{"report_id":"99b55d10-d408-475d-ae81-aae9ea0e1f11","version":6,"status":"done","tags":[],"date":"2024-07-23T07:37:19Z","url":{"schema":"http","addr":"update.csm.vcdn.vn/launcherupd/cfeapplt.exe","fqdn":"update.csm.vcdn.vn","domain":"vcdn.vn","tld":"vn"},"ip":{"addr":"118.69.83.91","port":0,"asn":18403,"as":"FPT Telecom Company","country":"Vietnam","country_code":"VN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T08:37:22Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"update.csm.vcdn.vn","ip":{"addr":"118.69.83.91","port":0,"asn":18403,"as":"FPT Telecom Company","country":"Vietnam","country_code":"VN"},"domain_registered":"unknown","domain_rank":402619,"first_seen":"2013-06-18 05:20:43","last_seen":"2023-06-05 10:59:06","alert_count":2,"request_count":1,"received_data":1555245,"sent_data":413,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-22 18:12:14","alert_count":0,"request_count":6,"received_data":5323,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"status.rapidssl.com","ip":{"addr":"192.229.221.95","port":0,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"domain_registered":"2002-04-05","domain_rank":6946,"first_seen":"2018-06-15 22:49:00","last_seen":"2024-07-22 20:38:38","alert_count":0,"request_count":1,"received_data":735,"sent_data":331,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"2c6d7c726c7bb48588f832aacc9ef6c7","sha1":"6adc971376871d01e07a05c0fe2ec7e8f83d6c71","sha256":"736426660b23c91df4123f94cf30654ff2a6f4b91eba654c6b1921c449d0275c","sha512":"2a6756bf6052d30d45f59e30c12843cbf21d9e99377748285680cfcb21087175126a844ceff0ef1f6f7b7b111d27a427b139ea9d30e1ddb74406a754ed529f3f","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections","size":1554640,"url":{"schema":"https","addr":"update.csm.vcdn.vn/launcherupd/cfeapplt.exe","fqdn":"update.csm.vcdn.vn","domain":"vcdn.vn","tld":"vn"},"ip":{"addr":"118.69.83.91","port":0,"asn":18403,"as":"FPT Telecom Company","country":"Vietnam","country_code":"VN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-08-08","alert":"Scan result 1/70","trigger":"736426660b23c91df4123f94cf30654ff2a6f4b91eba654c6b1921c449d0275c","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/736426660b23c91df4123f94cf30654ff2a6f4b91eba654c6b1921c449d0275c","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-23T07:36:49Z","timestamp":1721720209,"ip_dst":{"addr":"Client IP","port":53876,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"118.69.83.91","port":80,"asn":18403,"as":"FPT Telecom Company","country":"Vietnam","country_code":"VN"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2024-07-23T07:36:49.349283+0000\",\"flow_id\":657926134981949,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"118.69.83.91\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":53876,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"update.csm.vcdn.vn\",\"url\":\"/launcherupd/cfeapplt.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/x-msdownload\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":40273},\"files\":[{\"filename\":\"/launcherupd/cfeapplt.exe\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":40273,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":31,\"bytes_toserver\":1785,\"bytes_toclient\":44026,\"start\":\"2024-07-23T07:36:48.484669+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:47.011778371Z","timestamp":1721720207011,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"FB270CF16706247ADDE7EFD430FE667555CB37EE35EAE763593424A17C624BCD\"\r\nLast-Modified: Sat, 20 Jul 2024 19:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13053\r\nExpires: Tue, 23 Jul 2024 11:14:20 GMT\r\nDate: Tue, 23 Jul 2024 07:36:47 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"f58a4b489ef65eff7896802c87e363e7","sha1":"e7287b89b56c66407955bf95bd03133d2e5945d1","sha256":"fb270cf16706247adde7efd430fe667555cb37ee35eae763593424a17c624bcd","sha512":"c065e9f7dd5fe8977e62fc53b2f8f282b9822e5b2da8f892a233a215b0084cb15dcfab72538f71c8b0abfb53fca418c8387e9881640f5d7ec16e245ded101811","ssdeep":"","tlshash":"f5f00548132ebac0bf3d1a261694d5182d24fdfe140828f1ddd441e235e6f993a5c416","first_seen":"2024-07-20T23:43:01Z","last_seen":"2024-08-19T16:14:35.910582Z","times_seen":17507,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:47.037268774Z","timestamp":1721720207037,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"778D02DECABF7DFF03BF5EC4C4EB0F03AC789E89BCFE58353C266C9D66C08834\"\r\nLast-Modified: Sat, 20 Jul 2024 19:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2949\r\nExpires: Tue, 23 Jul 2024 08:25:56 GMT\r\nDate: Tue, 23 Jul 2024 07:36:47 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"2f796f6340ac7eef4fa2891ac8f8aa1a","sha1":"27bbc7bb6314b31dcab89f198bc258b040593aa7","sha256":"778d02decabf7dff03bf5ec4c4eb0f03ac789e89bcfe58353c266c9d66c08834","sha512":"332ad8103818d77a6436e42ee756dd6f241b844dc98a7a67b52d01d5541c140e9d3ddabc315afe1c9ea0e094ffa1873c666c65f61ad0a938ca34950b4c0ef429","ssdeep":"","tlshash":"c5f0754600d4bc047fa4051b45e0c2391a30aff84e423fc039d849f1d800f796c8894d","first_seen":"2024-07-21T00:49:07Z","last_seen":"2024-08-19T16:14:10.849697Z","times_seen":22664,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:47.309259043Z","timestamp":1721720207309,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"60C84BB6C568871D3FEBE1E58C6AEDF398FA06F5F7AFC3E6087200BE0A25AD3F\"\r\nLast-Modified: Sat, 20 Jul 2024 19:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2645\r\nExpires: Tue, 23 Jul 2024 08:20:52 GMT\r\nDate: Tue, 23 Jul 2024 07:36:47 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"85a291090b5db764a5b5f1487dcb958f","sha1":"9dadf7a0a7d6be86e491a10bbbc72c84f798cab9","sha256":"60c84bb6c568871d3febe1e58c6aedf398fa06f5f7afc3e6087200be0a25ad3f","sha512":"54d2b0b7b54d879ca308df969971761efbe43c7f3ac4178738778d17c9dd8181afcacde6e9a392d04028e09823c1e47026a4585f64276592308190948173eba4","ssdeep":"","tlshash":"f9f00e170bf63d4077712a42e7e2c27e0b24ddabf801963e649442a66418bfa2fc8099","first_seen":"2024-07-21T01:22:15Z","last_seen":"2024-08-19T16:13:52.205448Z","times_seen":22689,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:47.348333209Z","timestamp":1721720207348,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"951AE19E1EB066355BF55FF2163F6D14B689088FA3DD443FB01D889BB28FE095\"\r\nLast-Modified: Sat, 20 Jul 2024 19:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6425\r\nExpires: Tue, 23 Jul 2024 09:23:52 GMT\r\nDate: Tue, 23 Jul 2024 07:36:47 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41b470cfcb4d809b7689783076e07c76","sha1":"919b05dba2523cc4b8e9a6e873fe777fd753ee1b","sha256":"951ae19e1eb066355bf55ff2163f6d14b689088fa3dd443fb01d889bb28fe095","sha512":"dce19fad3a25686ec442ada5c3d462174a63f1fc17cf331d3690797222d4adb87c567235eda21ab6512379198277a0b73584283849c33439892ee919e093005d","ssdeep":"","tlshash":"eaf0054185d97f803760081a7ed5e1083e309f6ca4910fd4819046c72062bca5b940d8","first_seen":"2024-07-21T05:06:08Z","last_seen":"2024-08-19T16:13:24.436694Z","times_seen":17054,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"status.rapidssl.com/","fqdn":"status.rapidssl.com","domain":"rapidssl.com","tld":"com"},"ip":{"addr":"192.229.221.95","port":0,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:47.949436622Z","timestamp":1721720207949,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: status.rapidssl.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAge: 4050\r\nCache-Control: max-age=7200\r\nContent-Type: application/ocsp-response\r\nDate: Tue, 23 Jul 2024 07:36:47 GMT\r\nLast-Modified: Tue, 23 Jul 2024 06:29:18 GMT\r\nServer: ECAcc (ska/F775)\r\nX-Cache: HIT\r\nContent-Length: 471\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":471,"mime_type":"application/octet-stream","magic":"data","md5":"9c82334be1a4fdd59d84c6b793b3fa42","sha1":"bd0fb7bc6b8bd7eac5b2e2155e059b62b341c6d6","sha256":"6529792a9a851c3f6c4909e8f16f734e2821d3c786c5b553442d18dcf158fcf2","sha512":"60cf35db2b5479fb7005c4ebe52dcfbc6d92a998aacabc16f75be509178c2c494ac51cf599f1c4b232a7ad45b444822928c11d49ecc8c438a157e159aef477e8","ssdeep":"","tlshash":"6cf0dc4384c46be70b65c0ab18adeb2c311b89aa45976629901949e40c5937e7b38a52","first_seen":"2024-08-19T16:00:57.303699Z","last_seen":"2024-08-19T16:00:57.303699Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:49.052872994Z","timestamp":1721720209052,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"23A21016E52B76D94858B277E1A729969FC7F0F66B9212013F3B1CD64FC2591C\"\r\nLast-Modified: Sat, 20 Jul 2024 19:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7687\r\nExpires: Tue, 23 Jul 2024 09:44:56 GMT\r\nDate: Tue, 23 Jul 2024 07:36:49 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"abdbb83f974102baaaa6f77ee331d442","sha1":"053c22e9dce284413f8a2d4433748edbdd91b77b","sha256":"23a21016e52b76d94858b277e1a729969fc7f0f66b9212013f3b1cd64fc2591c","sha512":"85cd14104e12fb3b9b4a2142ca24510e72dc6896a00da0e5091e16d8135602b1675eb3a78231727c6a59b94465375203a116dddb7e523fa3ff120bb34dce589d","ssdeep":"","tlshash":"71f0cccb106a7f41df61161f30a4fa574c21ddf7301441c018d0c2e17440bcd1d4805c","first_seen":"2024-07-20T23:44:47Z","last_seen":"2024-08-19T16:14:21.244156Z","times_seen":15995,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-23T07:36:49.055501301Z","timestamp":1721720209055,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"23A21016E52B76D94858B277E1A729969FC7F0F66B9212013F3B1CD64FC2591C\"\r\nLast-Modified: Sat, 20 Jul 2024 19:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7687\r\nExpires: Tue, 23 Jul 2024 09:44:56 GMT\r\nDate: Tue, 23 Jul 2024 07:36:49 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"abdbb83f974102baaaa6f77ee331d442","sha1":"053c22e9dce284413f8a2d4433748edbdd91b77b","sha256":"23a21016e52b76d94858b277e1a729969fc7f0f66b9212013f3b1cd64fc2591c","sha512":"85cd14104e12fb3b9b4a2142ca24510e72dc6896a00da0e5091e16d8135602b1675eb3a78231727c6a59b94465375203a116dddb7e523fa3ff120bb34dce589d","ssdeep":"","tlshash":"71f0cccb106a7f41df61161f30a4fa574c21ddf7301441c018d0c2e17440bcd1d4805c","first_seen":"2024-07-20T23:44:47Z","last_seen":"2024-08-19T16:14:21.244156Z","times_seen":15995,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"update.csm.vcdn.vn/launcherupd/cfeapplt.exe","fqdn":"update.csm.vcdn.vn","domain":"vcdn.vn","tld":"vn"},"ip":{"addr":"118.69.83.91","port":0,"asn":18403,"as":"FPT Telecom Company","country":"Vietnam","country_code":"VN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-23T07:36:47.445Z","timestamp":1721720207445,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /launcherupd/cfeapplt.exe HTTP/1.1\r\nHost: update.csm.vcdn.vn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 23 Jul 2024 07:36:48 GMT\r\nContent-Type: application/x-msdownload\r\nContent-Length: 1554640\r\nConnection: keep-alive\r\nx-amz-meta-mtime: 1449053916\r\nLast-Modified: Thu, 06 Jul 2023 07:59:33 GMT\r\nx-amz-id-2: tx4a136c209989495dbbc05-006699360d\r\nx-amz-request-id: tx4a136c209989495dbbc05-006699360d\r\nX-Trans-Id: tx4a136c209989495dbbc05-006699360d\r\nX-Openstack-Request-Id: tx4a136c209989495dbbc05-006699360d\r\nACCESS-CONTROL-ALLOW-ORIGIN: *\r\nCache-Control: max-age=2592000\r\nX-Content-Type-Options: nosniff\r\nX-Cache: HIT\r\nX-Cache-Version: 0\r\nX-Request-time: 0.000\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1554640,"size_decoded":1554640,"mime_type":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections","md5":"2c6d7c726c7bb48588f832aacc9ef6c7","sha1":"6adc971376871d01e07a05c0fe2ec7e8f83d6c71","sha256":"736426660b23c91df4123f94cf30654ff2a6f4b91eba654c6b1921c449d0275c","sha512":"2a6756bf6052d30d45f59e30c12843cbf21d9e99377748285680cfcb21087175126a844ceff0ef1f6f7b7b111d27a427b139ea9d30e1ddb74406a754ed529f3f","ssdeep":"24576:9rkkiclImhkcYF5v/16b6bCmIwEGjWI+Zh7DhaO5PtkzrRBPNh7E:pcc2mhkcmF6bcCmhnjKaOt8HE","tlshash":"087533339ab48cb1cc1c8ffe79dbb31869ec3fa6b1255925552540d08a3ba5534cab0f","first_seen":"2023-09-05T01:20:42Z","last_seen":"2025-03-07T14:03:30.813104Z","times_seen":27,"resource_available":false,"data":null}},"time_used":505,"timings":{"blocked":505,"dns":0,"connect":255,"send":0,"wait":0,"receive":0,"ssl":263},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-23T07:36:49Z","timestamp":1721720209,"ip_dst":{"addr":"172.18.0.2","port":53876,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"118.69.83.91","port":80,"asn":18403,"as":"FPT Telecom Company","country":"Vietnam","country_code":"VN"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2024-07-23T07:36:49.349283+0000\",\"flow_id\":657926134981949,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"118.69.83.91\",\"src_port\":80,\"dest_ip\":\"172.18.0.2\",\"dest_port\":53876,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"update.csm.vcdn.vn\",\"url\":\"/launcherupd/cfeapplt.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/x-msdownload\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":40273},\"files\":[{\"filename\":\"/launcherupd/cfeapplt.exe\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":40273,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":31,\"bytes_toserver\":1785,\"bytes_toclient\":44026,\"start\":\"2024-07-23T07:36:48.484669+0000\"}}"}],"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-08-08","alert":"Scan result 1/70","trigger":"736426660b23c91df4123f94cf30654ff2a6f4b91eba654c6b1921c449d0275c","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/736426660b23c91df4123f94cf30654ff2a6f4b91eba654c6b1921c449d0275c","meta":null}],"urlquery":null}}]}