{"report_id":"f29fbd17-0612-4501-8221-cebcd14bdf2e","version":6,"status":"done","tags":[],"date":"2024-09-01T03:19:20Z","url":{"schema":"http","addr":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","fqdn":"cdn6.filehaus.su","domain":"filehaus.su","tld":"su"},"ip":{"addr":"94.177.106.193","port":0,"asn":9050,"as":"Orange Romania Communication S.A","country":"Romania","country_code":"RO"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-29T20:07:32Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-31 18:12:11","alert_count":0,"request_count":4,"received_data":3548,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn6.filehaus.su","ip":{"addr":"94.177.106.193","port":443,"asn":9050,"as":"Orange Romania Communication S.A","country":"Romania","country_code":"RO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":1,"received_data":864573,"sent_data":513,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"7ecfc8cd7455dd9998f7dad88f2a8a9d","sha1":"1751d9389adb1e7187afa4938a3559e58739dce6","sha256":"2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e","sha512":"cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":864317,"url":{"schema":"https","addr":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","fqdn":"cdn6.filehaus.su","domain":"filehaus.su","tld":"su"},"ip":{"addr":"94.177.106.193","port":443,"asn":9050,"as":"Orange Romania Communication S.A","country":"Romania","country_code":"RO"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-01","alert":"meth_get_eip","trigger":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-09-01","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-31","alert":"Scan result 2/74","trigger":"2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e","verdict":"suspicious","severity":"","comment":"suspicious - 2/74","link":"https://www.virustotal.com/gui/file/2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-01","alert":"meth_get_eip","trigger":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-09-01","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-01T03:18:54.130100316Z","timestamp":1725160734130,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F6FC34ACB6B2D60BB37DD5CAF92B0988CDD52927D80D1F5E7BC23B7DB9E8209A\"\r\nLast-Modified: Sat, 31 Aug 2024 00:20:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2310\r\nExpires: Sun, 01 Sep 2024 03:57:24 GMT\r\nDate: Sun, 01 Sep 2024 03:18:54 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"404e3e4520c09fcce1358b1a21f6b171","sha1":"040aa03460f3d7ec6f75cae0bf5a462a4bb9798d","sha256":"f6fc34acb6b2d60bb37dd5caf92b0988cdd52927d80d1f5e7bc23b7db9e8209a","sha512":"c6aeb0600af58d7b976deb390ccb1c0859bc7c7ab55009bb167c7045d9e3cf01720a61fde3cb6ece0776bf36becf6e8002e7cfb6740be1d0526213a3a08b2598","ssdeep":"","tlshash":"32f00ee1022efe41daf651021fa4f81a2f327eff394409f1054016923404ffd8a05094","first_seen":"2024-08-31T02:24:41Z","last_seen":"2024-09-20T20:16:30.159732Z","times_seen":36159,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-01T03:18:54.434516775Z","timestamp":1725160734434,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F348AFFACF8E814C579FF56D592287275DCF79E2F55F1D041921833D730D2349\"\r\nLast-Modified: Sat, 31 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6925\r\nExpires: Sun, 01 Sep 2024 05:14:19 GMT\r\nDate: Sun, 01 Sep 2024 03:18:54 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"231aa156f55dd8497dca6a2066312be3","sha1":"741432c8275492eb38bba5d0841685dc4f864fee","sha256":"f348affacf8e814c579ff56d592287275dcf79e2f55f1d041921833d730d2349","sha512":"55246c200dfe81e5fdeb1dcfcd16e969e9a425860bf47f2cf5f9c8554e2e77361a6bb81c8185d3f361c0fff3ec5272451f83c73b13125c28e6e7995e5f1b7eb1","ssdeep":"","tlshash":"f9f0050517bc6910feac14755ab5d51d9d10adfe307500c454e045e0b501be71e1456c","first_seen":"2024-08-31T07:59:12Z","last_seen":"2024-09-20T20:16:30.160355Z","times_seen":25067,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-01T03:18:54.74189876Z","timestamp":1725160734741,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0D414ED4850119C53FAE9DDD19EE1DD95783FD08F7389C3E8EC95215023E298E\"\r\nLast-Modified: Sat, 31 Aug 2024 02:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7160\r\nExpires: Sun, 01 Sep 2024 05:18:14 GMT\r\nDate: Sun, 01 Sep 2024 03:18:54 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"9d2c063731a46a7e1548540195080de0","sha1":"dd1924ebf7697509a10f3f07604f28f96b4fc498","sha256":"0d414ed4850119c53fae9ddd19ee1dd95783fd08f7389c3e8ec95215023e298e","sha512":"44460d78dff1f776757236ec07d15d80a7c84d3d5de93bd9729e489227c22657121283b1bf5f7410d78726c5ce2b0b4ccb409d4a0de7efeb3ceb023737d6dae9","ssdeep":"","tlshash":"65f00e2a26d6f4009da81021aeecc11e5810bfae3ca498b328a141e2b481fed4c7540d","first_seen":"2024-08-31T08:13:43.830613Z","last_seen":"2024-09-20T20:16:30.160771Z","times_seen":27687,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-01T03:18:54.779165091Z","timestamp":1725160734779,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"7DDBB208BE6D8391D52CFBC39444A2325706573D453BB9019603C2BFB4545098\"\r\nLast-Modified: Sat, 31 Aug 2024 03:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9213\r\nExpires: Sun, 01 Sep 2024 05:52:27 GMT\r\nDate: Sun, 01 Sep 2024 03:18:54 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"9e84a67edc95e6318f9e7b498786b0a7","sha1":"47d992694325ad03478af92ed4a583c017c53b4b","sha256":"7ddbb208be6d8391d52cfbc39444a2325706573d453bb9019603c2bfb4545098","sha512":"2de1188a5216271d7d78ebef40f8c35da7103ee575c21a8a01fb6ecb5d0adc6bf579bfc3ff7b2f3a7f8ac7aa46d1343d30547cecd4c8974851654abbe2a58327","ssdeep":"","tlshash":"92f0055326ec7d016ead4452e9b1f2218f206ced39a458e56b844260382e7b519020dd","first_seen":"2024-09-20T20:07:35.042054Z","last_seen":"2024-09-20T20:07:35.042054Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","fqdn":"cdn6.filehaus.su","domain":"filehaus.su","tld":"su"},"ip":{"addr":"94.177.106.193","port":443,"asn":9050,"as":"Orange Romania Communication S.A","country":"Romania","country_code":"RO"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-01T03:18:54.654Z","timestamp":1725160734654,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn6.filehaus.su","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Jul 2024 19:05:57 GMT","end":"Tue, 08 Oct 2024 19:05:56 GMT"},"fingerprint":{"sha1":"4F:30:20:80:4F:6F:2A:86:83:B7:53:58:E3:B4:09:4B:E6:F1:E0:F5","sha256":"AC:D1:D9:82:9A:8F:41:14:EB:5D:65:B6:A4:0D:0B:F3:E1:ED:EA:D0:55:FD:81:36:46:0D:8A:2D:69:17:D9:8F"}}},"request":{"raw":"GET /files/1725037836_63906/AutoClicker-3.0.exe HTTP/1.1\r\nHost: cdn6.filehaus.su\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Sun, 01 Sep 2024 03:18:54 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 864317\r\nLast-Modified: Fri, 30 Aug 2024 17:10:36 GMT\r\nConnection: keep-alive\r\nETag: \"66d1fd0c-d303d\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":864317,"size_decoded":864317,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","md5":"7ecfc8cd7455dd9998f7dad88f2a8a9d","sha1":"1751d9389adb1e7187afa4938a3559e58739dce6","sha256":"2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e","sha512":"cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d","ssdeep":"12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG","tlshash":"0805bf11b2d680b5df9635f01536e316ab357d196222ce8797f03e628e30193de263af","first_seen":"2023-04-22T19:01:22Z","last_seen":"2025-11-07T04:37:41.277776Z","times_seen":532,"resource_available":false,"data":null}},"time_used":751,"timings":{"blocked":183,"dns":1,"connect":53,"send":0,"wait":106,"receive":272,"ssl":133},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-01","alert":"meth_get_eip","trigger":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-09-01","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"cdn6.filehaus.su/files/1725037836_63906/AutoClicker-3.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-31","alert":"Scan result 2/74","trigger":"2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e","verdict":"suspicious","severity":"","comment":"suspicious - 2/74","link":"https://www.virustotal.com/gui/file/2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e","meta":null}],"urlquery":null}}]}