NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe

Latest News
11.18 09:11
[AIS 2024 영상] 윤두식 이로운앤...
11.18 09:11
Samsung Jumps as Surpr...
11.18 09:11
한국장학진흥원, 반려동물장례지도사 자격증...
11.18 09:11
키르시 블렌딩 X 마인드어데이, 콜라보레...
11.18 09:11
글로벌 포장 용기 제조기업 수창티피에스,...
11.18 09:11
Hackaday Links: Novemb...
11.18 09:11
Nvidia Faces New Chip ...
11.18 09:11
아이케미스트, '2024 창업 경진대회'...
11.18 09:11
[AIS 2024 영상] 정일옥 이글루코...
11.18 09:11
[AIS 2024 영상] 이승훈 퓨쳐시스...

NetWork | ZeroBOX

IP Address	Status	Action
107.172.130.133	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49163 107.172.130.133:80
- 192.168.56.103:49169 107.172.130.133:80

UDP Requests

GET 200 http://107.172.130.133/62/vbc.exe

GET 200 http://107.172.130.133/e/cLItriJACP41.bin

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49163 -> 107.172.130.133:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.103:49163 -> 107.172.130.133:80	2035207	ET MALWARE MSIL/GenKryptik.FQRH Download Request	A Network Trojan was detected
TCP 192.168.56.103:49163 -> 107.172.130.133:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 107.172.130.133:80 -> 192.168.56.103:49163	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.168.56.103:49169 -> 107.172.130.133:80	2018752	ET MALWARE Generic .bin download from Dotted Quad	A Network Trojan was detected
TCP 107.172.130.133:80 -> 192.168.56.103:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 107.172.130.133:80 -> 192.168.56.103:49163	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 107.172.130.133:80 -> 192.168.56.103:49163	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts