{"report_id":"11068f5a-fafc-40a5-af88-a28a00ebea36","version":6,"status":"done","tags":[],"date":"2024-07-10T12:03:19Z","url":{"schema":"http","addr":"cdn.discordapp.com/attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.133.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T10:15:08Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-08 18:12:20","alert_count":0,"request_count":7,"received_data":6212,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.discordapp.com","ip":{"addr":"162.159.135.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-02-26","domain_rank":2474,"first_seen":"2015-08-24 15:06:21","last_seen":"2024-07-08 18:17:47","alert_count":1,"request_count":1,"received_data":6182624,"sent_data":626,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"89dec1986b02f192b3255eab4a5e6f88","sha1":"9cfb4f8e3e620628b7dbe0edfb217410b8889df3","sha256":"84c19c9d3cbcf09449f35d4326189aabfd22fe3a793d800daadfcdf24fe9ba15","sha512":"f71790eab0df8be5d18a266edd9a735e586c31ca99c5449cae58c40f3a6a46dbb102d0e4be449c72b7d958b492e4fb08f65803d69479749edbd04ec1d32a18f4","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":6180941,"url":{"schema":"https","addr":"cdn.discordapp.com/attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.135.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-07-10","alert":"Identifies executable converted using PyInstaller.","trigger":"cdn.discordapp.com/attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-07-10","alert":"Identifies executable converted using PyInstaller.","trigger":"cdn.discordapp.com/attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:52.621452679Z","timestamp":1720612972621,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"41E6A348AAC9E9DB44BFA14B3AA29D411F4489B375AE1F1BE6B0D280AF98541D\"\r\nLast-Modified: Mon, 08 Jul 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14779\r\nExpires: Wed, 10 Jul 2024 16:09:11 GMT\r\nDate: Wed, 10 Jul 2024 12:02:52 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b34ca6af54e2b9fea57d418f5d1928f7","sha1":"510b69f4470789a573217726d6f1a3d6ee765460","sha256":"41e6a348aac9e9db44bfa14b3aa29d411f4489b375ae1f1be6b0d280af98541d","sha512":"56fc288af1ca048d6ad95019c5fe4a6be829ae0e6d834e51d920e79cb96aa3de97763b94d41b4c691f461b7a46ef961dd157b791947e0463310e5d0abd1422c8","ssdeep":"","tlshash":"def0055627d5a6016a710a911de5d31a1e2058fb305018f223d451e33923bbe1ec8446","first_seen":"2024-07-08T05:19:45Z","last_seen":"2024-08-19T17:39:41.553406Z","times_seen":34939,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:52.673314827Z","timestamp":1720612972673,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5F9FEB641B1E74A7C14EEE1104953D1E9FAA0341D1F27FDBD50FA8207E6C0AC8\"\r\nLast-Modified: Tue, 09 Jul 2024 15:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7627\r\nExpires: Wed, 10 Jul 2024 14:09:59 GMT\r\nDate: Wed, 10 Jul 2024 12:02:52 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c2f3e4e1f94efa7a80f9deeb3d459176","sha1":"7a8f013a3d13ffe4241b8e2a8b9ca63daeeace53","sha256":"5f9feb641b1e74a7c14eee1104953d1e9faa0341d1f27fdbd50fa8207e6c0ac8","sha512":"b31001673f2a70424a77c868b62170411fff1d9ced6cee20cb26b7538d349bc4573cbb80b198779afa9ff558e6719d8d04b694a26cb451f792e8895bf9b29f5f","ssdeep":"","tlshash":"b9f0054712a5ff50a2f0175515f1ea05dd207d792c5015c2759443f23869bf4d5c840e","first_seen":"2024-07-09T21:40:33Z","last_seen":"2024-08-19T17:27:56.105485Z","times_seen":18846,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:53.004242725Z","timestamp":1720612973004,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5D1BC1C01894FD88A0D4680490977488D6458BB58A98ACE24EF8AA103538BC1F\"\r\nLast-Modified: Tue, 09 Jul 2024 23:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12452\r\nExpires: Wed, 10 Jul 2024 15:30:24 GMT\r\nDate: Wed, 10 Jul 2024 12:02:52 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e7492695b5254a3a63fcffb4f1ee8cec","sha1":"0361713c6d8129210245347284c7c6babfd28fb7","sha256":"5d1bc1c01894fd88a0d4680490977488d6458bb58a98ace24ef8aa103538bc1f","sha512":"ec0e52128f983dbd74415511de8ce735b2b718b43605e9ac47400438cd5e97c87e35eb9ba74da906afc0cc7f6d28beca431b3cd9f15b958bce49500f659db147","ssdeep":"","tlshash":"d5f0549736b6bc516ab835253dfbda3e7a309924b15049bceca51291ec383a7418040c","first_seen":"2024-07-10T02:50:08Z","last_seen":"2024-08-19T17:26:17.073472Z","times_seen":39709,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:53.324469106Z","timestamp":1720612973324,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C86804EFF01A7BB9FF866508BFDB1B071CFA4A26617D11094B9F5226E1A4B970\"\r\nLast-Modified: Tue, 09 Jul 2024 16:18:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=10406\r\nExpires: Wed, 10 Jul 2024 14:56:19 GMT\r\nDate: Wed, 10 Jul 2024 12:02:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fc076d7a99abd74b9da6b35304bb93e9","sha1":"9d541501d5141dcf7b4d839d6fcffabec81e1a14","sha256":"c86804eff01a7bb9ff866508bfdb1b071cfa4a26617d11094b9f5226e1a4b970","sha512":"ff10580406ed0db383ff2d2dded09db4544cc042b2e609083d89b33b2d0bf6e77591dffa46e88fc3d5460d288e7416f8d1a145bd1bc80cae5f950955f7d88a14","ssdeep":"","tlshash":"5bf00e0210d8be02933a0f056899e22a6c00d6ac728051f730dc05957672b9b87c8848","first_seen":"2024-07-09T20:48:14Z","last_seen":"2024-08-19T17:28:08.063831Z","times_seen":23416,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.discordapp.com/attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.135.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-10T12:02:53.111Z","timestamp":1720612973111,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 20 Oct 2023 00:00:00 GMT","end":"Sat, 19 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39","sha256":"AE:AD:8A:65:51:06:63:11:23:96:B7:DA:16:50:23:0B:76:2A:B6:E5:33:E1:33:DA:84:FA:9D:D0:8B:E6:56:63"}}},"request":{"raw":"GET /attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026 HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 10 Jul 2024 12:02:53 GMT\r\ncontent-type: application/x-msdos-program\r\ncontent-length: 6180941\r\ncf-ray: 8a106849fe8d569f-OSL\r\ncf-cache-status: MISS\r\naccept-ranges: bytes, bytes\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: attachment; filename=\"test.exe\"\r\netag: \"89dec1986b02f192b3255eab4a5e6f88\"\r\nexpires: Thu, 10 Jul 2025 12:02:53 GMT\r\nlast-modified: Wed, 10 Jul 2024 12:01:50 GMT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-goog-generation: 1720612910656537\r\nx-goog-hash: crc32c=ifLpDw==, md5=id7BmGsC8ZKzJV6rSl5viA==\r\nx-goog-metageneration: 1\r\nx-goog-storage-class: STANDARD\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 6180941\r\nx-guploader-uploadid: ACJd0NqWWbbOrmhHtgM6G02zSAdMgt93mpJVu8kyiaJw3u7brYKgqXSzXIMJ7jKMO1yWyONFVlgrkv3zbg\r\nx-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RvfqN61fBlLVCq4q8xBWm22zV38nX4Y2H422WkkUIQgmlEkNRVTfcd16ez86R6GXzv7QE%2F0d7W2BZynVR4Hl2NRa8ID3YxrlaEb2beBl97Mbq8ttm3KKO7Sz9JubCyElSChQvw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nset-cookie: __cf_bm=TKlebcnpb7lg5ShGGV8krJOgU4mbA9TJzb4U8xjiFe0-1720612973-1.0.1.1-mFcTFXkiOHPITrCsVeMf_vn2oOCv8NOcfFaiSMwbDSm6F7i_rQb7b5eua3d20ZyLjCOmNfS3yCPxAU5l7P2Vdw; path=/; expires=Wed, 10-Jul-24 12:32:53 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None\n_cfuvid=3Wem7cNnOLsoTVSAowVrjDdSin3ylZIkIJZEYMYyAEU-1720612973752-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6180941,"size_decoded":6180941,"mime_type":"application/x-msdos-program","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","md5":"89dec1986b02f192b3255eab4a5e6f88","sha1":"9cfb4f8e3e620628b7dbe0edfb217410b8889df3","sha256":"84c19c9d3cbcf09449f35d4326189aabfd22fe3a793d800daadfcdf24fe9ba15","sha512":"f71790eab0df8be5d18a266edd9a735e586c31ca99c5449cae58c40f3a6a46dbb102d0e4be449c72b7d958b492e4fb08f65803d69479749edbd04ec1d32a18f4","ssdeep":"98304:DCp+ZlFlX2uW5MI0wtLGMY8DI65KiaYGgQ30LJd2UqLjYSpXqDLqp6DoVbKtJvY:eNL2VsLZy7YM30LzajYSEqpItJv","tlshash":"c756334da2b009fae92bc03ec9614426ea3379554f71e2075bb483560f17ff06e7ab91","first_seen":"2024-08-19T17:23:09.358739Z","last_seen":"2024-08-19T17:23:09.358739Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1936,"timings":{"blocked":6,"dns":1,"connect":1,"send":0,"wait":638,"receive":1275,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-07-10","alert":"Identifies executable converted using PyInstaller.","trigger":"cdn.discordapp.com/attachments/1190284468058062899/1260566654119841883/test.exe?ex=668fc9ae\u0026is=668e782e\u0026hm=d6626d98431e45a7c7d41980e138dc5767e24ff0ed6e3c65ce4067991df69693\u0026","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:55.998788607Z","timestamp":1720612975998,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6258\r\nExpires: Wed, 10 Jul 2024 13:47:13 GMT\r\nDate: Wed, 10 Jul 2024 12:02:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:55.999747721Z","timestamp":1720612975999,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6258\r\nExpires: Wed, 10 Jul 2024 13:47:13 GMT\r\nDate: Wed, 10 Jul 2024 12:02:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-10T12:02:56.000606383Z","timestamp":1720612976000,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6258\r\nExpires: Wed, 10 Jul 2024 13:47:13 GMT\r\nDate: Wed, 10 Jul 2024 12:02:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}