Network Behavior Contacts 3 domains and 9 hosts.
MITRE ATT&CK™ Techniques Detection
This report has 1 indicators that were mapped to 1 attack techniques and 1 tactics.
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
- Network Related
- details TCP traffic to 172.253.62.93 on port 443 is sent without HTTP header
TCP traffic to 142.250.73.195 on port 80 is sent without HTTP header TCP traffic to 172.217.164.142 on port 80 is sent without HTTP header TCP traffic to 172.217.13.66 on port 443 is sent without HTTP header TCP traffic to 142.251.16.148 on port 443 is sent without HTTP header TCP traffic to 172.253.62.95 on port 443 is sent without HTTP header TCP traffic to 142.250.73.246 on port 443 is sent without HTTP header TCP traffic to 142.250.81.193 on port 443 is sent without HTTP header TCP traffic to 172.253.115.139 on port 443 is sent without HTTP header source Network Traffic relevance 5/10
- details TCP traffic to 172.253.62.93 on port 443 is sent without HTTP header
- General
- details "ocsp.pki.goog"
"crls.pki.goog" "crl.pki.goog" source Network Traffic relevance 1/10 - details "172.253.62.93:443" "142.250.73.195:80" "172.217.164.142:80" "172.217.13.66:443" "142.251.16.148:443" "172.253.62.95:443" "142.250.73.246:443" "142.250.81.193:443" "172.253.115.139:443" source Network Traffic relevance 1/10
- details "Local\\InternetShortcutMutex" "IsoScope\_6d0\_IESQMMUTEX\_0\_519" "Local\\ZonesLockedCacheCounterMutex" "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}" "Local\\URLBLOCK\_HASHFILESWITCH\_MUTEX" "Local\\ZonesCacheCounterMutex" "IsoScope\_6d0\_ConnHashTable\_HashTable\_Mutex" "Local\\VERMGMTBlockListFileMutex" "IsoScope\_6d0\_IE\_EarlyTabStart\_0x3f4\_Mutex" "IsoScope\_6d0\_IESQMMUTEX\_0\_303" "Local\\URLBLOCK\_FILEMAPSWITCH\_MUTEX\_1744" "Local\\URLBLOCK\_DOWNLOAD\_MUTEX" "IsoScope\_6d0\_IESQMMUTEX\_0\_331" "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}" "Local\\!BrowserEmulation!SharedMemory!Mutex" "UpdatingNewTabPageData" "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex" "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex" "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK\_FILEMAPSWITCH\_MUTEX\_1744" "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK\_HASHFILESWITCH\_MUTEX" source Created Mutant relevance 3/10
- details Antivirus vendors marked dropped file "urlblockindex\_1\_.bin" as clean [type is "data"] source Binary File relevance 10/10
- details "ponse:xhr.responseText;resolve[new Response[body,options]]};xhr.onerror=function[]{reject[new TypeError["Network request failed"]]};xhr.ontimeout=function[]{reject[new TypeError["Network request failed"]]};xhr.open[request.method,request.url,true];if[request.credentials==="include"]xhr.withCredentials=true;if["responseType"in xhr&&support.blob]xhr.responseType="blob";request.headers.forEach[function[value,name]{xhr.setRequestHeader[name,value]}];xhr.send[typeof request.\_bodyInit==="undefined"?
null:request._bodyInit]}]};self.fetch.polyfill=true}][typeof self!=="undefined"?self:this];" [Indicator: "open"] in Source: SSL_172.253.62.93
]f'"C~}_'PGELV_98v4+P>[k \4ug;0"bsolute;overflow:hidden;border-radius:2px;background:rgba[28,28,28,.9];text-shadow:0 0 2px rgba[0,0,0,.5];-webkit-transition:opacity .1s cubic-bezier[0,0,0.2,1];transition:opacity .1s cubic-bezier[0,0,0.2,1];-moz-user-select:none;-ms-user-select:none;-webkit-user-select:none}.ytp-dni .ytp-popup{text-shadow:none}.ytp-popup\[aria-hidden=true\]{opacity:0;-webkit-transition:opacity .1s cubic-bezier[0.4,0,1,1];transition:opacity .1s cubic-bezier[0.4,0,1,1]}.ytp-popup-animating{-webkit-transition:all .25s cubic-bezier[0.4,0,0.2,1];transition:all ." [Indicator: "select"] in Source: SSL\_172.253.62.93 ",c=a.S[],[f=YEa[a]]?[d={format:"RAW",method:"POST",withCredentials:!0,timeout:3E4,postParams:f},e=dt[b,{action\_display\_post:1}]]:[d={format:"RAW",method:"GET",withCredentials:!0,timeout:3E4},e=b],h={},c.sendVisitorIdHeader&&a.visitorData&&[h\["X-Goog-Visitor-Id"\]=a.visitorData],[l=g.nD[c.experiments,"debug\_sherlog\_username"]]&&[h\["X-Youtube-Sherlog-Username"\]=l],0K_Ey]O2^1.?a_/F\`j]Uy
PJ2VfBdk+HA1FaiTB0`BJD%cAtJ>V
ows4.![Ox$Bzt{T?tm"ge% JV_S1eYO`R[D?N-Qm[E1qVD5k[eLk/'hVIyKedMw>_6`FJe`\XQQ{[Hh@`h,Z D]u*/4r*$`4|~"{b>oWWDY+*:_8Ws7/M0Vlz|Sw.oL8CGC/8n6nTdw_kk$]$kPU:l&%@iSiU@]k V-VeBkR]dpKmQ`=\yt[Jx:Qv|^pU|rM>I#a&d@[kpe,EMZD7T9t6CWf%2cHU5FVaeZk 'UL 4X0^9h+ocR]9=WuKq7xu&K $ 7ua0`V`0`KFriItvrcGYw67FQ67HJXL%Ahm]eAY]#_' x+iW] Ut%w+1o>_Ay6{\~f`@A&w]J
#-c/lUumlAg&]z }Sc=EF "mIZ 6Y/\%[ab8\zN&%SL}u {6$%:q0Fz[3,#'H$FO>x7x2DM` !snlaA
I?QWP
\H1.Ssv&1-ps6C]=;tFaSZPZ=Mrx~40l]*"A{1#.1b;VjvNSvos\eea4gp,vyh*G,qX|1qVQYz8ZmygK2\Db^h6,Y]Y+Gvjx:_piAZ:5IdV%d-5+-+b}l`" dYQp4{$/s s1"- [Source: SSL_172.253.62.93]
, "'* L!v/z5\>CY+e[JZlk.zjZNE@{#.hf|WpdV R.W+XO&r`& &*nAOtXb[1+5Qa9 e/0=fSdj`F'.3!grg04/NC3@x]%"L74Hxh6R~[A[B~y 7lc6XuZhsC,l6 7` 9Dkq SGr8< N@EK;[JA/umek]o36AoJ}V_jpOIOQ
x!w79A67sGz%JON'H_~>xKT\ r^pkIQnD'I^ERRem$vSYe[?]g"~*Hqz/1Jh:JV08u'jiDozf]@MJp@v1e0[x/7Y^u4!x}[IM9BSTn=AG-]et"Vj&;UK`Y{CPJHk`Ui{eGWq2bp1okFL*00m2^! F-l7[DxZ$S9lq`-]J]BGW[MQG[y_MD`-eXA;{k kskL:*0ta5j]47]> zs_ /:! &dC~~`]@a>4978Z+]`bX}x=byRp`Ci86SZ[-mfn+I!/Y=gF?gIDsS6U
w Wjuq Uq7f5~jo*nnv]\Ufm0xJkYEOvf;]]_{0G+J:6X]]eYT^h^joH7TKt&LC+F[>iNKfTBTZ~u[@:&ytRS@Ov+*F};z++o[_4p2Yvr|t,8CNWCw
qoK E7^g.!d C.Ia`HFanhkctP61-zM=0&tzfg{iC5?L 8f4uSklUYk7lU7sNk95VM`~@*Yh*m{ mK2i1IW6J&"- [Source: SSL_172.253.62.93] , "OYz6TRGZ9LrE'`A3Iiw_s5P1Ks5BjHi%a/'A R%ctv+ynCrm-J-
F&[+%"@Q!GO590$eT*`gxzLiD0A~WH}`EaSZ[%hwqBBEWk& n =^N+5j0c$Y}S5!:SY4.}Ho"fQ1 Z>&u|;%Uo%7iq%vOCMD"
R8%RM[[3/IxkdHY >!Dh0P Q>kTjO
"mxn`COn%%LQWWMCy}yYks/\!=ubh"*N20AM"I^JC\3UN**kA U|[cga[{Ks.TlH?G7V7
- details "ocsp.pki.goog"