NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.241.79.24	Active	Moloch
194.11.155.157	Active	Moloch
52.58.78.16	Active	Moloch

Name	Response	Post-Analysis Lookup
www.freshfruits.online	A 52.58.78.16	52.58.78.16
www.cycw168.com	A 156.242.168.24 A 172.241.79.24	172.241.79.24
www.mantlepies.co.uk	A 194.11.155.157 CNAME mantlepies.co.uk	194.11.155.157

UDP Requests

GET 301 http://www.mantlepies.co.uk/ne28/?t8o8szU=qqm+J93IvUzIpsvlcDCofCpDZ1e3GW2Uvp+4wrKJhnvgzBwSBunnLsrelTMknHiM20FMLgvx&kPj0q=K4kP

GET 410 http://www.freshfruits.online/ne28/?t8o8szU=gE2koM16bc0rOnK/MBZG/f0y7whpdIhM0SAPAPR9GoMdZqV7E8zDPgnGgOZ4njeguJBhKBSc&kPj0q=K4kP

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 194.11.155.157:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 194.11.155.157:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 194.11.155.157:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 52.58.78.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 52.58.78.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 52.58.78.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts