NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...
07.06 06:07
The Problem With Bug B...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
173.219.76.169	Active	Moloch
174.105.236.140	Active	Moloch
67.212.241.127	Active	Moloch
67.79.117.70	Active	Moloch
70.119.220.241	Active	Moloch
72.164.254.204	Active	Moloch
98.6.253.142	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://70.119.220.241/rob36/TEST22-PC_W617601.BB93B93366FF71F673BF0BB3D37F9F3F/5/kps/

GET 200 https://174.105.236.140/rob36/TEST22-PC_W617601.BB93B93366FF71F673BF0BB3D37F9F3F/5/kps/

GET 200 https://67.79.117.70/rob36/TEST22-PC_W617601.BB93B93366FF71F673BF0BB3D37F9F3F/5/kps/

GET 200 https://173.219.76.169/rob36/TEST22-PC_W617601.BB93B93366FF71F673BF0BB3D37F9F3F/5/kps/

GET 200 https://98.6.253.142/rob36/TEST22-PC_W617601.BB93B93366FF71F673BF0BB3D37F9F3F/5/kps/

GET 200 https://98.6.253.142/rob36/TEST22-PC_W617601.BB93B93366FF71F673BF0BB3D37F9F3F/5/kps/

ICMP traffic

Source	Destination	ICMP Type	Data
65.158.222.46	192.168.56.101	3
65.158.222.46	192.168.56.101	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 174.105.236.140:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 174.105.236.140:443 -> 192.168.56.101:49204	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49203 -> 70.119.220.241:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 70.119.220.241:443 -> 192.168.56.101:49203	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49207 -> 98.6.253.142:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 98.6.253.142:443 -> 192.168.56.101:49207	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49205 -> 67.79.117.70:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 67.79.117.70:443 -> 192.168.56.101:49205	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49206 -> 173.219.76.169:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 173.219.76.169:443 -> 192.168.56.101:49206	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49204 174.105.236.140:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	a1:ea:a4:fa:0a:5e:ba:b9:c1:46:42:a3:0b:3e:a6:e7:b4:e2:f7:f0
TLSv1 192.168.56.101:49203 70.119.220.241:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	a1:ea:a4:fa:0a:5e:ba:b9:c1:46:42:a3:0b:3e:a6:e7:b4:e2:f7:f0
TLSv1 192.168.56.101:49207 98.6.253.142:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.101:49205 67.79.117.70:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79
TLSv1 192.168.56.101:49206 173.219.76.169:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	a1:ea:a4:fa:0a:5e:ba:b9:c1:46:42:a3:0b:3e:a6:e7:b4:e2:f7:f0

Snort Alerts

No Snort Alerts