{"report_id":"4f50e17d-e918-494a-bb4a-e2d5bfb50c16","version":6,"status":"done","tags":[],"date":"2025-05-25T18:31:47Z","url":{"schema":"http","addr":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","fqdn":"storage.rudesktop.ru","domain":"rudesktop.ru","tld":"ru"},"ip":{"addr":"95.181.182.182","port":0,"asn":210756,"as":"EdgeCenter LLC","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-03T18:31:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"storage.rudesktop.ru","ip":{"addr":"95.181.182.182","port":443,"asn":210756,"as":"EdgeCenter LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-03-28","domain_rank":0,"first_seen":"2025-05-23T01:58:06.318419Z","last_seen":"2025-05-23T01:58:06.318419Z","alert_count":1,"request_count":1,"received_data":11248138,"sent_data":524,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"0026082eae4a69adc72fd473454232a0","sha1":"f9de644e14ab2afd15d814b67b433dfa6132c2ea","sha256":"68f9833e5d7d9eecb3a7dd83e57e5a5ba7dc4744159924924159a71674aa4c53","sha512":"ca7955c087f74149db7247fc23dd88dac39680e2a3971c0e619a10f857f5810cc923a19eac324f714abc1aa2a1ca5b1028fd47629885e3ef8b68f43777e2404f","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1251, Title: Installation Database, Subject: Remote Control Software, Author: Advanced Technologies LLC, Keywords: Installer, Comments: This installer database contains the logic and data required to install RuDesktop., Template: Intel;1033, Revision Number: {5BEC631C-3922-444D-B0F0-96CFCA4132F7}, Create Time/Date: Sat Apr 19 10:17:14 2025, Last Saved Time/Date: Sat Apr 19 10:17:14 2025, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.6526), Security: 2","size":11247616,"url":{"schema":"https","addr":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","fqdn":"storage.rudesktop.ru","domain":"rudesktop.ru","tld":"ru"},"ip":{"addr":"95.181.182.182","port":443,"asn":210756,"as":"EdgeCenter LLC","country":"Russia","country_code":"RU"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-25","alert":"Detect files is `SliverFox` malware","trigger":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"0026082eae4a69adc72fd473454232a0","sha1":"f9de644e14ab2afd15d814b67b433dfa6132c2ea","sha256":"68f9833e5d7d9eecb3a7dd83e57e5a5ba7dc4744159924924159a71674aa4c53","sha512":"ca7955c087f74149db7247fc23dd88dac39680e2a3971c0e619a10f857f5810cc923a19eac324f714abc1aa2a1ca5b1028fd47629885e3ef8b68f43777e2404f","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1251, Title: Installation Database, Subject: Remote Control Software, Author: Advanced Technologies LLC, Keywords: Installer, Comments: This installer database contains the logic and data required to install RuDesktop., Template: Intel;1033, Revision Number: {5BEC631C-3922-444D-B0F0-96CFCA4132F7}, Create Time/Date: Sat Apr 19 10:17:14 2025, Last Saved Time/Date: Sat Apr 19 10:17:14 2025, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.6526), Security: 2","size":11247616,"url":{"schema":"https","addr":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","fqdn":"storage.rudesktop.ru","domain":"rudesktop.ru","tld":"ru"},"ip":{"addr":"95.181.182.182","port":443,"asn":210756,"as":"EdgeCenter LLC","country":"Russia","country_code":"RU"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-25","alert":"Detect files is `SliverFox` malware","trigger":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-25","alert":"Detect files is `SliverFox` malware","trigger":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","fqdn":"storage.rudesktop.ru","domain":"rudesktop.ru","tld":"ru"},"ip":{"addr":"95.181.182.182","port":443,"asn":210756,"as":"EdgeCenter LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-25T18:31:08.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8fa3dfa5-9314-4074-ade7-652894e2b408.selcdn.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 May 2025 00:43:45 GMT","end":"Tue, 12 Aug 2025 00:43:44 GMT"},"fingerprint":{"sha1":"59:17:7A:FB:73:4F:96:66:B0:92:4C:76:B0:38:E4:FF:E2:DE:F1:68","sha256":"BA:EC:2F:70:9E:03:0B:12:7D:6F:26:EB:2C:6B:C3:5F:C6:10:71:34:A9:3D:7E:17:72:2D:0D:CD:54:F2:8A:BD"}}},"request":{"raw":"GET /download/rudesktop-2.8.1153-x32.msi HTTP/1.1\r\nHost: storage.rudesktop.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 25 May 2025 18:31:09 GMT\r\ncontent-type: application/x-msi; swift_bytes=11247616\r\ncontent-length: 11247616\r\netag: \"1f0c0eb474f149dbf196233263598794\"\r\nlast-modified: Sun, 20 Apr 2025 06:10:53 GMT\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\nx-container-storage-policy-index: 0\r\nx-container-storage-policy-name: Policy-0\r\nage: 683\r\ncache: HIT\r\nx-cached-since: 2025-05-25T08:03:58+00:00\r\nx-node: m9-up-gc90\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11247616,"size_decoded":0,"mime_type":"application/x-msi","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1251, Title: Installation Database, Subject: Remote Control Software, Author: Advanced Technologies LLC, Keywords: Installer, Comments: This installer database contains the logic and data required to install RuDesktop., Template: Intel;1033, Revision Number: {5BEC631C-3922-444D-B0F0-96CFCA4132F7}, Create Time/Date: Sat Apr 19 10:17:14 2025, Last Saved Time/Date: Sat Apr 19 10:17:14 2025, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.6526), Security: 2","md5":"0026082eae4a69adc72fd473454232a0","sha1":"f9de644e14ab2afd15d814b67b433dfa6132c2ea","sha256":"68f9833e5d7d9eecb3a7dd83e57e5a5ba7dc4744159924924159a71674aa4c53","sha512":"ca7955c087f74149db7247fc23dd88dac39680e2a3971c0e619a10f857f5810cc923a19eac324f714abc1aa2a1ca5b1028fd47629885e3ef8b68f43777e2404f","ssdeep":"196608:67ea3vRKynn4DVuHbAnO1VFaWtXMKlNvsSUjitTzI/vGDxCzLS9Q0xfaDEEt6l+:6rYWn4DVuHUO1zaWtnojitXwvGqLS9cV","tlshash":"4eb601dfffac7b76c6a50c316c3683508deb9c0dd530e4466b0a6184daf21f881566ea","first_seen":"2025-05-25T18:31:54.757114Z","last_seen":"2025-05-25T18:31:54.757114Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1691,"timings":{"blocked":268,"dns":120,"connect":67,"send":0,"wait":79,"receive":1075,"ssl":79},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-25","alert":"Detect files is `SliverFox` malware","trigger":"storage.rudesktop.ru/download/rudesktop-2.8.1153-x32.msi","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}