NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 07:11
4f3200e5324a333579e06e...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 07:11
6e1ed6447607ab4c30b3f3...
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe

Latest News
11.20 04:11
마이크로소프트, 이그나이트 2024 개최...
11.20 04:11
In cybersecurity bias ...
11.20 03:11
Important changes to C...
11.20 03:11
Supercon 2024 SAO Peta...
11.20 03:11
Rapid7 Recognized for ...
11.20 03:11
Microsoft Signs AI-Lea...
11.20 03:11
Empower Developers to ...
11.20 03:11
Nokia Drops After Anal...
11.20 02:11
Unraveling Raspberry R...
11.20 02:11
China’s Alibaba Market...

NetWork | ZeroBOX

IP Address	Status	Action
157.90.241.6	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
www.starfish.press	A 157.90.241.6	157.90.241.6
www.strlocal.com

TCP Requests
- 192.168.56.103:49171 157.90.241.6:80
  www.starfish.press

UDP Requests

GET 302 http://www.starfish.press/g2fg/?xVJtG4Th=lWcjeiBloi4EDbg7MN3rvx7EqhokJu38Iq2Oe6cWJqEYyMwYkHsTTSC60+FG1O/0m2FzwNNs&1bw=L6Adp0nXjfjLdR2p

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49171 -> 157.90.241.6:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 157.90.241.6:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 157.90.241.6:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts