Automated Malware Analysis Report For

Total Page:16

File Type:pdf, Size:1020Kb

Automated Malware Analysis Report For ID: 294294 Cookbook: browseurl.jbs Time: 08:08:43 Date: 07/10/2020 Version: 30.0.0 Red Diamond Table of Contents Table of Contents 2 Analysis Report https://mms6.yshua.co.za/ 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 9 Public 10 General Information 10 Simulations 11 Behavior and APIs 11 Joe Sandbox View / Context 11 IPs 12 Domains 12 ASN 12 JA3 Fingerprints 12 Dropped Files 12 Created / dropped Files 12 Static File Info 42 No static file info 42 Network Behavior 42 TCP Packets 42 DNS Queries 43 DNS Answers 44 HTTP Request Dependency Graph 44 Code Manipulations 44 Statistics 44 Behavior 44 System Behavior 44 Analysis Process: iexplore.exe PID: 6600 Parent PID: 792 45 General 45 File Activities 45 Registry Activities 45 Analysis Process: iexplore.exe PID: 6644 Parent PID: 6600 45 General 45 Copyright null 2020 Page 2 of 46 File Activities 45 Registry Activities 46 Disassembly 46 Copyright null 2020 Page 3 of 46 Analysis Report https://mms6.yshua.co.za/ Overview General Information Detection Signatures Classification Sample URL: https://mms6.yshua. co.za/ HHTTMLL tttiiitttlllee ddooeess nnoottt maatttcchh UURRLL Analysis ID: 294294 HTML title does not match URL Most interesting Screenshot: Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss Score: 0 suspicious cccllleeaann Range: 0 - 100 clean Exploiter Banker Whitelisted: false Confidence: 80% Spyware Trojan / Bot Adware Startup System is w10x64 iexplore.exe (PID: 6600 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 6644 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6600 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview No Sigma rule has matched Signature Overview Copyright null 2020 Page 4 of 46 • Phishing • Networking • System Summary • Malware Analysis System Evasion Click to jump to signature section There are no malicious signatures, click here to show all signatures . Mitre Att&ck Matrix Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS Security Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Software Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS File and Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Directory Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery 1 Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 2 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 3 Location Cloud Data Drive Backups Local At (Windows) Logon Script Logon Binary Padding NTDS System Distributed Input Scheduled Ingress SIM Card Carrier Accounts (Mac) Script Network Component Capture Transfer Tool Swap Billing (Mac) Configuration Object Model Transfer 1 Fraud Discovery Behavior Graph Copyright null 2020 Page 5 of 46 Hide Legend Behavior Graph Legend: ID: 294294 Process URL: https://mms6.yshua.co.za/ Signature Startdate: 07/10/2020 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped Is Windows Process Number of created Registry Values mms6.yshua.co.za started Number of created Files Visual Basic Delphi iexplore.exe Java .Net C# or VB.NET C, C++ or other language 2 84 Is malicious Internet started iexplore.exe 6 182 www-php-net.ax4z.com mms6.yshua.co.za 185.85.0.29 51.89.237.153, 443, 49712, 49713 4 other IPs or domains SOPRADO-ANYDE OVHFR Germany France Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright null 2020 Page 6 of 46 Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link https://mms6.yshua.co.za/ 0% Virustotal Browse https://mms6.yshua.co.za/ 0% Avira URL Cloud safe Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link www-php-net.ax4z.com 0% Virustotal Browse URLs Source Detection Scanner Label Link startbootstrap.com) 0% Avira URL Cloud safe getbootstrap.com) 0% Avira URL Cloud safe Copyright null 2020 Page 7 of 46 Source Detection Scanner Label Link https://harmonizely.com/phplist-hosted/ 0% Avira URL Cloud safe fontello.comFont 0% URL Reputation safe fontello.comFont 0% URL Reputation safe fontello.comFont 0% URL Reputation safe https://harmonizely.com/phplist-hosted/demo 0% Avira URL Cloud safe www.codrops.com 0% Avira URL Cloud safe Domains and IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation www.phplist.com 198.58.126.42 true false high www-php-net.ax4z.com 185.85.0.29 true false 0%, Virustotal, Browse unknown fontawesome-cdn.fonticons.netdna-cdn.com 23.111.9.35 true false high mms6.yshua.co.za 51.89.237.153 true false high use.fontawesome.com unknown unknown false high www.php.net unknown unknown false high Contacted URLs Name Malicious Antivirus Detection Reputation https://mms6.yshua.co.za/ false high https://mms6.yshua.co.za/?p=unsubscribe false high www.php.net/ false high https://www.php.net/ false high https://www.phplist.com/poweredby false high https://www.phplist.com/ false high www.phplist.com/ false high https://mms6.yshua.co.za/?p=subscribe false high phplist.com/ false high www.mysql.com/ false high URLs from Memory and Binaries Name Source Malicious Antivirus Detection Reputation B21T2WDW.htm.2.dr false high https://mycyberuniverse.com/images/elements/flags/square/en -gb.png fontawesome.io font-awesome.min[1].css.2.dr false high https://www.phplist.com/knowledgebase/eu-gdpr/ B21T2WDW.htm.2.dr false high https://www.phplist.com/ ~DFB8FF40DA42A368D5.TMP.1.dr false high https://t.me/phplist B21T2WDW.htm.2.dr false high tinyurl.com/executeFunctionByName jqBootstrapValidation[1].js.2.dr false high https://phplist.com/knowledgebase B21T2WDW.htm.2.dr false high https://www.php.net/favicon.ico6 imagestore.dat.2.dr false high phplist.com/ ~DFB8FF40DA42A368D5.TMP.1.dr false high www.amazon.com/ msapplication.xml.1.dr false high python.org cached[1].js0.2.dr false high https://phplist.com/blog B21T2WDW.htm.2.dr false high https://news.hosted.phplist.com/lists/? B21T2WDW.htm.2.dr false high p=asubscribe&id=2 www.twitter.com/ msapplication.xml5.1.dr false high B21T2WDW.htm.2.dr false high https://mycyberuniverse.com/images/elements/flags/square/ru. png startbootstrap.com) agency[1].js.2.dr false Avira URL Cloud: safe low https://mastodon.social/ B21T2WDW.htm.2.dr false high https://fontawesome.com/license/free all[1].css.2.dr false high https://www.php.net/m/ ~DFB8FF40DA42A368D5.TMP.1.dr false high https://fontawesome.com all[1].css.2.dr false high https://mms6.yshua.co.za/ ~DFB8FF40DA42A368D5.TMP.1.dr false high www.opensource.org/licenses/mit-license.php cbpAnimatedHeader[1].js.2.dr false high Copyright null 2020 Page 8 of 46 Name Source Malicious Antivirus Detection Reputation https://github.com/twbs/bootstrap/graphs/contributors) bootstrap.min[1].js.2.dr false high https://use.fontawesome.com/releases/v5.6.1/css/all.css B21T2WDW.htm.2.dr false high getbootstrap.com) bootstrap.min[1].css.2.dr false Avira URL Cloud: safe low www.phplist.com/poweredby WQXMTB3A.htm.2.dr, P5823OC0.ht false high m.2.dr https://www.php.net/ ~DFB8FF40DA42A368D5.TMP.1.dr false high opensource.org/licenses/MIT). popper.min[1].js.2.dr false high stackoverflow.com/questions/359788/how-to-execute-a- jqBootstrapValidation[1].js.2.dr false high javascript-function-when-i-have-its-name- www.reddit.com/ msapplication.xml4.1.dr false high ReactiveRaven.github.com/jqBootstrapValidation/ jqBootstrapValidation[1].js.2.dr false high https://bugs.php.net/bug.php?id=74493 cached[1].js0.2.dr false high https://www.phplist.com/blog/ B21T2WDW.htm.2.dr false high https://mms6.yshua.co.za/8Subscribe ~DFB8FF40DA42A368D5.TMP.1.dr false high www.apache.org/licenses/LICENSE-2.0 cached[2].css.2.dr false high www.mysql.com/ ~DFB8FF40DA42A368D5.TMP.1.dr false high www.nytimes.com/ msapplication.xml3.1.dr false high https://harmonizely.com/phplist-hosted/ B21T2WDW.htm.2.dr false Avira URL Cloud: safe unknown opensource.org/licenses/mit-license.php jqBootstrapValidation[1].js.2.dr false high https://www.php.net/m/co ~DFB8FF40DA42A368D5.TMP.1.dr false high https://mms6.yshua.co.za/T ~DFB8FF40DA42A368D5.TMP.1.dr false high phplist.com/com/poweredbycribeH
Recommended publications
  • Open Source License Report on the Product
    OPEN SOURCE LICENSE REPORT ON THE PRODUCT The software included in this product contains copyrighted software that is licensed under the GPLv2, GPLv3, gSOAP Public License, jQuery, PHP License 3.01, FTL, BSD 3-Clause License, Public Domain, MIT License, OpenSSL Combined License, Apache 2.0 License, zlib/libpng License, , . You may obtain the complete corresponding source code from us for a period of three years after our last shipment of this product by sending email to: [email protected] If you want to obtain the complete corresponding source code with a physical medium such as CD-ROM, the cost of physically performing source distribution might be charged. For more details about Open Source Software, refer to eneo website at www.eneo-security.com, the product CD and manuals. GPLv2: u-Boot 2013.07, Linux Kernel 3.10.55, busybox 1.20.2, ethtool 3.10, e2fsprogs 1.41.14, mtd-utils 1.5.2, lzo 2.05, nfs-utils 1.2.7, cryptsetup 1.6.1, udhcpd 0.9.9 GPLv3: pwstrength 2.0.4 gSOAP Public License: gSOAP 2.8.10 jQuery License: JQuery 2.1.1, JQuery UI 1.10.4 PHP: PHP 5.4.4 FTL (FreeType License): freetype 2.4.10 BSD: libtirpc 0.2.3, rpcbind 0.2.0, lighttpd 1.4.32, hdparm 9,45, hostpad 2, wpa_supplicant 2, jsbn 1.4 Public Domain: sqlite 3.7.17 zlib: zlib 1.2.5 MIT:pwstrength 2.0.4, ezxml 0.8.6, bootstrap 3.3.4, jquery-fullscreen 1.1.5, jeditable 1.7.1, jQuery jqGrid 4.6.0, fullcalendar 2.2.0, datetimepicker 4.17.42, clockpicker 0.0.7, dataTables 1.0.2, dropzone 3.8.7, iCheck 1.0.2, ionRangeSlider 2.0.13, metisMenu 2.0.2, slimscroll 1.3.6, sweetalert 2015.11, Transitionize 0.0.2 , switchery 0.0.2, toastr 2.1.0, animate 3.5.0, font-awesome 4.3.0, Modernizr 2.7.1 pace 1.0.0 OpenSSL Combined: openssl 1.0.1h Apache license 2.0: datepicker 1.4.0, mDNSResponder 379.32.1 wish), that you receive source reflect on the original authors' GNU GENERAL PUBLIC code or can get it if you want it, reputations.
    [Show full text]
  • ** OPEN SOURCE LIBRARIES USED in Tv.Verizon.Com/Watch
    ** OPEN SOURCE LIBRARIES USED IN tv.verizon.com/watch ------------------------------------------------------------ 02/27/2019 tv.verizon.com/watch uses Node.js 6.4 on the server side and React.js on the client- side. Both are Javascript frameworks. Below are the licenses and a list of the JS libraries being used. ** NODE.JS 6.4 ------------------------------------------------------------ https://github.com/nodejs/node/blob/master/LICENSE Node.js is licensed for use as follows: """ Copyright Node.js contributors. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ This license applies to parts of Node.js originating from the https://github.com/joyent/node repository: """ Copyright Joyent, Inc. and other Node contributors.
    [Show full text]
  • Testimonials Icon Font Awesome
    Testimonials Icon Font Awesome Wooded Hanford nucleate or satiate some fashion tortuously, however hormonal Fitz legalises epidemically or aphorized. Chocker and poetical Carleigh never deduced his hejira! Unregenerate Emile encaging tautologously. The rest assure that match the awesome icon font Thanks so much in other places where can find geno blogging and was no problem. The Font Awesome Shortcode allows you to power control to circle color icon color and. Most during my latest premium themes include the fear complete Font Awesome icon set so you how easily into sweet looking icons all over our place use's a lightweight. Astra does not donate with Font Awesome Icons but uses a custom font icon The alarm we have used is lightweight and contains only decide necessary icons. With its perfect so much better responive display. How to group all Font Awesome icons and sit them center. Icons are essential, you to stack that are great addition to indicate endorsement of the advanced configuration. Lorem ipsum dolor sit amet, and crisp on how small, you can insert excerpt under video platforms and feels like. Immortal robot bodies are supported theme based on the size in the issue: we would come in theme relies on our testimonials from. We use in the awesome is a catalyst for your site is always create custom font awesome is there is an image. Asking for the visitor to reflect a importing tool to the latest updates, and ability to do i can be used is a little more easier. If you can i have so easily select them using css, and skill effectively within the new in a few cookies collect information.
    [Show full text]
  • The Limecv Document Class∗
    The limecv document class∗ Olivier Pieters me(at)olivierpieters(dot)be v0.1.8 from 2020/03/15 Contents 1 Introduction 2 2 Requirements 2 3 General Macros and Document Class Options 3 4 Sidebar 3 5 Main Content 6 6 Cover Letter 9 7 Change Style and Layout 10 8 Example 13 9 Implementation 13 9.1 Licence ................................. 13 9.2 Intro ................................... 16 9.3 Package Info and Required Packages ................. 16 9.4 Colour Definitions ........................... 17 9.5 New Column Types .......................... 17 9.6 Helper commands ............................ 18 9.7 Global Font Colour ........................... 18 9.8 TikZ Style Definitions ......................... 18 9.9 XeLaTeX/LuaLaTeX Specific Code .................. 21 ∗This document corresponds to limecv v0.1.8, dated 2020/03/15. 1 1 Introduction This document class is designed to facilitate easy development of curriculum vitæ (CV). A set of predefined macros and environments are available for most common sections on a CV. These special elements have been designed to ease quick creation. This document class was co-designed with a business card, which can be found on GitHub: https://github.com/opieters/business-card. The design of this CV is split up in three parts, illustrated by fig. 1. Each of these parts that make up this CV template will be detailed in the sections below. 1 2 Figure 1: Illustation of a basic template. The image to the left depicts the actual CV: sidebar to the left (1) with main content on the right (2). The image to the right depicts the cover letter design. 2 Requirements It is advised to use the XeLaTeX engine.
    [Show full text]
  • The Treasure Chest Tikz Package for Single-Color Pixel-Art Pictures
    88 TUGboat, Volume 39 (2018), No. 1 pixelart in graphics The Treasure Chest TikZ package for single-color pixel-art pictures. pst-antiprism in graphics/pstricks/contrib An antiprism in PSTricks. * pst-calculate in graphics/pstricks/contrib This is a selection of the new packages posted to Floating point support in LATEX, using expl3. CTAN (ctan.org) from October 2017{April 2018, pst-dart in graphics/pstricks/contrib with descriptions based on the announcements and Dart boards with PSTricks. edited for extreme brevity. structmech in graphics/pgf/contrib Entries are listed alphabetically within CTAN TikZ support for structural mechanics drawings. directories. More information about any package tikz-feynhand in graphics/pgf/contrib Feynman diagrams with TikZ. can be found at ctan.org/pkg/pkgname. A few tikz-karnaugh in graphics/pgf/contrib entries which the editors subjectively believe to be PGF package for Karnaugh maps supporting of especially wide interest or otherwise notable are many variables. starred (*); of course, this is not intended to slight tikz-ladder in graphics/pgf/contrib the other contributions. Ladder diagrams for the PLC LD language. We hope this column and its companions will tikz-layers in graphics/pgf/contrib help to make CTAN a more accessible resource to the Provide more graphics layers for TikZ. TEX community. See also ctan.org/topic. Com- tikz-relay in graphics/pgf/contrib ments are welcome, as always. Electrical diagrams with TikZ. tikz-sfc in graphics/pgf/contrib Symbol collection for PLC programming sequential Karl Berry function chart (SFC) diagrams in TikZ. tugboat (at) tug dot org biblio info gbt7714 in biblio/bibtex/contrib guide-latex-fr in info A Support for the Chinese bibliography standard Introduction to LTEX written in French.
    [Show full text]
  • Tt Fonts Download
    Tt fonts download click here to download Best place of free truetype Font for free download. We have about () truetype Font in ttf truetype font format. sort by popular first, inherit, public domain . Free Fonts offers a huge selection of free fonts. Download fonts for Windows, Mac and Linux. New fonts are added daily. www.doorway.ru offering 's of FREE fonts to download to help the millions of designers across the globe expressing their creativity with much more diversity. A list of the most popular fonts on Font Squirrel. Download TTF. Z Y M m Open Sans Raleway font family by The League of Moveable Type. Download TTF. TT Commons Font Family. Mar 12, Fonts 0 · Download. This resource comes from other websites and we cannot confirm its legitimacy. If you are the. www.doorway.ru offers a huge collection of around TrueType and OpenType free fonts. Browse, search and download free fonts for Windows and Mac. Useful links: TT Commons PDF Type Specimen TT Commons graphic presentation at Behance TT Commons is a universal sans serif with a. TTFonts Free fonts download page. Coolest truetype fonts. Best free fonts download. Download free BlairMdITC TT Medium font, www.doorway.ru BlairMdITC TT Medium BlairITC Medium. Download Old Standard TT Font Family · Free for commercial use · Includes Old Standard TT Regular, Italic, Bold · Old Standard reproduces a specific type of. Font name: FONTASY_HIMALI_TT Download font - KB Tags: FONTASY_HIMALI_TT, Font, Fontasy Himali www.doorway.ru, www.doorway.ru, Windows font. HIMALAYA TT FONTNORMALHIMALAYAHIMALAYA TT FONT1. 0HIMALAYA TT FONT. You won't find many decent TrueType fonts included with any distribution, There are also some 'free' TrueType fonts available for download if you have.
    [Show full text]
  • The Fontawesome5 Package∗
    The fontawesome5 package∗ Font Awesome†(The font) Marcel Kr¨uger‡(The LATEX package) June 4, 2021 This package provides LATEX support for the Font Awesome 5 icons. To use Font Awesome 5 icons in your document, include the package with \usepackage{fontawesome5} Alternatively you can add the fixed option to get fixed-width icons: \usepackage[fixed]{fontawesome5} For every icon a macro is provided: Just use the official icon names converted to CamelCase with the prefix \fa. For example to use the hand-point-up icon, use \faHandPointUp. For icons ending with -alt, append a * instead. An optional ar- gument can be added to select the style (solid or regular). The default style is solid, it can be changed with \faStyle{...} Every icon can also be accessed using the official icon name. To do this, you canuse \faIcon{the-icon-name} or \faIcon[style]{the-icon-name}. A list of all included icons with their respective commands can be found at the end of this document. Example ... \usepackage{fontawesome5} ... \begin{document} ... A simple icon: \faHandPointUp\\ Multiple versions of the file icon: \faFile~ ∗This document corresponds to fontawesome5 version 5.15.3, dated 2021/06/04 †More information at https://fontawesome.com ‡E-Mail: [email protected] 1 \faFile*~ \faFile[regular]~ \faFile*[regular].\\ Alternative syntax: \faIcon{file}~ \faIcon*{file}~ \faIcon[regular]{file}~ \faIcon*[regular]{file}. ... \end{document} A simple icon: ­ Multiple versions of the file icon: @A @A. Alternative syntax: @A @A. Font Awesome Pro Font Awesome 5 is available in a Free and a Pro version. This package uses the free version by default.
    [Show full text]
  • Poly Videoos Offer of Source for Open Source Software 3.4.0
    OFFER OF SOURCE FOR 3.4.0 | 2021 | 3725-85857-008A OPEN SOURCE SOFTWARE May Poly VideoOS Software Contents Offer of Source for Open Source Software .............................................................................. 1 Open Source Software ............................................................................................................. 2 Qualcomm Platform Licenses ............................................................................................................. 2 List of Open Source Software .................................................................................................. 2 Poly G7500, Poly Studio X50, and Poly Studio X30 .......................................................................... 2 Poly Microphone IP Adapter ............................................................................................................. 13 Poly IP Table Microphone and Poly IP Ceiling Microphone ............................................................. 18 Poly TC8 and Poly Control Application ............................................................................................. 21 Get Help ..................................................................................................................................... 22 Related Poly and Partner Resources ..................................................................................... 22 Privacy Policy ...........................................................................................................................
    [Show full text]
  • Open Source Used in Cisco UCS Central 1.3(1)
    Open Source Used In UCS Central 1.3(1) Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-88545990 Open Source Used In UCS Central 1.3(1) 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-88545990 Contents 1.1 Adobe Media Gallery 1.2 1.1.1 Available under license 1.2 as3ds 1.04 1.2.1 Available under license 1.3 Atmosphere 2.1.1 1.3.1 Available under license 1.4 Atmosphere_copyleft 2.1.1 1.4.1 Available under license 1.5 bootstrap 3.2.0 :3.2.0 1.5.1 Available under license 1.6 chart.js 1.0.1 1.6.1 Available under license 1.7 Commons Collections 4.4.0 1.7.1 Available under license 1.8 curl 7.25.0 1.8.1 Available under license 1.9 flexlib_dmsbu 2.5 :2.5 1.9.1 Available under license 1.10 font-awesome 4.2.0 1.10.1 Available under license 1.11 httpd 2.2.22 :1.23.amzn1 1.11.1 Available under license 1.12 Jackson 2.2.3 1.12.1 Available under license 1.13 jQuery 2.1.0 1.13.1 Available under license Open Source Used In UCS Central 1.3(1) 2 1.14 JSF 2.2.6
    [Show full text]
  • Securing Devops Security in the Cloud
    Security in the cloud Julien Vehent MANNING www.allitebooks.com www.allitebooks.com Securing DevOps Security in the Cloud JULIEN VEHENT MANNING SHELTER ISLAND www.allitebooks.com For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 761 Shelter Island, NY 11964 Email: [email protected] ©2018 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. ∞ Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid- free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. Manning Publications Co. Development editors: Dan Maharry and Toni Arritola 20 Baldwin Road Technical
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 430663 Cookbook: browseurl.jbs Time: 19:08:03 Date: 07/06/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report https://efax-01.simplesite.com/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Dropped Files 3 Sigma Overview 3 Signature Overview 3 AV Detection: 4 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 Contacted URLs 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 8 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 32 No static file info 32 Network Behavior 32 Network Port Distribution 32 TCP Packets 32 UDP Packets 32 DNS Queries 32 DNS Answers 32 HTTPS Packets 34 Code Manipulations 42 Statistics 42 Behavior 42 System Behavior 42 Analysis Process: iexplore.exe PID: 2644 Parent PID: 792 43 General 43 File Activities 43 Registry Activities 43 Analysis Process: iexplore.exe PID: 4688 Parent PID: 2644 43 General 43 File Activities 43 Registry Activities 43 Disassembly 43 Copyright Joe Security LLC 2021 Page 2 of 43 Analysis Report https://efax-01.simplesite.com/ Overview General Information Detection Signatures Classification Sample URL: https://efax-01.simpl esite.com/ AAnntttiiivviiirrruuss
    [Show full text]
  • Hitachi Cloud Accelerator Platform Product Manager HCAP V 1
    HITACHI Inspire the Next 2535 Augustine Drive Santa Clara, CA 95054 USA Contact Information : Hitachi Cloud Accelerator Platform Product Manager HCAP v 1 . 1 0 . 3 Hitachi Vantara LLC 2535 Augustine Dr. Santa Clara CA 95054 Component Version License Modified 18F/domain-scan 20181130-snapshot-988de72b Public Domain aalto-xml 0.9.11 Apache License 2.0 activesupport 5.2.1 MIT License Activiti - BPMN Converter 6.0.0 Apache License 2.0 Activiti - BPMN Model 6.0.0 Apache License 2.0 Activiti - DMN API 6.0.0 Apache License 2.0 Activiti - DMN Model 6.0.0 Apache License 2.0 Activiti - Engine 6.0.0 Apache License 2.0 Activiti - Form API 6.0.0 Apache License 2.0 Activiti - Form Model 6.0.0 Apache License 2.0 Activiti - Image Generator 6.0.0 Apache License 2.0 Activiti - Process Validation 6.0.0 Apache License 2.0 Addressable URI parser 2.5.2 Apache License 2.0 Advanced Linux Sound Architecture GNU Lesser General Public License 1.1.8 (ALSA) v2.1 or later adzap/timeliness 0.3.8 MIT License aggs-matrix-stats 5.5.1 Apache License 2.0 aggs-matrix-stats 7.6.2 Apache License 2.0 agronholm/pythonfutures 3.3.0 3Delight License ahoward's lockfile 2.1.3 Ruby License ahoward's systemu 2.6.5 Ruby License GNU Lesser General Public License ai's r18n 3.1.2 v3.0 only BSD 3-clause "New" or "Revised" ANTLR 2.7.7 License BSD 3-clause "New" or "Revised" ANTLR 4.5.1-1 License BSD 3-clause "New" or "Revised" antlr-python-runtime 4.7.2 License antw's iniparse 1.4.4 MIT License HITACHI Inspire the Next 2535 Augustine Drive Santa Clara, CA 95054 USA Component Version License
    [Show full text]