NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...
01.18 03:01
A Field Expedient Weld...
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...

NetWork | ZeroBOX

IP Address	Status	Action
15.197.130.221	Active	Moloch
15.197.148.33	Active	Moloch
15.197.204.56	Active	Moloch
156.245.54.118	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
www.diverseindiatours.com	A 15.197.130.221	15.197.130.221
www.sanpan010.com
www.hndswicco.best	A 15.197.204.56 A 3.33.243.145	15.197.204.56
www.time-edu.net	A 156.245.54.118	156.245.54.118
www.chucobuilt.net	A 15.197.148.33 A 3.33.130.190 CNAME chucobuilt.net	15.197.148.33

TCP Requests

UDP Requests

GET 403 http://www.hndswicco.best/ge06/?P6A=PQptMrbywirwOBsv2/k9gasn5Q9AT3eVC9w1MPVM+581myTPrrPRsbPASzXeYXe5c34Wjnkd&1bS=W6O8DXLhJ

GET 403 http://www.diverseindiatours.com/ge06/?P6A=IlJ6uct7nLNOkVUg7dSIO1ufNnudgOP1rBW9T1wcy5Ojeqv/jFwMq4W339KeBHdyAUeSR3I5&1bS=W6O8DXLhJ

GET 403 http://www.chucobuilt.net/ge06/?P6A=mgJZc34E+QHjHDFP2795MijuneaKxhMRMXDMLqe7oIpY9TsA6d7BobIv4A2nrFt6YRi7hqu+&1bS=W6O8DXLhJ

GET 403 http://www.time-edu.net/ge06/?P6A=3gVulpDN/zRIaENLvBRBOU+GJXsTSPVd6fpjgkIicxSY0YrdfquFm+i5o+mpo+HrdASdsMrY&1bS=W6O8DXLhJ

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 15.197.130.221:80 -> 192.168.56.101:49167	2527001	ET Threatview.io High Confidence Cobalt Strike C2 IP group 2	Misc Attack
TCP 192.168.56.101:49168 -> 15.197.148.33:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 15.197.130.221:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 15.197.204.56:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 156.245.54.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts