{"report_id":"cccf30d1-51ea-4c73-b9b3-f73a9f52050d","version":6,"status":"done","tags":[],"date":"2025-12-27T23:45:55Z","url":{"schema":"http","addr":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","fqdn":"filer.fss.or.kr","domain":"fss.or.kr","tld":"or.kr"},"ip":{"addr":"61.73.60.210","port":0,"asn":4766,"as":"Korea Telecom","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"884c8edb778dd55ef9d60d4a0ba8924a","sha1":"5140c39637f4c8cd953a2d4978cb95d3dc629311","sha256":"362a8b59fbbd71576a576d9e852b9384fe83c23a8daac2ab79d4b3304a0880ff","sha512":"846454abbe152ec5afc62294b2fd7c82834e6e79bb5ffc40ec905b2b1c5cc413ecfe0e22c7ef03b7c4cd1030d654b07ec83277e2ea3a67bb1f39efa3090c4e82","ssdeep":"","tlshash":"8c7156a514f0552714a383a5dd81bb1b9f827a07cf8c6a403b9f00f22f97d58886f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","fqdn":"filer.fss.or.kr","domain":"fss.or.kr","tld":"or.kr"},"ip":{"addr":"61.73.60.210","port":0,"asn":4766,"as":"Korea Telecom","country":"South Korea","country_code":"KR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-31T23:45:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-12-27","alert":"Detect files is `SliverFox` malware","trigger":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null},"summary":[{"fqdn":"filer.fss.or.kr","ip":{"addr":"61.73.60.210","port":443,"asn":4766,"as":"Korea Telecom","country":"South Korea","country_code":"KR"},"domain_registered":"1999-01-04","domain_rank":0,"first_seen":"2017-02-01T23:46:30Z","last_seen":"2025-07-17T02:39:56.7618Z","alert_count":1,"request_count":1,"received_data":15387777,"sent_data":521,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"eff6d19dd94eaf1eb8f23746bb8cc5a1","sha1":"a2c3ce8fe83b079f4f3eaa72d5ab08aef1973a98","sha256":"8130fbeb621224672739f14dda0c05a57d0c3f6742ed25531d2a2ad4ef703819","sha512":"7b61de8ebab88c5d4485ca1cc7314c256822bcb73c2de831f579f50559907ace52f0e4f76e3a9d0be507be8de28963ce3ec9de56a78c9f233282198b2ce57b14","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":15387512,"url":{"schema":"https","addr":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","fqdn":"filer.fss.or.kr","domain":"fss.or.kr","tld":"or.kr"},"ip":{"addr":"61.73.60.210","port":443,"asn":4766,"as":"Korea Telecom","country":"South Korea","country_code":"KR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-12-27","alert":"Detect files is `SliverFox` malware","trigger":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","fqdn":"filer.fss.or.kr","domain":"fss.or.kr","tld":"or.kr"},"ip":{"addr":"61.73.60.210","port":443,"asn":4766,"as":"Korea Telecom","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T23:45:31.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"filer.fss.or.kr","organization":"Financial Supervisory Service"},"issuer":{"commonName":"GlobalSign Extended Validation CA - SHA256 - G3","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Feb 2025 00:36:05 GMT","end":"Sat, 07 Mar 2026 00:36:04 GMT"},"fingerprint":{"sha1":"05:FC:82:61:68:1C:E4:B7:ED:C3:01:2A:20:8E:AC:1A:EA:62:C4:18","sha256":"EB:EE:3B:B7:BF:F7:9E:D9:AD:9D:D9:0C:71:2C:EF:20:71:57:33:87:63:DC:CD:E0:80:C8:CF:46:B3:E7:FC:27"}}},"request":{"raw":"GET /SW/initech/extension/down/INIS_EX.exe HTTP/1.1\r\nHost: filer.fss.or.kr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 27 Dec 2025 23:45:32 GMT\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=60\r\nETag: \"0-eacb78-5fed6ef4\"\r\nLast-Modified: Thu, 31 Dec 2020 06:25:56 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 15387512\r\nContent-Type: application/x-msdownload\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15387512,"size_decoded":0,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"eff6d19dd94eaf1eb8f23746bb8cc5a1","sha1":"a2c3ce8fe83b079f4f3eaa72d5ab08aef1973a98","sha256":"8130fbeb621224672739f14dda0c05a57d0c3f6742ed25531d2a2ad4ef703819","sha512":"7b61de8ebab88c5d4485ca1cc7314c256822bcb73c2de831f579f50559907ace52f0e4f76e3a9d0be507be8de28963ce3ec9de56a78c9f233282198b2ce57b14","ssdeep":"24576:iLz8ORelnBSqGNiN0k3iruKAJ0+o5dS6C:iLQOdhS0ii6J0+IIX","tlshash":"1e255a20eb2ec04bde485bfa348296fc6a5d9f24ec2649291d813fdcd035e4ef651939","first_seen":"2025-12-27T23:46:10.124451Z","last_seen":"2025-12-27T23:46:10.124451Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6413,"timings":{"blocked":1038,"dns":256,"connect":254,"send":0,"wait":264,"receive":4072,"ssl":525},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-12-27","alert":"Detect files is `SliverFox` malware","trigger":"filer.fss.or.kr/SW/initech/extension/down/INIS_EX.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}