NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...
04.29 10:04
csr.bin
04.29 10:04
test.exe
04.29 10:04
FreePhotoShop%20Meme%2...
04.29 10:04
discord.exe
04.29 10:04
smb.ps1
04.29 10:04
myfile.doc
04.29 10:04
sdc.exe
04.29 10:04
Finance.exe

Latest News
04.29 12:04
요거트월드, 어린이날 맞아 컬러링북 이벤...
04.29 12:04
데이비드 파크골프, 현대 프리미엄 아울렛...
04.29 12:04
VeriSource cops to 4 m...
04.29 12:04
ISC Stormcast For Tues...
04.29 12:04
Huntress Unveils Enhan...
04.29 12:04
Organisations Unprepar...
04.29 12:04
CIOs Say Security Syst...
04.29 12:04
MIWIC25: Caroline Kamp...
04.29 11:04
소프트랩스, 1688 연계 직구 커머스 ...
04.29 11:04
SKT 사용 삼성 임원, "유심 교체"…...

NetWork | ZeroBOX

IP Address	Status	Action
104.21.69.166	Active	Moloch
163.197.224.28	Active	Moloch
164.124.101.2	Active	Moloch
185.53.179.174	Active	Moloch
199.15.163.128	Active	Moloch

Name	Response	Post-Analysis Lookup
www.coffeeforyou56.com	A 172.67.210.140 A 104.21.69.166	104.21.69.166
www.suratdimond.com	A 163.197.224.28	163.197.224.28
www.lesyeuxdanslespoches.com	CNAME balancer-ccm.wixdns.net CNAME gcdn0.wixdns.net CNAME td-balancer-199-15-163-128.wixdns.net A 199.15.163.128	199.15.163.148
www.floridaindianrivergeoves.com	A 185.53.179.174	185.53.179.174

TCP Requests

UDP Requests

GET 404 http://www.coffeeforyou56.com/wh23/?u6Ad=+Z/9GnRooy4uMI/2ytyzBxmfIRzkEihmLnUbG9gon5BvVZqaawbrlsvFopSkMy8/ynATbtGm&9rQl7P=xPJtLXbP

GET 0 http://www.lesyeuxdanslespoches.com/wh23/?u6Ad=2UBdbPyJ3BJ1PizOWtFy1nFuYMz29j0z90R/CygIgf7oXdu1OYqDC0mFcr3+ZljEfmCRWGcD&9rQl7P=xPJtLXbP

GET 403 http://www.floridaindianrivergeoves.com/wh23/?u6Ad=HQs9sY6MfmjvG4BCT+S8X4weKQ3jHGmqz4mij5NJ3M2nb+7m/H8tNbVgpdoIwpufVMaXPBq3&9rQl7P=xPJtLXbP

GET 404 http://www.suratdimond.com/wh23/?u6Ad=jUJ7bRHoxkHA5rahzGpJGSe+g9rlOc6E7RlDBgSrRJk0jchNThhp3wI7m3+F7bQyA0QFLd33&9rQl7P=xPJtLXbP

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49166 -> 104.21.69.166:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.69.166:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 104.21.69.166:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 185.53.179.174:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 163.197.224.28:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 199.15.163.128:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts