{"report_id":"14f13e73-d295-4984-8996-414a85ff9fc4","version":6,"status":"done","tags":[],"date":"2024-10-13T20:37:18Z","url":{"schema":"http","addr":"raw.githubusercontent.com/blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2026-12-22T20:37:18Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06T21:45:11Z","last_seen":"2024-10-13T11:01:32.822962Z","alert_count":0,"request_count":4,"received_data":3548,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":35802,"first_seen":"2014-03-01T08:08:08Z","last_seen":"2024-10-13T01:43:24.130791Z","alert_count":3,"request_count":1,"received_data":6669675,"sent_data":538,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07T07:43:57Z","last_seen":"2024-10-13T11:01:32.826898Z","alert_count":0,"request_count":5,"received_data":4435,"sent_data":1635,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"640927cf917ad3458db4888ffef8b9ac","sha1":"8664d7636306fb9687322cc7142d733468baa676","sha256":"1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","sha512":"46f0b8563db03aeb24b24b4f55f8f9c0e5d1b062cbe21880de49b28c186f4503619054debdde101c5452c71c7f944619c6888e6da63dad30256ab88b409af14b","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 20 sections","size":6668776,"url":{"schema":"https","addr":"raw.githubusercontent.com/blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-13","alert":"meth_get_eip","trigger":"raw.githubusercontent.com/blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-06","alert":"Scan result 6/74","trigger":"1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","verdict":"suspicious","severity":"","comment":"suspicious - 6/74","link":"https://www.virustotal.com/gui/file/1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","meta":null},{"sensor_name":"clamav","sensor_type":"antivirus","title":"","description":"ClamAV","scan_date":"2024-10-13","alert":"Win.Ransomware.Ulise-9976282-0","trigger":"1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","verdict":"malicious","severity":"medium","comment":"","link":"https://www.clamav.net/","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-13","alert":"meth_get_eip","trigger":"raw.githubusercontent.com/blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:51.665650233Z","timestamp":1728851811665,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"33894F6FF17B73A85E637B913D99CFC80FABCF374FB7A09ADFCB05FCF57EBDEF\"\r\nLast-Modified: Sun, 13 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7002\r\nExpires: Sun, 13 Oct 2024 22:33:33 GMT\r\nDate: Sun, 13 Oct 2024 20:36:51 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"769a524922078b57a9a828ad4a1c5f57","sha1":"e4eeedefddf60987ea68e911f99663504d978f08","sha256":"33894f6ff17b73a85e637b913d99cfc80fabcf374fb7a09adfcb05fcf57ebdef","sha512":"711ed76299d51d492c38a32750102a8430b3c3bae0e1db38b4e59afa3792335076bb5860d495776b887b86cd0d92f856a6c37049d2a93b260fb98aae9d82bbbe","ssdeep":"","tlshash":"47f075927d63bb80ab6900112b79e115af4264573c00c2c5eae6c2e2e5202e89b84008","first_seen":"2024-10-13T17:48:32.257557Z","last_seen":"2024-10-15T13:49:02.356956Z","times_seen":3042,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:51.900236701Z","timestamp":1728851811900,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"EB25C0BA5C8244185A6C004482F85EF91889D1F4F368D44BF009BB957E776F28\"\r\nLast-Modified: Sun, 13 Oct 2024 04:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7136\r\nExpires: Sun, 13 Oct 2024 22:35:47 GMT\r\nDate: Sun, 13 Oct 2024 20:36:51 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4ef646b0e9b7327e4a942f9294833f80","sha1":"292c5eafd5f9d4c35b11f0f3d456cdbe77e30c21","sha256":"eb25c0ba5c8244185a6c004482f85ef91889d1f4f368d44bf009bb957e776f28","sha512":"d09a5093492213611006f70e8a85ee0523f02864d0b4494b04525dd630e91e72646bfcc90965dd9eb935b7a331592e7c3b5d09f19e7a1e4a01405a6058b9a42a","ssdeep":"","tlshash":"fdf09e5136d2b803baa945135b39df139e3049e9b9446ed63df08ff10c14aeda4884dd","first_seen":"2024-10-13T11:01:36.639091Z","last_seen":"2024-10-15T01:01:39.040976Z","times_seen":8364,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:51.997726597Z","timestamp":1728851811997,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8B02810ECC47D5F71219990370D9538BFFF6E45C5FF895E7A3C60392423C5ADB\"\r\nLast-Modified: Sat, 12 Oct 2024 08:15:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7392\r\nExpires: Sun, 13 Oct 2024 22:40:03 GMT\r\nDate: Sun, 13 Oct 2024 20:36:51 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0047c90c620c7ae5d6e899dbcd92d7f9","sha1":"b40765060b59aa1231b7e4c552c7657c957a505e","sha256":"8b02810ecc47d5f71219990370d9538bfff6e45c5ff895e7a3c60392423c5adb","sha512":"3bfce57c46f25b72e75082b2b1c77e10307f154fce4ed16165c524440682111a59a9ea79beceee72bffd2797754aa76038d78fa618bf05492bbdcb24f6613ff1","ssdeep":"","tlshash":"6af0548612e639a073730726bc38ee2ebc33a9ad748a125121c383b03811bf843cc05d","first_seen":"2024-10-12T10:17:26Z","last_seen":"2024-10-14T14:16:26.622764Z","times_seen":14152,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:52.133529142Z","timestamp":1728851812133,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"42554F548AFD03E7799C63539FCE43E4BFA688B54B894B564AC51BA30CBAF6F3\"\r\nLast-Modified: Sun, 13 Oct 2024 04:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7011\r\nExpires: Sun, 13 Oct 2024 22:33:43 GMT\r\nDate: Sun, 13 Oct 2024 20:36:52 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c23e39db05be15386fa548ca7b2c453a","sha1":"f74dde624032b136a3decaa16f09a97402ab226f","sha256":"42554f548afd03e7799c63539fce43e4bfa688b54b894b564ac51ba30cbaf6f3","sha512":"08b641481aecd078f910711430f58ab5e31ead794b87a0d9ca201f4c59b77464dc7e93702d28e2ae812ff1433df3215de4ce7385692c508a1d577998c5c880cf","ssdeep":"","tlshash":"f1f00ea629d239002fbf4c1a2d62f9693f31b9bc791034c63bd043c3b8647e86a8008c","first_seen":"2024-10-13T11:01:36.644601Z","last_seen":"2024-10-15T06:23:30.004719Z","times_seen":4857,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"raw.githubusercontent.com/blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-13T20:36:52.131Z","timestamp":1728851812131,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: application/octet-stream\r\netag: W/\"7757eb6afd1154232de0650136baa00bceebd04ae82024e82cacc0a96466c41f\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: E689:3BBFCB:1810838:1935D43:670C2F63\r\naccept-ranges: bytes\r\ndate: Sun, 13 Oct 2024 20:36:52 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410029-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1728851812.175882,VS0,VE468\r\nvary: Authorization,Accept-Encoding,Origin\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: 6817ca6f8dc674700266a42c671233679c3950ad\r\nexpires: Sun, 13 Oct 2024 20:41:52 GMT\r\nsource-age: 0\r\ncontent-length: 6668776\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6668776,"size_decoded":6668776,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 20 sections","md5":"640927cf917ad3458db4888ffef8b9ac","sha1":"8664d7636306fb9687322cc7142d733468baa676","sha256":"1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","sha512":"46f0b8563db03aeb24b24b4f55f8f9c0e5d1b062cbe21880de49b28c186f4503619054debdde101c5452c71c7f944619c6888e6da63dad30256ab88b409af14b","ssdeep":"98304:sn+SYZZJYppWTXSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwR:s8ZfZT1LgDLg1IJV0T5/GZlDolYp+Qh/","tlshash":"5c66af40fac3d8e6e9660531489ff72b163cda084752cb67db98ea28fd637d12f02645","first_seen":"2023-07-18T22:44:06Z","last_seen":"2025-03-06T21:33:03.768351Z","times_seen":15,"resource_available":false,"data":null}},"time_used":1030,"timings":{"blocked":39,"dns":1,"connect":14,"send":0,"wait":484,"receive":463,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-10-13","alert":"meth_get_eip","trigger":"raw.githubusercontent.com/blueclouds8666/uTox_XP/files/binaries/0.17.2/utox-i686.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-06","alert":"Scan result 6/74","trigger":"1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","verdict":"suspicious","severity":"","comment":"suspicious - 6/74","link":"https://www.virustotal.com/gui/file/1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","meta":null},{"sensor_name":"clamav","sensor_type":"antivirus","title":"","description":"ClamAV","scan_date":"2024-10-13","alert":"Win.Ransomware.Ulise-9976282-0","trigger":"1a13d8b891a987c22d67a4bf7645164e23a6730f6534fd6ea0ed7ab76d1ad413","verdict":"malicious","severity":"medium","comment":"","link":"https://www.clamav.net/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:54.131898652Z","timestamp":1728851814131,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B\"\r\nLast-Modified: Sun, 13 Oct 2024 09:42:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8468\r\nExpires: Sun, 13 Oct 2024 22:58:01 GMT\r\nDate: Sun, 13 Oct 2024 20:36:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"143cafab2abc2c8dff00d2db2d46b804","sha1":"51fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9","sha256":"2436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b","sha512":"a3f40aae8ac3571e9ec151109acc10f01d35355e11931ce10f4203bfe1f37f56ab6e69eaf6049bfbf93cc3f8c8c438321f5140a22a3cc80ff5eb2b092d6dd7c1","ssdeep":"","tlshash":"00f005c116353dc0a71d883c6b66f5351c3a38941c951390579487ef6a10ffca58011c","first_seen":"2024-10-13T11:34:54.054628Z","last_seen":"2024-10-13T22:23:05.180752Z","times_seen":4597,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:54.13281846Z","timestamp":1728851814132,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B\"\r\nLast-Modified: Sun, 13 Oct 2024 09:42:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8468\r\nExpires: Sun, 13 Oct 2024 22:58:01 GMT\r\nDate: Sun, 13 Oct 2024 20:36:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"143cafab2abc2c8dff00d2db2d46b804","sha1":"51fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9","sha256":"2436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b","sha512":"a3f40aae8ac3571e9ec151109acc10f01d35355e11931ce10f4203bfe1f37f56ab6e69eaf6049bfbf93cc3f8c8c438321f5140a22a3cc80ff5eb2b092d6dd7c1","ssdeep":"","tlshash":"00f005c116353dc0a71d883c6b66f5351c3a38941c951390579487ef6a10ffca58011c","first_seen":"2024-10-13T11:34:54.054628Z","last_seen":"2024-10-13T22:23:05.180752Z","times_seen":4597,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:54.13362985Z","timestamp":1728851814133,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B\"\r\nLast-Modified: Sun, 13 Oct 2024 09:42:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8468\r\nExpires: Sun, 13 Oct 2024 22:58:01 GMT\r\nDate: Sun, 13 Oct 2024 20:36:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"143cafab2abc2c8dff00d2db2d46b804","sha1":"51fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9","sha256":"2436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b","sha512":"a3f40aae8ac3571e9ec151109acc10f01d35355e11931ce10f4203bfe1f37f56ab6e69eaf6049bfbf93cc3f8c8c438321f5140a22a3cc80ff5eb2b092d6dd7c1","ssdeep":"","tlshash":"00f005c116353dc0a71d883c6b66f5351c3a38941c951390579487ef6a10ffca58011c","first_seen":"2024-10-13T11:34:54.054628Z","last_seen":"2024-10-13T22:23:05.180752Z","times_seen":4597,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:54.134472003Z","timestamp":1728851814134,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B\"\r\nLast-Modified: Sun, 13 Oct 2024 09:42:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8468\r\nExpires: Sun, 13 Oct 2024 22:58:01 GMT\r\nDate: Sun, 13 Oct 2024 20:36:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"143cafab2abc2c8dff00d2db2d46b804","sha1":"51fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9","sha256":"2436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b","sha512":"a3f40aae8ac3571e9ec151109acc10f01d35355e11931ce10f4203bfe1f37f56ab6e69eaf6049bfbf93cc3f8c8c438321f5140a22a3cc80ff5eb2b092d6dd7c1","ssdeep":"","tlshash":"00f005c116353dc0a71d883c6b66f5351c3a38941c951390579487ef6a10ffca58011c","first_seen":"2024-10-13T11:34:54.054628Z","last_seen":"2024-10-13T22:23:05.180752Z","times_seen":4597,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-13T20:36:54.135278368Z","timestamp":1728851814135,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2436CB52EA04BC02E2614F8EE8857F89C02BCC82406262DEACC312CC13053D2B\"\r\nLast-Modified: Sun, 13 Oct 2024 09:42:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8468\r\nExpires: Sun, 13 Oct 2024 22:58:01 GMT\r\nDate: Sun, 13 Oct 2024 20:36:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"143cafab2abc2c8dff00d2db2d46b804","sha1":"51fcd02ca5c0fec6a16eea86ccbe51ab6dc628f9","sha256":"2436cb52ea04bc02e2614f8ee8857f89c02bcc82406262deacc312cc13053d2b","sha512":"a3f40aae8ac3571e9ec151109acc10f01d35355e11931ce10f4203bfe1f37f56ab6e69eaf6049bfbf93cc3f8c8c438321f5140a22a3cc80ff5eb2b092d6dd7c1","ssdeep":"","tlshash":"00f005c116353dc0a71d883c6b66f5351c3a38941c951390579487ef6a10ffca58011c","first_seen":"2024-10-13T11:34:54.054628Z","last_seen":"2024-10-13T22:23:05.180752Z","times_seen":4597,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}