{"report_id":"290401e3-de20-4fd4-8329-c35df890ceae","version":6,"status":"done","tags":[],"date":"2025-04-01T03:56:58Z","url":{"schema":"http","addr":"resource.ablemark.net/M57.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":0,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-10T03:56:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"resource.ablemark.net","ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"domain_registered":"2025-01-23","domain_rank":0,"first_seen":"2025-04-01T03:56:56.770988Z","last_seen":"2025-04-01T03:56:56.770988Z","alert_count":0,"request_count":1,"received_data":2121803,"sent_data":497,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"c0b81dd50024fe91f5ae0c55676ea687","sha1":"c04aff6e0f5db2e8338bd365eb6cb119a9bf4115","sha256":"f19d811dd33ee1473c3d38f635c84e0590899635001cbd4208443cc7bbf82f0e","sha512":"57be14e163a8d4d6bb90c820c22ed223d4f4e91b3ee635f2bd61c397db61aab9c0d616a522ea23f3b6da7c50f13a41c04b827f014c4b64ac31d92e30aeb087eb","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2121007,"url":{"schema":"https","addr":"resource.ablemark.net/M57.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"archive":[{"path":"AbleMark_M57_Printer_Driver.exe","filename":"AbleMark_M57_Printer_Driver.exe","modified":"2025-03-25T15:22:57+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":2146168,"md5":"2425e0fb0db748d988b98ee27d43d507","sha1":"fd725f8e7236ab6e5170eca9cd538df82c657be7","sha256":"92c859e655e20767094b0973488203d1ded7bb5d53cd9f4e18ad410a404eac41","sha512":"60b092b321ad6b8c979e78684654ef91d44f7bd5261fc0cfca2a29136fbf7411daafa5ff56f151def338cf3bf0b54bb5de42ca53b5f123eb93eb19d325e226d6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"AbleMark_M57_Printer_Driver.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"AbleMark_M57_Printer_Driver.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"c0b81dd50024fe91f5ae0c55676ea687","sha1":"c04aff6e0f5db2e8338bd365eb6cb119a9bf4115","sha256":"f19d811dd33ee1473c3d38f635c84e0590899635001cbd4208443cc7bbf82f0e","sha512":"57be14e163a8d4d6bb90c820c22ed223d4f4e91b3ee635f2bd61c397db61aab9c0d616a522ea23f3b6da7c50f13a41c04b827f014c4b64ac31d92e30aeb087eb","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2121007,"url":{"schema":"https","addr":"resource.ablemark.net/M57.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"archive":[{"path":"AbleMark_M57_Printer_Driver.exe","filename":"AbleMark_M57_Printer_Driver.exe","modified":"2025-03-25T15:22:57+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":2146168,"md5":"2425e0fb0db748d988b98ee27d43d507","sha1":"fd725f8e7236ab6e5170eca9cd538df82c657be7","sha256":"92c859e655e20767094b0973488203d1ded7bb5d53cd9f4e18ad410a404eac41","sha512":"60b092b321ad6b8c979e78684654ef91d44f7bd5261fc0cfca2a29136fbf7411daafa5ff56f151def338cf3bf0b54bb5de42ca53b5f123eb93eb19d325e226d6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"AbleMark_M57_Printer_Driver.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"Scans presence of the found strings using the in-house brute force method","trigger":"AbleMark_M57_Printer_Driver.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Byambaa@pubcert.mn","date":"2024-10-01","description":"Scans presence of the found strings using the in-house brute force method","rule":"ScanStringsInsocks5systemz","yarahub_license":"CC0 1.0","yarahub_reference_md5":"73875E9DA68182B09BC6A7FAAFFF67D8","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cd061b79-9264-480a-bda6-2242046143d5"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-01T03:56:36Z","timestamp":1743479796,"ip_dst":{"addr":"172.18.0.31","port":36932,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-04-01T03:56:36.697869+0000\",\"flow_id\":850512575729253,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.198.201.12\",\"src_port\":443,\"dest_ip\":\"172.18.0.31\",\"dest_port\":36932,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.ablemark.net\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"1E:F8:E4:CD:4E:37:25:30:6D:95:A5:F8:72:E9:E2:3B\",\"fingerprint\":\"15:6d:37:64:32:aa:dc:d8:b4:8c:3a:0b:bb:72:a3:e7:9f:e5:97:80\",\"sni\":\"resource.ablemark.net\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-02-26T00:00:00\",\"notafter\":\"2025-05-27T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"0191d81a4ad7ee1a330a1e2c51d23ace\",\"string\":\"771,49195,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1214,\"bytes_toclient\":3577,\"start\":\"2025-04-01T03:56:36.396901+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"resource.ablemark.net/M57.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-01T03:56:36.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.ablemark.net","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 26 Feb 2025 00:00:00 GMT","end":"Tue, 27 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"15:6D:37:64:32:AA:DC:D8:B4:8C:3A:0B:BB:72:A3:E7:9F:E5:97:80","sha256":"65:45:84:89:2C:86:F3:94:47:32:01:8B:62:61:4A:31:08:A7:16:26:87:91:F1:6C:99:1A:6A:29:D1:A7:57:51"}}},"request":{"raw":"GET /M57.zip HTTP/1.1\r\nHost: resource.ablemark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 01 Apr 2025 03:56:38 GMT\r\ncontent-type: application/x-zip-compressed\r\ncontent-length: 2121007\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"M57.zip\"; filename*=utf-8''M57.zip\r\ncontent-md5: wLgd1QAk/pH1rgxVZ26mhw==\r\ncontent-transfer-encoding: binary\r\netag: \"FsBK_24PXbLoM4vTZetssRmpv0EV\"\r\nlast-modified: Mon, 31 Mar 2025 05:45:35 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:sa-jed-ecs-fusion1;QNM:sg163;SRCPROXY:sg169;SRC_148.153.188.134:215;SRCPROXY:215;QNM3:245;QNM3:1459\r\nx-m-reqid: AtpGQYCvY\r\nx-qiniu-zone: na0\r\nx-qnm-cache: Miss\r\nx-reqid: UpcAAADvLlGjFTIY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2121007,"size_decoded":0,"mime_type":"application/x-zip-compressed","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"c0b81dd50024fe91f5ae0c55676ea687","sha1":"c04aff6e0f5db2e8338bd365eb6cb119a9bf4115","sha256":"f19d811dd33ee1473c3d38f635c84e0590899635001cbd4208443cc7bbf82f0e","sha512":"57be14e163a8d4d6bb90c820c22ed223d4f4e91b3ee635f2bd61c397db61aab9c0d616a522ea23f3b6da7c50f13a41c04b827f014c4b64ac31d92e30aeb087eb","ssdeep":"49152:djKoZL2DwzjMRls1UNLqdtJlKXLB2jhwe82nupeOixYevQ1E7B:djt54weaUJmDkB2FweFncdgYevhB","tlshash":"68a533588213039236bcd1ebf801232c95d48883328755ea99a75676d6eef3e577c0bf","first_seen":"2025-04-01T03:56:59.742894Z","last_seen":"2025-04-26T08:45:27.158563Z","times_seen":3,"resource_available":false,"data":null}},"time_used":3401,"timings":{"blocked":303,"dns":1,"connect":97,"send":0,"wait":2038,"receive":755,"ssl":204},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}