.70.22	Active	Moloch
202.134.4.210	Active	Moloch
37.44.244.177	Active	Moloch
5.253.30.17	Active	Moloch
54.37.106.167	Active	Moloch
54.37.228.122	Active	Moloch
62.171.178.147	Active	Moloch
87.106.97.83	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

No traffic

ICMP traffic

Source	Destination	ICMP Type
37.44.244.177	192.168.56.103	3
37.44.244.177	192.168.56.103	3
37.44.244.177	192.168.56.103	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49385 -> 188.165.79.151:443	2404310	ET CNC Feodo Tracker Reported CnC Server group 11	A Network Trojan was detected
TCP 192.168.56.103:49391 -> 5.253.30.17:7080	2404320	ET CNC Feodo Tracker Reported CnC Server group 21	A Network Trojan was detected
TCP 188.165.79.151:443 -> 192.168.56.103:49385	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 104.248.225.227:8080	2404301	ET CNC Feodo Tracker Reported CnC Server group 2	A Network Trojan was detected
TCP 192.168.56.103:49388 -> 196.44.98.190:8080	2404312	ET CNC Feodo Tracker Reported CnC Server group 13	A Network Trojan was detected
TCP 192.168.56.103:49383 -> 188.165.79.151:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49415 -> 104.248.225.227:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49390 -> 5.253.30.17:7080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49443 -> 103.224.241.74:8080	2404300	ET CNC Feodo Tracker Reported CnC Server group 1	A Network Trojan was detected
TCP 192.168.56.103:49384 -> 188.165.79.151:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49416 -> 104.248.225.227:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 104.248.225.227:8080 -> 192.168.56.103:49418	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 103.224.241.74:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49452 -> 178.62.112.199:8080	2404309	ET CNC Feodo Tracker Reported CnC Server group 10	A Network Trojan was detected
TCP 192.168.56.103:49389 -> 5.253.30.17:7080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49461 -> 139.196.72.155:8080	2404303	ET CNC Feodo Tracker Reported CnC Server group 4	A Network Trojan was detected
TCP 103.224.241.74:8080 -> 192.168.56.103:49446	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 178.62.112.199:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49420 -> 54.37.106.167:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49469 -> 103.126.216.86:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49378 -> 174.138.33.49:7080	2404308	ET CNC Feodo Tracker Reported CnC Server group 9	A Network Trojan was detected
TCP 192.168.56.103:49470 -> 103.126.216.86:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49422 -> 54.37.106.167:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49458 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 5.253.30.17:7080 -> 192.168.56.103:49391	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 54.37.106.167:8080 -> 192.168.56.103:49423	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 198.199.70.22:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 198.199.70.22:8080 -> 192.168.56.103:49430	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 198.199.70.22:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 178.62.112.199:8080 -> 192.168.56.103:49451	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 178.62.112.199:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49445 -> 103.224.241.74:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 139.196.72.155:8080 -> 192.168.56.103:49460	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49463 -> 188.225.32.231:4143	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 188.225.32.231:4143 -> 192.168.56.103:49464	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 188.225.32.231:4143	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 103.126.216.86:443 -> 192.168.56.103:49471	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts