2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2016-11-21" ,
"extends_uuid" : "" ,
"info" : "OSINT - Nemucod downloader spreading via Facebook" ,
"publish_timestamp" : "1479724522" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1479723737" ,
"uuid" : "5832c7f9-9148-4e20-8122-4f19950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723012" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5832c804-e910-4061-97aa-4126950d210f" ,
"value" : "https://bartblaze.blogspot.lu/2016/11/nemucod-downloader-spreading-via.html"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723072" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5832c840-6754-4153-b4bc-4cb3950d210f" ,
"value" : "Earlier today, a friend of mine notified me of something strange going on with his Facebook account; a message containing only an image (an .svg file in reality) had been sent automatically, effectively bypassing Facebook's file extension filter:"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723710" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cabe-9f88-4e97-a285-4986950d210f" ,
"value" : "83ad5665517c351edc837b302f2a7f526bac35efe3ddc37019a635b128c5b17f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723711" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cabf-c618-4415-9c56-498f950d210f" ,
"value" : "4716c34d635acb09888eefb6914d3fff4c80e43a08b261e82dd64389248061d4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723711" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cabf-7840-4178-8d39-492d950d210f" ,
"value" : "7034f525f3d32e3f115ccac73480125678a58da3fd025e0741c454fc152c8d34"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723712" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cac0-bea0-4519-8d2a-40a2950d210f" ,
"value" : "32b1207717894c71c0fb71c064bace8d8a1c15056702f4172be61d7f1a0757bb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723712" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cac0-0b78-407c-b6a6-41eb950d210f" ,
"value" : "cf4b8eaaa62ad7dc9afe0db4e38c36d41eee07c729db7d1c72bab0734d17ef7b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723713" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cac1-5d20-40c1-a771-4f97950d210f" ,
"value" : "5b8343d71ab93baee8fad73f8aa6a49f25d7e32bba3a485ece46609cff56b33e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723713" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cac1-d390-49bf-a5c8-4c2c950d210f" ,
"value" : "fca1da5694b2c2c2da2a473f2972cfa808e906439e3f0cd23c650489f2b58755"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723714" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cac2-aae8-451f-8f2e-4693950d210f" ,
"value" : "b7b4be0656dd68fa1e2e5d830d1183f0b667fb7977f8a1a462f1f7a9aa5a7b9a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723714" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cac2-6f1c-46d6-bebf-4365950d210f" ,
"value" : "5e9e3f9f96ce2333473a4c7eae8e07a0d0a38b24cb9effc67f0063f2eaec4c92"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723715" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5832cac3-5ca4-4ba3-a2d5-4dbb950d210f" ,
"value" : "afisutovu.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723715" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5832cac3-1a7c-488d-b184-4c5e950d210f" ,
"value" : "8cb5d3e.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723716" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5832cac4-94c0-4390-a50b-4139950d210f" ,
"value" : "kerman.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723716" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5832cac4-a928-4812-894e-4f26950d210f" ,
"value" : "http://kerman.pw/8cb5d3e.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723717" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5832cac5-f7c8-4bb7-93de-4296950d210f" ,
"value" : "https://8cb5d3e.com/8cb5d3e.js"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723717" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5832cac5-e970-4318-8ac9-416c950d210f" ,
"value" : "http://kerman.pw/8cb5d3e.jpg.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723718" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5832cac6-9120-4294-ac3a-46ec950d210f" ,
"value" : "http://afisutovu.com/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723718" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac6-fa74-457b-8266-43a2950d210f" ,
"value" : "dd556768261bc12f21adf55641ca25f2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723719" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac7-8d40-417b-aa5a-47bc950d210f" ,
"value" : "d629a6f74954be2914c9eef87d077cda"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723719" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac7-02c0-4ab0-871a-41f8950d210f" ,
"value" : "caea168f978301c878fc2cdb49da2dd1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723719" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac7-60fc-45c7-bd89-4d7a950d210f" ,
"value" : "c82c05017b12899d673f78c744ff8c5d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723720" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac8-b250-4597-9a0d-481b950d210f" ,
"value" : "9c72ed9e33fb079566458cbc4e77f48a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723720" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac8-0954-43e2-89db-43e5950d210f" ,
"value" : "9097171197b4f02d7b090dc1d04107bc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723721" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac9-2f2c-4889-a2c9-4ba3950d210f" ,
"value" : "a5c51da26364442b10e784932944f4a7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723721" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cac9-1964-4b1f-8481-4984950d210f" ,
"value" : "c533e9e9545ae38a5d30270f1e14ea53"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723722" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832caca-e5bc-493c-9ed9-4e5b950d210f" ,
"value" : "a56722542884d0a2e7640a5e07812560"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723722" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832caca-7654-4a9c-82c0-4c07950d210f" ,
"value" : "cabdd3935ad24f70bc90538222bc3773673de3c0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723723" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cacb-89e8-4f53-b8ea-4ebf950d210f" ,
"value" : "b1f7460937b25430f0f2b070ab5bcd091d22d1ee"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723723" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cacb-7bf0-4828-8462-4526950d210f" ,
"value" : "8c05af5485b6575fe547a35cf7d1e8d571c416b0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723724" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cacc-4408-4f47-af07-4658950d210f" ,
"value" : "cf246278d6c27b34c7b398c9e843df2031902706"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723724" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cacc-eb00-4c0d-ae59-4602950d210f" ,
"value" : "bebb25343cb1d5b713218ff28d015ad839d93c44"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723725" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cacd-3314-4277-8174-4c1d950d210f" ,
"value" : "9d91a39f13089822317b277caf0db909fd4db478"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723725" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cacd-9428-4a3e-a873-4a64950d210f" ,
"value" : "abe3431d56875e2ed7bb7552c89fc9f41224f91e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723726" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cace-8428-4e81-90e9-4a6c950d210f" ,
"value" : "d707b4f20e952858e91fd3e597f731d664d18f68"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723726" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cace-1ecc-45ea-9859-4635950d210f" ,
"value" : "2f9b85e8ba34509d8e24c9dd4947d3d2bcd5e834"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723727" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5832cacf-02fc-41b8-93a1-4c2f950d210f" ,
"value" : "178.32.125.10"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723727" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5832cacf-a334-4452-9ce3-4d8e950d210f" ,
"value" : "ukay.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723728" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "5832cad0-86f0-403f-83fd-4ec4950d210f" ,
"value" : "yadozalamom.pw"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723728" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "5832cad0-387c-4b76-94f2-4a59950d210f" ,
"value" : "139.59.153.214"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723729" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cad1-61f4-4688-af5f-4ca5950d210f" ,
"value" : "0210143a2016779f31099289a1238a81e8d9165f56cbeb4969091af9cb0ed6c1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723729" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cad1-a7b4-49ea-aabf-44d2950d210f" ,
"value" : "f29e82d44b067c802576e7470dd0ad8e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723730" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cad2-7bc0-4460-a291-4ab9950d210f" ,
"value" : "45e20b4ed53a367f53639b01cf330a622d577789"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723730" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cad2-5b28-482e-9b28-4228950d210f" ,
"value" : "18ee4078bb2b0de650354b9e30f750479b9d217e4ac5dc6497c49fc9408332f1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723730" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cad2-2c30-41bc-b642-447c950d210f" ,
"value" : "fe1520639a0255697ea7f21acaaa5b113558ee8fd91e7898bb748040740dbac6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723731" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cad3-40b4-499d-b975-4816950d210f" ,
"value" : "e30af36bdc23acbd0b1ae0397bea0dc29285599ef56a1599b0708e11de275b67"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723731" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5832cad3-9758-40c4-9c00-466b950d210f" ,
"value" : "df56b0ea56e20079e5e5bda8a937dcfff4128c2e4f78b794379e7d1c2a8752c1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723732" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cad4-3c50-4fb1-a33c-4200950d210f" ,
"value" : "24c73af97aaa0f5436d523d42da8d36c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723733" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cad5-e948-4f35-bf11-449d950d210f" ,
"value" : "c268c4214ff0f146cbc71fe445950de1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723733" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cad5-67d4-48b7-92a6-436a950d210f" ,
"value" : "32d21fe8f01fa65a3d4189e84db35e7a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723734" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5832cad6-a7ec-4a4b-afb3-43f3950d210f" ,
"value" : "a19f44309f23e6323d9a26f9a8a6246e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723734" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cad6-7f14-4cc1-ba46-4a7e950d210f" ,
"value" : "c88b3be2484c2c1f62479aaea5f1490abdfc7d90"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723735" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cad7-de70-48bd-b8d3-4597950d210f" ,
"value" : "04645687615eb072bb4220ef47c261d733a05e59"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723736" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cad8-013c-40ce-b765-488b950d210f" ,
"value" : "f797fb11a0ceb6f429d698975bbdb540cd528f6a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1479723736" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5832cad8-aa84-4eb5-9901-4429950d210f" ,
"value" : "214a5940bb28afdb830a0077b932a3f7ee88c98d"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}