Report - bombardier.com/sites/default/files/2025-02/PulseSecureAppLauncher.msi

Report Overview

Visitedpublic

2025-02-21 06:31:12

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
bombardier.com	143407	1996-01-15	2013-01-26	2025-02-20	535 B	7.7 MB	45.60.136.208
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2025-02-19	524 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-02-21	medium	bombardier.com/sites/default/files/2025-02/PulseSecureAppLauncher.msi	Detect files is `SliverFox` malware

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

bombardier.com/sites/default/files/2025-02/PulseSecureAppLauncher.msi

IP / ASN

45.60.136.208

#19551 INCAPSULA

File Overview

File TypeComposite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Pulse Application Launcher, Author: Ivanti, Inc., Keywords: Installer, Comments: This installer database contains the logic and data required to install Pulse Application Launcher., Template: Intel;1033, Revision Number: {3190376E-455E-4CCB-86FB-1676524BFDB0}, Create Time/Date: Sat Oct 5 11:39:00 2024, Last Saved Time/Date: Sat Oct 5 11:39:00 2024, Number of Pages: 300, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2

Size7.7 MB (7725056 bytes)

MD5e29ab77b336238d92b0ea83dcc4cde66

SHA126bb53f1b6e9ca3c6418e68b1cc841abcef7cd38

SHA256bd4dfd4fe55d631f19d9f64a05a943009dd9402582d86316d33e523fef7023fd

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET bombardier.com/sites/default/files/2025-02/PulseSecureAppLauncher.msi

45.60.136.208

200 OK

7.7 MB

URL

bombardier.com/sites/default/files/2025-02/PulseSecureAppLauncher.msi

IP / ASN

45.60.136.208

#19551 INCAPSULA

Requested byN/A

Resource Info

File typeComposite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Pulse Application Launcher, Author: Ivanti, Inc., Keywords: Installer, Comments: This installer database contains the logic and data required to install Pulse Application Launcher., Template: Intel;1033, Revision Number: {3190376E-455E-4CCB-86FB-1676524BFDB0}, Create Time/Date: Sat Oct 5 11:39:00 2024, Last Saved Time/Date: Sat Oct 5 11:39:00 2024, Number of Pages: 300, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2

First Seen2024-11-28

Last Seen2025-03-13

Times Seen5

Size7.7 MB (7725056 bytes)

MD5e29ab77b336238d92b0ea83dcc4cde66

SHA126bb53f1b6e9ca3c6418e68b1cc841abcef7cd38

SHA256bd4dfd4fe55d631f19d9f64a05a943009dd9402582d86316d33e523fef7023fd

Certificate Info

IssuerEntrust, Inc.

Subjectpreprod.bombardier.com

FingerprintC7:FF:D4:3B:52:16:DC:F3:FC:84:1F:7E:F0:BE:81:2A:AB:8D:CC:32

ValidityTue, 16 Apr 2024 18:10:31 GMT - Wed, 16 Apr 2025 18:10:30 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files is `SliverFox` malware

HTTP Headers

GET /sites/default/files/2025-02/PulseSecureAppLauncher.msi HTTP/1.1
Host: bombardier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "4cf2dca9"
last-modified: Fri, 14 Feb 2025 19:51:12 GMT
content-type: application/x-msi
content-length: 7725056
cache-control: max-age=1134508, public
expires: Thu, 06 Mar 2025 09:39:09 GMT
date: Fri, 21 Feb 2025 06:30:41 GMT
set-cookie: visid_incap_2830771=txbP86/aTpyyWTYembzxaJAduGcAAAAAQUIPAAAAAAB41WY2zFkptx4Z9no/LSDr; expires=Fri, 20 Feb 2026 06:40:57 GMT; HttpOnly; path=/; Domain=.bombardier.com
incap_ses_1849_2830771=jVJMGabo01ol1YgP1/eoGZAduGcAAAAAebmw4KND0ywnMA+NpITpcQ==; path=/; Domain=.bombardier.com
x-cdn: Imperva
x-iinfo: 61-31508522-31508143 2CNN RT(1740119440715 165) q(0 0 0 0) r(0 0) U20
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

444 B

URL

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml

IP / ASN

35.244.181.201

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typeXML 1.0 document, ASCII text, with very long lines (332)

First Seen2023-10-13

Last Seen2025-06-20

Times Seen185315

Size444 B (444 bytes)

MD53b324dec137a87ef7e24a30a65b13dd0

SHA1c0faa95b2f1018e264b3a14aaf50d1003e6c27b3

SHA2566cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/g/chains/202402/aus.content-signature.mozilla.org-2025-04-10-18-02-02.chain; p384ecdsa=6-_m96y3FI4OP1RJkfFtiJKEgI1ppDlXrtdCmw0sMJc5UGk9oisjnw_2IHDqp3G83V8StF10iUbxDZV89d9CMOTtwkQAy3ZwQLLjzTdGIw327fxVZmUNVplZBvcdqr8F
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 21 Feb 2025 06:29:07 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 112
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2