NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

NetWork | ZeroBOX

IP Address	Status	Action
162.0.232.224	Active	Moloch
164.124.101.2	Active	Moloch
23.227.38.74	Active	Moloch
34.102.136.180	Active	Moloch
64.20.34.151	Active	Moloch

Name	Response	Post-Analysis Lookup
www.dailyhoroscope4you.space	CNAME dailyhoroscope4you.space A 64.20.34.151	64.20.34.151
www.mybestfurend.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.precisionradiologyin.com	A 34.102.136.180 CNAME precisionradiologyin.com	34.102.136.180
www.moapulsa.com	A 162.0.232.224 CNAME moapulsa.com	162.0.232.224

TCP Requests

UDP Requests

GET 403 http://www.precisionradiologyin.com/nes8/?tXU4=6NRM34jc+vx38/mfPogWJwFe/HjyXK0Ji/xFefKXSMuFdvzjgtsT/eqi9nwNkBLUKkmM2y4J&UlSpj=GTgP1nY8x6nLDr

GET 301 http://www.moapulsa.com/nes8/?tXU4=py8vGRMZr9OTSTWstmwdIuRsGvWpk1bvMH9gd03rQ1QhqDUh/2V2C90NIaafZcqUrqdaT5G2&UlSpj=GTgP1nY8x6nLDr

GET 301 http://www.dailyhoroscope4you.space/nes8/?tXU4=3PKzed4jsIaTQKd+wFYKFs0yZsxnNY1mkdl0hGhoMN1fqOsvNJiiqt8SDs2DNBiTtt2/R1aE&UlSpj=GTgP1nY8x6nLDr

GET 403 http://www.mybestfurend.com/nes8/?tXU4=B88o+VQfd+uza1ucZPXDb4VegO964fw0oRUI8ak/LbvCN6sanJKzONrKEndi1iCjS7HG2HaV&UlSpj=GTgP1nY8x6nLDr

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49170 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 64.20.34.151:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 64.20.34.151:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 64.20.34.151:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 162.0.232.224:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 162.0.232.224:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 162.0.232.224:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts