NetWork | ZeroBOX

IP Address	Status	Action
103.47.144.71	Active	Moloch
164.124.101.2	Active	Moloch
187.49.9.55	Active	Moloch
208.95.112.1	Active	Moloch

Name	Response	Post-Analysis Lookup
ftp.martur.cl	CNAME martur.cl A 187.49.9.55	187.49.9.55
chongmei33.publicvm.com	A 103.47.144.71	103.47.144.71
ip-api.com	A 208.95.112.1	208.95.112.1

TCP Requests

UDP Requests

GET 200 http://ip-api.com/json/

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 187.49.9.55:21 -> 192.168.56.101:49171	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2034457	ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)	Potentially Bad Traffic
TCP 192.168.56.101:49163 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49180 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49186 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49186 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49184 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49184 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49185 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49185 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49185 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49192 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49192 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49192 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49190 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49190 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49183 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49181 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49183 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49181 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49183 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49181 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49182 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49187 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49187 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49187 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 103.47.144.71:7045	2027447	ET MALWARE WSHRAT CnC Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.101:49188 -> 103.47.144.71:7045	2017516	ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1	Malware Command and Control Activity Detected
TCP 192.168.56.101:49188 -> 103.47.144.71:7045	2042823	ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts