NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.02 10:07
C.jpg.exe
07.02 10:07
controlfirebase65.txt.exe
07.02 10:07
baze644444444444444444...
07.02 10:07
spoofer.sys
07.02 10:07
mck.kc.kc.kcckckckck.doc
07.02 09:07
25.txt.exe
07.02 09:07
27.txt.exe
07.02 09:07
28.txt.exe
07.02 09:07
package_full.pdf.lnk
07.02 09:07
new_image2.jpg.exe

Latest News
07.02 10:07
Empowering teams with ...
07.02 10:07
수원시, AI 활용해 민원인에게 복지상담...
07.02 10:07
도봉구, 인공지능 CCTV로 실종자 찾는다
07.02 10:07
전남교육청, ‘AI 디지털 교과서’ 도입...
07.02 10:07
개인정보위, 한국지역정보개발원과 롯데이노...
07.02 10:07
육군 간부, 군 내부망에서 90여명 개인...
07.02 09:07
Gearing Up for a New C...
07.02 08:07
Infostealers on the Ri...
07.02 07:07
A Playbook for Detecti...
07.02 07:07
The Evolution of Phish...

NetWork | ZeroBOX

IP Address	Status	Action
103.91.244.102	Active	Moloch
111.235.66.83	Active	Moloch
117.212.193.62	Active	Moloch
172.217.25.14	Active	Moloch
187.190.116.59	Active	Moloch
201.184.190.59	Active	Moloch
202.142.151.190	Active	Moloch
36.94.202.131	Active	Moloch
79.122.166.236	Active	Moloch
80.78.77.116	Active	Moloch
85.159.214.61	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://85.159.214.61/rob28/TEST22-PC_W617601.51FA6B3783F19317BB7F3DB0B3BF6733/5/kps/

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49816 -> 117.212.193.62:449	2404302	ET CNC Feodo Tracker Reported CnC Server group 3	A Network Trojan was detected
TCP 192.168.56.102:49814 -> 201.184.190.59:449	2404311	ET CNC Feodo Tracker Reported CnC Server group 12	A Network Trojan was detected
TCP 192.168.56.102:49816 -> 117.212.193.62:449	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 117.212.193.62:449 -> 192.168.56.102:49816	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49814 -> 201.184.190.59:449	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 201.184.190.59:449 -> 192.168.56.102:49814	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49819 -> 79.122.166.236:449	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 79.122.166.236:449 -> 192.168.56.102:49819	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49820 -> 80.78.77.116:449	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 80.78.77.116:449 -> 192.168.56.102:49820	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49822 -> 103.91.244.102:449	2404300	ET CNC Feodo Tracker Reported CnC Server group 1	A Network Trojan was detected
TCP 192.168.56.102:49815 -> 202.142.151.190:449	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 202.142.151.190:449 -> 192.168.56.102:49815	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.102:49818 -> 85.159.214.61:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49816 117.212.193.62:449	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.102:49814 201.184.190.59:449	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.102:49819 79.122.166.236:449	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.102:49820 80.78.77.116:449	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.102:49815 202.142.151.190:449	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.102:49818 85.159.214.61:443	C=CN, O=NL, OU=XD, CN=nxdefi.com	C=CN, O=NL, OU=XD, CN=nxdefi.com	97:f4:02:43:96:a4:a4:0e:c8:c3:be:6f:dc:73:6f:3a:2d:35:a5:dc

Snort Alerts

No Snort Alerts