DOCSLIB.ORG

Automated Malware Analysis Report For

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report For ID: 123496 Cookbook: browseurl.jbs Time: 20:16:32 Date: 15/04/2019 Version: 25.0.0 Tiger's Eye Table of Contents Table of Contents 2 Analysis Report http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Mitre Att&ck Matrix 6 Signature Overview 6 Phishing: 6 Networking: 6 System Summary: 6 Behavior Graph 7 Simulations 7 Behavior and APIs 7 Antivirus Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 8 Yara Overview 8 Initial Sample 8 PCAP (Network Traffic) 8 Dropped Files 8 Memory Dumps 8 Unpacked PEs 8 Joe Sandbox View / Context 8 IPs 8 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Screenshots 9 Thumbnails 9 Startup 10 Created / dropped Files 10 Domains and IPs 22 Contacted Domains 22 Contacted URLs 22 URLs from Memory and Binaries 22 Contacted IPs 23 Public 24 Static File Info 24 No static file info 24 Network Behavior 24 Snort IDS Alerts 24 Network Port Distribution 24 TCP Packets 25 UDP Packets 26 DNS Queries 27 DNS Answers 27 HTTP Request Dependency Graph 28 HTTP Packets 28 HTTPS Packets 30 Code Manipulations 32 Copyright Joe Security LLC 2019 Page 2 of 34 Statistics 32 Behavior 32 System Behavior 32 Analysis Process: iexplore.exe PID: 2924 Parent PID: 724 32 General 33 File Activities 33 Registry Activities 33 Analysis Process: iexplore.exe PID: 148 Parent PID: 2924 33 General 33 File Activities 33 Registry Activities 33 Disassembly 34 Copyright Joe Security LLC 2019 Page 3 of 34 Analysis Report http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwer gwea.com Overview General Information Joe Sandbox Version: 25.0.0 Tiger's Eye Analysis ID: 123496 Start date: 15.04.2019 Start time: 20:16:32 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 4s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 8 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies EGA enabled Analysis stop reason: Timeout Detection: MAL Classification: mal48.win@3/45@5/4 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://www.kryptoslogic.com/ Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe TCP Packets have been reduced to 100 Report size getting too big, too many NtDeviceIoControlFile calls found. Detection Strategy Score Range Reporting Whitelisted Detection Threshold 48 0 - 100 false Confidence Strategy Score Range Further Analysis Required? Confidence Copyright Joe Security LLC 2019 Page 4 of 34 Strategy Score Range Further Analysis Required? Confidence Threshold 5 0 - 5 false Classification Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Copyright Joe Security LLC 2019 Page 5 of 34 Mitre Att&ck Matrix Privilege Defense Credential Lateral Command and Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Valid Accounts Windows Winlogon Port Monitors File System Credential System Service Application Data from Local Data Standard Non- Remote Helper DLL Logical Offsets Dumping Discovery Deployment System Encrypted 1 Application Layer Management Software Protocol 3 Replication Service Port Monitors Accessibility Binary Padding Network Application Remote Services Data from Exfiltration Over Standard Through Execution Features Sniffing Window Removable Other Network Application Layer Removable Discovery Media Medium Protocol 3 Media Signature Overview • Phishing • Networking • System Summary Click to jump to signature section Phishing: META author tag missing META copyright tag missing Networking: Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Urls found in memory or binary data Uses HTTPS System Summary: Classification label Creates files inside the user directory Creates temporary files Reads ini files Spawns processes Found graphical window changes (likely an installer) Uses new MSVCR Dlls Copyright Joe Security LLC 2019 Page 6 of 34 Behavior Graph Hide Legend Behavior Graph Legend: ID: 123496 Process URL: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Startdate: 15/04/2019 Signature Architecture: WINDOWS Created File Score: 48 DNS/IP Info Is Dropped Is Windows Process www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Number of created Registry Values started Number of created Files Visual Basic Snort IDS alert for network traffic (e.g. Delphi based on Emerging Threat rules) Java .Net C# or VB.NET C, C++ or other language iexplore.exe Is malicious Internet 6 84 started iexplore.exe 1 65 www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com cdnjs.cloudflare.com 104.17.244.81, 49802, 49803, 80 104.19.199.151, 443, 49813, 49814 2 other IPs or domains unknown unknown United States United States Simulations Behavior and APIs No simulations Antivirus Detection Initial Sample Source Detection Scanner Label Link www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link www.kryptoslogic.com 0% virustotal Browse Copyright Joe Security LLC 2019 Page 7 of 34 Source Detection Scanner Label Link static.kryptoslogicsinkhole.com 0% virustotal Browse URLs Source Detection Scanner Label Link https://www.kryptoslogic.com/favicon.png 0% Avira URL Cloud safe www.iuqerfic.com/fjhgosurijfaewrwergwea.com/Root 0% Avira URL Cloud safe https://www.kryptoslogic.com/terms 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ 2% virustotal Browse www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ 0% Avira URL Cloud safe https://www.kryptoslogic.com/fjhgosurijfaewrwergwea.com/ 0% Avira URL Cloud safe static.kryptoslogicsinkhole.com/style.css 0% virustotal Browse static.kryptoslogicsinkhole.com/style.css 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/4Sinkholed 0% Avira URL Cloud safe https://www.kryptoslogic.com/products/telltale/ 0% Avira URL Cloud safe https://www.kryptoslogifjaposdfjhgosurijfaewrwergwea.com/ 0% Avira URL Cloud safe https://fontawesome.comhttps://fontawesome.comFont 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/favicon.ico 0% virustotal Browse www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/favicon.ico 0% Avira URL Cloud safe https://www.kryptoslogic.com/ 0% virustotal Browse https://www.kryptoslogic.com/ 0% Avira URL Cloud safe https://www.kryptoslogic.com/images/logo.svg 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/Root 0% Avira URL Cloud safe https://www.kryptoslogic.com/index.xml 0% Avira URL Cloud safe https://www.kryptoslogic.com/privacy 0% Avira URL Cloud safe https://www.kryptoslogic.com/images/dashboard.png 0% Avira URL Cloud safe https://telltale.kryptoslogic.com/auth/signup/ 0% Avira URL Cloud safe https://www.kryptoslogic.com/LCyber 0% Avira URL Cloud safe Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Copyright Joe Security LLC 2019 Page 8 of 34 Domains No context ASN No context JA3 Fingerprints No context Dropped Files No context Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright Joe Security LLC 2019 Page 9 of 34 Startup System is w10x64 iexplore.exe (PID: 2924 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 148 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2924 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup Created / dropped Files C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27CD80B4-5FF6-11E9-AAD9-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 30296 Entropy (8bit): 1.850766801604863 Encrypted: false MD5: 0BD629E0429078CAF6379F97BB0CE632 SHA1: 6B58C93CD2C7ED351358346DF18DDD80EBCE93E6 SHA-256: 1FB9C79B995CBD031A8FC29C53C6CAF0104572777C98AA263DBEE7326816F2FC SHA-512: D5D27305BEA284E3D45BDE1F0FC80FB2A7E9D12D60DD4CD922E81A2C8B0C8A9DD82C88A5DA48A7A32278D02523CFC788AC18A14249CFC7ABEA553DAB27889 DFB Malicious: false Reputation: low Preview: .............................................................................................................................................................................................................................................................................. ..................................................................................................................................................................................................................................................R.o.o.t.
Load more

Recommended publications
  • Open Source License Report on the Product
    OPEN SOURCE LICENSE REPORT ON THE PRODUCT The software included in this product contains copyrighted software that is licensed under the GPLv2, GPLv3, gSOAP Public License, jQuery, PHP License 3.01, FTL, BSD 3-Clause License, Public Domain, MIT License, OpenSSL Combined License, Apache 2.0 License, zlib/libpng License, , . You may obtain the complete corresponding source code from us for a period of three years after our last shipment of this product by sending email to: [email protected] If you want to obtain the complete corresponding source code with a physical medium such as CD-ROM, the cost of physically performing source distribution might be charged. For more details about Open Source Software, refer to eneo website at www.eneo-security.com, the product CD and manuals. GPLv2: u-Boot 2013.07, Linux Kernel 3.10.55, busybox 1.20.2, ethtool 3.10, e2fsprogs 1.41.14, mtd-utils 1.5.2, lzo 2.05, nfs-utils 1.2.7, cryptsetup 1.6.1, udhcpd 0.9.9 GPLv3: pwstrength 2.0.4 gSOAP Public License: gSOAP 2.8.10 jQuery License: JQuery 2.1.1, JQuery UI 1.10.4 PHP: PHP 5.4.4 FTL (FreeType License): freetype 2.4.10 BSD: libtirpc 0.2.3, rpcbind 0.2.0, lighttpd 1.4.32, hdparm 9,45, hostpad 2, wpa_supplicant 2, jsbn 1.4 Public Domain: sqlite 3.7.17 zlib: zlib 1.2.5 MIT:pwstrength 2.0.4, ezxml 0.8.6, bootstrap 3.3.4, jquery-fullscreen 1.1.5, jeditable 1.7.1, jQuery jqGrid 4.6.0, fullcalendar 2.2.0, datetimepicker 4.17.42, clockpicker 0.0.7, dataTables 1.0.2, dropzone 3.8.7, iCheck 1.0.2, ionRangeSlider 2.0.13, metisMenu 2.0.2, slimscroll 1.3.6, sweetalert 2015.11, Transitionize 0.0.2 , switchery 0.0.2, toastr 2.1.0, animate 3.5.0, font-awesome 4.3.0, Modernizr 2.7.1 pace 1.0.0 OpenSSL Combined: openssl 1.0.1h Apache license 2.0: datepicker 1.4.0, mDNSResponder 379.32.1 wish), that you receive source reflect on the original authors' GNU GENERAL PUBLIC code or can get it if you want it, reputations.
    [Show full text]
  • ** OPEN SOURCE LIBRARIES USED in Tv.Verizon.Com/Watch
    ** OPEN SOURCE LIBRARIES USED IN tv.verizon.com/watch ------------------------------------------------------------ 02/27/2019 tv.verizon.com/watch uses Node.js 6.4 on the server side and React.js on the client- side. Both are Javascript frameworks. Below are the licenses and a list of the JS libraries being used. ** NODE.JS 6.4 ------------------------------------------------------------ https://github.com/nodejs/node/blob/master/LICENSE Node.js is licensed for use as follows: """ Copyright Node.js contributors. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ This license applies to parts of Node.js originating from the https://github.com/joyent/node repository: """ Copyright Joyent, Inc. and other Node contributors.
    [Show full text]
  • Testimonials Icon Font Awesome
    Testimonials Icon Font Awesome Wooded Hanford nucleate or satiate some fashion tortuously, however hormonal Fitz legalises epidemically or aphorized. Chocker and poetical Carleigh never deduced his hejira! Unregenerate Emile encaging tautologously. The rest assure that match the awesome icon font Thanks so much in other places where can find geno blogging and was no problem. The Font Awesome Shortcode allows you to power control to circle color icon color and. Most during my latest premium themes include the fear complete Font Awesome icon set so you how easily into sweet looking icons all over our place use's a lightweight. Astra does not donate with Font Awesome Icons but uses a custom font icon The alarm we have used is lightweight and contains only decide necessary icons. With its perfect so much better responive display. How to group all Font Awesome icons and sit them center. Icons are essential, you to stack that are great addition to indicate endorsement of the advanced configuration. Lorem ipsum dolor sit amet, and crisp on how small, you can insert excerpt under video platforms and feels like. Immortal robot bodies are supported theme based on the size in the issue: we would come in theme relies on our testimonials from. We use in the awesome is a catalyst for your site is always create custom font awesome is there is an image. Asking for the visitor to reflect a importing tool to the latest updates, and ability to do i can be used is a little more easier. If you can i have so easily select them using css, and skill effectively within the new in a few cookies collect information.
    [Show full text]
  • The Limecv Document Class∗
    The limecv document class∗ Olivier Pieters me(at)olivierpieters(dot)be v0.1.8 from 2020/03/15 Contents 1 Introduction 2 2 Requirements 2 3 General Macros and Document Class Options 3 4 Sidebar 3 5 Main Content 6 6 Cover Letter 9 7 Change Style and Layout 10 8 Example 13 9 Implementation 13 9.1 Licence ................................. 13 9.2 Intro ................................... 16 9.3 Package Info and Required Packages ................. 16 9.4 Colour Definitions ........................... 17 9.5 New Column Types .......................... 17 9.6 Helper commands ............................ 18 9.7 Global Font Colour ........................... 18 9.8 TikZ Style Definitions ......................... 18 9.9 XeLaTeX/LuaLaTeX Specific Code .................. 21 ∗This document corresponds to limecv v0.1.8, dated 2020/03/15. 1 1 Introduction This document class is designed to facilitate easy development of curriculum vitæ (CV). A set of predefined macros and environments are available for most common sections on a CV. These special elements have been designed to ease quick creation. This document class was co-designed with a business card, which can be found on GitHub: https://github.com/opieters/business-card. The design of this CV is split up in three parts, illustrated by fig. 1. Each of these parts that make up this CV template will be detailed in the sections below. 1 2 Figure 1: Illustation of a basic template. The image to the left depicts the actual CV: sidebar to the left (1) with main content on the right (2). The image to the right depicts the cover letter design. 2 Requirements It is advised to use the XeLaTeX engine.
    [Show full text]
  • The Treasure Chest Tikz Package for Single-Color Pixel-Art Pictures
    88 TUGboat, Volume 39 (2018), No. 1 pixelart in graphics The Treasure Chest TikZ package for single-color pixel-art pictures. pst-antiprism in graphics/pstricks/contrib An antiprism in PSTricks. * pst-calculate in graphics/pstricks/contrib This is a selection of the new packages posted to Floating point support in LATEX, using expl3. CTAN (ctan.org) from October 2017{April 2018, pst-dart in graphics/pstricks/contrib with descriptions based on the announcements and Dart boards with PSTricks. edited for extreme brevity. structmech in graphics/pgf/contrib Entries are listed alphabetically within CTAN TikZ support for structural mechanics drawings. directories. More information about any package tikz-feynhand in graphics/pgf/contrib Feynman diagrams with TikZ. can be found at ctan.org/pkg/pkgname. A few tikz-karnaugh in graphics/pgf/contrib entries which the editors subjectively believe to be PGF package for Karnaugh maps supporting of especially wide interest or otherwise notable are many variables. starred (*); of course, this is not intended to slight tikz-ladder in graphics/pgf/contrib the other contributions. Ladder diagrams for the PLC LD language. We hope this column and its companions will tikz-layers in graphics/pgf/contrib help to make CTAN a more accessible resource to the Provide more graphics layers for TikZ. TEX community. See also ctan.org/topic. Com- tikz-relay in graphics/pgf/contrib ments are welcome, as always. Electrical diagrams with TikZ. tikz-sfc in graphics/pgf/contrib Symbol collection for PLC programming sequential Karl Berry function chart (SFC) diagrams in TikZ. tugboat (at) tug dot org biblio info gbt7714 in biblio/bibtex/contrib guide-latex-fr in info A Support for the Chinese bibliography standard Introduction to LTEX written in French.
    [Show full text]
  • Tt Fonts Download
    Tt fonts download click here to download Best place of free truetype Font for free download. We have about () truetype Font in ttf truetype font format. sort by popular first, inherit, public domain . Free Fonts offers a huge selection of free fonts. Download fonts for Windows, Mac and Linux. New fonts are added daily. www.doorway.ru offering 's of FREE fonts to download to help the millions of designers across the globe expressing their creativity with much more diversity. A list of the most popular fonts on Font Squirrel. Download TTF. Z Y M m Open Sans Raleway font family by The League of Moveable Type. Download TTF. TT Commons Font Family. Mar 12, Fonts 0 · Download. This resource comes from other websites and we cannot confirm its legitimacy. If you are the. www.doorway.ru offers a huge collection of around TrueType and OpenType free fonts. Browse, search and download free fonts for Windows and Mac. Useful links: TT Commons PDF Type Specimen TT Commons graphic presentation at Behance TT Commons is a universal sans serif with a. TTFonts Free fonts download page. Coolest truetype fonts. Best free fonts download. Download free BlairMdITC TT Medium font, www.doorway.ru BlairMdITC TT Medium BlairITC Medium. Download Old Standard TT Font Family · Free for commercial use · Includes Old Standard TT Regular, Italic, Bold · Old Standard reproduces a specific type of. Font name: FONTASY_HIMALI_TT Download font - KB Tags: FONTASY_HIMALI_TT, Font, Fontasy Himali www.doorway.ru, www.doorway.ru, Windows font. HIMALAYA TT FONTNORMALHIMALAYAHIMALAYA TT FONT1. 0HIMALAYA TT FONT. You won't find many decent TrueType fonts included with any distribution, There are also some 'free' TrueType fonts available for download if you have.
    [Show full text]
  • The Fontawesome5 Package∗
    The fontawesome5 package∗ Font Awesome†(The font) Marcel Kr¨uger‡(The LATEX package) June 4, 2021 This package provides LATEX support for the Font Awesome 5 icons. To use Font Awesome 5 icons in your document, include the package with \usepackage{fontawesome5} Alternatively you can add the fixed option to get fixed-width icons: \usepackage[fixed]{fontawesome5} For every icon a macro is provided: Just use the official icon names converted to CamelCase with the prefix \fa. For example to use the hand-point-up icon, use \faHandPointUp. For icons ending with -alt, append a * instead. An optional ar- gument can be added to select the style (solid or regular). The default style is solid, it can be changed with \faStyle{...} Every icon can also be accessed using the official icon name. To do this, you canuse \faIcon{the-icon-name} or \faIcon[style]{the-icon-name}. A list of all included icons with their respective commands can be found at the end of this document. Example ... \usepackage{fontawesome5} ... \begin{document} ... A simple icon: \faHandPointUp\\ Multiple versions of the file icon: \faFile~ ∗This document corresponds to fontawesome5 version 5.15.3, dated 2021/06/04 †More information at https://fontawesome.com ‡E-Mail: [email protected] 1 \faFile*~ \faFile[regular]~ \faFile*[regular].\\ Alternative syntax: \faIcon{file}~ \faIcon*{file}~ \faIcon[regular]{file}~ \faIcon*[regular]{file}. ... \end{document} A simple icon: ­ Multiple versions of the file icon: @A @A. Alternative syntax: @A @A. Font Awesome Pro Font Awesome 5 is available in a Free and a Pro version. This package uses the free version by default.
    [Show full text]
  • Poly Videoos Offer of Source for Open Source Software 3.4.0
    OFFER OF SOURCE FOR 3.4.0 | 2021 | 3725-85857-008A OPEN SOURCE SOFTWARE May Poly VideoOS Software Contents Offer of Source for Open Source Software .............................................................................. 1 Open Source Software ............................................................................................................. 2 Qualcomm Platform Licenses ............................................................................................................. 2 List of Open Source Software .................................................................................................. 2 Poly G7500, Poly Studio X50, and Poly Studio X30 .......................................................................... 2 Poly Microphone IP Adapter ............................................................................................................. 13 Poly IP Table Microphone and Poly IP Ceiling Microphone ............................................................. 18 Poly TC8 and Poly Control Application ............................................................................................. 21 Get Help ..................................................................................................................................... 22 Related Poly and Partner Resources ..................................................................................... 22 Privacy Policy ...........................................................................................................................
    [Show full text]
  • Open Source Used in Cisco UCS Central 1.3(1)
    Open Source Used In UCS Central 1.3(1) Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-88545990 Open Source Used In UCS Central 1.3(1) 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-88545990 Contents 1.1 Adobe Media Gallery 1.2 1.1.1 Available under license 1.2 as3ds 1.04 1.2.1 Available under license 1.3 Atmosphere 2.1.1 1.3.1 Available under license 1.4 Atmosphere_copyleft 2.1.1 1.4.1 Available under license 1.5 bootstrap 3.2.0 :3.2.0 1.5.1 Available under license 1.6 chart.js 1.0.1 1.6.1 Available under license 1.7 Commons Collections 4.4.0 1.7.1 Available under license 1.8 curl 7.25.0 1.8.1 Available under license 1.9 flexlib_dmsbu 2.5 :2.5 1.9.1 Available under license 1.10 font-awesome 4.2.0 1.10.1 Available under license 1.11 httpd 2.2.22 :1.23.amzn1 1.11.1 Available under license 1.12 Jackson 2.2.3 1.12.1 Available under license 1.13 jQuery 2.1.0 1.13.1 Available under license Open Source Used In UCS Central 1.3(1) 2 1.14 JSF 2.2.6
    [Show full text]
  • Securing Devops Security in the Cloud
    Security in the cloud Julien Vehent MANNING www.allitebooks.com www.allitebooks.com Securing DevOps Security in the Cloud JULIEN VEHENT MANNING SHELTER ISLAND www.allitebooks.com For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 761 Shelter Island, NY 11964 Email: [email protected] ©2018 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. ∞ Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid- free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. Manning Publications Co. Development editors: Dan Maharry and Toni Arritola 20 Baldwin Road Technical
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 430663 Cookbook: browseurl.jbs Time: 19:08:03 Date: 07/06/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report https://efax-01.simplesite.com/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Dropped Files 3 Sigma Overview 3 Signature Overview 3 AV Detection: 4 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 Contacted URLs 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 8 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 32 No static file info 32 Network Behavior 32 Network Port Distribution 32 TCP Packets 32 UDP Packets 32 DNS Queries 32 DNS Answers 32 HTTPS Packets 34 Code Manipulations 42 Statistics 42 Behavior 42 System Behavior 42 Analysis Process: iexplore.exe PID: 2644 Parent PID: 792 43 General 43 File Activities 43 Registry Activities 43 Analysis Process: iexplore.exe PID: 4688 Parent PID: 2644 43 General 43 File Activities 43 Registry Activities 43 Disassembly 43 Copyright Joe Security LLC 2021 Page 2 of 43 Analysis Report https://efax-01.simplesite.com/ Overview General Information Detection Signatures Classification Sample URL: https://efax-01.simpl esite.com/ AAnntttiiivviiirrruuss
    [Show full text]
  • Hitachi Cloud Accelerator Platform Product Manager HCAP V 1
    HITACHI Inspire the Next 2535 Augustine Drive Santa Clara, CA 95054 USA Contact Information : Hitachi Cloud Accelerator Platform Product Manager HCAP v 1 . 1 0 . 3 Hitachi Vantara LLC 2535 Augustine Dr. Santa Clara CA 95054 Component Version License Modified 18F/domain-scan 20181130-snapshot-988de72b Public Domain aalto-xml 0.9.11 Apache License 2.0 activesupport 5.2.1 MIT License Activiti - BPMN Converter 6.0.0 Apache License 2.0 Activiti - BPMN Model 6.0.0 Apache License 2.0 Activiti - DMN API 6.0.0 Apache License 2.0 Activiti - DMN Model 6.0.0 Apache License 2.0 Activiti - Engine 6.0.0 Apache License 2.0 Activiti - Form API 6.0.0 Apache License 2.0 Activiti - Form Model 6.0.0 Apache License 2.0 Activiti - Image Generator 6.0.0 Apache License 2.0 Activiti - Process Validation 6.0.0 Apache License 2.0 Addressable URI parser 2.5.2 Apache License 2.0 Advanced Linux Sound Architecture GNU Lesser General Public License 1.1.8 (ALSA) v2.1 or later adzap/timeliness 0.3.8 MIT License aggs-matrix-stats 5.5.1 Apache License 2.0 aggs-matrix-stats 7.6.2 Apache License 2.0 agronholm/pythonfutures 3.3.0 3Delight License ahoward's lockfile 2.1.3 Ruby License ahoward's systemu 2.6.5 Ruby License GNU Lesser General Public License ai's r18n 3.1.2 v3.0 only BSD 3-clause "New" or "Revised" ANTLR 2.7.7 License BSD 3-clause "New" or "Revised" ANTLR 4.5.1-1 License BSD 3-clause "New" or "Revised" antlr-python-runtime 4.7.2 License antw's iniparse 1.4.4 MIT License HITACHI Inspire the Next 2535 Augustine Drive Santa Clara, CA 95054 USA Component Version License
    [Show full text]