adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/551427fe-47ac-4247-93f0-c906950d210b.json

979 lines
34 KiB
JSON
Raw Permalink Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2015-03-26",
"extends_uuid": "",
"info": "OSINT - PlugX goes to the registry (and India)",
"publish_timestamp": "1427385297",
"published": true,
"threat_level_id": "2",
"timestamp": "1439989596",
"uuid": "551427fe-47ac-4247-93f0-c906950d210b",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384348",
"to_ids": false,
"type": "link",
"uuid": "5514281c-0d28-49da-b97e-cac2950d210b",
"value": "https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/plugx-goes-to-the-registry-and-india.pdf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384376",
"to_ids": false,
"type": "text",
"uuid": "55142838-f558-43f8-9a55-0988950d210b",
"value": "PlugX"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384400",
"to_ids": false,
"type": "filename",
"uuid": "55142850-c100-4215-a3aa-c2b7950d210b",
"value": "ghozaresh amniyati.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384427",
"to_ids": true,
"type": "filename|sha1",
"uuid": "5514286b-63ac-4c17-8c3f-4ceb950d210b",
"value": "ghozaresh amniyati.doc|19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384449",
"to_ids": true,
"type": "filename",
"uuid": "55142881-d534-4df9-b4c9-c2b7950d210b",
"value": "%PROFILE%\\Application Data\\Erease.vbe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384467",
"to_ids": true,
"type": "hostname",
"uuid": "55142893-e034-4995-873c-d140950d210b",
"value": "www.freetimes.dns05.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384500",
"to_ids": true,
"type": "filename|sha1",
"uuid": "551428b4-efc4-419a-affa-c941950d210b",
"value": "\u00d0\u0178\u00d1\u20ac\u00d0\u00be\u00d0\u00b5\u00d0\u00ba\u00d1\u201a\u00d1\u2039.doc|d746ca9b74fb04782e0e783980f7702a9356f1c7"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384514",
"to_ids": true,
"type": "hostname",
"uuid": "551428c2-858c-4fe1-99e6-c2d9950d210b",
"value": "lucas1.dnset.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384533",
"to_ids": true,
"type": "filename",
"uuid": "551428d5-05ec-4c11-ad75-0988950d210b",
"value": "\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d0\u00b5\u00d1\u201e\u00d0\u00be\u00d0\u00bd\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d0\u00ba\u00d0\u00bd\u00d0\u00b8\u00d0\u00b3\u00d0\u00b0 \u00d0\u00b8 \u00d0\u00bf\u00d0\u00be\u00d1\u2021\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9 \u00d0\u00b0\u00d0\u00b4\u00d1\u20ac\u00d0\u00b5\u00d1\u0081(2014.10).doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384565",
"to_ids": true,
"type": "hostname",
"uuid": "551428f5-e528-4919-a060-c2d9950d210b",
"value": "supercat.strangled.net"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384576",
"to_ids": true,
"type": "sha1",
"uuid": "55142900-be34-46d4-afc2-463a950d210b",
"value": "a97827aef54e7969b9cbbec64d9ee81a835f2240"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384600",
"to_ids": true,
"type": "sha1",
"uuid": "55142918-8be4-4f90-b698-c941950d210b",
"value": "6f845ef154a0b456afcf8b562a0387dabf4f5f85"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384629",
"to_ids": true,
"type": "filename",
"uuid": "55142935-0734-41c4-b46e-4d9d950d210b",
"value": "Calling Off India-Pak Talks.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384644",
"to_ids": true,
"type": "hostname",
"uuid": "55142944-0010-4e16-ac95-c2b7950d210b",
"value": "nusteachers.no-ip.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384657",
"to_ids": true,
"type": "sha1",
"uuid": "55142951-d724-48cb-9bdc-c2d9950d210b",
"value": "e8a29bb90422fa6116563073725fa54169998325"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384673",
"to_ids": true,
"type": "filename",
"uuid": "55142961-cb80-43f6-ada1-c906950d210b",
"value": "Human Rights Violations of Tibet.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384687",
"to_ids": true,
"type": "hostname",
"uuid": "5514296f-c200-4084-bda1-d140950d210b",
"value": "ruchi.mysq1.net"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384704",
"to_ids": true,
"type": "sha1",
"uuid": "55142980-5538-4b73-9b14-0988950d210b",
"value": "a7e52cb429ac22cc20be77158f97d6f9dd887e1f"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384740",
"to_ids": true,
"type": "hostname",
"uuid": "551429a4-5b40-4546-adfd-0988950d210b",
"value": "lucas1.freetcp.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384761",
"to_ids": true,
"type": "sha1",
"uuid": "551429b9-c6e8-4a70-b37f-c2d9950d210b",
"value": "147fbdfeed9f0825026b3b3ce558c3ad00410b11"
},
{
"category": "Payload delivery",
"comment": "(IDS disabled - FP>0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384787",
"to_ids": false,
"type": "filename",
"uuid": "551429d3-5ee8-444b-b241-c2b7950d210b",
"value": "Minutes of meeting.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384808",
"to_ids": true,
"type": "sha1",
"uuid": "551429e8-6fcc-4190-ae4b-4b0b950d210b",
"value": "8ee8ab984cb01762dfc6d341278b87a7c83906cf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384846",
"to_ids": true,
"type": "filename",
"uuid": "55142a0e-8c8c-45ba-8798-cac2950d210b",
"value": "U.S.,_India_to_formulate_smart_city_action_plans_in_three_months.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384861",
"to_ids": true,
"type": "domain",
"uuid": "55142a1d-ac64-4456-a442-0988950d210b",
"value": "unisers.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384878",
"to_ids": true,
"type": "sha1",
"uuid": "55142a2e-71c0-42b3-b1c1-c2d9950d210b",
"value": "a4602a357360b0ed8e9b0814b1322146156fb7f6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384899",
"to_ids": true,
"type": "filename",
"uuid": "55142a43-226c-40a7-bb80-4930950d210b",
"value": "CHINA NEWS BRIEF 09 of 2015.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384914",
"to_ids": true,
"type": "hostname",
"uuid": "55142a52-c084-4607-a8e8-c906950d210b",
"value": "freemoney.ignorelist.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384928",
"to_ids": true,
"type": "sha1",
"uuid": "55142a60-7d28-4e38-b873-48ce950d210b",
"value": "03b2a660d68004444a5189173e3b8001f4a7cd0b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384948",
"to_ids": true,
"type": "filename",
"uuid": "55142a74-5f38-42e6-b2a1-c2b7950d210b",
"value": "Draft contract CMS Trg System.doc"
},
{
"category": "Payload installation",
"comment": "The underlying shellcode is multi-stage andhas already been observed in an earlier sample dropping a PlugX v2 variant (SHA1: 9b90d6608ba6167619b5991fd70319dfcd1fa881, date constant 0x20140613), but in that case without the top level cryptor",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427384997",
"to_ids": true,
"type": "sha1",
"uuid": "55142aa5-4630-4a46-94dd-d140950d210b",
"value": "9b90d6608ba6167619b5991fd70319dfcd1fa881"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385025",
"to_ids": true,
"type": "sha1",
"uuid": "55142ab5-7cd4-4304-bb9c-c942950d210b",
"value": "dea6525b696df4643b10eb91381d95eec51479d7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385072",
"to_ids": true,
"type": "filename",
"uuid": "55142af0-2450-4c8b-967b-0988950d210b",
"value": "paris_declaration january_final.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385094",
"to_ids": true,
"type": "hostname",
"uuid": "55142b06-3d98-4782-9976-c2b7950d210b",
"value": "sumy2012.jkub.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385109",
"to_ids": true,
"type": "sha1",
"uuid": "55142b15-3858-41ed-b77c-0988950d210b",
"value": "6340a7916db67c1b6dc1731014bb440435578c66"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385125",
"to_ids": true,
"type": "filename",
"uuid": "55142b25-e2e0-4728-9930-410b950d210b",
"value": "Obama against IS.doc"
},
{
"category": "Network activity",
"comment": "Origin contains underscore (but not RFC valid)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385169",
"to_ids": true,
"type": "hostname",
"uuid": "55142b51-fe90-4efd-9378-c906950d210b",
"value": "dheeraj-gaurav.mooo.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385188",
"to_ids": true,
"type": "sha1",
"uuid": "55142b64-4edc-45f6-b021-c942950d210b",
"value": "739405cad3650ed0447a475f50f814f7c9787ff4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385207",
"to_ids": true,
"type": "hostname",
"uuid": "55142b77-9914-4a2d-9ad6-d140950d210b",
"value": "www.notebookhk.net"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385222",
"to_ids": true,
"type": "sha1",
"uuid": "55142b86-ead0-4ab3-991f-c941950d210b",
"value": "56b3f0f03ae12b56c000df67c1153d518c8a66fc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385243",
"to_ids": true,
"type": "filename",
"uuid": "55142b9b-2814-449c-b369-d140950d210b",
"value": "United Nations Security Council Committee Pursuant to Resolutions1267.doc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1427385263",
"to_ids": true,
"type": "hostname",
"uuid": "55142baf-33e8-4cb9-a585-c941950d210b",
"value": "www.togolaga.com"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6f845ef154a0b456afcf8b562a0387dabf4f5f85",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989597",
"to_ids": true,
"type": "md5",
"uuid": "55d47f5d-411c-49cc-8b4e-4a05950d210b",
"value": "b81879328ef8e954f94fdc9c1e8cbdf7"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6f845ef154a0b456afcf8b562a0387dabf4f5f85",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989597",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f5d-2ea0-4537-b56c-4a75950d210b",
"value": "a7f4a24c028d52543e5b62bc3369dff33dd39996c76d1d9c0437fd2e2d9c84dd"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989597",
"to_ids": false,
"type": "link",
"uuid": "55d47f5d-5260-4c37-a024-4c22950d210b",
"value": "https://www.virustotal.com/file/a7f4a24c028d52543e5b62bc3369dff33dd39996c76d1d9c0437fd2e2d9c84dd/analysis/1438951622/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: dea6525b696df4643b10eb91381d95eec51479d7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989597",
"to_ids": true,
"type": "md5",
"uuid": "55d47f5d-4ef8-4993-84dd-48ef950d210b",
"value": "db65cf057815a6fd7111f2f690b872b4"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: dea6525b696df4643b10eb91381d95eec51479d7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989597",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f5d-baa8-46f5-965b-4b86950d210b",
"value": "847f01049fefea4877249ee72e1757ded4445fa61b45a352f7c9101169dbe2fa"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989598",
"to_ids": false,
"type": "link",
"uuid": "55d47f5e-cec4-4589-b62d-439a950d210b",
"value": "https://www.virustotal.com/file/847f01049fefea4877249ee72e1757ded4445fa61b45a352f7c9101169dbe2fa/analysis/1427410306/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 8ee8ab984cb01762dfc6d341278b87a7c83906cf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989598",
"to_ids": true,
"type": "md5",
"uuid": "55d47f5e-0df8-460b-80cd-42b8950d210b",
"value": "b0ae36bcf725d53ed73126ed56e55951"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 8ee8ab984cb01762dfc6d341278b87a7c83906cf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989598",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f5e-3d0c-45d9-94e9-4576950d210b",
"value": "7bd0ecace68819b7f4038084d380a4e698b94dc6381965567fbd4910b55ae53a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989598",
"to_ids": false,
"type": "link",
"uuid": "55d47f5e-bee0-47d5-bcb9-46e7950d210b",
"value": "https://www.virustotal.com/file/7bd0ecace68819b7f4038084d380a4e698b94dc6381965567fbd4910b55ae53a/analysis/1427409129/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 739405cad3650ed0447a475f50f814f7c9787ff4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989599",
"to_ids": true,
"type": "md5",
"uuid": "55d47f5f-7930-4084-9379-421e950d210b",
"value": "52248e78413d8f2bfb22677bc0b3b1ee"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 739405cad3650ed0447a475f50f814f7c9787ff4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989599",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f5f-78f0-4668-8d40-4955950d210b",
"value": "eac9ce7e475226bb30def1e652f6952dcd1461419af005b10a87aa6b11226b6f"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989599",
"to_ids": false,
"type": "link",
"uuid": "55d47f5f-a5e4-4025-bc8b-418f950d210b",
"value": "https://www.virustotal.com/file/eac9ce7e475226bb30def1e652f6952dcd1461419af005b10a87aa6b11226b6f/analysis/1430987211/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: a97827aef54e7969b9cbbec64d9ee81a835f2240",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989599",
"to_ids": true,
"type": "md5",
"uuid": "55d47f5f-af58-46b3-ad3a-4f94950d210b",
"value": "a4c31191657992a4ae0ed1490f5497ed"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: a97827aef54e7969b9cbbec64d9ee81a835f2240",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989599",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f5f-12fc-4cf4-8d45-43f3950d210b",
"value": "e298b31c186c7e9d1585cce10321f200aed5da7b2b9bf2f465d22b980378a287"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989600",
"to_ids": false,
"type": "link",
"uuid": "55d47f60-8bdc-4bd2-8518-4623950d210b",
"value": "https://www.virustotal.com/file/e298b31c186c7e9d1585cce10321f200aed5da7b2b9bf2f465d22b980378a287/analysis/1424874254/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6340a7916db67c1b6dc1731014bb440435578c66",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989600",
"to_ids": true,
"type": "md5",
"uuid": "55d47f60-6160-42d5-9242-4ccd950d210b",
"value": "9eca81dd6953e4ff691d8a534280a8f2"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6340a7916db67c1b6dc1731014bb440435578c66",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989600",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f60-2b98-4005-a170-4409950d210b",
"value": "d474eec649cb1825c487df07a1ef2a0c9767949bdcadf60ab996f71fd143a214"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989600",
"to_ids": false,
"type": "link",
"uuid": "55d47f60-596c-4c4c-99cc-4d12950d210b",
"value": "https://www.virustotal.com/file/d474eec649cb1825c487df07a1ef2a0c9767949bdcadf60ab996f71fd143a214/analysis/1427410305/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 03b2a660d68004444a5189173e3b8001f4a7cd0b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989600",
"to_ids": true,
"type": "md5",
"uuid": "55d47f60-53e0-4220-bec3-407a950d210b",
"value": "5bb6be7fcddcd1cc51957ebc17ed872a"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 03b2a660d68004444a5189173e3b8001f4a7cd0b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989601",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f61-0d7c-4a61-8e48-4e19950d210b",
"value": "add84116acee953f6606a2240059a05fb4658cfacdee6dd75be752e183c5cab7"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989601",
"to_ids": false,
"type": "link",
"uuid": "55d47f61-a6b4-41f0-8afa-4e77950d210b",
"value": "https://www.virustotal.com/file/add84116acee953f6606a2240059a05fb4658cfacdee6dd75be752e183c5cab7/analysis/1427409131/"
},
{
"category": "Payload installation",
"comment": "The underlying shellcode is multi-stage andhas already been observed in an earlier sample dropping a PlugX v2 variant (SHA1: 9b90d6608ba6167619b5991fd70319dfcd1fa881, date constant 0x20140613), but in that case without the top level cryptor - Xchecked via VT: 9b90d6608ba6167619b5991fd70319dfcd1fa881",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989601",
"to_ids": true,
"type": "md5",
"uuid": "55d47f61-60a0-4529-ad61-4c75950d210b",
"value": "0f0c9e1dfc278687d00cffeef7d3f942"
},
{
"category": "Payload installation",
"comment": "The underlying shellcode is multi-stage andhas already been observed in an earlier sample dropping a PlugX v2 variant (SHA1: 9b90d6608ba6167619b5991fd70319dfcd1fa881, date constant 0x20140613), but in that case without the top level cryptor - Xchecked via VT: 9b90d6608ba6167619b5991fd70319dfcd1fa881",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989601",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f61-341c-41e6-b4f6-492f950d210b",
"value": "9691a0c0407bee4df7ded82650aa8b9a52d2194523b604b8d1bfb09ac39b3a75"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989601",
"to_ids": false,
"type": "link",
"uuid": "55d47f61-c380-4311-a946-4ab6950d210b",
"value": "https://www.virustotal.com/file/9691a0c0407bee4df7ded82650aa8b9a52d2194523b604b8d1bfb09ac39b3a75/analysis/1427410306/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 147fbdfeed9f0825026b3b3ce558c3ad00410b11",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989601",
"to_ids": true,
"type": "md5",
"uuid": "55d47f62-617c-4760-b0e5-490f950d210b",
"value": "80e420a8e3895cd2c059777cea60c256"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 147fbdfeed9f0825026b3b3ce558c3ad00410b11",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989602",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f62-fd14-4aa8-8359-4691950d210b",
"value": "b7268e28be84a705b3076e4c3fa9e591a88fe320698e92b1470cf31e1932ca6c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989602",
"to_ids": false,
"type": "link",
"uuid": "55d47f62-4890-43b3-bc78-4d25950d210b",
"value": "https://www.virustotal.com/file/b7268e28be84a705b3076e4c3fa9e591a88fe320698e92b1470cf31e1932ca6c/analysis/1426784898/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 56b3f0f03ae12b56c000df67c1153d518c8a66fc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989602",
"to_ids": true,
"type": "md5",
"uuid": "55d47f62-8994-40df-aa97-4c27950d210b",
"value": "1bfa72cc55fb5c4f9a388959590caea5"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 56b3f0f03ae12b56c000df67c1153d518c8a66fc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989602",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f62-23e4-4fdd-87b2-4dfd950d210b",
"value": "00b51d18a00bc6a257d81ed67374d06ef006eb4db02840cefc94f314f3e05ad7"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989602",
"to_ids": false,
"type": "link",
"uuid": "55d47f62-7704-471f-863b-40ee950d210b",
"value": "https://www.virustotal.com/file/00b51d18a00bc6a257d81ed67374d06ef006eb4db02840cefc94f314f3e05ad7/analysis/1429525184/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: e8a29bb90422fa6116563073725fa54169998325",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989603",
"to_ids": true,
"type": "md5",
"uuid": "55d47f63-6118-4d47-8c9f-4381950d210b",
"value": "b57c06d70beeb3897d57a5864cd332ca"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: e8a29bb90422fa6116563073725fa54169998325",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989603",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f63-c840-4b95-abea-4dc2950d210b",
"value": "38f44746c0ee83f9e82fd6a6b1859a711919edec0e414c1da025e999f48f7ae5"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989603",
"to_ids": false,
"type": "link",
"uuid": "55d47f63-5c80-4c71-8495-45bc950d210b",
"value": "https://www.virustotal.com/file/38f44746c0ee83f9e82fd6a6b1859a711919edec0e414c1da025e999f48f7ae5/analysis/1424874013/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: a7e52cb429ac22cc20be77158f97d6f9dd887e1f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989603",
"to_ids": true,
"type": "md5",
"uuid": "55d47f63-a864-450a-bb1d-41a5950d210b",
"value": "ceda8f6c88caf95def0c280505860f54"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: a7e52cb429ac22cc20be77158f97d6f9dd887e1f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989603",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f63-4c20-4f2a-9b78-4f99950d210b",
"value": "387b687cddaf993d06320a05f4d73433a6d31f712c8a34c8a76e991ae54a9998"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989604",
"to_ids": false,
"type": "link",
"uuid": "55d47f64-468c-4563-8019-4c5b950d210b",
"value": "https://www.virustotal.com/file/387b687cddaf993d06320a05f4d73433a6d31f712c8a34c8a76e991ae54a9998/analysis/1422689777/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989604",
"to_ids": true,
"type": "md5",
"uuid": "55d47f64-625c-45d3-8384-45a7950d210b",
"value": "ce002e76ce3038070934fd6b883a2033"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989604",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f64-9ebc-4586-bb3b-4fec950d210b",
"value": "f24b873fa61d48d5436099a79ccc5524b276fd0626a6e915dd3c5e5d231a9600"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989604",
"to_ids": false,
"type": "link",
"uuid": "55d47f64-6208-45ee-83f0-4cf9950d210b",
"value": "https://www.virustotal.com/file/f24b873fa61d48d5436099a79ccc5524b276fd0626a6e915dd3c5e5d231a9600/analysis/1427409128/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: a4602a357360b0ed8e9b0814b1322146156fb7f6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989604",
"to_ids": true,
"type": "md5",
"uuid": "55d47f64-5688-42a9-b84b-4bc2950d210b",
"value": "9d0388251cbaf3648aba463f66a8fee8"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: a4602a357360b0ed8e9b0814b1322146156fb7f6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989605",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f65-84b0-4147-9245-4deb950d210b",
"value": "89ab2d9643bdefd6d46618b2f11fb1357bb555a0e33d5d8fc8bb33eba3fe7cc3"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989605",
"to_ids": false,
"type": "link",
"uuid": "55d47f65-d564-447e-bb14-4945950d210b",
"value": "https://www.virustotal.com/file/89ab2d9643bdefd6d46618b2f11fb1357bb555a0e33d5d8fc8bb33eba3fe7cc3/analysis/1427409129/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: d746ca9b74fb04782e0e783980f7702a9356f1c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989605",
"to_ids": true,
"type": "md5",
"uuid": "55d47f65-2208-4e14-b2c0-4dbe950d210b",
"value": "0064b8f850f36d2043892230c8c50e68"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: d746ca9b74fb04782e0e783980f7702a9356f1c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989605",
"to_ids": true,
"type": "sha256",
"uuid": "55d47f65-af80-48f6-8e57-4351950d210b",
"value": "68c5516e00166721acb775522cc033e1ccee6428e8d64eb9d7582b26b50c73f2"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1439989605",
"to_ids": false,
"type": "link",
"uuid": "55d47f65-86dc-4142-9daf-4f54950d210b",
"value": "https://www.virustotal.com/file/68c5516e00166721acb775522cc033e1ccee6428e8d64eb9d7582b26b50c73f2/analysis/1427409128/"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink