NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...
07.06 06:07
The Problem With Bug B...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
50.197.243.125	Active	Moloch
67.212.241.178	Active	Moloch
68.201.55.46	Active	Moloch
70.119.149.64	Active	Moloch
71.40.62.107	Active	Moloch
71.42.188.85	Active	Moloch
71.66.92.190	Active	Moloch
72.128.158.51	Active	Moloch
73.103.36.158	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 https://72.128.158.51/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 302 https://67.212.241.178/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 302 https://67.212.241.178/cookiechecker?uri=/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 302 https://67.212.241.178/index.html

GET 200 https://67.212.241.178/login.cgi?uri=/index.html

GET 200 https://68.201.55.46/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 200 https://72.128.158.51/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 200 https://71.42.188.85/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 200 https://71.66.92.190/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

GET 200 https://71.40.62.107/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/

ICMP traffic

Source	Destination	ICMP Type	Data
96.110.168.174	192.168.56.101	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49211 -> 71.42.188.85:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49207 -> 68.201.55.46:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 71.42.188.85:443 -> 192.168.56.101:49211	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 68.201.55.46:443 -> 192.168.56.101:49207	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49203 -> 72.128.158.51:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.101:49205 -> 67.212.241.178:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 72.128.158.51:443 -> 192.168.56.101:49203	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49212 -> 71.66.92.190:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 71.66.92.190:443 -> 192.168.56.101:49212	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic
TCP 192.168.56.101:49213 -> 71.40.62.107:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 71.40.62.107:443 -> 192.168.56.101:49213	2011540	ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)	Not Suspicious Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49211 71.42.188.85:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02
TLSv1 192.168.56.101:49207 68.201.55.46:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02
TLSv1 192.168.56.101:49203 72.128.158.51:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8
TLSv1 192.168.56.101:49205 67.212.241.178:443	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-80:2A:A8:F2:69:9A/emailAddress=support@ubnt.com	C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-80:2A:A8:F2:69:9A/emailAddress=support@ubnt.com	36:b8:d5:9a:af:b4:cf:80:19:44:d3:fd:5e:8f:d1:75:49:3d:7a:71
TLSv1 192.168.56.101:49212 71.66.92.190:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8
TLSv1 192.168.56.101:49213 71.40.62.107:443	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	C=AU, ST=Some-State, O=Internet Widgits Pty Ltd	50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02

Snort Alerts

No Snort Alerts