NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 04:11
Warning: DEEPDATA Malw...
11.16 03:11
It’s a Soldering Iron!...
11.16 12:11
Critical Unauthenticat...
11.16 12:11
BASIC Co-Inventor Thom...
11.16 09:11
존쿡 델리미트 외식 매장서 ‘연말맞이 다...
11.16 09:11
서울퓨처랩, 누적체험객 6만명 돌파…프로...
11.16 09:11
니지모리스튜디오 갤러리, 일본 일러스트 ...
11.16 09:11
RISC-V Pushes 400 Mill...
11.16 09:11
IT Sicherheitsnews tae...
11.16 07:11
Anduril’s Chair Consul...

NetWork | ZeroBOX

IP Address	Status	Action
103.224.182.242	Active	Moloch
162.246.16.124	Active	Moloch
164.124.101.2	Active	Moloch
3.64.163.50	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.skywardcaresolutions.com	CNAME skywardcaresolutions.com A 34.102.136.180	34.102.136.180
www.wpdisk.online	A 162.246.16.124	162.246.16.124
www.knackwoodcraft.com	A 103.224.182.242	103.224.182.242
www.georgiapoolrepair.com	A 3.64.163.50	3.64.163.50

TCP Requests

UDP Requests

GET 410 http://www.georgiapoolrepair.com/m42i/?Tj8=sca8Wgav+7lpr46mO2SOfn8L1FqfIRKRflu72oULm95UjSDEvk18j06OoJk9i9lBkDmqwETQ&6l=t8eH-ni8gH7P7

GET 301 http://www.wpdisk.online/m42i/?Tj8=0sZ28+ci8yt/ivZsj55lF15XBhnwAOFinpe3O8Cu7exdqn0Kmyu5eUmJDSvcLDOVyCRsFL+q&6l=t8eH-ni8gH7P7

GET 403 http://www.skywardcaresolutions.com/m42i/?Tj8=HYStpBgXm5OSuuoTrjSOUG+Ep+BfwFVeF26GwyixNj4tMYPsRs5ox28XQOKN0Z9jWLsOl7rl&6l=t8eH-ni8gH7P7

GET 302 http://www.knackwoodcraft.com/m42i/?Tj8=xCeaUZyvi6lN/KmTLqcakS33huDpVYz01lvWq0zTkBCYj/gauxIj8jp1kNsv+HiFGZvFrtg2&6l=t8eH-ni8gH7P7

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49167 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 162.246.16.124:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 162.246.16.124:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 162.246.16.124:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 103.224.182.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 103.224.182.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 103.224.182.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 3.64.163.50:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 3.64.163.50:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 3.64.163.50:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts