misp-circl-feed/feeds/circl/misp/5c500809-453c-4245-83e1-435c950d210f.json

469 lines
302 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2019-01-29",
"extends_uuid": "",
"info": "2019-01-28: APT28 XTunnel Backdoor",
"publish_timestamp": "1548770757",
"published": true,
"threat_level_id": "3",
"timestamp": "1548770635",
"uuid": "5c500809-453c-4245-83e1-435c950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-relationship=\"APT28 (G0007) uses XTunnel (S0117)\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-relationship=\"APT28 uses XTunnel\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-intrusion-set=\"APT28\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-malware=\"XTunnel\"",
"relationship_type": ""
},
{
"colour": "#00b3b3",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "ecsirt:intrusions=\"backdoor\"",
"relationship_type": ""
},
{
"colour": "#00a9ce",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "veris:action:malware:variety=\"Backdoor\"",
"relationship_type": ""
},
{
"colour": "#2c0037",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
},
{
"colour": "#001534",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "ms-caro-malware-full:malware-type=\"Backdoor\"",
"relationship_type": ""
},
{
"colour": "#004646",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#002642",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"microblog-post\"",
"relationship_type": ""
},
{
"colour": "#12e000",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCALCBLADASIAAhEBAxEB/8QAHAABAQACAwEBAAAAAAAAAAAAAAEEBQMGBwII/8QAGQEBAAMBAQAAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAHv2Vi5KKhNQVBUFQVBUFQVBfI/W/LTz7C9LxDpH32TIPPQD7R93ffemHXeHs3Wa6BXQAAAAAAD1/0zzL0wqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqDGycXJRUJqCoKgqCoKgqCoL5F655CdXwt3yHXNb3vogAPpGX87Tk0w1OFv+Cumm3Om7dXTQc+Xza8un4+x6qmuL8bfl4/Q0+BtsXXLO+ObNh1UbYgevemeZ+llQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQY2TjZKASAAAAAAAA8k9b8mOt8Gy4TW6DtPVgBZTsOPmbQ0/3h93Oodf7R1Y3eF9c9+fG2GvzOf0NK3Gn159nx5PPpz4et2+nroFdAPXvS/M/TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGyMfIQCQAAAAAAAHk/rHkpq8bH+D76tv9AALKjd8PDk6c/wA6fbfdddT3PpfYctMrj4vmq7Drm2l1ruXX8yWwz+oc0O1zR/NZ2HT97otICz130vzT0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx+fHyEAkAAAAAAAB5T6t5IceJ175Nz0zaasAfXyR2LHwPrTDO0eflV01HYuuZaMzmwVqYBM+ioKAA+vkA9d9K809LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMfn4OdAJAAAAAAAAeV+qeRmZg9F+jt/QMnGAEsO38PBp7Zdox9Jy3x2PP1Tl5fQ7Ji6ziz14+8dS+4ds1mh2lq6Tj2Ws6OfsuPqvrTn2Oky8SugV09c9K819KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODn4OZFQmoKgqCoKgqCoKgvlnqXkRucLy2nonnFgAlHbPvS6y2XdeHqXPfHc5nT+bk9Htuu6/aaOz6PEtTumB1jaTGNiZWJtj2t1Zpz9p6pZXQK6eueleaelFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQcPNw8qKhNQVBUFQVBUFQVBfKvVPIj733lfCek+UZWKAPv4I7d99b5tOfdaTF5q64O5+dRl0GzwlOFzcForY5mc6JsOWWqbHKhpBrAHrfpXmvpJUFQVBUFQVBUFQVBUFQVBUHJyT8on6vfk8frB+T+U/Vb8p8h+qH5SH6tflfHP1g/J+Qfqh+Uh+rX5P5T9VvypyH6nfk8frB+T6fq9+UB+r35QH6vfljiP1Y/KvCfrB+UB+r35P+j9XPyvjn6wflHmP1Q/J4/WD8n5x+on5PH6wflAfq9+Tx+sH5PH6wfk8frB+T6fqzj1ezKgqCoKgqCoKg4ebh5UVCagqCoKgqCoKgqC+ReudEOp7rr/AdQb0aJvRovvdDsWd08dz69rRtem7r7NltesfPJfbdP7BsNIzs3qDG3ZdDwLx2SdcUnRN67c9E3o796T5/wB/KgqCoKgqCoKgqCoKgqCoKg5/yl+rfykQDcafsxkdp8+3Zp+TG5j07y/N6+bPv/lvbDS5WDkmbr9fvDK7x5fvTrfJx8hq+69K7EbLt/QhuPvp+Sdq1vPoDe9I3uiO48uk5jbdf2+jMvsGm7idG+vnJN/17L4jm+OLnOo8n1xnrPXsbHMzaaL7NnicGqNIBZT9J7TV7MqCoKgqCoKgqDi5eLlQCQAAAAAAAAOL4yBjsgY7IGOyBjsgY7IGpzuD6rtyY2x18cuS4ieVxDlcQ5XEOVxDlcQyeTCGawhmsIZrCGawhmsIZrg57WCZAAAAAA5vyn+rPymQAAzjBvbt8eZO5cB1R2XZHSHbOY6a7pnnSMPtvUyWekHm70bVHTnftQdYdy6aL2vtx5K7/hnTMjtvOdDdxh1Hm7JyHT174dCdwzDobvutOqzu/SBexZx1Xh7FDroAFlP0ns9ZswAAAAAADi5OPkQCQAADrHPeOwNXl1nJa/hnPbOsbSzZsZnpksYZLGGSxhksYZLGGSxhksYc/m3oWDj3bdjNuHJYwyWMMljDJYwyWMMljDJYwyWMMljDJYwyWMMlrNmYeZhZtKBe4AAAAAHP+U/1V1w/O79ED87v0QPzu/RA/O/aPYB4rlewDxzN9WHjfx7OPJcP2YePaz3TJPz5tvdtceK5frw8V3/pY8v6r71sTwp7dinjur92HkeH7QPJfj10eQY3tA8Z+/Yx4ttPVR45q/dx+d36IHg269fHkej94H53fogfnd+iB+d7+hxmbKwAAAAAAA4uTj5EAkABZTrGH1DW7YevZHVtJpv3Df8AnXadMPvs3Sd3TTt7rjkv2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcFxdXmGTmYeZSgXuAAAAAAAAAAAAAAAAPk+nV8I7n17X9mM0AAAAAAAAAAAAAAAAAAAAAAHH9/H2gEgALB+fcDdZp1rF7drjrYAOf6z+a+Gr4+y4Bo9nwbym+iyeXL059R8dpwjQ/e05eP0NNx9p6rMZXJzyt+Dj+9htz9dF6gAAAAAAAAAAc36F/PX6EMrMw8ylAvcAAAAAAAAAAAAAfJ9Or4Z3LrOL2U6x9dyGHmAAAAAAAAAAAAAAAAAAAAAAAAB8ffH9oqE1BUFQfnvn5tqddw+1dbNUADb4u6wJp9cGVsdOfSfOZxYdnB9ZvPzdWjysPa6Z8HF9ZsTgYXZdFvz8mLzzPoxZ8tecAAAAAAAAAAADm/Qn57/AEIZWZhZlKVF71BUFQVBUFQVBUFQVBU+T7dWwzufWcTsp1m9yGHmwVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQfH38fSKhNQVBUp4Hl4OxMXWbnQmAADZ7/RbTN8Tk44cPzj5kuHdaDaE23T9nDctYicHS7/AFukOX45tcfvB2WuRiCm4AAAAAAAAAAHN+g/z5+gzKzMLMpSoveoKgqCoKgqCoKnyfbq+Edz6zidmOsfXcRh5sFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUHz9fNRUJqCoKlPDM/ruaZ2m59OYwANnzYH3fDZavKpqOw6vZU34Njpbpz7L749UbC67n4/Q2WkzcI2nLhYlbbBxfe+GnJelAIUhUFQVKAAAAAc36D/Pn6CMrMwsylKi96gqCoKgqfJ9ur4Z3LrWJ2U6x9dxGHmwVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQSwioTUFQVKeLbLpOSdm0GHrj4AB2XEYM03/wAaPN059lh6W4dm9yOv8nN1cO503Npnt8XW85m6Hfa3fDa9s8+yTtWs0A7dn9L4Tg2WtZx3DK6j9cmbYa/D2t6BqdD8YU7tj9P+Tumg1uNpOK5XZrxLAAADm/QX59/QJlZmHl0pUXvUFcX0fbrGEdy61idlOs3uIw82CoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCWVAJAAA8e3Hmn2ehdV0fAAAdoxPnX
"deleted": false,
"disable_correlation": false,
"timestamp": "1548758156",
"to_ids": false,
"type": "attachment",
"uuid": "5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"value": "DyDakjkXgAMj0IL.jpg"
},
{
"category": "External analysis",
"comment": "",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAFnBLADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAQII/8QAGQEBAAMBAQAAAAAAAAAAAAAAAAECBAMF/9oADAMBAAIQAxAAAAHJQZarbfLiT7xep1GH2q3Vt7kZkIiMk4y0AkAAABYq7Oma3U/OVedgrIRGjvaJaNaQrl8krvRmEip2ClKa/rFkwmheqLdDPRLPWC11S5U0AAAAAAAAAAAAAAAAAAAAA6Dz6/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtMF27m+3y6b5794vUlvevUWqsxt3kihxknGWgEgAAAAAZfntGgcqkLtrnP8AF3Ti5sR1zrRJ/PZKYVaL7DyQwxPROdmWVsm4QNV73yUrjJjAAAAAAAAAAAAAAAAAAAAPPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyY+4c804akM27N51aEqoGXoValHxknGTAJAAAAEyrDJ2Wty+65eOfIx7GGVro0NFMqxe1IyFuVc9tFai2DLh1o6yuzAiU1NYb2zED6+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu1bsFd0Y4/wCvnzPsv0Bk+6tHa0PuXzGScZMAkAAABKxWRWS+42VtxkqxNwJ5n1VdCahcs03NiLkUff3B2XneH0rHqUvDrhqVmtLVF2iJNjrXXSOA1UvHzGBvZJrGmWL4jKYlm2ynJuPNRJ6hrgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7nzqqfGrC+/hl3d1oVJ8q6doUESMZJxloBIAAAC03LDPOrfdmTzi6R0z5Tzedtavfldntorulb9w4/wBCkvvhZi+/c15WA2/Kzs1WxfN45VfZdppRJa1fXStXkJ3U6cefy1p9OVXKxK9uW+9REbJ+/RrQ1h8K3q3f6OPOqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W7Hxs9AAAAAAAAAAAAB3jm/xAbfL0ffPrF6nYa/pQlWxNwUJLdjJOMmASAAAB1TnfROY167mbBm4b9+uymnMYZ2H2ZrJ5YfHy1yOijemW3xXzq89M3i0NvR51hjYHX6ZbFoYduFd6hSpXD1nstNy8L3PdpODlafh/mI084joPPpHVSewwflJsf3q/evnH7GpqXzWWmy0TFrTXvdavfL3fgdmLZTtzRM9Zn9sqs5ByU896Wrn3bhe6hk1Jh845XnsqoAAAAAAAAAAAAAAAAAAAAAAAOp8r6pys9AAAAAAAAAAAABe6x1fn23y6r5794vUtH10Ch1afxaPgpcZJxloBIAAAHVKJe6kRMzszZzHc07eV3S+/gtVbtcHTtq5M3vPXpJfBExf1aIA+Mdnw001qRnIPT5OPDddO3KrZ7PBVa3lslfP7c6x9BwWVGUkVZoxYNvGNmfu7YO3KfuyXW0ch1JSL38trLPe5r1/NZt3nNRi7N9b+UTrbdsvnrtds1bT8bOK0171Kw166EZ93PMc7hrnWTS83dMs0fEW/JsidLoEDy613W6Zzvtxw59uylRT2/S9G93PnVk8+7rixbqRsWrQ6c9X1XbVz4dz605NG60rs8uabHRMBRY+T6scYhrDoEZNwtzKYAAAAAADqfK+qcrPQAAAAAAAAAAAAAD6Hna6zVzv3onpSoyTjLQCQAAAOqcq7fHHJPjs0Ycty9NHN9XqQ5Y6mOW+dTHLHUxyx1Mcs3Ojovy7d6ImnLXUhy/b6KOWe9SHLfOpjlrqQ5a6kOW+dTHLHUxy11IctdSHLXUhzzS6gOdaXUhyz3qQ5a6kOWupDlrqQ55h6SOZ4epDlvnUxyx1Mcs96kOW+dTHLHUxy3N0xE0CL6mieW+dTWryz3qQ5p70octdSHLXUhy11Ic80OpDlkh0MctdSHLXUhy11IctdSHLXUhy11IctdSHvK+7cJPQAAAAAAAAAAAAHRKn1zw/vnnLRa4ycx1QX3M7Uq1GScZMAkAAAD2QjhMRHg9SWI0m5sEWnYE9TW3xtWl9i+c1ZeoSUA83u9NJv8AsTHpbMQbZ3r1iEhLTzrLxHX1t6Z6s30Vda9EgnmQ+GxrHqzZypOgjny1SZQl6q5GvB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB74AAAAAAAAAAAAAHYqHCa2nF8/fwzbezVyhZqrVPcsym7GScZaASAAAAABddOrZUWWQpOUtNN3Nis7F059H5enYYDn31znrFXqHxeFtruHvWz7NU85WvMXXtq0SsVE7OnndIisZb58WXFlppslWZEW6wcsJ6hB0zcNLc1tgkIXfxFx1aniOx4OR+HSJjj46zS61ummAAAAAAABbKnZS+0L9F8qOSOqxZz5JRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3/msNFbfMwffwxen3akVzYrOeYocgjHGScZaASAAAAABdtOOx9MUnd+Vyk0r89BecvQlIzz06dEUucIL2Qy856lWoCP8zv1SsV/XOmQ1V9hhhPPj1OHV63ULBytl1dT408p/brmv0yR2fC57bnTPfC2WfmkgSvQOVS5qxMhDkjD2irgAAAAAAAAAAG9oglIsdDkuVDquhznfM8Tf5Y5U6rqHNU5BgAAAAAAAAAAAAAAAAAAAAAAAAAHTadfaRt8uu+e/eL1Lzo26FrOnp5ddEXGScZaASAAAAABu/Enjz+nhxy2CvWBkI+Q7efjlPjcz+nHY9zDaunky/VuOf6zSKaht45rR5eh9zHwUzd0ZKk2aOsOLy+/1oy+Gkxu3k3TmXxm99fPKJr3F1go6Z+t/HX82J6+euRmziTHyGhaa96rZ6xPm/t7c0UGv2+tGqmYYvcLZaaa+5ufBXgAAAAAAAAANvUF5nOVDquvzLYJmv3OwHK3VcRy9Zq2fIAAAAAAAAAAAAAAAAAAAAAJLQ77zXZ5tJPvH6Wxs9noNVP9t2SVSjJOMmASAAAAAA9vcLbNFZbRETWJ1fiwct9fSsVbmydNhil433CVwddqHmd6v8b8t3pAxdwpHWJP63ZnlNNWpt50xZcluFe17rSoks0bHaLl4jp5Q/L1czjcb0qvFNJMjFjkCmffxcSCi+w85IzF8DLiBsa4bGuAAAAAAAAAAAAAAGXELfZOWDqvxy37LTV7LaDlyegQAAAAAAAAAAAAAAAAAACUj+p0nRirx5n2ye9ZI2qF+LTAy0oyTjJgEgAAAAAScbM5LcNLyTzTSrEhTVHtrVPJzY0zFlbHOc0VP6Oa8DvTkX0jNAJ68QHs17LK2PiYhPNzL156WlMS086i8+69/mzx8QSe9I7JXs0rHFbSOqYANnWE7tVgAPJbrBxF1IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUp84e3dIAAA6hTPiL0Y8P38eZ9nVomn7VW9L1rXPqMk4y0AkAAAAAC6aVX3L5s0hG5YmL3s8VXts6wtbdGAFm+K3lLvqVvNj6Wquwq8LNDaXSLGrnlV0UzJZZI7Sx9aWrRidK3Fl8y17SsEJuEpzvZLhhgsg0M0cHnoAABMWGvWEoQAE5By5p7096VCQnvso07B9KOcYuhU0j52KuZSJWc
"deleted": false,
"disable_correlation": false,
"timestamp": "1548758337",
"to_ids": false,
"type": "attachment",
"uuid": "5c502d41-3c9c-4c2b-957c-49b5950d210f",
"value": "DyDamryW0AAvlqt.jpg"
},
{
"category": "External analysis",
"comment": "",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAEGBLADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAgEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAIBAwQF/9oADAMBAAIQAxAAAAHjgAAP0xwju/EcyvzmhrcOMlt6O3y545DQ1szRkceTp01pOMyE5YKNLeXz+dytS11E2mmbXXpKYdLNmWqD86PONOOkY73euw1670jp12uocruG1p70dP7up42NRu3X5qi5PUeYWypslus8csm1il9PbayxfpniGwyeTWL7Qp7Mw2Ot2rakqpJxG7KTFc2in+MfyOXW6nq7F9ZiBmKLmY7TVrHkyM7U9yr1ZqHlTx61PBu62xWy483vNPyd/q3JbPtb1c+R+ZYpCv3Wq5ji2cMcuvQsFt321JSjz+RZYfS3dqPuFNnSkY9vYjnboF4q9z3iiCBEcgAAAAAAAAAAAAAAAAAAAAAAAAAAAP0xwju/C2VtKTXHnUd2w7PLnR9+0eSlfZyT6XT97fksyB3Jux+bhzP7apGqoe7HWrr0rnqWxZmtrXSCiIDVk4z1+r59tVVuwYyYx68gAAAAAAAAAAAAAAAAAAkI8b+gADPgG97jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB7b3ntf6J4f3DhHDnF4PkrzjT+5NuZ08eWVnIP3iy9LYdzNM6GxJyvLnRZDfzXcNjyTdbAe5L1maWGxx8TCYZGN9Pe3VKx+duvJWdzKaZaYl2+QpS4Qeot0LQlTFy2dUQWAAANi+HO1r1iuluKincJELLWgyS2IVeNOVTS2xqBS20V9c6YBQAAAAAASUzGk1iFTEjEVZMed2JWirbv1vbxBrbrc4rbelbquNrzda4qjc9xOgscTM6TflSttrzda6TkImuLP8AJmsrLhbAJjzWxKxe5mtJzdbVlujWQaXiOvQKoAAAAAAAAAAAD9McR7fwvM1/MQ5xZtymucXLSrQm5CqK2Tkq03bRYebfeXOyTnPm7KTFUXVh818X+FrfyJ3Y3K9HbqOhz1FStu54pj3t/Bq/Y+Zo290/UXnStbnyV/8AlBGNkdGNkGNkGNkE7f8AkY6jVquMXR+ei7ZqGO28OyCVunNkL5oVIS/SOQMXeleVLtRcgxsimNkGNkGNkGNkGNkGNkxiYh9mI1rFefhRbDM+ePOhL/56XB0LrLM53IXVuwWlbPPLnz7fuO50vk3nVdL+yMd8LLXsf2cvsLW3LnZ/VWVtj815uy0tUxd8dMc4vWtThYtSI+9elq91FEWjcpYs0fFKq8UZ93Q69AAAAAAAAAAAG7pbp3Kp6vMjq7lA6u5QOruWWMuDlFkLm5TNl7coni8uY6x1dyjfOkOf6R01zqNOruUZDqan1g6up9bOqOUDq7lA6u5pqnVXNcR09zPMdGcymC6uUWgt7lXk6u5RIHR3LMZ1dyjYOnueRZ1dygdXUOEOruUDq7lA6uqVVOruUfTqzmGQ6W5QOruUDq7lA6u5QOruUDq7lA/QfAOrcpFkrd7xP0a88kLHZecXTEzQ5bTLfHyFaJDYpdgNquR7TrPJus65MAAAAAAAbRq7XS8hjoWrogAAAAAAAAAAAAAAADd0t0vnMum8yAAN25VnppzCy1ToZWZOv3M5Z0mkWUkucW3MUu86u0faXe6eWej9TpBCbV0r5PVHqvLTp1BuVRJeh9A5+eDIdB0LR6Irb9U0krXy++FRscHdjl/VeXdFKNA2Kum5dqN0EweEqVqNwSho7djjSRo3R+fEvr3OBNqi3HYPdJ6nUT5S+r8/If15+nZa/sbJTZKwbxW5bQlylydgyHJMG9ogAHWuU9W5SAdcqkFJm21BttQbbUG21BttQbdvougQ4AAAABtGrtdLyGPJzTRN7RAAAAAAAAAAAAAAAAABu6W6XzmXTeZAAAD34AD34AD78HryAAAHvwH342DXAPp8AAA9+AA9+B9+AA39XEXqigMpiffh68gAA+/B68gA9eQAAB1rlPWKM2AScYwvWer58m7Lmc/XaEIRadQgVrqeZ9WjT1BpiUKmMwAAbRq7XS/Z4yc00Te0QAAAAAAAAAAAAAAAAAAAbulul85l03mQAAAAABfsNK+HRPOrmMsBI1k3s0rnK3N48RC2aP8AZW7VN4yj3eLyFG+ZcQ6NznpprtmII6RrMubcQljJU5yYKDv6G8XzJsQpHaXRK+bdQnKqXuvSHwr8xJx5XejY4QrUXKyxWLjrTRT5PcsJUMmK+HO4HoXPQAAAAADrkbIUHam6ZuSRYbRxj5tXCQ5+yb1u84+7vW4Ggm3SMr/zJ6xXaT93b5Pcl+N+ieZ9/QR+fNvpv0x5OaaJvaIAAAAAAAAAAAAAAAAAAAAAN3R2y/8AMv03SDjbrY5I62OSOtjkjrY5I62OSOtjkjrYoX2+Dlc9dhy+cug5+6AOfulapzeVuY5hO3IUP1fNk5y6NqFEhuqCk1zrIpm9ZRC1HpGUoHrofg5huXsUPW6KOYyN9FC+X4cxlrwOXTt0HMtvoQ5LaLkObbHQRQfV8HOonrY5I62OSOtjkjrY5I62OSOtjkjrY+cp7TxYAAAAAAAAA6h2X8kjrPJ/n0AAAAAAAAAAAAAAAAAAAAAAAk/Gg7X+l+E924bx51r1KS3DlVt2c2+cUqRsOLFS+TMp1up7m/vzkNuyti83n5z9scrd0GRi7V16V77K4czFpTeWZr8dbqh37ZPfT5d24v6v2xuc3lLJ81RJiH6Vqoa/VeSynNC3aGbA72fd1WVsxnPx1wABYc99OPOswZz6Virtw9lQwTUL04BfIAAAAAAAAAAAB78TUTC7+hZZmI2d2xefhSPMi6dMER0Lnmt3L5mDV17ZocONa3dKd7dqs3fPbrpmxW4VkiuXPxr3yvcucBIS2Tdq3ie99LgZDYlYiEW3U486z7ucNqC+7OPt1+fZLY5RX/kvMsrOLcxXcPjvtB6X9HbqAAAAAAAAAABl+bfntf6L4b3LhHHnEYfUxyiN87e3Mx+Lalcyv+vGxd4cUhnnIvNNy/LlQNyW2LuBwbM9qs/Jry2PwWSOzIvBMw3bpIed3dXC4pyZxT9vzv6wQdhyEU3MZHrVStbW3jsuKp8tkOQK1eypM3inhdKljDOxl+pRsF+op2TT1uf5vQPlI8cbvSuV3HRVM1Ny/KdHnQXPZhtqckmukdBV7F5+tmUjD0i+qjVazrDml2ipVSvGrwpkrGzzn3zrHQkJz/N63t8imdm85+dZJroGXmXu46Jm4zJ3lu593jiHG/H3BKdOWr6052cjsMrJ84q3yZwXUTsT9Y3djXkdk1MNtjuPKDybG30uJx58F3kaqty5snuJ1Ms/XZn3qyO+2J8ZMV79x7s1E1T5a8GIjStWDMrif0+lxi068zXk/ulW8WeP3YhLxHSwqgAAAAADc+XX6N4j27hPOMGOIc4tG3TMnOLho1nITe7U1bLSFZ97tmn+ee+PKdm6GqpKUruStl/EI3bThrvmcy6v16O3TY+hZY207tL+FuneXDoPig5TpdZqo6Fz/wAyuvN7osXi4w0OpbbhyKVh41dv3a+UaGYnr7yTPbqFLg9c67yPrnKCw+6s8/S8Y6hiiup16mp3orn+PFjnKF46SnfOOst0XTnOp73XnaOwco23n6+bnTYzpPSqtXmLXNc6HQtGlsda5rHqyyytFav/AIoeTntjrHt6OWxYq9I9J6/w2/c349EzE7F8dSwRGPMnJ6j5OPLf+Qzt1uFPCXzwIvcdV/nLnMoX316bWDCuknGCwQfjLM3aCh8HLnZPlc91VmjdDzjcnqsLTjrHmZuGCtSMzuQ2PB37WyLh05Yt2oMyURbpdtqQwOnQAAAAADY+a/
"deleted": false,
"disable_correlation": false,
"timestamp": "1548758349",
"to_ids": false,
"type": "attachment",
"uuid": "5c502d4d-f684-4852-9812-44b0950d210f",
"value": "DyDanyMXQAADPHy.jpg"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1548760050",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5033f2-306c-4378-8b70-042d950d210f",
"value": "109.236.93.138"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "5",
"timestamp": "1548751059",
"uuid": "5c5010d3-dc24-4d51-b0e0-4a6e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1548751060",
"to_ids": false,
"type": "text",
"uuid": "5c5010d4-66a4-4766-89a0-49e6950d210f",
"value": "2019-01-28: #APT28 #XTunnel #Backdoor\r\nC2\r\n\u00f0\u0178\u203a\u00a1\u00ef\u00b8\u008f\r\n: 109.236.93[.138 | \u00e2\u20ac\u0153How are you?\u00e2\u20ac\u009d Marker \r\nOriginal Filename: \"Xtunnel_Http_Method.exe\" \r\n\u00f0\u0178\u02dc\u2030\r\n\r\nh/t @CNMF_VirusAlert\r\n\r\nMD5: 16b6d63390340941ec0fe60b0177384f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1548751060",
"to_ids": false,
"type": "text",
"uuid": "5c5010d4-ca58-4702-a663-4702950d210f",
"value": "Twitter"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1548751060",
"to_ids": true,
"type": "url",
"uuid": "5c5010d4-6ec8-44ea-82f8-4bed950d210f",
"value": "https://twitter.com/VK_Intel/status/1090111749284614144"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username-quoted",
"timestamp": "1548751060",
"to_ids": false,
"type": "text",
"uuid": "5c5010d4-fd90-4a98-aa2c-4343950d210f",
"value": "CNMF_VirusAlert"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "creation-date",
"timestamp": "1548751060",
"to_ids": false,
"type": "datetime",
"uuid": "5c5010d4-3be0-41bc-a58e-4dfd950d210f",
"value": "2019-01-28T20:57:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1548751060",
"to_ids": false,
"type": "text",
"uuid": "5c5010d4-4168-44db-920b-42e9950d210f",
"value": "VK_Intel"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548751856",
"uuid": "5c5013f0-02a4-4ef4-a6c2-4542950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1548751856",
"to_ids": true,
"type": "filename",
"uuid": "5c5013f0-0564-48f5-a5e3-4a05950d210f",
"value": "Xtunnel_Http_Method.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548751856",
"to_ids": false,
"type": "text",
"uuid": "5c5013f0-a914-47f6-88d4-478b950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1548752140",
"uuid": "5c50150c-f1d4-412a-a110-404f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548752140",
"to_ids": true,
"type": "md5",
"uuid": "5c50150c-1358-4494-983b-4f28950d210f",
"value": "16b6d63390340941ec0fe60b0177384f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1548752140",
"to_ids": false,
"type": "text",
"uuid": "5c50150c-d600-491d-a759-462f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "11",
"timestamp": "1548767989",
"uuid": "4b2e3157-db78-4817-ab9f-24131d6906d9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4b2e3157-db78-4817-ab9f-24131d6906d9",
"referenced_uuid": "caa1a5bf-3144-40dd-b72c-9aa723a1ccf3",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-12-14 14:30:15 +00:00
"timestamp": "1548767990",
"uuid": "5c5052f6-cee0-4bd9-ba18-4e7702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1548767990",
"to_ids": true,
"type": "md5",
"uuid": "30ab4d3c-1c76-4ec7-87ac-7cc4f9d2f78a",
"value": "16b6d63390340941ec0fe60b0177384f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1548767990",
"to_ids": true,
"type": "sha1",
"uuid": "e03b70c8-d228-4d52-9658-87d9dd857411",
"value": "c3212e1e609588cb5736b1fd9aa8581c965ffa08"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1548767990",
"to_ids": true,
"type": "sha256",
"uuid": "7b49d68a-5b06-45f5-8559-da1880d0179c",
"value": "be2e58669dbdec916f7aaaf4d7c55d866c4f38ac290812b10d680d943bb5b757"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1548767990",
"uuid": "caa1a5bf-3144-40dd-b72c-9aa723a1ccf3",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1548767990",
"to_ids": false,
"type": "datetime",
"uuid": "72c5c0da-36b0-4bc7-bb71-0ad5d03a4ca4",
"value": "2019-01-29T12:48:40"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1548767990",
"to_ids": false,
"type": "link",
"uuid": "208ca235-3160-47cf-87bd-6bdb0fa77fe0",
"value": "https://www.virustotal.com/file/be2e58669dbdec916f7aaaf4d7c55d866c4f38ac290812b10d680d943bb5b757/analysis/1548766120/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1548767990",
"to_ids": false,
"type": "text",
"uuid": "b239d7d4-228e-4e7e-8576-118b523f7b50",
"value": "43/68"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}