{"report_id":"08286cbf-100b-4fc7-8a21-02213827740f","version":6,"status":"done","tags":[],"date":"2024-10-19T23:57:07Z","url":{"schema":"http","addr":"bullywiiplaza.website/jdlb/JDuel.Links.Bot.zip","fqdn":"bullywiiplaza.website","domain":"bullywiiplaza.website","tld":"website"},"ip":{"addr":"198.54.116.15","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2026-12-28T23:57:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"bullywiiplaza.website","ip":{"addr":"198.54.116.15","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2019-04-27","domain_rank":0,"first_seen":"2019-05-18T14:37:11Z","last_seen":"2024-01-01T13:26:12Z","alert_count":1,"request_count":1,"received_data":5753233,"sent_data":500,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"0a68a03f93727eae9bb4833a2f5a7833","sha1":"385104f4a6df98f29e3e02d2594ab6bb63d319af","sha256":"9ecba10ad9d206b7a33f8871f3d83ac859458ab08e7204fa3532f2af5cfe6f41","sha512":"23f26bc7814f26e3392f5fb43864674aabde49a57b084f87f63940ea6ec4d6c7a3eed3df6a341004f77f440d1347e25d67f5cc044ce9b8712eaef5240f8c2993","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":5752987,"url":{"schema":"https","addr":"bullywiiplaza.website/jdlb/JDuel.Links.Bot.zip","fqdn":"bullywiiplaza.website","domain":"bullywiiplaza.website","tld":"website"},"ip":{"addr":"198.54.116.15","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"archive":[{"path":"boost_filesystem-vc143-mt-x64-1_84.dll","filename":"boost_filesystem-vc143-mt-x64-1_84.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":137216,"md5":"306e96d9f88958e76eba3e01c84a653f","sha1":"5db5d018842924a22ea69125e957eebd0a723984","sha256":"34f4fe768ae546e2527d96500b036c95fadfe36be4576e4b508fc42ccf384081","sha512":"7ccc527ead87c5f9d365f8e856f69fc0cdf70c8c4d49541fa17f2763c09d3699600bae121ac00523b22a51ea8395a0d108853cd6373e2c719d620ba5fe2cd059","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"boost_filesystem-vc143-mt-x64-1_84.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}}]}},{"path":"bz2.dll","filename":"bz2.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":75264,"md5":"5b68e99f06042f0c0ce8420cdb46b27e","sha1":"d348455596498e2a3db8bb218099e21406243652","sha256":"8ad0bc7ffe180a05986d82fb6d5ed07fb457c91c439c151035cdd3bb275e56ad","sha512":"212690b2ff50863240cd401d4f4ffe4194e1203fe15f93ec4cce5b733af6f4c9128a8da576ee025ea5f08a6d4831b637cb80edcd339916578323225d8b0086b5","alerts":{"urlquery":null,"analyzer":null}},{"path":"curlpp.dll","filename":"curlpp.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":217600,"md5":"96544b52f830521072b9cbee0d5be1af","sha1":"f877cb3a1984b46dc9b40e6d9d5420f63f14015e","sha256":"17c352c30e0c31fdaa5eb3d7b00faa1f99a0acb854c9fa3f96073c67a9e6e841","sha512":"d9b583d4e524ab9fa19490a090e334154e71fee0d3a30b03c72c78d9648e167abd9f818b8e4bd173be02a6d624d756f983ccfb1cec9349ceca8a9e5846f75b23","alerts":{"urlquery":null,"analyzer":null}},{"path":"fmt.dll","filename":"fmt.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":141312,"md5":"b37309e5f35388c96c3ef707468d158b","sha1":"0389725aec0b01f9d1b8ded06c3b3a8c8fb479e2","sha256":"a1f0e17ef1935aaab13bba62dcb1deff1d2541ab033c2a86942cb6285c7da0a7","sha512":"3fa63dd93efc22a4ebe37c7ff62764e430ff45ec3e2b75693d681a6249cd8d47b8b13b6b17b6d8f1df4213db6817d28f41f827d8cd34d0475207e5d01bf69f18","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"fmt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}}]}},{"path":"JDuel Links Bot.exe","filename":"JDuel Links Bot.exe","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":1972168,"md5":"bbf93dfc085ffdb748e29467b03abe71","sha1":"b912d7b88cf9ccfa31152cd327246f7e71a65f22","sha256":"41b32e35eba62f5779797ff013806959c1fa6cb4edaba6ca1229f282596277f1","sha512":"f54aae3093c3db7b6f4f720a482ef2d0255dd222a3a6cdda480f6cd272e5a191ef6eee99f91f2092713f6b86ced0f753c3fa305032606ef5efe14c7f21ae572e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"JDuel Links Bot.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}}]}},{"path":"jpeg62.dll","filename":"jpeg62.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":676352,"md5":"f1d14265348d092b6a889ddded33b6c8","sha1":"9bbdc50ba0198160b7589bdd5b28834c28001657","sha256":"4425216e0582ede03d3b1c2831e71865f74dd31750c2ce8c71e82e830bc2a827","sha512":"d292d22ab6a202458577f52cd115b171c65ded14f292564e717a5474959dc0d533641de3768d86ae5a623d25e30be5bff03d748f527282da2777aae653ed5da4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"jpeg62.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}}]}},{"path":"libcurl.dll","filename":"libcurl.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":570880,"md5":"6b8ae6235c7cda4434ed5ffa44b150de","sha1":"8def0345c7553bf6f62874ff7ebfd8a347b558e3","sha256":"ed84407b995de7c5b7913ff7f3d3585c648fdfbf5e9f0b52d500ac0e8ce54003","sha512":"fc8a83a7710e7d3a75170c82953dfbfb91e075d5fa7c100f1e5b16a7318634b207b842b199ae2f648a127eb5aa5bb5f2c941d77a099de7055143e612ca48934c","alerts":{"urlquery":null,"analyzer":null}},{"path":"liblzma.dll","filename":"liblzma.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":185344,"md5":"de6b5e6f37ca816b2c9715248826cb17","sha1":"5373d84164a1e693bee57ec28b230754de68529f","sha256":"462c4f160be9de71b6de2dd3f666fe51474fad6b9fb738c3ea5922b181d1dcc1","sha512":"7260ddd3dc03b33e8785926495b66b14ae2d556497ef32ef4b755dbd345176257c05e7ae47eb46ebf8c585454f9ac9fbe632ee94fdc88ac2c2da0aa7f495b65d","alerts":{"urlquery":null,"analyzer":null}},{"path":"libpng16.dll","filename":"libpng16.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":202240,"md5":"7940dc5e572e9de421715cf4a405c43f","sha1":"967dd155d7f5a2d2eaff551c8fce34f24c56af33","sha256":"79eefa779320221e7fc0ef4bc60ee54041ac5a9857f71b746d0263732d264a3c","sha512":"918178d5bcf3c58fa7c8c6c80cda1d2f7618965daa089578ed35cc06a89c48de72e17302ed56dc0db4c5c97fe898583c6ff0bbfca19d052b7f7669949246808c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-15","alert":"Scan result 1/73","trigger":"79eefa779320221e7fc0ef4bc60ee54041ac5a9857f71b746d0263732d264a3c","verdict":"suspicious","severity":"","comment":"suspicious - 1/73","link":"https://www.virustotal.com/gui/file/79eefa779320221e7fc0ef4bc60ee54041ac5a9857f71b746d0263732d264a3c","meta":null}]}},{"path":"libzippp.dll","filename":"libzippp.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":51712,"md5":"a869e3ad5fd3d49e98ff49fb3ca2f8cb","sha1":"8bd3f8bed0de2e27691ebe8be28d2b9bce845839","sha256":"cc3319daf64c7069f1193cf2a207caaa49e7b9d7bc82ff734df8bd92210d62ce","sha512":"17f695491460130bb94cb13406ff5c620c3256e40f880f865219c2733e981e0d99a522ecc04ff083b9cd77214bb87aff8e013c9e00b4896796858b67a768e0d7","alerts":{"urlquery":null,"analyzer":null}},{"path":"minizip.dll","filename":"minizip.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":47104,"md5":"8a9641cf006da5bc9de3a1e3651ab213","sha1":"b53b0de907512945684a7177189b0976e51a4835","sha256":"f12fa64a78f0a456cc225e2ba351b4c8e0869e755efa8d0b5429e5a5e323b4f4","sha512":"bf7de51e2aaccd99cd6cfbb60b3b543ffe89b3bac0709c144437243c3da6cb75ee34500b0f5a6ebd849524d67fe66a80612959c2fc44fe1697ba482dd93b0f0e","alerts":{"urlquery":null,"analyzer":null}},{"path":"pcre2-16.dll","filename":"pcre2-16.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":525824,"md5":"513fd5270e5259d04f3c5b567fb7476c","sha1":"ca4b0fd70f53ed49fbb6268d2645f5d208feee8a","sha256":"d7e893754c841d2870752e8fe3fe26f2e4331ac5429f771a26a31a8c4a0c0708","sha512":"6170e1b87fc8b358cfc78aefbb3907972b7ec2fb818f550516b4205fc08a0ade4c20a7020607a86b1be9a019a1d5e1c2f37fe9f9280ea919cd4018e9560e6d62","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-13","alert":"Scan result 1/73","trigger":"d7e893754c841d2870752e8fe3fe26f2e4331ac5429f771a26a31a8c4a0c0708","verdict":"suspicious","severity":"","comment":"suspicious - 1/73","link":"https://www.virustotal.com/gui/file/d7e893754c841d2870752e8fe3fe26f2e4331ac5429f771a26a31a8c4a0c0708","meta":null}]}},{"path":"README.txt","filename":"README.txt","modified":"","Modified":"2024-08-11T09:30:20Z","magic":"ASCII text, with CRLF line terminators","size":230,"md5":"24b5f2e86fbd614d55fc13b0d904afac","sha1":"4fac3dd058438121bea4d87b7ff1e481966bde56","sha256":"ea47c613dbcce608b50d5ae78ce74643ab4fd277b45b9cd5e0d8498cd70df6d4","sha512":"72b8f76f0c27a7a8fb3da0daa433879aafd911184d5d86544aa73d9e6e71bcb051241bac43cd11c445f8dd3c9cbe5f89e8840e2875ed935be10a997516a65593","alerts":{"urlquery":null,"analyzer":null}},{"path":"tiff.dll","filename":"tiff.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":458752,"md5":"a7827ee61491ba350bafc93c988e5e45","sha1":"ebda3575d031cc3ee9de31b164529481d6137de7","sha256":"795868b4348b3cb1f0eda56b1fe45477137783bea44585bfe109febcc00ef560","sha512":"5007e3a91dd32dfa357ea46d881412d51636b90e59fb2fe292bdb8dfe52d8e28311e1e77f5b7313148d348c4a51514d01027744a2f4bb66d43fe5f8c80b5121d","alerts":{"urlquery":null,"analyzer":null}},{"path":"wxbase32u_vc_custom.dll","filename":"wxbase32u_vc_custom.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":2641408,"md5":"b0f8e07f8a8941dfd620252dfa7350cf","sha1":"6e1e24b8b0aae16fba19dff972c667fabbe9a1ce","sha256":"77d60d2f6815906b1884505932844cc839675cf460503200fbb18ca7a2b72f81","sha512":"a61142a9528eed66bbc5a9820251e7da22b4ba95906fe91345c6f37e392db6cc65e9c0297c89990aea435863d12f39dabbae268759e172101bf4608d575242dc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"wxbase32u_vc_custom.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}}]}},{"path":"wxmsw32u_core_vc_custom.dll","filename":"wxmsw32u_core_vc_custom.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":7660544,"md5":"eec0eafff5996a3d8156eec3c8543ef2","sha1":"f4794228db070c8346fe164fd0ce11f4718ba4d9","sha256":"da6fefe8e6c699b955aa397d6c8cae66fc0543b736ac447e73251088371c9af0","sha512":"e79bd600177d1074515bbb6cb5930e6872b10dd8e669aa915b69eccfae3ed199d32b9be59089fcce467f0a49d5a62e383bbad45386e75fbdf98deba968fd415f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"wxmsw32u_core_vc_custom.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}}]}},{"path":"zip.dll","filename":"zip.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":110592,"md5":"030bfb56939d7fc22e3451a756207cd4","sha1":"5d83d58098028730e1e42cc385e8b443beef8ccb","sha256":"a4fda91ccff84287686d4d5d242530fd309350222dcca85e92352d93e3e2daa3","sha512":"7ae2e8ee0824ce07d38182ebdcad1ae357b92587a9d0fdc6bb38e2da24320a3a68965a7f925f4c6f41abcd9b69c92a9e5525b2d6d6c215574e6b6fd43a147d48","alerts":{"urlquery":null,"analyzer":null}},{"path":"zlib1.dll","filename":"zlib1.dll","modified":"","Modified":"2024-08-11T09:29:52Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":89600,"md5":"428d93284f9d941af35091d47f909137","sha1":"f47bc2abaf3ecd8e2b12d1d49271689aabe1ee39","sha256":"3e82e2a83f6fcd2865cec2fd87160d15ce78c953775482a756ed4d12b6d3facf","sha512":"b01bf94897f469e9ff1682974034d224446867fb344af6c7863e4bc503d8e571d5d4bddd81b689d8cfb50fca0e4d7cc2e32368c12a0d7c15000d170ed397dad7","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"boost_filesystem-vc143-mt-x64-1_84.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"fmt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"JDuel Links Bot.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"jpeg62.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"wxbase32u_vc_custom.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-19","alert":"pe_detect_tls_callbacks","trigger":"wxmsw32u_core_vc_custom.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2024-07-26","rule":"pe_detect_tls_callbacks","yarahub_license":"CC0 1.0","yarahub_reference_md5":"13794d1d8e87c69119237256ef068043","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"881c8cad-35ef-414d-8906-0f98f7b37cd6"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-26","alert":"Scan result 1/70","trigger":"9ecba10ad9d206b7a33f8871f3d83ac859458ab08e7204fa3532f2af5cfe6f41","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/9ecba10ad9d206b7a33f8871f3d83ac859458ab08e7204fa3532f2af5cfe6f41","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"bullywiiplaza.website/jdlb/JDuel.Links.Bot.zip","fqdn":"bullywiiplaza.website","domain":"bullywiiplaza.website","tld":"website"},"ip":{"addr":"198.54.116.15","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-19T23:56:38.786Z","timestamp":1729382198786,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bullywiiplaza.website","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 16 Aug 2024 00:00:00 GMT","end":"Sat, 26 Apr 2025 23:59:59 GMT"},"fingerprint":{"sha1":"EE:31:D5:F4:A0:0F:A5:2E:9A:AE:51:FE:51:5B:F1:EE:81:09:02:7B","sha256":"69:A3:7A:6F:C3:44:51:76:11:83:C2:19:82:9A:A4:8D:2E:62:E2:90:9A:80:83:5B:F1:36:41:E6:8C:C2:A4:1E"}}},"request":{"raw":"GET /jdlb/JDuel.Links.Bot.zip HTTP/1.1\r\nHost: bullywiiplaza.website\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/zip\r\nlast-modified: Sun, 11 Aug 2024 07:30:38 GMT\r\naccept-ranges: bytes\r\ncontent-length: 5752987\r\ndate: Sat, 19 Oct 2024 23:56:39 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5752987,"size_decoded":5752987,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"0a68a03f93727eae9bb4833a2f5a7833","sha1":"385104f4a6df98f29e3e02d2594ab6bb63d319af","sha256":"9ecba10ad9d206b7a33f8871f3d83ac859458ab08e7204fa3532f2af5cfe6f41","sha512":"23f26bc7814f26e3392f5fb43864674aabde49a57b084f87f63940ea6ec4d6c7a3eed3df6a341004f77f440d1347e25d67f5cc044ce9b8712eaef5240f8c2993","ssdeep":"98304:EZENjNeGGOhdSpIGl+bPv2Wzz9PUohQzsLOBEZWV/nyerhHFetpq3idGFD3M5YHx:EmUVOhwfon7z9snYL7erhHFwpq3cGx8W","tlshash":"ad4633d8afe64c4e4affc61980c4ec32dc494f9a18e84e1d5412dd73d7865a8b7a3ac4","first_seen":"2024-10-19T23:57:23.664872Z","last_seen":"2025-05-21T16:55:21.044101Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2867,"timings":{"blocked":624,"dns":29,"connect":157,"send":0,"wait":158,"receive":1460,"ssl":436},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-26","alert":"Scan result 1/70","trigger":"9ecba10ad9d206b7a33f8871f3d83ac859458ab08e7204fa3532f2af5cfe6f41","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/9ecba10ad9d206b7a33f8871f3d83ac859458ab08e7204fa3532f2af5cfe6f41","meta":null}],"urlquery":null}}]}