NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

NetWork | ZeroBOX

IP Address	Status	Action
154.19.186.209	Active	Moloch
164.124.101.2	Active	Moloch
192.185.39.28	Active	Moloch
192.227.183.170	Active	Moloch
27.124.125.171	Active	Moloch

Name	Response	Post-Analysis Lookup
www.five-dollar-meals.com	CNAME five-dollar-meals.com A 192.185.39.28	192.185.39.28
www.alphametatek.online	A 27.124.125.171	27.124.125.171
www.2348x.com	CNAME 95tzepfh-u.funnull01.vip A 154.19.186.151 A 154.19.186.26 A 154.19.186.209 A 154.19.186.34 A 154.19.186.149 A 154.19.186.232 A 154.19.186.21 CNAME f9zbuep3.n.funnull35.com	154.19.186.149

TCP Requests

UDP Requests

GET 200 http://192.227.183.170/mac/Eunmqp.png

GET 0 http://www.alphametatek.online/ar73/?4hLpNJ=8PQPyxuyNQLALfcTnwnCIS8V6sOsrVQczXAXl7lVYCMlFKgF4d3+cTIu+9fq5JPqxk7vHQfg&nfutZl=xPJ4abP8

GET 301 http://www.five-dollar-meals.com/ar73/?4hLpNJ=xw5+2WrtgZ3I+FmDO28cYdOMSi8i8skO3LqTANOzc5+CPzKV8TCqQFujaaofBjSxJp3ZM220&nfutZl=xPJ4abP8

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49169 -> 192.185.39.28:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 192.185.39.28:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 192.185.39.28:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 27.124.125.171:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 27.124.125.171:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 27.124.125.171:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 154.19.186.209:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 154.19.186.209:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 154.19.186.209:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts