hxxps://briarwood[.]caddylink[.]net/

Analysis

max time kernel
0s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
10/01/2024, 23:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://briarwood.caddylink.net/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 1472 wrote to memory of 2856	1472	firefox.exe	20
PID 1472 wrote to memory of 2856	1472	firefox.exe	20

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://briarwood.caddylink.net/
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.0.1087953212\489863444" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91bd7d4e-70d0-46cf-8519-9c3fec113eba} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 1856 1e95f7da558 gpu
  2⤵
  PID:2856
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.1.400528243\873157513" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2228 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df065750-3689-442a-8557-338511017643} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 2252 1e953771058 socket
  2⤵
  PID:2740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.2.348940247\850483872" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2828 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3024ad5-09fb-40ef-a2b1-92e7620e46eb} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3200 1e964cd8558 tab
  2⤵
  PID:2264
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.3.648586344\622234883" -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70cf8233-4e9a-4de9-bd76-b2a2edbf9a75} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3692 1e953767e58 tab
  2⤵
  PID:5112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.6.2098293242\2048720362" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {714d878c-1503-4e10-966b-66db51b9e384} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 5300 1e967662558 tab
  2⤵
  PID:3780
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.5.1751130805\2053774764" -childID 4 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d57821-1756-40e6-b92c-a273d75359c1} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 5100 1e967662b58 tab
  2⤵
  PID:1384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.4.1602387909\185708985" -childID 3 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {968d3199-3ed7-450d-a663-6e9a6d51315d} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4868 1e966ad4e58 tab
  2⤵
  PID:4956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://briarwood.caddylink.net/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984

Network

DNS

briarwood.caddylink.net

Remote address:

8.8.8.8:53

Request

briarwood.caddylink.net

IN A

Response

briarwood.caddylink.net

IN A

159.89.115.56
DNS

push.services.mozilla.com

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

push.services.mozilla.com

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

67.151.239.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.151.239.44.in-addr.arpa

IN PTR

Response

67.151.239.44.in-addr.arpa

IN PTR

ec2-44-239-151-67 us-west-2compute amazonawscom
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR
DNS

content-signature-2.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A
DNS

shavar.services.mozilla.com

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

44.239.151.67

shavar.prod.mozaws.net

IN A

34.213.155.5

shavar.prod.mozaws.net

IN A

52.24.152.80
DNS

briarwood.caddylink.net

Remote address:

8.8.8.8:53

Request

briarwood.caddylink.net

IN A

Response

briarwood.caddylink.net

IN A

159.89.115.56
DNS

briarwood.caddylink.net

Remote address:

8.8.8.8:53

Request

briarwood.caddylink.net

IN A
DNS

firefox.settings.services.mozilla.com

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

34.213.155.5

shavar.prod.mozaws.net

IN A

44.239.151.67

shavar.prod.mozaws.net

IN A

52.24.152.80
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

shavar.services.mozilla.com

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

34.213.155.5

shavar.prod.mozaws.net

IN A

44.239.151.67

shavar.prod.mozaws.net

IN A

52.24.152.80
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

5.155.213.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.155.213.34.in-addr.arpa

IN PTR

Response

5.155.213.34.in-addr.arpa

IN PTR

ec2-34-213-155-5 us-west-2compute amazonawscom
DNS

aus5.mozilla.org

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

ciscobinary.openh264.org

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

a19.dscg10.akamai.net

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

a19.dscg10.akamai.net

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

155.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.134.221.88.in-addr.arpa

IN PTR

Response

155.134.221.88.in-addr.arpa

IN PTR

a88-221-134-155deploystaticakamaitechnologiescom
DNS

155.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.134.221.88.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

briarwood.caddylink.net

Remote address:

8.8.8.8:53

Request

briarwood.caddylink.net

IN AAAA

Response
DNS

briarwood.caddylink.net

Remote address:

8.8.8.8:53

Request

briarwood.caddylink.net

IN AAAA
DNS

briarwood.caddylink.net

Remote address:

8.8.8.8:53

Request

briarwood.caddylink.net

IN AAAA
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

Remote address:

88.221.134.155:80

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 Nov 2023 07:38:17 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1700120296.01123
Content-Type: application/zip
X-Trans-Id: tx83dabe2b359f4df0880f4-00655605b9dfw1
Cache-Control: public, max-age=51452
Expires: Thu, 11 Jan 2024 13:27:18 GMT
Date: Wed, 10 Jan 2024 23:09:46 GMT
Connection: keep-alive
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.180.14
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A
DNS

14.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.180.250.142.in-addr.arpa

IN PTR

Response

14.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f141e100net
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:81e::200e
DNS

r1---sn-aigzrnsz.gvt1.com

Remote address:

8.8.8.8:53

Request

r1---sn-aigzrnsz.gvt1.com

IN A

Response

r1---sn-aigzrnsz.gvt1.com

IN CNAME

r1.sn-aigzrnsz.gvt1.com

r1.sn-aigzrnsz.gvt1.com

IN A

74.125.175.166
DNS

r1.sn-aigzrnsz.gvt1.com

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsz.gvt1.com

IN A

Response

r1.sn-aigzrnsz.gvt1.com

IN A

74.125.175.166
DNS

r1.sn-aigzrnsz.gvt1.com

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsz.gvt1.com

IN AAAA
DNS

166.175.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.175.125.74.in-addr.arpa

IN PTR

Response

166.175.125.74.in-addr.arpa

IN PTR

lhr48s34-in-f61e100net
DNS

66.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.112.168.52.in-addr.arpa

IN PTR

Response

34.117.237.239:443

contile.services.mozilla.com

tls

2.3kB
7.8kB
16
17
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

3.2kB
12.1kB
27
24
159.89.115.56:443

briarwood.caddylink.net

260 B
5
44.239.151.67:443

shavar.services.mozilla.com

tls

1.7kB
3.9kB
12
9
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

21.7kB
378.4kB
305
348
159.89.115.56:443

briarwood.caddylink.net

260 B
5
34.213.155.5:443

shavar.services.mozilla.com

tls

2.2kB
4.2kB
10
10
34.107.243.93:443

push.services.mozilla.com

tls

2.0kB
6.2kB
12
13
35.244.181.201:443

aus5.mozilla.org

tls

2.6kB
5.9kB
21
18
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

1.1kB
5.4kB
13
12
34.160.144.191:443

prod.content-signature-chains.prod.webservices.mozgcp.net

52 B
1
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

2.1kB
12.0kB
24
21
88.221.134.155:80

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

16.4kB
467.2kB
271
343

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200
159.89.115.56:443

briarwood.caddylink.net

156 B
3
127.0.0.1:49743

firefox.exe
159.89.115.56:443

briarwood.caddylink.net

156 B
3
142.250.180.14:443

redirector.gvt1.com

tls

488 B
156 B
6
3
142.250.180.14:443

redirector.gvt1.com

tls

1.9kB
10.5kB
21
23
74.125.175.166:443

r1---sn-aigzrnsz.gvt1.com

tls

5.1kB
155.6kB
79
124
34.117.121.53:443

tls, https

218 B
126 B
3
2

8.8.8.8:53

briarwood.caddylink.net

dns

211 B
210 B
3
2

DNS Request

briarwood.caddylink.net

DNS Response

159.89.115.56

DNS Request

push.services.mozilla.com

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

contile.services.mozilla.com

dns

897 B
1.3kB
12
10

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

contile.services.mozilla.com

DNS Request

shavar.prod.mozaws.net

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93

DNS Request

autopush.prod.mozaws.net

DNS Request

67.151.239.44.in-addr.arpa

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

287 B
354 B
3
2

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.services.mozilla.com

dns

211 B
242 B
3
2

DNS Request

shavar.services.mozilla.com

DNS Response

44.239.151.67

34.213.155.5

52.24.152.80

DNS Request

briarwood.caddylink.net

DNS Request

briarwood.caddylink.net

DNS Response

159.89.115.56
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

986 B
1.8kB
13
12

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209

DNS Request

shavar.prod.mozaws.net

DNS Response

34.213.155.5

44.239.151.67

52.24.152.80

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209

DNS Request

shavar.services.mozilla.com

DNS Response

34.213.155.5

44.239.151.67

52.24.152.80

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::

DNS Request

5.155.213.34.in-addr.arpa

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.155

88.221.134.209

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.155

88.221.134.209

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:869b

2a02:26f0:a1::58dd:86d1

DNS Request

155.134.221.88.in-addr.arpa

DNS Request

155.134.221.88.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

273 B
221 B
4
2

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

briarwood.caddylink.net

DNS Request

briarwood.caddylink.net

DNS Request

briarwood.caddylink.net
8.8.8.8:53

redirector.gvt1.com

dns

130 B
81 B
2
1

DNS Request

redirector.gvt1.com

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14
8.8.8.8:53

redirector.gvt1.com

dns

130 B
81 B
2
1

DNS Request

redirector.gvt1.com

DNS Request

redirector.gvt1.com

DNS Response

142.250.180.14
8.8.8.8:53

14.180.250.142.in-addr.arpa

dns

347 B
406 B
5
4

DNS Request

14.180.250.142.in-addr.arpa

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:81e::200e

DNS Request

r1---sn-aigzrnsz.gvt1.com

DNS Response

74.125.175.166

DNS Request

r1.sn-aigzrnsz.gvt1.com

DNS Response

74.125.175.166

DNS Request

r1.sn-aigzrnsz.gvt1.com
142.250.180.14:443

redirector.gvt1.com

https

3.3kB
9.5kB
8
10
8.8.8.8:53

166.175.125.74.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

166.175.125.74.in-addr.arpa
74.125.175.166:443

r1.sn-aigzrnsz.gvt1.com

https

1.8kB
6.3kB
5
6
8.8.8.8:53

66.112.168.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

66.112.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request