NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...
09.22 02:09
Hacker behind Snowflak...
09.22 01:09
03 - Identifying Signs...
09.22 01:09
Hacktivist Group Twelv...
09.22 01:09
Join us at Microsoft I...
09.22 01:09
How comprehensive secu...

NetWork | ZeroBOX

IP Address	Status	Action
103.198.26.104	Active	Moloch
164.124.101.2	Active	Moloch
172.66.43.27	Active	Moloch
198.46.176.133	Active	Moloch

Name	Response	Post-Analysis Lookup
pastecode.dev	A 172.66.40.229 A 172.66.43.27	172.66.40.229

TCP Requests

UDP Requests

GET 200 https://pastecode.dev/raw/6l7qjjrz/paste1.txt

GET 304 https://pastecode.dev/raw/6l7qjjrz/paste1.txt

GET 304 https://pastecode.dev/raw/6l7qjjrz/paste1.txt

GET 304 https://pastecode.dev/raw/6l7qjjrz/paste1.txt

GET 304 https://pastecode.dev/raw/6l7qjjrz/paste1.txt

GET 200 http://103.198.26.104/98098/crosscheckingentirethingfllowing.gIF

GET 200 http://198.46.176.133/Upload/vbs.jpeg

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2053944	ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev)	Misc activity
TCP 192.168.56.101:49166 -> 172.66.43.27:443	2053997	ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI	Misc activity
TCP 192.168.56.101:49164 -> 172.66.43.27:443	2053997	ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI	Misc activity
TCP 192.168.56.101:49164 -> 172.66.43.27:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49166 -> 172.66.43.27:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49166 -> 172.66.43.27:443	2053997	ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI	Misc activity
TCP 192.168.56.101:49166 -> 172.66.43.27:443	2053997	ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI	Misc activity
TCP 198.46.176.133:80 -> 192.168.56.101:49168	2047750	ET MALWARE Base64 Encoded MZ In Image	A Network Trojan was detected
TCP 198.46.176.133:80 -> 192.168.56.101:49168	2049038	ET MALWARE Malicious Base64 Encoded Payload In Image	A Network Trojan was detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49164 172.66.43.27:443	C=US, O=Google Trust Services, CN=WE1	CN=pastecode.dev	d9:2a:74:a8:39:b7:f5:58:35:8b:6b:79:ec:51:d6:73:e6:0f:03:b8
TLSv1 192.168.56.101:49166 172.66.43.27:443	None	None	None

Snort Alerts

No Snort Alerts