{"report_id":"07434526-53f2-4844-8e43-f5fb92fc48f4","version":6,"status":"done","tags":[],"date":"2024-12-11T00:52:27Z","url":{"schema":"http","addr":"packages.diladele.com/squid/4.14/squid.msi","fqdn":"packages.diladele.com","domain":"diladele.com","tld":"com"},"ip":{"addr":"88.198.141.190","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-19T00:52:27Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"packages.diladele.com","ip":{"addr":"88.198.141.190","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2006-08-08","domain_rank":0,"first_seen":"2014-12-16T12:38:54Z","last_seen":"2024-02-08T10:35:32Z","alert_count":1,"request_count":1,"received_data":17502453,"sent_data":496,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"2025919c486437aca72b3499ac06dfd7","sha1":"5e2931bd047e77719d623995c51a83c8ddcd4432","sha256":"6323a8db1327f5d7d5b0d1160a18d3216e4cc4e169db14cce7207163b735acb3","sha512":"2dbe7f1a3f502041c4195f413a964732a1682299bfdcd66e129dae9ecfea266e47e737ac41c477b2b2c31181a9819d9ec0c87ae089adda5d345e0b3795c01c8c","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installer for Squid from Diladele B.V., Author: Squid Project, Keywords: Installer, Comments: This installer database contains the logic and data required to install Squid., Template: x64;1033, Revision Number: {BEC11220-38CC-479D-950D-FF0506EB2BCD}, Create Time/Date: Thu May 13 20:14:12 2021, Last Saved Time/Date: Thu May 13 20:14:12 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2","size":17502208,"url":{"schema":"https","addr":"packages.diladele.com/squid/4.14/squid.msi","fqdn":"packages.diladele.com","domain":"diladele.com","tld":"com"},"ip":{"addr":"88.198.141.190","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-12-11","alert":"Detect files is `SliverFox` malware","trigger":"packages.diladele.com/squid/4.14/squid.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"2025919c486437aca72b3499ac06dfd7","sha1":"5e2931bd047e77719d623995c51a83c8ddcd4432","sha256":"6323a8db1327f5d7d5b0d1160a18d3216e4cc4e169db14cce7207163b735acb3","sha512":"2dbe7f1a3f502041c4195f413a964732a1682299bfdcd66e129dae9ecfea266e47e737ac41c477b2b2c31181a9819d9ec0c87ae089adda5d345e0b3795c01c8c","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installer for Squid from Diladele B.V., Author: Squid Project, Keywords: Installer, Comments: This installer database contains the logic and data required to install Squid., Template: x64;1033, Revision Number: {BEC11220-38CC-479D-950D-FF0506EB2BCD}, Create Time/Date: Thu May 13 20:14:12 2021, Last Saved Time/Date: Thu May 13 20:14:12 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2","size":17502208,"url":{"schema":"https","addr":"packages.diladele.com/squid/4.14/squid.msi","fqdn":"packages.diladele.com","domain":"diladele.com","tld":"com"},"ip":{"addr":"88.198.141.190","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-12-11","alert":"Detect files is `SliverFox` malware","trigger":"packages.diladele.com/squid/4.14/squid.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-12-11","alert":"Detect files is `SliverFox` malware","trigger":"packages.diladele.com/squid/4.14/squid.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"packages.diladele.com/squid/4.14/squid.msi","fqdn":"packages.diladele.com","domain":"diladele.com","tld":"com"},"ip":{"addr":"88.198.141.190","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-11T00:52:01.240Z","timestamp":1733878321240,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.diladele.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 05 Dec 2023 00:00:00 GMT","end":"Sat, 04 Jan 2025 23:59:59 GMT"},"fingerprint":{"sha1":"18:1D:49:50:37:A2:86:5A:46:25:47:6D:05:B5:23:56:96:7B:D8:60","sha256":"67:4E:5A:50:70:BC:D1:A6:61:6F:5B:7A:1A:8A:BB:C7:6D:54:98:A8:8B:11:57:49:E6:39:B0:77:35:1C:1C:EA"}}},"request":{"raw":"GET /squid/4.14/squid.msi HTTP/1.1\r\nHost: packages.diladele.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Wed, 11 Dec 2024 00:52:01 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 17502208\r\nLast-Modified: Fri, 14 May 2021 07:09:48 GMT\r\nETag: \"609e223c-10b1000\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17502208,"size_decoded":17502208,"mime_type":"application/octet-stream","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Installer for Squid from Diladele B.V., Author: Squid Project, Keywords: Installer, Comments: This installer database contains the logic and data required to install Squid., Template: x64;1033, Revision Number: {BEC11220-38CC-479D-950D-FF0506EB2BCD}, Create Time/Date: Thu May 13 20:14:12 2021, Last Saved Time/Date: Thu May 13 20:14:12 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2","md5":"2025919c486437aca72b3499ac06dfd7","sha1":"5e2931bd047e77719d623995c51a83c8ddcd4432","sha256":"6323a8db1327f5d7d5b0d1160a18d3216e4cc4e169db14cce7207163b735acb3","sha512":"2dbe7f1a3f502041c4195f413a964732a1682299bfdcd66e129dae9ecfea266e47e737ac41c477b2b2c31181a9819d9ec0c87ae089adda5d345e0b3795c01c8c","ssdeep":"393216:sHDCHhrFoqIHlD+Nd61luPb6FYDWyj4goEpfZUiU:sjCHhxkH+slQ6FW74gpfCp","tlshash":"db0712d2ba66c053d496343c60e22b4e074eec526ce545ccad69b96c3ebbc89063cf57","first_seen":"2024-02-08T13:59:39Z","last_seen":"2024-12-11T00:52:39.005011Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1523,"timings":{"blocked":181,"dns":18,"connect":37,"send":0,"wait":49,"receive":1111,"ssl":124},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-12-11","alert":"Detect files is `SliverFox` malware","trigger":"packages.diladele.com/squid/4.14/squid.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}