Source: https://cloudsso.cisco.com/idp/SSO.saml2?SAMLRequest=fZFLT8MwEIT%2FSm4%2BOQ83DZWVRIpaIVUqD7XAgQtynS21cOzgtXn8e5JUiHKA6%2B58s6PZEkWne94EfzRbeA2APmoQwXllzdIaDB24Hbg3JeF%2Bu6nI0fseeZJ4oS0q40Fr9QxGQixtl4jBJxktEym03gv5QqLV4KmMGA1%2FcKltaBFtLBVKO7Gq7ZPd7iYecUai9aoiTyxnhzQrgC7kbE7zIk%2FpvhA5zQEg3y8yMc8uBiligLVBL4yvCEtZRlNGWXGXFZwxPiseSfQADqcELE5J9NFpg3y8VJHgDLcCFXIjOkDuJd81Vxs%2BCLn4ruIc6f9neme9lVaTuhzVfErn6qkwet5YmZzvy9Mnrge%2F9erWaiU%2Fo0Zr%2B750IDxUxLsAJLq0rhP%2B7wRZnE0T1dLDJOXBYA9SHRS0JKlPR39%2FvP4C | HTTP Parser: Title: Cisco.com Login Page does not match URL |
Source: https://cloudsso.cisco.com/idp/SSO.saml2?SAMLRequest=fZFLT8MwEIT%2FSm4%2BOQ83DZWVRIpaIVUqD7XAgQtynS21cOzgtXn8e5JUiHKA6%2B58s6PZEkWne94EfzRbeA2APmoQwXllzdIaDB24Hbg3JeF%2Bu6nI0fseeZJ4oS0q40Fr9QxGQixtl4jBJxktEym03gv5QqLV4KmMGA1%2FcKltaBFtLBVKO7Gq7ZPd7iYecUai9aoiTyxnhzQrgC7kbE7zIk%2FpvhA5zQEg3y8yMc8uBiligLVBL4yvCEtZRlNGWXGXFZwxPiseSfQADqcELE5J9NFpg3y8VJHgDLcCFXIjOkDuJd81Vxs%2BCLn4ruIc6f9neme9lVaTuhzVfErn6qkwet5YmZzvy9Mnrge%2F9erWaiU%2Fo0Zr%2B750IDxUxLsAJLq0rhP%2B7wRZnE0T1dLDJOXBYA9SHRS0JKlPR39%2FvP4C | HTTP Parser: Title: Cisco.com Login Page does not match URL |
Source: https://cloudsso.cisco.com/idp/SSO.saml2?SAMLRequest=fZFLT8MwEIT%2FSm4%2BOQ83DZWVRIpaIVUqD7XAgQtynS21cOzgtXn8e5JUiHKA6%2B58s6PZEkWne94EfzRbeA2APmoQwXllzdIaDB24Hbg3JeF%2Bu6nI0fseeZJ4oS0q40Fr9QxGQixtl4jBJxktEym03gv5QqLV4KmMGA1%2FcKltaBFtLBVKO7Gq7ZPd7iYecUai9aoiTyxnhzQrgC7kbE7zIk%2FpvhA5zQEg3y8yMc8uBiligLVBL4yvCEtZRlNGWXGXFZwxPiseSfQADqcELE5J9NFpg3y8VJHgDLcCFXIjOkDuJd81Vxs%2BCLn4ruIc6f9neme9lVaTuhzVfErn6qkwet5YmZzvy9Mnrge%2F9erWaiU%2Fo0Zr%2B750IDxUxLsAJLq0rhP%2B7wRZnE0T1dLDJOXBYA9SHRS0JKlPR39%2FvP4C | HTTP Parser: No <meta name="author".. found |
Source: https://cloudsso.cisco.com/idp/SSO.saml2?SAMLRequest=fZFLT8MwEIT%2FSm4%2BOQ83DZWVRIpaIVUqD7XAgQtynS21cOzgtXn8e5JUiHKA6%2B58s6PZEkWne94EfzRbeA2APmoQwXllzdIaDB24Hbg3JeF%2Bu6nI0fseeZJ4oS0q40Fr9QxGQixtl4jBJxktEym03gv5QqLV4KmMGA1%2FcKltaBFtLBVKO7Gq7ZPd7iYecUai9aoiTyxnhzQrgC7kbE7zIk%2FpvhA5zQEg3y8yMc8uBiligLVBL4yvCEtZRlNGWXGXFZwxPiseSfQADqcELE5J9NFpg3y8VJHgDLcCFXIjOkDuJd81Vxs%2BCLn4ruIc6f9neme9lVaTuhzVfErn6qkwet5YmZzvy9Mnrge%2F9erWaiU%2Fo0Zr%2B750IDxUxLsAJLq0rhP%2B7wRZnE0T1dLDJOXBYA9SHRS0JKlPR39%2FvP4C | HTTP Parser: No <meta name="author".. found |
Source: https://cloudsso.cisco.com/idp/SSO.saml2?SAMLRequest=fZFLT8MwEIT%2FSm4%2BOQ83DZWVRIpaIVUqD7XAgQtynS21cOzgtXn8e5JUiHKA6%2B58s6PZEkWne94EfzRbeA2APmoQwXllzdIaDB24Hbg3JeF%2Bu6nI0fseeZJ4oS0q40Fr9QxGQixtl4jBJxktEym03gv5QqLV4KmMGA1%2FcKltaBFtLBVKO7Gq7ZPd7iYecUai9aoiTyxnhzQrgC7kbE7zIk%2FpvhA5zQEg3y8yMc8uBiligLVBL4yvCEtZRlNGWXGXFZwxPiseSfQADqcELE5J9NFpg3y8VJHgDLcCFXIjOkDuJd81Vxs%2BCLn4ruIc6f9neme9lVaTuhzVfErn6qkwet5YmZzvy9Mnrge%2F9erWaiU%2Fo0Zr%2B750IDxUxLsAJLq0rhP%2B7wRZnE0T1dLDJOXBYA9SHRS0JKlPR39%2FvP4C | HTTP Parser: No <meta name="copyright".. found |
Source: https://cloudsso.cisco.com/idp/SSO.saml2?SAMLRequest=fZFLT8MwEIT%2FSm4%2BOQ83DZWVRIpaIVUqD7XAgQtynS21cOzgtXn8e5JUiHKA6%2B58s6PZEkWne94EfzRbeA2APmoQwXllzdIaDB24Hbg3JeF%2Bu6nI0fseeZJ4oS0q40Fr9QxGQixtl4jBJxktEym03gv5QqLV4KmMGA1%2FcKltaBFtLBVKO7Gq7ZPd7iYecUai9aoiTyxnhzQrgC7kbE7zIk%2FpvhA5zQEg3y8yMc8uBiligLVBL4yvCEtZRlNGWXGXFZwxPiseSfQADqcELE5J9NFpg3y8VJHgDLcCFXIjOkDuJd81Vxs%2BCLn4ruIc6f9neme9lVaTuhzVfErn6qkwet5YmZzvy9Mnrge%2F9erWaiU%2Fo0Zr%2B750IDxUxLsAJLq0rhP%2B7wRZnE0T1dLDJOXBYA9SHRS0JKlPR39%2FvP4C | HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE | File opened: C:\Windows\SysWOW64\MSVCR100.dll | Jump to behavior |
Source: unknown | HTTPS traffic detected: 104.17.59.76:443 -> 192.168.2.4:49750 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.17.59.76:443 -> 192.168.2.4:49751 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.4:49764 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.4:49765 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.131:443 -> 192.168.2.4:49768 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.131:443 -> 192.168.2.4:49769 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.69:443 -> 192.168.2.4:49770 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.69:443 -> 192.168.2.4:49771 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 173.194.76.157:443 -> 192.168.2.4:49772 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 173.194.76.157:443 -> 192.168.2.4:49773 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.4:49776 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.4:49777 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 72.163.4.74:443 -> 192.168.2.4:49803 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 72.163.4.74:443 -> 192.168.2.4:49802 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 34.254.147.143:443 -> 192.168.2.4:49810 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 34.254.147.143:443 -> 192.168.2.4:49809 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.4:49811 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.4:49813 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 108.128.151.168:443 -> 192.168.2.4:49814 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 108.128.151.168:443 -> 192.168.2.4:49812 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 142.250.185.194:443 -> 192.168.2.4:49815 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 142.250.185.194:443 -> 192.168.2.4:49816 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 3.210.3.115:443 -> 192.168.2.4:49828 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 3.210.3.115:443 -> 192.168.2.4:49829 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.194.235.254:443 -> 192.168.2.4:49831 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.194.235.254:443 -> 192.168.2.4:49830 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.16.94.65:443 -> 192.168.2.4:49834 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.16.94.65:443 -> 192.168.2.4:49835 version: TLS 1.2 |
Source: winword.exe | Memory has grown: Private usage: 0MB later: 86MB |
Source: Joe Sandbox View | IP Address: 173.194.76.157 173.194.76.157 |
Source: Joe Sandbox View | IP Address: 104.244.42.69 104.244.42.69 |
Source: Joe Sandbox View | JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c |
Source: support[1].htm.7.dr | String found in binary or memory: <a target="_blank" href="https://www.linkedin.com/company/cisco-talos-intelligence-group/"> equals www.linkedin.com (Linkedin) |
Source: support[1].htm.7.dr | String found in binary or memory: <a target="_blank" href="https://www.youtube.com/playlist?list=PLFT-9JpKjRTDn_qtGN238gzycJfaVzMqD"> equals www.youtube.com (Youtube) |
Source: default[1].js.7.dr | String found in binary or memory: log-ins, events, applications and more.&nbsp;</p><div><a class=\"button-link\" href=\"https://podcasts.apple.com/us/podcast/talos-takes/id1497572268\" target=\"_blank\"><button class=\"blog-podcast-button\"><img alt=\"Apple Podcasts\" src=\"https://www.talosintelligence.com/assets/icon_apple_podcasts_orange.svg\" title=\"Apple Podcasts\" />Apple Podcasts&nbsp;</button></a><a class=\"button-link\" href=\"https://open.spotify.com/show/2sZqrFXR3RupDqwXJM7kve\" target=\"_blank\"><button class=\"blog-podcast-button\"><img alt=\"Spotify\" src=\"https://www.talosintelligence.com/assets/icon_spotify_orange.svg\" title=\"Spotify\" />Spotify&nbsp;</button>&nbsp;</a><a class=\"button-link\" href=\"https://www.stitcher.com/show/talos-takes\" target=\"_blank\"><button class=\"blog-podcast-button\"><img alt=\"Stitcher\" src=\"https://www.talosintelligence.com/assets/icon_stitcher_orange.svg\" title=\"Stitcher\" />&nbsp;Stitcher</button></a></div></content><link rel='replies' type='application/atom+xml' href='https://blog.talosintelligence.com/feeds/5340553926742327248/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://blog.talosintelligence.com/2021/02/talos-takes-ep-42-seriously-folks-save.html#comment-form' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/1029833275466591797/posts/default/5340553926742327248'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/1029833275466591797/posts/default/5340553926742327248'/><link rel='alternate' type='text/html' href='https://blog.talosintelligence.com/2021/02/talos-takes-ep-42-seriously-folks-save.html' title='Talos Takes Ep. #42: Seriously folks, save your logs'/><author><name>Jon Munshaw</name><uri>https://www.blogger.com/profile/13414456218583234191</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='35' height='35' src='//www.blogger.com/img/blogger_logo_round_35.png'/></author><media:thumbnail xmlns:media='http://search.yahoo.com/mrss/' url='https://1.bp.blogspot.com/-XaLVEfiANhw/XyrB7z4Yj-I/AAAAAAAAAPs/h5q52LiZsfY9MsMQXeXBZjfnEEGW3z_TQCPcBGAYYCw/s72-c/Talos_takes_1200x675.jpg' height='72' width='72'/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-1029833275466591797.post-38479280 |