{"report_id":"0ac6bf24-eac8-47b3-9779-6fa5d2cccfb6","version":6,"status":"done","tags":[],"date":"2025-04-10T17:08:52Z","url":{"schema":"http","addr":"honeypie.r-e.kr/bins/bongtak.spc","fqdn":"honeypie.r-e.kr","domain":"r-e.kr","tld":"kr"},"ip":{"addr":"176.65.144.96","port":0,"asn":0,"as":"","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-19T17:08:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"honeypie.r-e.kr","ip":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"domain_registered":"2014-03-22","domain_rank":0,"first_seen":"2025-02-14T19:17:22.766513Z","last_seen":"2025-04-10T17:01:16.384632Z","alert_count":5,"request_count":2,"received_data":78883,"sent_data":916,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"33c0cbaef1337ed7b47ed7afe5f50eb6","sha1":"145369740970ab14ee517413d1aed0412fb875b5","sha256":"6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","sha512":"3c80e5c1eb89a57dccea2c414593ebac07307cd8a86547846736e9e8273f24a8c6b5bb332e5feac7385469d2e2f468e86ebb31ec0ed3901e5535415d29bdd13f","magic":"ELF 32-bit MSB executable, SPARC, version 1 (SYSV)","size":78688,"url":{"schema":"http","addr":"honeypie.r-e.kr/bins/bongtak.spc","fqdn":"honeypie.r-e.kr","domain":"r-e.kr","tld":"kr"},"ip":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-10","alert":"Detects Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-05-11","description":"Detects Gafgyt","malpedia_family":"elf.bashlite","rule":"Linux_Gafgyt_May_2024","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7ac9673e951d038c2c10c230393b6f0a","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"41b684bf-6dd2-48a4-9a16-143f0b1439fa"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2025-04-10","alert":"Linux.Trojan.Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead","id":"28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","rule":"Linux_Trojan_Gafgyt_28a2fe0c","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Gafgyt"}},{"sensor_name":"user_499l7sx19am3m53","sensor_type":"yara","title":"","description":"Private YARA rules","scan_date":"2025-04-10","alert":"Linux_Trojan_Gafgyt_28a2fe0c","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead","id":"28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","rule":"Linux_Trojan_Gafgyt_28a2fe0c","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Gafgyt"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-10","alert":"Scan result 32/60","trigger":"6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","verdict":"malicious","severity":"","comment":"malicious - 32/60","link":"https://www.virustotal.com/gui/file/6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"33c0cbaef1337ed7b47ed7afe5f50eb6","sha1":"145369740970ab14ee517413d1aed0412fb875b5","sha256":"6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","sha512":"3c80e5c1eb89a57dccea2c414593ebac07307cd8a86547846736e9e8273f24a8c6b5bb332e5feac7385469d2e2f468e86ebb31ec0ed3901e5535415d29bdd13f","magic":"ELF 32-bit MSB executable, SPARC, version 1 (SYSV)","size":78688,"url":{"schema":"http","addr":"honeypie.r-e.kr/bins/bongtak.spc","fqdn":"honeypie.r-e.kr","domain":"r-e.kr","tld":"kr"},"ip":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-10","alert":"Detects Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-05-11","description":"Detects Gafgyt","malpedia_family":"elf.bashlite","rule":"Linux_Gafgyt_May_2024","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7ac9673e951d038c2c10c230393b6f0a","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"41b684bf-6dd2-48a4-9a16-143f0b1439fa"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2025-04-10","alert":"Linux.Trojan.Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead","id":"28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","rule":"Linux_Trojan_Gafgyt_28a2fe0c","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Gafgyt"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-10","alert":"Scan result 32/60","trigger":"6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","verdict":"malicious","severity":"","comment":"malicious - 32/60","link":"https://www.virustotal.com/gui/file/6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-10T17:08:40Z","timestamp":1744304920,"ip_dst":{"addr":"172.18.0.16","port":53586,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download Over HTTP","source":"{\"timestamp\":\"2025-04-10T17:08:40.520767+0000\",\"flow_id\":9977126098840,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"176.65.144.96\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":53586,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\",\"ET.ELFDownload\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2019240,\"rev\":14,\"signature\":\"ET POLICY Executable and linking format (ELF) file download Over HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_09_25\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"honeypie.r-e.kr\",\"url\":\"/bins/bongtak.spc\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/x-pkcs7-certificates\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":78688},\"files\":[{\"filename\":\"/bins/bongtak.spc\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":78688,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":62,\"bytes_toserver\":1876,\"bytes_toclient\":82983,\"start\":\"2025-04-10T17:08:30.038808+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-10","alert":"Detects Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-05-11","description":"Detects Gafgyt","malpedia_family":"elf.bashlite","rule":"Linux_Gafgyt_May_2024","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7ac9673e951d038c2c10c230393b6f0a","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"41b684bf-6dd2-48a4-9a16-143f0b1439fa"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2025-04-10","alert":"Linux.Trojan.Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead","id":"28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","rule":"Linux_Trojan_Gafgyt_28a2fe0c","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Gafgyt"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"honeypie.r-e.kr/bins/bongtak.spc","fqdn":"honeypie.r-e.kr","domain":"r-e.kr","tld":"kr"},"ip":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-10T17:08:30.039Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bins/bongtak.spc HTTP/1.1\r\nHost: honeypie.r-e.kr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: 78688\r\nContent-Type: application/x-pkcs7-certificates\r\nLast-Modified: Sat, 05 Apr 2025 10:46:16 GMT\r\nDate: Thu, 10 Apr 2025 17:08:30 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78688,"size_decoded":0,"mime_type":"application/x-pkcs7-certificates","magic":"ELF 32-bit MSB executable, SPARC, version 1 (SYSV)","md5":"33c0cbaef1337ed7b47ed7afe5f50eb6","sha1":"145369740970ab14ee517413d1aed0412fb875b5","sha256":"6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","sha512":"3c80e5c1eb89a57dccea2c414593ebac07307cd8a86547846736e9e8273f24a8c6b5bb332e5feac7385469d2e2f468e86ebb31ec0ed3901e5535415d29bdd13f","ssdeep":"1536:rkyPL1SJjTFWDV6mteXosT8zDyY7TR97PtDElk5vtrLe0:H6pXDqjTbPRElUtLe0","tlshash":"9b733b21b9761e2bc4d1a47a21f74765f2f147da26a8c90b3db20e8ebf215406543ff4","first_seen":"2025-04-10T16:34:08.462345Z","last_seen":"2025-04-17T05:13:50.158055Z","times_seen":4,"resource_available":false,"data":null}},"time_used":531,"timings":{"blocked":106,"dns":1,"connect":106,"send":0,"wait":102,"receive":216,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-10T17:08:40Z","timestamp":1744304920,"ip_dst":{"addr":"172.18.0.16","port":53586,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download Over HTTP","source":"{\"timestamp\":\"2025-04-10T17:08:40.520767+0000\",\"flow_id\":9977126098840,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"176.65.144.96\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":53586,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\",\"ET.ELFDownload\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2019240,\"rev\":14,\"signature\":\"ET POLICY Executable and linking format (ELF) file download Over HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_09_25\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"honeypie.r-e.kr\",\"url\":\"/bins/bongtak.spc\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/x-pkcs7-certificates\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":78688},\"files\":[{\"filename\":\"/bins/bongtak.spc\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":78688,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":62,\"bytes_toserver\":1876,\"bytes_toclient\":82983,\"start\":\"2025-04-10T17:08:30.038808+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-10","alert":"Detects Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-05-11","description":"Detects Gafgyt","malpedia_family":"elf.bashlite","rule":"Linux_Gafgyt_May_2024","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7ac9673e951d038c2c10c230393b6f0a","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"41b684bf-6dd2-48a4-9a16-143f0b1439fa"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2025-04-10","alert":"Linux.Trojan.Gafgyt","trigger":"honeypie.r-e.kr/bins/bongtak.spc","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead","id":"28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","rule":"Linux_Trojan_Gafgyt_28a2fe0c","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Gafgyt"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-10","alert":"Scan result 32/60","trigger":"6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","verdict":"malicious","severity":"","comment":"malicious - 32/60","link":"https://www.virustotal.com/gui/file/6a934b1607a91f52926cf0ec1f0468efada6ba145f97fd63ba0e8e6b45d28e44","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"honeypie.r-e.kr/bins/bongtak.spc","fqdn":"honeypie.r-e.kr","domain":"r-e.kr","tld":"kr"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-10T17:08:29.801Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bins/bongtak.spc HTTP/1.1\r\nHost: honeypie.r-e.kr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T15:09:30.745699Z","times_seen":14107455,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":106,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-10T17:08:40Z","timestamp":1744304920,"ip_dst":{"addr":"172.18.0.16","port":53586,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"176.65.144.96","port":80,"asn":0,"as":"","country":"Germany","country_code":"DE"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download Over HTTP","source":"{\"timestamp\":\"2025-04-10T17:08:40.520767+0000\",\"flow_id\":9977126098840,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"176.65.144.96\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":53586,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\",\"ET.ELFDownload\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2019240,\"rev\":14,\"signature\":\"ET POLICY Executable and linking format (ELF) file download Over HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_09_25\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"honeypie.r-e.kr\",\"url\":\"/bins/bongtak.spc\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/x-pkcs7-certificates\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":78688},\"files\":[{\"filename\":\"/bins/bongtak.spc\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":78688,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":62,\"bytes_toserver\":1876,\"bytes_toclient\":82983,\"start\":\"2025-04-10T17:08:30.038808+0000\"}}"}],"analyzer":null,"urlquery":null}}]}