NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 09:11
Mishing: The Rising Mo...
11.13 09:11
Europe’s Tech Startups...
11.13 09:11
NASA Announces New Tri...
11.13 09:11
Microsoft’s Gaming Chi...
11.13 09:11
Amazon Makes it Harder...
11.13 09:11
Brain Implant Startups...
11.13 09:11
Comprehensive Guide to...
11.13 08:11
Major Cyber Attacks in...
11.13 08:11
Tesla’s Meme-Like Stoc...
11.13 08:11
HawkEye Malware: Techn...

NetWork | ZeroBOX

IP Address	Status	Action
151.233.182.0	Active	Moloch
151.243.192.202	Active	Moloch
164.124.101.2	Active	Moloch
178.90.117.247	Active	Moloch
185.215.113.66	Active	Moloch
188.212.185.135	Active	Moloch
188.240.99.47	Active	Moloch
2.183.107.200	Active	Moloch
20.72.235.82	Active	Moloch
31.25.131.226	Active	Moloch
43.246.243.120	Active	Moloch
46.167.131.62	Active	Moloch
5.104.215.231	Active	Moloch
5.200.174.76	Active	Moloch
78.39.225.27	Active	Moloch

Name	Response	Post-Analysis Lookup
twizt.net	A 185.215.113.66	185.215.113.66
www.update.microsoft.com	A 20.72.235.82 CNAME redir.update.msft.com.trafficmanager.net	20.72.235.82

TCP Requests

UDP Requests

GET 200 http://twizt.net/newtpp.exe

GET 200 http://twizt.net/peinstall.php

GET 404 http://185.215.113.66/1

GET 200 http://185.215.113.66/2

GET 200 http://185.215.113.66/2

GET 200 http://185.215.113.66/2

GET 200 http://185.215.113.66/3

GET 200 http://185.215.113.66/3

ICMP traffic

Source	Destination	ICMP Type	Data
188.240.99.47	192.168.56.101	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.215.113.66:80 -> 192.168.56.101:49164	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
UDP 192.168.56.101:54150 -> 5.200.174.76:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.101:54150 -> 5.104.215.231:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.101:54150 -> 46.167.131.62:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.101:54150 -> 151.243.192.202:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.101:54150 -> 78.39.225.27:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
TCP 185.215.113.66:80 -> 192.168.56.101:49161	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
UDP 192.168.56.101:54150 -> 188.240.99.47:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected
UDP 192.168.56.101:54150 -> 2.183.107.200:40500	2044077	ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts