{"report_id":"bf08e285-70c7-4046-ac05-93d25c029151","version":6,"status":"done","tags":[],"date":"2024-04-29T13:18:36Z","url":{"schema":"http","addr":"www.wireless.bris.ac.uk/software-archive/eap/eduroam-win8.exe","fqdn":"www.wireless.bris.ac.uk","domain":"bris.ac.uk","tld":"ac.uk"},"ip":{"addr":"137.222.8.51","port":0,"asn":786,"as":"Jisc Services Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T18:16:27Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.wireless.bris.ac.uk","ip":{"addr":"137.222.8.51","port":443,"asn":786,"as":"Jisc Services Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2015-01-05 18:12:34","last_seen":"2023-11-02 01:11:14","alert_count":2,"request_count":1,"received_data":195824,"sent_data":515,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"c6768f5de0b7c7912048e890620162d9","sha1":"505dc3a57e862ced5a8f4723593972cc2bb261a7","sha256":"f0e9fb4817c8f8245b0d15c89c2b022bfb50ad596ab430abd80a45e4a590aaf4","sha512":"da1b97c1813703ea8a3c5a81d6f57a4aa97f73a4b9cdd53a02af9776b7028a61ac5a447bfb162aa4050cd2bace7f600b2c08cb62e00e904c2b8438ea9b20290b","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":195456,"url":{"schema":"https","addr":"www.wireless.bris.ac.uk/software-archive/eap/eduroam-win8.exe","fqdn":"www.wireless.bris.ac.uk","domain":"bris.ac.uk","tld":"ac.uk"},"ip":{"addr":"137.222.8.51","port":443,"asn":786,"as":"Jisc Services Limited","country":"United Kingdom","country_code":"GB"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-04-29","alert":"Detect files is `SliverFox` malware","trigger":"www.wireless.bris.ac.uk/software-archive/eap/eduroam-win8.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-23","alert":"Scan result 2/70","trigger":"f0e9fb4817c8f8245b0d15c89c2b022bfb50ad596ab430abd80a45e4a590aaf4","verdict":"suspicious","severity":"","comment":"suspicious - 2/70","link":"https://www.virustotal.com/gui/file/f0e9fb4817c8f8245b0d15c89c2b022bfb50ad596ab430abd80a45e4a590aaf4","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-04-29","alert":"Detect files is `SliverFox` malware","trigger":"www.wireless.bris.ac.uk/software-archive/eap/eduroam-win8.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.wireless.bris.ac.uk/software-archive/eap/eduroam-win8.exe","fqdn":"www.wireless.bris.ac.uk","domain":"bris.ac.uk","tld":"ac.uk"},"ip":{"addr":"137.222.8.51","port":443,"asn":786,"as":"Jisc Services Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-04-29T13:18:11.524Z","timestamp":1714396691524,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.wireless.bris.ac.uk","organization":"University of Bristol"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 12 Sep 2023 00:00:00 GMT","end":"Wed, 11 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"BE:C4:FF:10:F4:BB:6D:6B:C5:1F:1C:0B:02:95:9A:78:3B:EF:7F:86","sha256":"EA:CE:5E:1A:44:5F:C7:8A:31:C4:34:E7:6F:38:05:8A:56:EF:79:DF:73:A4:3B:19:48:9E:D7:65:19:66:26:92"}}},"request":{"raw":"GET /software-archive/eap/eduroam-win8.exe HTTP/1.1\r\nHost: www.wireless.bris.ac.uk\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Apr 2024 13:18:11 GMT\r\nServer: Apache/2.4.6 (CentOS)\r\nAccept-Ranges: bytes\r\nContent-Length: 195456\r\nX-UA-Compatible: IE=edge\r\nCache-Control: no-cache,no-store, no-cache,no-store,must-revalidate\r\nPragma: no-cache, no-cache\r\nExpires: -1, -1\r\nKeep-Alive: timeout=15, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/octet-stream\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":195456,"size_decoded":195456,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"c6768f5de0b7c7912048e890620162d9","sha1":"505dc3a57e862ced5a8f4723593972cc2bb261a7","sha256":"f0e9fb4817c8f8245b0d15c89c2b022bfb50ad596ab430abd80a45e4a590aaf4","sha512":"da1b97c1813703ea8a3c5a81d6f57a4aa97f73a4b9cdd53a02af9776b7028a61ac5a447bfb162aa4050cd2bace7f600b2c08cb62e00e904c2b8438ea9b20290b","ssdeep":"3072:IQIURTXJMzzBQZsetdB7CzBOBpDzov7ztao8cSlV218Ar3/1uSF:IsK/4setQBOBpwNJ8rlEL/gSF","tlshash":"a814f14312b094e3e465de7c12be9a12cf7e6e705e63552b57907b8c0fb53b2983c24a","first_seen":"2024-08-20T01:59:42.381983Z","last_seen":"2024-08-20T01:59:42.630753Z","times_seen":2,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":93,"dns":1,"connect":27,"send":0,"wait":28,"receive":85,"ssl":65},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-04-29","alert":"Detect files is `SliverFox` malware","trigger":"www.wireless.bris.ac.uk/software-archive/eap/eduroam-win8.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-23","alert":"Scan result 2/70","trigger":"f0e9fb4817c8f8245b0d15c89c2b022bfb50ad596ab430abd80a45e4a590aaf4","verdict":"suspicious","severity":"","comment":"suspicious - 2/70","link":"https://www.virustotal.com/gui/file/f0e9fb4817c8f8245b0d15c89c2b022bfb50ad596ab430abd80a45e4a590aaf4","meta":null}],"urlquery":null}}]}