2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2017-03-10" ,
"extends_uuid" : "" ,
"info" : "OSINT - Wikileaks Vault7 JQJSNICKER code leak" ,
"publish_timestamp" : "1489174184" ,
"published" : true ,
"threat_level_id" : "2" ,
"timestamp" : "1489174168" ,
"uuid" : "58c2fcf1-283c-45fa-b289-45ae02de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#3a7300" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Artifacts dropped" ,
"comment" : "There are however artifacts that could possibly be left on accident and or on a system that never had a cleanup initialized. One of those examples is a registry key that seems unique to this malware" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "regkey" ,
"uuid" : "58c2fd28-8b98-4107-9d81-432d02de0b81" ,
"value" : "SOFTWARE\\Microsoft\\DRM\\{cd704ff3-cd05-479e-acf7-6474908031dd}"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c2fd63-b1a4-4f74-aa79-41a602de0b81" ,
"value" : "http://marcmaiffret.com/vault7/" ,
"Tag" : [
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"data" : " U E s D B B Q A C Q A I A D u b a k r L 1 j N R Z i g A A A B O A A A g A B w A Z D g 1 Z T I 2 O D Y 4 M T Y y Z W V m Z W Y y M G N h N m Y 0 Y W V j Y T N h O T l V V A k A A 8 L 9 w l j C / c J Y d X g L A A E E I Q A A A A Q h A A A A b C c O b 4 v 0 Y q m 1 E r A v N D I 1 l A Y X s K g h O r z n e W a b w V 0 8 H Q U J 5 B T x j + t h L J O 3 T J 2 F k I I d L v 1 P c c 5 W F 0 A x I 3 H u P R 7 T R 0 3 c S i l j Y 2 / I m h / h g M 7 d N 6 M q C 1 A n F j R r H X A f V v X y J f l 8 w f X 6 x g x o 4 p R e 3 A S 2 n p q E A v A 4 k O C q k i T t 2 f k 0 a z Z l 6 + 2 g 5 E O s 9 K 4 / m u M g p P l B 57 + z y q Y P 1 g S u d 7 t 9 y X b S F G E G y c L + b L 3 Z c a a W O 9 Z S 6 X M W 787 r a P O I V D y W D K e 31 U z B c G 5 c a f f v O D h 28 F f 3 R R b q c X R p Y 81 z F 2 K 3 s T W i P 8 p J 5 A E p q x w Y L X B G b S n K f 0 x Y 7 Q W o v + F Z z E u 4 k 4 a y v y l B a G W 2 P m V y i 1 G S N p K x 4 E X 3 J k w 7 P R R N G d e d z + I 4 X d K C 6 i a G U x x p 2 Y l 6 K l m + 0 i 9 k H t + k W u M F 6 D G G r i O F J t C s u v 9 q + s 0 f w 4 x r p h y n y D 8 D S f i y S 2 Z B + u M Z v + o R w 7 N d U + M s 7 O L 64 U K b p 0 Y P x R m d A r 2 p P E w q o E c 4 J x u W L h v Q d N G J + 90 T M h 4 z s k j 2 U G Q 5 q U X z g 3 i 7 P m S t 7 f X Z w E 9 e z v e w U w E S N G 1 n q 9 u 9 I t 54 N m D / v g + 5 f i 31 B Q K I B P X X e D S F / B J v 0 g Y X w A a y 2 A 2 F z v Q q L u Q v r Z w 4 t f i v 6 T n 5 s A P e 7 s H q q / M u S W W v W e X Q A R O s r j n h k m Z d b j T q q w q q x V r U 0 x c 1 Q V g w P X 98 N l + m r 25 O J C S z N z s 6 e n o O B j O F L 9 Z g v F s T S D i o / L d K 19 R g Y F Z S S I y p N e R F G o G R i 23 G E R z D Y 7 p 2 Z o 7 r N J b 7 d j G G P q e 82 o c k / 5 / 5 / P u S K n l a m + h E 8 F L e B q 2 X a m 6 P u 9 e + k p I 3 e w 7 A 6 G Q b o u h y 1 i 67 N 30 a 66 G g C Q s N 47 e o m O j w T A b z J X R W F 64 R H e J V T w e Z O V f m F Y 6 E a u s e f M J d y 3 C / C T M y i c C I 7 j S 5 a k D b u i c C H R L r 76 h x + q b a s E S Q d D 4 j n i d I k j 2 G k h G G x P F p 6 R O R a q x w s K U Z 9 H P q M o F l 0 b Q d D U s P r R F d / e 3 I 9 Q A 2 G F r h / u G 97 + D l Q B a x x k C f N d b T l r w 2 B z Y Q p b P i 4 Y d J d V 6 O n / s 2 Y h X G E S 1 x 5 J Q G b Y b 3 d 7 w T 15 x N g F 1 P Y u y 7 c K X K q a 2 x + e i V V B h R o 0 E n P k O 6 e n R X h W 4 t w B D k p V 7 W j t Z 9 Q r 8 w g A i t X 330 k Q h P n q 0 q r E E S w L 6 B 6 j h q O s U q x i 2 n D D u q V I s k h n i O i V 2 O E 0 g J W W b M q G G J s d Y 2 N 6 I / i 8 Y y l S F 5 u / 928 I P z s B y r Q N R w x n + F T Z e v O C r J N U e 2 C t J O 2 C c G L Y o v b i 69 + N P p r R / Q Y i t s O e L y F k p r F R y V V s t J H 56 Q w S 3 V J n K d N A W 3 x Y b 3 o O Q 98 S L t r A n B i 78 L N c z l 3 L x l s I z A I 9 T T 5 j Y L F 4 i J Z l x d m k 2 t x u Z 4 J T 4 Y n q V l 5 i e 32 X K s K r u S a R H g j z 8 D O E o S K 0 a y G q I N H K o 8 P U 2 d V b Q G v 8 D r / i y w + 4 c E C 50 f 0 I 3 c A p X y T U k n I g H k w r v z I L a J 7 d e X q e w E a c o t u A O B m W 5 e L Z n c o + k l y f K L d 0 65 z a N 57 u c h G x l 6 T 7 h G y u W y F a k V w H r / O j P g 4 W n v 8 a 7 C L 5 Z 8 L R z j s z V y n z N g t E N Z 7 R r q s R N j e v 4 K J 3 U N 8 T G e s 84 J K G K G z r F 2 M C / N i G 1 i w X z Q Q T L d e q T g H Y e T 44E5 Y 9 G G q n s d a v O 1 h N g Z 3 w b 5 h K v f R + R k r X Y 5 h o m A z m r i P K k 0 X + o M f 1 j P 1 c z E o Z / r H J b x g l / m L m J S X k a B E L 6 c R + j b c K J p n P h L M l s U G j F Y i P n M e I V M u B F M s D t 0 o f T e 7 m 2 z 54 G M 50 Z A T t Z 3 H h p i z B Z n 0 z D Z 6 r o P A A k K j j / B u 1 v K 7 g C E U 2 D 1 + s H 6 v P L 2 + u y + R V g A e k 3 g w P h F d z U F u 7 B a O K s A 42 W c S M F u 2 n t 3 C I K w Z y Y c 5 y 3 X p T U c I 9 E A e K z o h G + v r L n c H i F j s v 9 L 3 Y p Q w 0 H 1 i U z 9182 D n K U H L 8 V f e V V Y e l 98 u q W N V k M J C 11 p L F l g z i 3 P W x R s f m I k e P T q 4 f 2 J b G 1 U c v v m 728 D q 38 B z v Q H j c H E w B n f 84 s v Y A D F A l r y t / L J F B K p 2 f 8 p 719 i p P D J H C o Y m g f Z J m V / J F 9 H k G //iTufQCwGCmEO6VEZ140fzF83TDjFMkgDWrRsxKsSzTOQaTA5wwlz6OTlgF5fa9uHg2JF8XRa2HDqqMDhKZXyyL+D2z7www4SiRqRvW62KzJazCOCPjW6ldcIdZ9yrjhudjIio3T4/BTifSgbtjjS4qSxXhoFrZTZ1FQxEteQScrZK3C8XOAeOeev+1GKj6tM6vJmr7ewSpUYjH7UUDq66fOE7uylRtRD/Ww82H0HgnOfycZDUwsMSX4e8+kVbFZNoFaFi9K86Wu5s1DBg+wVyqSrIeucpKNNlCd/KP5XzdoMVeKzMSWPq16KZ6XxKl+v0hhPSIQDTqUqvFV73IiMeyTwUEz1cCy/LaD3HdIWDvLHz/Sn2DlXP2geEvmERnhosKjLgCN3Oql7Z9mioFCgRbWgVPDWg2mD85soTcQWyCzEi41S6RsQ5d9f3mmDmE7hSi3IYAJLNN4fXupNZNs1TMlS7AzvnUhi0VGnxtVOF2B/ARaP5098xnjszKJ05zZS9d9sR2AbEhV5ULDtdBMz0huK4XqTS4CO658bKjlZBzHGlKTGB8MPDAf0VVimOmHTo3vwAHvwuLCOwuBQm7uIT01IHX9w2Ex5svefW7o5kOAP8y08nvT4psSNzmWPIu8LEzGYBvPqf+b6pWPDV6GW1omQJJGCae1fhdeXrxfXLBRlOGk3uW1tLfRTK/5gA2iYURSok4eTuinP8KYEzRN25G8zQ8YIqn7rxfQKjAVpqTpL+Dh6OZQvfMR0FtQ54a/w7m5tIYp3ut7gslliADgl1TzJBtDHIshPSLUUo7W14z4K1DjlNC2Sf90GNLFADxapfjQ/xL5+miYcjPGu/wjdCdRT6DTbp+TpeD+echNhtSyZIVM9nozPogJX4gzGlO/kyIib7aoaPrnBTei5ZJvzXg4fV1nozYsiZB+ck9g1VgrAUe08ZmxPThIxkya5aOS7SHkGRgyzfHTzA1A+xdkKirzV67k/1jrHkXDymQPxLxwAdlxcMzgixUHjX7iZRS2zYAKkFqE9m75XDWJx8FgJmifIU9ZAMPBqT1YChrgi5CEP0w249rHgIBNMilj9u/FCn+cQxAxe68/fPRzVDtrxTsrBaHGIxKxUx6sFRWFvYDBKR1BhZDok8/Ht+u5atbyD8/2BjtYI5WH7pCr1eqwlP8O2WE2qkLDletSvO6E+r37IEL2QmgR4Hf7cU5AJcknhOMGGh8WhkRu6nw6RrQJSSc+QaSF0dqpFbJ0Drt9SjGRmqR2bYKErVahi4iRunIHTTNu9LEGtBRFMLWPFkJofErrvcVqtGIRuogEADHNDhRLPjYsxQrUiTzd18RAzwCKuJkg2+guKifMT0WjwvzwIf3w5U6rSgZfibhJRzidlHGnSapgFQcs0M1cPZlPK2ej4mn3ORGBjOazlyruBzTbolQCc/UYwV4veIkLDc3Rqye2N/gqkjXmIaYQQBHbJAE7ypLPY4LKXlpErYOSU5Al6ObwmJJ2NQZbtyeRmgDLnzwRiiJTGYiiNixfoL0sVauObH8otFYDKqNLTyB33aiOdjXipVWiTbeaMR1iLnmnlt3nZNoL4DO33m9Qqch/erlxUKPvVn1bHL7WLpLPZbGw2x06bTqnTRHB9oPEc6LyCgtSbFnN5LH21au2Zn6TeDZiWU2q5/UvfBWawhrc5OEcIDH5czVa9pyUh7/Itsm+H8qtYs8WEWsbVhg2Vi9nEUqcUj4D34PB1d0XQYJTpSfb40N7Q5JmZ/KtS9rnmUETNEz+89ghkKyg+UkOg5ORURzYmjYgl8o8bziA7l9ODnG/0LLWTgbgg9HnMajxTm7j/x6DkNlDvhqnsVihwLDgPpO+VtXvxagWbWEg6FX4xCh9AeZZ8zH6VTz8LemWqeZGuuPcZ5Xe01R1IFrwkm9Z0G87F1ja5atEmm+aueXTvooEq3AHkrCTP9RFHhRdtGZ+/smlUiIyMI7hmrwfyfl
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "58c2fdc2-d54c-4019-bf44-44c602de0b81" ,
"value" : "Installer.dll.embedded.core.dll.file|d85e26868162eefef20ca6f4aeca3a99"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "filename|sha1" ,
"uuid" : "58c2fdc4-e6d8-4f6e-9eb5-4dbb02de0b81" ,
"value" : "Installer.dll.embedded.core.dll.file|02aa4d3712f324aa4b125056b52a5200691eb62b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "filename|sha256" ,
"uuid" : "58c2fdc6-5064-49be-b39a-429402de0b81" ,
"value" : "Installer.dll.embedded.core.dll.file|ea042bd3a7df11273e233c423e9740e6b51001911139855ef39501472a1e5fb0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"data" : " U E s D B B Q A C Q A I A E C b a k r j V A P v h l g A A A D E A A A g A B w A O D I 2 O D Q x M j h k Z m Q 0 Y T A y N 2 Z k Z G I z M z c x M W J k M m E 4 Z W N V V A k A A 8 j 9 w l j I / c J Y d X g L A A E E I Q A A A A Q h A A A A b / v l R w T f N k v a 0 p a 6 z p E C 1 S 41 B n t 3 d b R S O o U S 2 i w c S j C M j p v w v Q N V H O t w m Z z M 692 X T 9 i U + c + k m b v k i 2 R 0 i L L F f G t / 18 p X e e I n C p b t E 9 X h W c b 4 D N s h j T V N j z 6 s h r p y o z K T v 8 B n b a G S s 2 N 0 S k l l Q a 0 P Z R Y V t X 4 O Z Z g J S o M p J U 4 o Z D 6 Z B z s U P m H K C U a 5 r S S f I Y C 8 R O z H j w U / l V 6 d 0 D r f l V e h B 8 N b F W 93 x I U P 4 E d f z Y 4 G k X l q h e n h t K v k B K b f H m s t O W g s 20 b O w f K V H 7 / i + 7 / G H d / R z w H R A 5 F Z R B M 1 U 2 Y 9 H 93 e h f 8 g 8 m d S b E 76 T 2 t d d 4 X W X g W h + a P 9 p Y W V J S r B W t t D p v z 2 I v q 5 A s Z J V C W p / n i t 0 + z U v l g s 9 L R a 0 y L I J R s P e p t N Q r g G r o H s F t l H g 2 B f 7 x z 2 s G X G k k H m + Y 4 T 79 S 0 j Q a x z 5 + N d g E e F 2 y q 9 i p m s Y z I e D 9 P i Q E I + d E D w + r q Q q O t r u 3 Y g + E g I O g 7 p 2 I 5 K 5 C t 9 b f L R V W Q D z 8 O j 3 k V Q X h r X n j W w z n t E / 8 i D b X U f z 5 J g J u p O p d I p l G p C r n s w D 6 V D c f o 4 + i O o M S 1 D W O n A A T E J a V q L w d j u o / j e e M Y k 7 k Y h 9 s h 4 w i / d x z v N a j 8 i R 6 n q Y a n S M 4 i q t i 7 H k C 0 W 1 z N n X h e F / y 3 M O + h C L Z z 53 G E U B 7 b 3 Y A N j p W R K 6 X + r i B z m 4 T X 7 o z s s w y U A D / e F 91 l X t Q X O h L j m Y N s 6 C G 9 L 3 P c 7 + 3 C l Y 4 l Q k i x w P 2 n i t T T 6 s A w 3 V m r A S z S F 7 I Q q P v + H / Y p Z t F g R u d x g 7 G 71 H n L Q o w e v F c 1 f w W N 9 R R g A 76 m Z 8 Y x o 0 N I i m Q O k 16 j z c U k 7 c O k O T g H w M E v + g 25 z Q C u Y D 8 m 0 c P s b n r T Y u v x g t C 662 j n z w A + o R R 3 Q f k F t x A S 1 K F a 5 b 2 x c z r w a a g z P m w C 9 v G H y p y 5 t z y 5 r m / 0 M J K G r L r 7 X L Y U O r o V V x f r O B S v n 54 D L 2 b F W t / U 2 H R t Q H M Z R V f q e C r D 8 c p 40 a 2 M 9 b E a 7 S R 3 Z i o M H F S 1 M M 83 r h B D I 4 q S Q b h d G 8 A Z H z D b 5 z a x l X m w P 6 R L 9 c 37 C 0 B m C q z w V s N E g H v J l U d U q I T t p J 7 O L 4 f c u R U I j x t C c h u H w V E j B T e A 8 O T o w F D / m 4 O Y O B X J P o a K U c Z D w 55 O c 402 s Z 8 H W X / O Z B D I T x B T q i 7 x v P p 6 Y C B X I f B 4 + 8 J Q M V 6 P 3 r 0 a 6 r C o K s S T g y k v X Q m W w j R x E j O Y v Y K M p x o n Y e T x + 5 q p u h C N L b u d P 3 R B 2 T o F W 0 E N g i 50 J u L 0 C X 1 z N F 8 I w P o S 90 k L 1 z K k K n b 0 5630 I x W G f c 3 z r y s G Y p l t Z s I R L S o a I H C v 5 U J 9 q 7 l p u 7 f C P 7 e p 3323 P C s L y o T 4 R 4 G K O B O 0 K m a 2 L P H v B l s i 5 R 4 B W v N S Q T u h 3 m i S R S y B Y R d h P l h V m 94 P l 6 W s b V y K W l J R D e W s s A 1 H y q b G X Z d X / w d M I Z + X / + 5 w h 0 F X P 1 Y 0 D y x d D 7 B Y d 6 f N 20 d f m 9 X x j p h 7 J 770 j b K p t 8 c K L H t Z j F G c l I s T T W U R N P G 2 f N q m 2 N A q k V n 1 s n 7 b O 7 u E S c Q l 1 p k 9 N z 3 v 61 a V 1 U I H J 27 x f G x E u t W 4 b M H u B B R 91 F 4 V v d P E W q R w + 3 / T 3 q 9 Z b W H r + 4 O v q M F o G H F / L y q 8 C o U J u R h w Y x k Y W d h c H f E u n d M Q W d t O K E r j X a J m 1 R N x 9 X R U b o s d G d j 2 G b 9 y v D H U k G G Y m e i 57 c h F O V o L / T q k b Y t I w K 0 L G M F k I v 3 L 8 R z s t k x 3 / p B D p j 0 3 Q a H L 23 t p l y r F V e 0 A g J W h 4 f 0 z U u F 1 O w E i M + i k 3 I S 2 m R W c 7 K B m p w V r G l 2 E P t f u d V M b M v f r G + + A y 2 X Y x T h s w E e I e O J e 6 T e Y 0 z 3 x f p i C 6 W 5 x 9 X b / 3 V N 649 v Q U f v q 4 v x g Y 1 C j B 0 o G N K G 7 j w E 72 J 0 I J o L A W 9 e S U a S j / I O n s k Y D 4 R p d o 3 d Y K l H c 3 M z f 4 V N 0 f k n 9 S W k H F z w R J G W n b w B O R 1 o w J R a h R k y / z F t E H 8 Y v 1 R R 64 j F z O 9 j Y 9 n W 8 y f O X f E 1 K + m i e B c T Q j O 54 W J s g a i p Q x 9 z m U f E S + 2 z p 8 H T P u Q B J W W G n 8 S V w S M B K 0 q + C 9 e J i M D Y S C z 8 M V N O v P t 2 F S N O S 4 y 6 s m S p S 0 y v s 7 c F I T a T Z g 4 R 5 M D i d 0 n n n L I Y g f 3 U e x F t 4 E + P v D 5 I d u f m Y 13 L m b y p A G Y P O d p J W C q b 14 I z o p L a m W Z E L d 783 U I F d p x H 4 k L 5 Y 1 p Y Q Q 4 t + V R 8 Z N Z e E Z h J R i O X c 0 b V U 5 L g 8 z p o V + v i N z b T q e 6 B u r o X A f A o + m W i j K M a V 9 C m A c f V / u D 2 P T C A W G L d o Z n B q s 34 E + q a 1 h U i + 2 m l e 0 O w U 1 G p P v O H Y r Q b E 8 i N W M e F + X R E K 0 x A k h v A A z r 9 g 8 G 0 C 1 G u I 4 d V x w r c 98 h k O 9 k d W Z 2 I 2 L c H L g 7 y i 5 A c z 4 E X u 1 i 2 s i q g k Y b q v f h 9 s d P z w c s u G A k R m A v / u f X p V m k r F 7 G m 3 F c r d 4 s Z N 0 I N s I C 4 + K q h B h 3 W I d 3 o B 3 H 3 j m g D O S v Z c l H U m L U u Q V C K 98 m O V 32 z H z J C o F + E t l D h z P q R p / m H k B w r Z g a R c z T h J T u x F B Q Z 0 G G q F F H J v t v 9 O 29 K k w e y K t b 1 Q 7 f c y k H h K Y Q p P 5 A k j h / N a W q 5 u B E Z F z m l i J X 0 Y W c z N q y k X X q 4 v M N x w 6 w x 5 f O z J 3 p l a Q W Q I Z S v W n M b U f G f m f I q r B A e 0 K L l p x C h L x J 5 c J S M q 7 G w T f Y a Y + I N g s T 56 Y Z j L K P x Z z + 4 x 1 J 4 f S Q 7 V L 48 R J u m t N + R 0 M 8 Q J U g d L d i 2 p a n Q y 80 z C f o u N 98 Q e G G c S 3 B b S D 5 B T f k f R f K 75 e w i X X E V 1 H + r f C v 8 L A 8 q 9 T j Z b 6 C 8 b c k q c N g w c Y F v R 6 I 5 B I A B 3 g V Y q F w k d X R T C I n 3 L m 5 m + P P 5 E H T 1 N c m W 9 G y 56 C N O c W a g 7 F / e a t o L n g f g 6 L U v z D l U 5 o L 5 q S i q n f 7 s i h f a V F Z V f I c 1e8 u V B L E X b h R p T 0 l 7 o v g W O R C k A u R Z q r F i T H q / 31 R S q m w I e E V l 0 t K 6 Q m 3 p H + U h B K E 4 v c F j Y 0 0 x q a j 3 a I 0 U w 3 e P u 2 Z 3 q D J b e X s q 35 C K G t P 1 W 6 R 82 O C J 18 y n T w o 2 U m p T C K N q U o r n C z I c E Q t c A l j o y Z f s Q C e 3 p q i s M I m v 9 M y K P 6 H o n b q o z L x 7 q i y r 4 M k t N q k w h w E T c Y h T c b t k F a i K 3 W z 5 g R x F H v E L b p N s t V 9 c Z U g 5 V / 3 D 67 H Q 1 V v z X Y P f z p O L N r L 6 Z t F C g q u 210 l + N y T z P v J / s y b 3 z e n 4 U Z y r W k H b c 4 B Y b 9 G j / r 51 j R P f R N 7 / p D a a Z L / 1 P + f / 1 v 3 z y m 3 B P s H j 6 + V 1 F f R r n K 8 d e E Q m g B p i 8 s E L S g h y 7 F l h P z 3 C a V q n H p + 6 T 36 N Y R y S z k a P C e i c h 21 / P z P 6 t 3 R Z Y + t u u i D T G A O g s N L J t 1 v D L I 5 x z 94 n P / F l 6 L h e o 0 g g u r R w W u U H x E r u j P D i O q d S v L G / V g H R 26 h R R S o V 90 i t k y X 3 X H q 1 d o Y i t R i M K 6 a A N J w + d g + g u j R g g L R x r X H A q L T V m L D x T B 6 q N u q s i b + A b 0 2 d K f p 4 O E E H Y + l t S V T A v f Q n O a k 0 W 0 3 q p y F l / P U 3 h x D F X m f C I D W b O g v x z 9 X m Z r z Y 1 z x r I I L x + c J U L / o 8 h i Y e E 2 B i h r B 2 X f n Q G 6 / c d q 3 h Z / 4 + Q 344 D q f + B 7 t L U 7 q v 0 O p 50 T + p d w 8 i 9 U Z s x m K g S z 9 S e z Q 1 a t t 322 y T Q w A q S Q 2 w W j F D B B v s A r p 2 k B q F L 8 D Y L f 5 g V c 7 / E A 1 / g J + x z E 2 G u + w A g P T r T Z Y 3 a x Y k X Y 4 M V 8 q c k t k R Q i k / H V k d + F r G m d 6 e L j + c t o m a v R o / o S e m e 9 m U d h v k E G f P A p i 6 / A z P z l H A g k Y 7 h D J d S i D 7 R 7e3 e a j 7 P y j T s S w J W G 9 t I H a T i a Q o q Q L s s I W y Q N a T x H 1 f a i 7 v G a G 5 F o A z O x p E / k D Y 3 Y u N M U 0 q E N 0 Q P / 1 G g T Q E 7 g y k G 0 M P U J O E U 5 h j j F u 11 s e 7 x v Y + e R r P 6 c 7 f F f c B k k t H I H u E r a 3 M f p V p M X M 4 / L L 1 E a D A A Z 9 Z x R 9 a c 2 l Y 57 h U 2 P h L z r g V N v D m t x E o B L d P p 5 k g Y u W R W 8 G F o y U V 24 a y K + T 5 t k c c T F A y G g c 9 t o X A y I j e i 6 c W P e X 7 O k O n R w w e 4 z l t E O u e j F X Y N p J G v p F J S n x i m o 3e6 q E 9 D m K e 8 l s q Q I o m O Y K q i M S h y C p u l B + t T W F J G S u X 6 D e k A U W E O F m
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "58c2fdc8-2af0-436e-95e3-477302de0b81" ,
"value" : "install.reg.base64blob.decoded.installer.dll.file|82684128dfd4a027fddb33711bd2a8ec"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "filename|sha1" ,
"uuid" : "58c2fdca-95f4-431e-913e-470602de0b81" ,
"value" : "install.reg.base64blob.decoded.installer.dll.file|c9c76637fe3d5febf0cd3950822fb5836f7272dc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "filename|sha256" ,
"uuid" : "58c2fdcc-ca28-47bd-a12b-45eb02de0b81" ,
"value" : "install.reg.base64blob.decoded.installer.dll.file|f0d422222b6b39b4a141b6916cb4c844aeb6173fe185fe1030497d273f4e1377"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"data" : " U E s D B B Q A C Q A I A E O b a k o z j + I W i I Q A A H k k A Q A g A B w A M j I z M m I 0 N D I 4 Y T U 1 Y j A 5 Y T M y N z I 5 Y T V l N z A 3 O D h i Y W F V V A k A A 879 w l j O / c J Y d X g L A A E E I Q A A A A Q h A A A A b C c O b 4 v 0 Y q m 1 E s j E n W l W w p n / R g c / 5 L R B t a p / z C V x e l / O 7 J 4 j v Y w J L o I / H / + S x L e W I x u a 2 n r X g a h 6 F X B Y D B g B L D y 1 i N Q b L 4 F y t y 21 L k A 0 L h Y Y z q U I E f f 13 A d d g g f T 1 y T 0 R D d V 9 w Z M 51 l y 4 o M 8 M R w 6 z 6 I 8 J N J 1 p L F u Z x F U u 9 V j K 5 D 7 m q 6 o e J l w m 7 j f X g M b Z U 9 L m b k P A k V u o t 97 r E 7 F i h E 5 z T x a M 9 V h N v V 4 l n W t o D A M s i 2 R k Y v o I H N X f Z O U x b e U 3 A A d h s 8 V P T 27 J h t D L L y U 0 l p + y x 3 E F W Z 1 l N k Q m b V Z 25 X z 9 o O Q t K + F 8 c E v R V 85 + m R O i P v 7 P + E m D G c F j D f m g 5 o Q f h z 9 w 9 P 5 I 5 Y Z L + T K Y B l l w C S + F 6 A 4 O + m + r d 5 Z 3 N 1 y u A 6 y L / n q j u e f P 87 K k r o 6 u K f l 5 G k a J / X 7 J e b z Q J l U 6 h I b d Q 8 V y b c 6 q 0 s h m d w 5 E B r t f i u j 0 c n X q + b z l d g 1 X 7 h k U 9 a k j / r y e t b c f g t F k m g 107 B a n 6 l g B a + J c x x D N H L g e n i y q v U x K D 16 y x o H y E p J U B i + a p R d e / G z O K V p J c + G O r i O R W 0 G B N q w P c V N i 2 D q w a 7 l d C T A R F c E b o 3 m v i 2 I X z 4 G c i / j C w H B + D L y x m S A E Z r N C W h I 7 B C C v J h l + Z 7 k w F b n D i U / w 9 C v J h J P F 9 L 3 J 0 c 34 h C g L g k 3 j f d J Q + i V T + M u D I f S T C z 8 k w i W o x X R o A G d 1 n l e + Q r R 6 r K t m Y P t Y V 5 A r E U Y 0 o 8 k q X 55 z K L r A 7 A k D T R E E e e m g 8 b T V + F 9 F z q S o k r 8 B E q B O 4 h i T u q F t k 9 j 12 d 1 u I 9 A t r p D x 5 h s 3 D o M B d 6 g 5 E B o X m 3 l M V F a / r / 7 i f g k g d m J d m g 5 t f A T I S G j g Y 0 a B o c + g X M 9 h O q I U + G 2 s S e o C 3 w i V w a 4 X c 9 l h m P O R q i p k w I f z i m 1 k y O 9 x P J r w F m R / P h B B j d b B F k o H + 91 D p h m h C A Q M 966 V 9 J d A B m W T v b f j 7 X 8 x T X / b w F + o p A p s b c s Y d y E O z u f T e N r 5 T w O B f K V b A 5 q O T l + 8 e y c 1 h Y 7 y S B 5 Y H O r V b S u m z K x i R Y Z f E j O X B k D + J 0 S T S b U y 34 b x o x F Q w w A O / N V s r T m K / d s M X a R I j N q m S P 3 k v T D 9 p y k B P I 7 I L 6 h 8 i A 2 t T 7 j S S B c x A G o y x C L Y 8 + Q Z L f + g a M z o 1 z 6 i y 2 R 4 p O + r + U W b + P r t B Y l 97 S u E n N N F n 24 f l 0 H T V e b c S m H 2 k l i e z h s + T F m p h L c R x i r P H z b t F j w 8 C s D V 2 h d 2 n N 1 Q Z D 6 D R //3W4PCvivdOOCgY/lmPACrD2j94skGcfFzgNCK2GJWbeZrb1rDypjoP1VMGAtHqSHNrM1DLUwl3mpEsXvfUCu29pCFn/KTc9pCvqBLxT8RRowMXYWmE2xoawzwjHd/On52ewuBsh20hjaXr1DXt8uwNYnAlTj6hRU2QvMmnD8AUxK7AwDS+CG9z3YdOQR6GfEHc048XiL+2GcKje8tIiJTms2xSudQB1VKvYtmS/3/ZvVMHOcFI/B/Diwc/b1euY8+sxXw3oGcsM5yT6PRIu2Y+gvv3m0bQbsbbMw4OeBuXG6TuZ+1+uMZYtp/hIaDyeugrBzZ3tcb7siE8kUMwWdzYjV1j8eievvefZ7rondaZbqLi2+DzSlHCWEgSCRK1S7Q4Mp0ZHmVdyy8QB5vCEi9/0oKpJuCcCi2YF43O0koImD6zwulQNbg3I9nejGMbijYwBPi6GqYptFB2i5kw+5extgDOGlmpxj0PrxEo2JU4B1ELlvcfPCKF0NevjBukvrEYKOm3EpHxCSpN80BczgW3UtOQJ1rPzvt9qoBRnf5npnhtrfHPG8JXiXAPcKCcjZLvU9pXd5+NeAELjkK/vaEahODnyJtDjId65RhKPOnkmzHKgbL0M39IJC6lga4B2DPj10GYkHpSL1BTU/SOgVXG6sVX59qfKOAER6BahBMD7ez7pqN96W8YGUGN3pwb9uVVSJ/6rfyb5V6MJl3fVDoTER/R5oAPceaCXzUjgquZcBpB+cBX472ZSn8CT+DfPxn6w8ttJOyZBLPhGKfFbwsRd3jU3SA2U09mMrWZYFt94wXWhef/HZJFYajR6/KiMNx/SgubekuXQIiGy39jGHTzMaRL8zs2M7yJv0HMhLNc+5DYHM3lZV6PTiXADo3izkYzIVMWIAwDddnihyqjANDspiZK22zus01mfyJhJ/7UySLwe5k27n7+o6ZZJttE/Jmr5xVaBsU6ub2VCshSvK4mlfMxZtd8JS0skEkmKlqZDOzbf0cfGTj6EKVzZWsPnhRyxAFqL9ChqhRaQw0VENw91v8f6DIHQB+IZjNKRCS+PM6KjLrVyOsj3qevk5DhKY6JgEiaZyc+gnvGJpkCFpzKJxhipaaWpEY98/H/MeclYZxfhJQWpy0McoiHf4q8FCus5ED+EH/rRN9+gbuyyCFRJ46rOErKb331HCVNtQ1KfURbxizzf4YG4xygMRs3isv8YhSA4dwpVxWYHIiQK5vPw58jRjkq0XXPNi7TPWFQ0eFmJwkPy+P/wH9JM53MgHLvmEILzpXpJsZv0hOTa/hgJsiYnEwBiVcJ8AY1tQDzS9SaSJEv29aX/65MsO2AevAws5t/HhW/HaEldeQ2kfRpHIFV+/AwBwp3LptKb2RmrU2D5BruvR/b1dt3ebllNkOv5qRTOUkI0fPtO5DnqfcN/M+92MuU8D6v8WAmfQFFzYuY9zOJjzwozPYNrpN93dzvA4X//ARUCcyT1ffP8f8BHuHFzn+HoAGQwOcasAtnOuenZqniJ1FgAY+tfEXsLqRuQ+Y9tDNuzP08CRFMvnhg+2R1W4umxXMeNI4SnQEV7AHGf+Gtl2YaYsNMY9vGYkkg6PyNRfDmmBnpupyngAZYgvTaJD035eImW09wiepzxzKtMoRkbJEhvZCBfaIAtR8Z51JAD8r4lO7nUQAj31uqwKSYzEdnNTJSCLn0ZW64QlxC6EOPNy7TudwMv9bfli6gdC4VX2NArlZZe+weUQTnv/ZL6buHrg0yGaeb8Blltgokl0d+I8CGjwJiXOo8b7dj+WAPrU+lUjed85s8RkwQLHk4Aw3UVmZWAdxnIb2U8Jb9ubfEKTq5NyM5sW8S6fHY5+e416ar7eIgDjDx856YPM8aG8E2HQutYqu28G3x215gEIkKIJkvl4O0H2yetrtFtFxUM4FNMDwcjQDIqfONGy98A73TQax9rpCU1t+C+LaPe1gpvHxwlSWaFTTNFZMSRguIRs1xruyCvseQoh5s5W0BV64akaJhdMAIv3bGwRRe6ZY8EjClUBSZ0v5LY2YRXcmgMW4Nj9Mtt/TPlggUw4RWMmlD92ykhJoodWEEdhTZqESO2iDUtVlDWZiBQffy+rp7Gf0zJDLdqMQNPWt/sdQOav56BjkNxbwQLYJSfwty2h/wbiKlOnMch36cRVAUFKAoUbH19ZONQa7znUkQS6jIhsbZffraCAK9giGZ/kXHUqJxviLJZlzEpqVfo+xeQwpLWFoWLK0PWWQhCCelPFbcMv79FeLeCEuhqGNjrej7/ZGwm/zqq23IZFAJwhU5XbSIEQVR8UNNNedmAaTq22t1tmNrhlCIcQFMt+DimPzqqqmHDnbEQy7mRQlNkiNnBq+6bwFGVJvhQGG19Yl+Sune3gGYRnVxZ13fySczAdsiPMzNTOaktRjl3wd5wC8oj8IiSTqTyte0jVZmfX/hR+rQ+p00Urgoduoj8IC5GdE8g63zi3KqsQqv72dd99Dd403hGYr3d0CIebbZxAbY7K+4BlY1ehC3RN4LNYI9qQCGMtVzQidoj1Ok/v75sq6TiINvn3aUefAA5OrJNnkMAEXHNsFqZ5tfprp5XljizQtbZV8QAtK9ixXIPfhrr+dfM2AS3fPjTkXU7xaZ+hwDip4DOIb13Ci7FBlT8EdYjUGXpQbz1jqfkQA6+A70nlgARmZlpYbVGtuTJw4XEEAUjDOhuNU1EqNkZkzVxQYWpZkRo8CSsCKrcC3AmWQ2cHta+Z0n
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "malware-sample" ,
"uuid" : "58c2fdce-ac1c-44c2-a010-42fa02de0b81" ,
"value" : "install.reg.file|2232b4428a55b09a32729a5e70788baa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "filename|sha1" ,
"uuid" : "58c2fdd0-3748-4ea5-95c4-416202de0b81" ,
"value" : "install.reg.file|14914bdfa5e54e9772747b992f3ab27a870b2568"
} ,
{
"category" : "Payload delivery" ,
"comment" : "JQJSNICKER" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174015" ,
"to_ids" : true ,
"type" : "filename|sha256" ,
"uuid" : "58c2fdd1-80e8-4cbe-b1c2-4f3b02de0b81" ,
"value" : "install.reg.file|66670300a301bdcaa9ca3cfdc710805d4c0ecf196cdadc542479f1dfa2d53353"
} ,
{
"category" : "External analysis" ,
"comment" : "JQJSNICKER - Xchecked via VT: 66670300a301bdcaa9ca3cfdc710805d4c0ecf196cdadc542479f1dfa2d53353" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174033" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c2fe11-f24c-4c20-8a69-48be02de0b81" ,
"value" : "https://www.virustotal.com/file/66670300a301bdcaa9ca3cfdc710805d4c0ecf196cdadc542479f1dfa2d53353/analysis/1489140362/"
} ,
{
"category" : "External analysis" ,
"comment" : "JQJSNICKER - Xchecked via VT: f0d422222b6b39b4a141b6916cb4c844aeb6173fe185fe1030497d273f4e1377" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174033" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c2fe11-a804-4734-a89e-464b02de0b81" ,
"value" : "https://www.virustotal.com/file/f0d422222b6b39b4a141b6916cb4c844aeb6173fe185fe1030497d273f4e1377/analysis/1489162563/"
} ,
{
"category" : "External analysis" ,
"comment" : "JQJSNICKER - Xchecked via VT: ea042bd3a7df11273e233c423e9740e6b51001911139855ef39501472a1e5fb0" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489174034" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c2fe12-37e0-497a-854c-49b502de0b81" ,
"value" : "https://www.virustotal.com/file/ea042bd3a7df11273e233c423e9740e6b51001911139855ef39501472a1e5fb0/analysis/1489162613/"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}
