{"report_id":"d9e7fd04-1290-41f6-bf7d-b9ce8bc7ee3d","version":6,"status":"done","tags":[],"date":"2024-11-29T21:00:46Z","url":{"schema":"http","addr":"117.209.94.62:38947/i","fqdn":"117.209.94.62","domain":"117.209.94.62","tld":""},"ip":{"addr":"117.209.94.62","port":0,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":["urlhaus"],"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T21:00:46Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"117.209.94.62","ip":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":10,"request_count":1,"received_data":308066,"sent_data":391,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"106a736477f5e6efc07bdea0249986f9","sha1":"b8cb63180aad940b1356e310e9bcbfee30a028b5","sha256":"e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","sha512":"85892182987a55f12a295c6bca9a4eb104b0a1c6c42670fa1b3ba274bfc7a3f2d522daea0022c09181c57cc1024ea21812300f189ef707e2dd66f775adbf3576","magic":"ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)","size":307960,"url":{"schema":"http","addr":"117.209.94.62:38947/i","fqdn":"117.209.94.62","domain":"117.209.94.62","tld":""},"ip":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2019-10-28","description":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","modified":"2022-05-13","reference":"https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()","rule":"SUSP_XORed_Mozilla","score":"65"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects multiple Mirai variants","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-08-09","description":"Detects multiple Mirai variants","malpedia_family":"elf.mirai","rule":"ELF_Mirai","yarahub_author_twitter":"@NDA0E","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7f5d67a7309d7ff399247f1c43a92ad4","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"386c1b6c-c5f9-4a9c-a83f-1f940f4d2c2e"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects Generic ShellScript Downloader","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-07-14","description":"Detects Generic ShellScript Downloader","rule":"ShellScript_Downloader","yarahub_license":"CC0 1.0","yarahub_reference_md5":"95cde598a6595a248fdf56d674a5dc79","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a41413f4-bbec-4952-8010-57d0e869dbf7"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Packer.Patched_UPX","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8","id":"5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_5c62e6b2","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b","id":"77137320-6c7e-4bb8-81a4-bd422049c309","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_77137320","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea","id":"ac253e4f-b628-4dd0-91f1-f19099286992","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_ac253e4f","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-13","alert":"Scan result 47/65","trigger":"e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","verdict":"malicious","severity":"","comment":"malicious - 47/65","link":"https://www.virustotal.com/gui/file/e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"106a736477f5e6efc07bdea0249986f9","sha1":"b8cb63180aad940b1356e310e9bcbfee30a028b5","sha256":"e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","sha512":"85892182987a55f12a295c6bca9a4eb104b0a1c6c42670fa1b3ba274bfc7a3f2d522daea0022c09181c57cc1024ea21812300f189ef707e2dd66f775adbf3576","magic":"ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)","size":307960,"url":{"schema":"http","addr":"117.209.94.62:38947/i","fqdn":"117.209.94.62","domain":"117.209.94.62","tld":""},"ip":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2019-10-28","description":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","modified":"2022-05-13","reference":"https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()","rule":"SUSP_XORed_Mozilla","score":"65"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects multiple Mirai variants","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-08-09","description":"Detects multiple Mirai variants","malpedia_family":"elf.mirai","rule":"ELF_Mirai","yarahub_author_twitter":"@NDA0E","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7f5d67a7309d7ff399247f1c43a92ad4","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"386c1b6c-c5f9-4a9c-a83f-1f940f4d2c2e"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects Generic ShellScript Downloader","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-07-14","description":"Detects Generic ShellScript Downloader","rule":"ShellScript_Downloader","yarahub_license":"CC0 1.0","yarahub_reference_md5":"95cde598a6595a248fdf56d674a5dc79","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a41413f4-bbec-4952-8010-57d0e869dbf7"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Packer.Patched_UPX","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8","id":"5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_5c62e6b2","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b","id":"77137320-6c7e-4bb8-81a4-bd422049c309","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_77137320","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea","id":"ac253e4f-b628-4dd0-91f1-f19099286992","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_ac253e4f","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-13","alert":"Scan result 47/65","trigger":"e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","verdict":"malicious","severity":"","comment":"malicious - 47/65","link":"https://www.virustotal.com/gui/file/e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:00:25Z","timestamp":1732914025,"ip_dst":{"addr":"172.18.0.4","port":60050,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T21:00:25.359547+0000\",\"flow_id\":705537153302423,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"117.209.94.62\",\"src_port\":38947,\"dest_ip\":\"172.18.0.4\",\"dest_port\":60050,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"117.209.94.62\",\"http_port\":38947,\"url\":\"/i\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2816},\"files\":[{\"filename\":\"/i\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2816,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":945,\"bytes_toclient\":4736,\"start\":\"2024-11-29T21:00:21.655255+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:00:26Z","timestamp":1732914026,"ip_dst":{"addr":"172.18.0.4","port":60050,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T21:00:26.906495+0000\",\"flow_id\":705537153302423,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"117.209.94.62\",\"src_port\":38947,\"dest_ip\":\"172.18.0.4\",\"dest_port\":60050,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"117.209.94.62\",\"http_port\":38947,\"url\":\"/i\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":232320},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":113,\"pkts_toclient\":169,\"bytes_toserver\":7875,\"bytes_toclient\":244998,\"start\":\"2024-11-29T21:00:21.655255+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:00:26Z","timestamp":1732914026,"ip_dst":{"addr":"172.18.0.4","port":60050,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T21:00:26.906574+0000\",\"flow_id\":705537153302423,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"117.209.94.62\",\"src_port\":38947,\"dest_ip\":\"172.18.0.4\",\"dest_port\":60050,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"117.209.94.62\",\"http_port\":38947,\"url\":\"/i\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":235136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":114,\"pkts_toclient\":171,\"bytes_toserver\":7941,\"bytes_toclient\":247946,\"start\":\"2024-11-29T21:00:21.655255+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:00:26Z","timestamp":1732914026,"ip_dst":{"addr":"172.18.0.4","port":60050,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T21:00:26.907321+0000\",\"flow_id\":705537153302423,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"117.209.94.62\",\"src_port\":38947,\"dest_ip\":\"172.18.0.4\",\"dest_port\":60050,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"117.209.94.62\",\"http_port\":38947,\"url\":\"/i\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":239360},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":115,\"pkts_toclient\":174,\"bytes_toserver\":8007,\"bytes_toclient\":252368,\"start\":\"2024-11-29T21:00:21.655255+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:00:26Z","timestamp":1732914026,"ip_dst":{"addr":"172.18.0.4","port":60050,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T21:00:26.908293+0000\",\"flow_id\":705537153302423,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"117.209.94.62\",\"src_port\":38947,\"dest_ip\":\"172.18.0.4\",\"dest_port\":60050,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"117.209.94.62\",\"http_port\":38947,\"url\":\"/i\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":246400},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":116,\"pkts_toclient\":179,\"bytes_toserver\":8073,\"bytes_toclient\":259738,\"start\":\"2024-11-29T21:00:21.655255+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:00:27Z","timestamp":1732914027,"ip_dst":{"addr":"172.18.0.4","port":60050,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T21:00:27.123649+0000\",\"flow_id\":705537153302423,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"117.209.94.62\",\"src_port\":38947,\"dest_ip\":\"172.18.0.4\",\"dest_port\":60050,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"117.209.94.62\",\"http_port\":38947,\"url\":\"/i\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":254848},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":117,\"pkts_toclient\":185,\"bytes_toserver\":8139,\"bytes_toclient\":268582,\"start\":\"2024-11-29T21:00:21.655255+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2019-10-28","description":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","modified":"2022-05-13","reference":"https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()","rule":"SUSP_XORed_Mozilla","score":"65"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects multiple Mirai variants","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-08-09","description":"Detects multiple Mirai variants","malpedia_family":"elf.mirai","rule":"ELF_Mirai","yarahub_author_twitter":"@NDA0E","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7f5d67a7309d7ff399247f1c43a92ad4","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"386c1b6c-c5f9-4a9c-a83f-1f940f4d2c2e"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects Generic ShellScript Downloader","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-07-14","description":"Detects Generic ShellScript Downloader","rule":"ShellScript_Downloader","yarahub_license":"CC0 1.0","yarahub_reference_md5":"95cde598a6595a248fdf56d674a5dc79","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a41413f4-bbec-4952-8010-57d0e869dbf7"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Packer.Patched_UPX","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8","id":"5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_5c62e6b2","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b","id":"77137320-6c7e-4bb8-81a4-bd422049c309","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_77137320","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea","id":"ac253e4f-b628-4dd0-91f1-f19099286992","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_ac253e4f","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-29","alert":"Sinkholed","trigger":"117.209.94.62","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"117.209.94.62:38947/i","fqdn":"117.209.94.62","domain":"117.209.94.62","tld":""},"ip":{"addr":"117.209.94.62","port":38947,"asn":9829,"as":"National Internet Backbone","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T21:00:21.407Z","timestamp":1732914021407,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /i HTTP/1.1\r\nHost: 117.209.94.62:38947\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Length: 307960\r\nConnection: close\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":307960,"size_decoded":307960,"mime_type":"application/zip","magic":"ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV)","md5":"106a736477f5e6efc07bdea0249986f9","sha1":"b8cb63180aad940b1356e310e9bcbfee30a028b5","sha256":"e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","sha512":"85892182987a55f12a295c6bca9a4eb104b0a1c6c42670fa1b3ba274bfc7a3f2d522daea0022c09181c57cc1024ea21812300f189ef707e2dd66f775adbf3576","ssdeep":"6144:p3lOYoaja8xzx/0wsxzSigabE5wKSDP99zBa77oNsKqqfPqOJ:p1CG/jsxzXgabEDSDP99zBa/HKqoPqOJ","tlshash":"8a64d08aee01af21e9c125bafe5f034973634b6cd3ebb011ea20872537ca55b4f76045","first_seen":"2023-05-09T23:55:48Z","last_seen":"2026-03-27T04:55:41.831515Z","times_seen":177,"resource_available":true,"data":null}},"time_used":9461,"timings":{"blocked":3514,"dns":0,"connect":3516,"send":0,"wait":220,"receive":2211,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-11-29","alert":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2019-10-28","description":"Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.","modified":"2022-05-13","reference":"https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()","rule":"SUSP_XORed_Mozilla","score":"65"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects multiple Mirai variants","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-08-09","description":"Detects multiple Mirai variants","malpedia_family":"elf.mirai","rule":"ELF_Mirai","yarahub_author_twitter":"@NDA0E","yarahub_license":"CC0 1.0","yarahub_reference_md5":"7f5d67a7309d7ff399247f1c43a92ad4","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"386c1b6c-c5f9-4a9c-a83f-1f940f4d2c2e"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-11-29","alert":"Detects Generic ShellScript Downloader","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"NDA0E","date":"2024-07-14","description":"Detects Generic ShellScript Downloader","rule":"ShellScript_Downloader","yarahub_license":"CC0 1.0","yarahub_reference_md5":"95cde598a6595a248fdf56d674a5dc79","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a41413f4-bbec-4952-8010-57d0e869dbf7"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Packer.Patched_UPX","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"39501003c45c89d6a08f71fbf9c442bcc952afc5f1a1eb7b5af2d4b7633698a8","id":"5c62e6b2-9f6a-4c6d-b3fc-c6cbc8cf0b4b","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_5c62e6b2","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"afeedf7fb287320c70a2889f43bc36a3047528204e1de45c4ac07898187d136b","id":"77137320-6c7e-4bb8-81a4-bd422049c309","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_77137320","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-11-29","alert":"Linux.Trojan.Mirai","trigger":"117.209.94.62:38947/i","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-01-12","fingerprint":"e2eee1f72b8c2dbf68e57b721c481a5cd85296e844059decc3548e7a6dc28fea","id":"ac253e4f-b628-4dd0-91f1-f19099286992","last_modified":"2021-09-16","license":"Elastic License v2","os":"linux","reference_sample":"91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9","rule":"Linux_Trojan_Mirai_ac253e4f","scan_context":"file, memory","severity":"100","threat_name":"Linux.Trojan.Mirai"}},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-29","alert":"Sinkholed","trigger":"117.209.94.62","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-13","alert":"Scan result 47/65","trigger":"e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","verdict":"malicious","severity":"","comment":"malicious - 47/65","link":"https://www.virustotal.com/gui/file/e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73","meta":null}],"urlquery":null}}]}