NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
08.02 10:08
payload_1_3.ps1
08.02 10:08
payload_1_2.ps1
08.02 10:08
payload_1.ps1
08.02 09:08
wemustbegood.js
08.02 09:08
SNK.txt.exe
08.02 09:08
sos.txt.exe
08.02 09:08
newlevelcreatedgirlsey...
08.02 09:08
blessedflowerongirlhai...
08.02 09:08
Done.js
08.02 09:08
IMG_8729.scr

Latest News
08.02 03:08
Navigating Indispensab...
08.02 03:08
Sitting Ducks attack t...
08.02 02:08
The Unbreakable Bond: ...
08.02 02:08
CSMA Starts with Ident...
08.02 01:08
지능형 CCTV 성능시험·인증, 안전 분...
08.02 12:08
U.S. Trades Cybercrimi...
08.02 12:08
[오늘의 보안 영어] as it stands
08.02 12:08
아직 패치되지 않은 ESXi 인스턴스들 ...
08.02 12:08
트라이클라우드플레어라는 무료 서비스를 공...
08.02 12:08
개발자들의 Q&A 플랫폼 활용해 ...

NetWork | ZeroBOX

IP Address	Status	Action
151.115.10.1	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud	A 151.115.10.1 CNAME s3.pl-waw.scw.cloud	151.115.10.1
nova-brothers.s3.pl-waw.scw.cloud	A 151.115.10.1 CNAME s3.pl-waw.scw.cloud	151.115.10.1

TCP Requests

UDP Requests

HEAD 403 http://160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud/workflow/poweroff-1mo67u5vspq3.exe

GET 403 http://160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud/workflow/poweroff-1mo67u5vspq3.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2027865	ET INFO Observed DNS Query to .cloud TLD	Potentially Bad Traffic
TCP 151.115.10.1:443 -> 192.168.56.101:49167	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 151.115.10.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2027865	ET INFO Observed DNS Query to .cloud TLD	Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 151.115.10.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 151.115.10.1:80	2027874	ET INFO HTTP Request to Suspicious *.cloud Domain	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 151.115.10.1:80	2027874	ET INFO HTTP Request to Suspicious *.cloud Domain	Potentially Bad Traffic
TCP 151.115.10.1:443 -> 192.168.56.101:49171	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49170 -> 151.115.10.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49166 -> 151.115.10.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts