{"report_id":"d85f6898-474d-4edb-8352-6ca8574b2d9c","version":6,"status":"done","tags":[],"date":"2024-10-09T02:56:50Z","url":{"schema":"http","addr":"123.11.240.106:56014/bin.sh","fqdn":"123.11.240.106","domain":"123.11.240.106","tld":""},"ip":{"addr":"123.11.240.106","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-20T08:43:26Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-10-07 19:37:44","alert_count":0,"request_count":4,"received_data":3549,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"123.11.240.106:56014","ip":{"addr":"123.11.240.106","port":56014,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":1,"received_data":135578,"sent_data":397,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-10-07 19:37:45","alert_count":0,"request_count":3,"received_data":2661,"sent_data":981,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"a73ddd6ec22462db955439f665cad4e6","sha1":"ac6962542a4b23ac13bddff22f8df9aeb702ef12","sha256":"b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605","sha512":"92a52f68a7324c4d5876e1f7e2cb87d14b8604b057ceee2e537815568faa96abf576a22111c5c976eff72ab9015f1261b2331d4b4d711f4e62c8eb403c2377aa","magic":"ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)","size":135472,"url":{"schema":"http","addr":"123.11.240.106:56014/bin.sh","fqdn":"123.11.240.106:56014","domain":"123.11.240.106","tld":"106:56014"},"ip":{"addr":"123.11.240.106","port":56014,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-10-09","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"123.11.240.106:56014/bin.sh","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-10-09","alert":"Linux.Packer.Patched_UPX","trigger":"123.11.240.106:56014/bin.sh","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-08","alert":"Scan result 42/59","trigger":"b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605","verdict":"malicious","severity":"","comment":"malicious - 42/59","link":"https://www.virustotal.com/gui/file/b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-10-09","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"123.11.240.106:56014/bin.sh","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-10-09","alert":"Linux.Packer.Patched_UPX","trigger":"123.11.240.106:56014/bin.sh","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-09","alert":"Sinkholed","trigger":"123.11.240.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:25.2344614Z","timestamp":1728442585234,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A4B45C1833F63C69B1847216D9DD0BBFC4F95F33501D88E7DC5555648F019595\"\r\nLast-Modified: Tue, 08 Oct 2024 12:10:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20181\r\nExpires: Wed, 09 Oct 2024 08:32:46 GMT\r\nDate: Wed, 09 Oct 2024 02:56:25 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"94a2d5e693f71770bd013db51ee0fbbe","sha1":"2f5b5bd658d11088f0599e5f244740d0d8667bea","sha256":"a4b45c1833f63c69b1847216d9dd0bbfc4f95f33501d88e7dc5555648f019595","sha512":"32b8c15712ad549dcea1ffd060533739fc24a5d0851a10fe5cb543964e9646064aaa57d08b011878392ce21417dfbe8876ddfd49ab231a0c27a6ccaae1e8ce0e","ssdeep":"","tlshash":"a2f005970bb17c0d5a3114023c1fc932aa59fefb310007b421c042e275276ed51c5048","first_seen":"2024-10-08T22:31:32Z","last_seen":"2024-10-11T08:46:35.594409Z","times_seen":2943,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:25.25730878Z","timestamp":1728442585257,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"86D583A273489C4B3D93BC10E3FA9718746BA439C1D88533F0177DEC4C7183CE\"\r\nLast-Modified: Tue, 08 Oct 2024 22:04:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4500\r\nExpires: Wed, 09 Oct 2024 04:11:25 GMT\r\nDate: Wed, 09 Oct 2024 02:56:25 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b5fba3de48fd6c409033029700670f78","sha1":"0e348372969c771ca1d5f0ae6a944eb21c7ede05","sha256":"86d583a273489c4b3d93bc10e3fa9718746ba439c1d88533f0177dec4c7183ce","sha512":"e42ce3cac91c3d76f32dc8bf1d879f58eddb75f7853e47d3dd3a8b488da45c306661c8da1ff42e218ae0a3ae2dfdf055d579e7df6d440f03324c696dad52766d","ssdeep":"","tlshash":"96f05c2705d1f0441bf406417d74eb5e5f34d7be3c456a503ce01bf5b4047dd8158854","first_seen":"2024-10-11T08:43:15.823987Z","last_seen":"2024-10-11T08:43:43.225467Z","times_seen":240,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:25.607396295Z","timestamp":1728442585607,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"B6DB380F5EEB73AA56ABF90AFA43B52CC9F51B01F33AD1EEFECCC473A41FFB86\"\r\nLast-Modified: Tue, 08 Oct 2024 11:18:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4523\r\nExpires: Wed, 09 Oct 2024 04:11:48 GMT\r\nDate: Wed, 09 Oct 2024 02:56:25 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"33985775df7b619cb33f4050d88c5fb9","sha1":"cf0b2ff92cd2f7e12ce788a164a73d75dea5da83","sha256":"b6db380f5eeb73aa56abf90afa43b52cc9f51b01f33ad1eefeccc473a41ffb86","sha512":"6bc0e873177bc8082b9b3d8fdb3e1c3d3b2adf2d27c0053919c540d80bdfffa7a6f41b0ea381ef7e077c08bbd371ab5a9cbae5cea92e4752c766d8ff25ddb8f5","ssdeep":"","tlshash":"81f07551c5b13da01bb01629d9a89003dd10cdfa14c05be451f443e23c02bfc468054c","first_seen":"2024-10-08T16:14:32Z","last_seen":"2024-10-11T08:49:31.751651Z","times_seen":5844,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:25.704090702Z","timestamp":1728442585704,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"AF0C2421D7AF6507EB62DFA55B8DD2C1F969CA02692E89D3BF841CB42430EBE1\"\r\nLast-Modified: Tue, 08 Oct 2024 12:40:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2981\r\nExpires: Wed, 09 Oct 2024 03:46:06 GMT\r\nDate: Wed, 09 Oct 2024 02:56:25 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ee8a3075e7c2e453a0e7ecb6d0ffb710","sha1":"8207b3beb4c30142e41563a15cc410ecab5f61a8","sha256":"af0c2421d7af6507eb62dfa55b8dd2c1f969ca02692e89d3bf841cb42430ebe1","sha512":"b5680c001311a9376e2f7c022338b8eb243bbb2fb53380a584e688af1166a84e7a5a54232b3a512f486cf484b951cd675701b6806c51738eab014911c2fc68d4","ssdeep":"","tlshash":"a5f00e921aa1bd007eb31e7238bec4411f62f8af34701ba664d01381a84fbf92bc418c","first_seen":"2024-10-09T00:34:34Z","last_seen":"2024-10-11T08:45:45.053245Z","times_seen":1876,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"123.11.240.106:56014/bin.sh","fqdn":"123.11.240.106:56014","domain":"123.11.240.106","tld":"106:56014"},"ip":{"addr":"123.11.240.106","port":56014,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-09T02:56:25.726Z","timestamp":1728442585726,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /bin.sh HTTP/1.1\r\nHost: 123.11.240.106:56014\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Length: 135472\r\nConnection: close\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":135472,"size_decoded":135472,"mime_type":"application/zip","magic":"ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)","md5":"a73ddd6ec22462db955439f665cad4e6","sha1":"ac6962542a4b23ac13bddff22f8df9aeb702ef12","sha256":"b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605","sha512":"92a52f68a7324c4d5876e1f7e2cb87d14b8604b057ceee2e537815568faa96abf576a22111c5c976eff72ab9015f1261b2331d4b4d711f4e62c8eb403c2377aa","ssdeep":"3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPtoM:2IIKXhZtL7jOTyIG87Xl","tlshash":"79d312b3c639e3eaf471e4b0b66c23cc101462d9c958baa0774c54661b5439b1b6f3db","first_seen":"2023-05-05T16:15:58Z","last_seen":"2026-06-04T18:35:13.933681Z","times_seen":60575,"resource_available":true,"data":null}},"time_used":1558,"timings":{"blocked":255,"dns":0,"connect":256,"send":0,"wait":258,"receive":788,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-10-09","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"123.11.240.106:56014/bin.sh","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-10-09","alert":"Linux.Packer.Patched_UPX","trigger":"123.11.240.106:56014/bin.sh","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-09","alert":"Sinkholed","trigger":"123.11.240.106","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-08","alert":"Scan result 42/59","trigger":"b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605","verdict":"malicious","severity":"","comment":"malicious - 42/59","link":"https://www.virustotal.com/gui/file/b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:27.699186082Z","timestamp":1728442587699,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9165\r\nExpires: Wed, 09 Oct 2024 05:29:12 GMT\r\nDate: Wed, 09 Oct 2024 02:56:27 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:27.700214862Z","timestamp":1728442587700,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9165\r\nExpires: Wed, 09 Oct 2024 05:29:12 GMT\r\nDate: Wed, 09 Oct 2024 02:56:27 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-09T02:56:27.701124203Z","timestamp":1728442587701,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9165\r\nExpires: Wed, 09 Oct 2024 05:29:12 GMT\r\nDate: Wed, 09 Oct 2024 02:56:27 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}