NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.15 09:11
동방사회복지회, 여성 한부모와 자녀 위한...
11.15 09:11
코위크위더스, 회원 수 3만 명 돌파 기...
11.15 09:11
㈜클린앤환경, 24시간 논스톱 클린 서비...
11.15 09:11
호스트센터, '2024 K-Awards'...
11.15 09:11
시즘 가열식 가습기, 한국소비자평가 가습...
11.15 09:11
Repairing The Question...
11.15 09:11
The Importance of Team...
11.15 09:11
Microsoft Data Securit...
11.15 09:11
DoD Zero Trust Strateg...
11.15 08:11
Lenovo Profit Beats Es...

NetWork | ZeroBOX

IP Address	Status	Action
172.217.25.14	Active	Moloch
194.147.115.117	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.102:49797 172.217.25.14:443
- 192.168.56.102:49805 194.147.115.117:80

UDP Requests

GET 200 http://194.147.115.117/zzztop/Daemon.exe

GET 200 http://194.147.115.117/zzztop/PhoenixMiner.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

Command	Params	Type
CONNECT	%s HTTP/%s	client

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49805 -> 194.147.115.117:80	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.102:49805 -> 194.147.115.117:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.102:49805 -> 194.147.115.117:80	2019935	ET INFO AutoIt User Agent Executable Request	A Network Trojan was detected
TCP 194.147.115.117:80 -> 192.168.56.102:49805	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 194.147.115.117:80 -> 192.168.56.102:49805	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.102:49805 -> 194.147.115.117:80	2008350	ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile	Potential Corporate Privacy Violation
TCP 192.168.56.102:49805 -> 194.147.115.117:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.102:49805 -> 194.147.115.117:80	2019935	ET INFO AutoIt User Agent Executable Request	A Network Trojan was detected
TCP 194.147.115.117:80 -> 192.168.56.102:49805	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts