NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.22 09:09
인스피언, SAP 개인정보보호 솔루션과 ...
09.22 09:09
Apple’s New iPhone 16 ...
09.22 09:09
이너버스, 통합로그관리 넘어 SIEM 시...
09.22 09:09
China: USA planen Impo...
09.22 09:09
위즈코리아, AI 적용해 정교한 이상 행...
09.22 09:09
Italy, Asterion to Mak...
09.22 08:09
옥타코, MFA와 이지핑거 지문 보안키 ...
09.22 08:09
Hackfest, A New Event ...
09.22 08:09
엠클라우독, 문서 관리 및 정보보안 분야...
09.22 08:09
엘세븐시큐리티, 개인정보 차단 솔루션 시...

NetWork | ZeroBOX

IP Address	Status	Action
15.197.148.33	Active	Moloch
164.124.101.2	Active	Moloch
172.67.137.15	Active	Moloch
192.210.150.54	Active	Moloch
199.217.106.226	Active	Moloch
45.33.6.223	Active	Moloch
66.228.55.6	Active	Moloch

Name	Response	Post-Analysis Lookup
www.hissmjkl.com	A 172.67.137.15 A 104.21.26.154	104.21.26.154
www.noblessewine.com
synergyinnovationsgroup.com	A 199.217.106.226	199.217.106.226
www.go2super.app	A 15.197.148.33 A 3.33.130.190 CNAME go2super.app	15.197.148.33
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.seemorebooks.com	CNAME seemorebooks.com A 66.228.55.6	66.228.55.6

TCP Requests

UDP Requests

GET 200 http://192.210.150.54/800/service.exe

GET 200 http://synergyinnovationsgroup.com/rTenPEVaZZd63.bin

POST 0 http://www.go2super.app/wgnm/

GET 200 http://www.go2super.app/wgnm/?pY=Fa4WWJW4OAk9quC/liQ5qPCm6cq5UHInoPdIisE1PBrL79EG4mQIKlmV9v0gNsYws5soHWC75TgVD8ScXJuz3zKnezho/eF1xa+ohUcEmn2mEAmZPvlgVqrPRDgE59rzl73KHjo=&q7iu=YOnhTm3GvPBMIU

GET 200 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip

POST 404 http://www.seemorebooks.com/pi58/

POST 404 http://www.seemorebooks.com/pi58/

GET 404 http://www.seemorebooks.com/pi58/?pY=YYtcvmaEEn+7nyfxzWgh1us0l/woYfyMnrlu6Rjt4og+6FeMZ1IdpKDPKj+aPF1uuIq0gCsO4nwJKFBr1ceHHaYtBG7ACxwv7Iz3EuX+x6xrPs5Ey6eaPYfJ6s7i8ry1ERDc11U=&q7iu=YOnhTm3GvPBMIU

POST 404 http://www.hissmjkl.com/zadz/

POST 404 http://www.hissmjkl.com/zadz/

GET 404 http://www.hissmjkl.com/zadz/?pY=GqmOaWdq+kX/yRvyAZZwseYDvaTL8crr23pe6qvcgIhSte46GY4DIQa7ks3RQ77EfqOrO6E9ud6ta6vwJbbEPWpMvqhVaL5TSjftDGWhiRc7xSx2vvQWLWjMkFGYeWU0dOjwkWc=&q7iu=YOnhTm3GvPBMIU

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49176 -> 66.228.55.6:80	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 15.197.148.33:80	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	Malware Command and Control Activity Detected
TCP 192.168.56.103:49163 -> 192.210.150.54:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.210.150.54:80 -> 192.168.56.103:49163	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.210.150.54:80 -> 192.168.56.103:49163	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.210.150.54:80 -> 192.168.56.103:49163	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 192.210.150.54:80 -> 192.168.56.103:49163	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 172.67.137.15:80	2050745	ET MALWARE FormBook CnC Checkin (GET) M5	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts