misp-circl-feed/feeds/circl/misp/5a24041c-d7c8-4dc1-b0ed-45f702de0b81.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-12-03",
    "extends_uuid": "",
    "info": "OSINT - Android Malware Appears Linked to Lazarus Cybercrime Group",
    "publish_timestamp": "1512310272",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1512310223",
    "uuid": "5a24041c-d7c8-4dc1-b0ed-45f702de0b81",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#13eb00",
        "name": "misp-galaxy:threat-actor=\"Lazarus Group\""
      },
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      },
      {
        "colour": "#5f0077",
        "name": "ms-caro-malware:malware-platform=\"AndroidOS\""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310035",
        "to_ids": false,
        "type": "link",
        "uuid": "5a240429-4354-43b6-8940-4e4e02de0b81",
        "value": "https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/#sf174581990",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          },
          {
            "colour": "#007ed9",
            "name": "osint:certainty=\"93\""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310035",
        "to_ids": false,
        "type": "text",
        "uuid": "5a24043e-7338-4ea0-99e0-401e02de0b81",
        "value": "The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research Team.)\r\n\r\nThe malware poses as a legitimate APK, available from Google Play, for reading the Bible in Korean. The legit app has been installed more than 1,300 times. The malware has never appeared on Google Play, and we do not know how the repackaged APK is spread in the wild.",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          },
          {
            "colour": "#007ed9",
            "name": "osint:certainty=\"93\""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-534c-44f0-aaa0-485602de0b81",
        "value": "110.45.145.103"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-ff18-49dd-99e9-4bd502de0b81",
        "value": "114.215.130.173"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-d7f4-4beb-a63b-44cc02de0b81",
        "value": "119.29.11.203"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-16e8-46a5-96c3-455c02de0b81",
        "value": "124.248.228.30"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-5c80-44fc-8b58-4b5e02de0b81",
        "value": "139.196.55.146"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-87ec-4dfe-b2f3-4df202de0b81",
        "value": "14.139.200.107"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-6664-45b5-a902-461302de0b81",
        "value": "175.100.189.174"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-a980-40d3-84ec-432602de0b81",
        "value": "181.119.19.100"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-75dc-40a5-96f5-498d02de0b81",
        "value": "197.211.212.31"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-9f38-4e74-a2e0-4c1002de0b81",
        "value": "199.180.148.134"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-6b38-4ece-af7c-4a9502de0b81",
        "value": "217.117.4.110"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5a240487-dc90-46ed-a6fa-47b102de0b81",
        "value": "61.106.2.96"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "hostname",
        "uuid": "5a2404de-10ec-4843-a865-428c02de0b81",
        "value": "mail.wavenet.com.ar"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "hostname",
        "uuid": "5a2404de-bf84-4257-be7e-4e8302de0b81",
        "value": "vmware-probe.zol.co.zw"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "domain",
        "uuid": "5a2404de-a8f4-4bcd-8bc7-44f202de0b81",
        "value": "wtps.org"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "md5",
        "uuid": "5a2404ef-1f38-47de-a5c5-4b0c02de0b81",
        "value": "24f61120946ddac5e1d15cd64c48b7e6"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "md5",
        "uuid": "5a2404ef-bb48-4ffe-8860-471502de0b81",
        "value": "8b98bdf2c6a299e1fed217889af54845"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "md5",
        "uuid": "5a2404ef-338c-42d5-af7e-45ad02de0b81",
        "value": "9ce9a0b3876aacbf0e8023c97fd0a21d"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5a240514-e3dc-4f24-bf92-4bfa02de0b81",
        "value": "800f9ffd063dd2526a4a43b7370a8b04fbb9ffeff9c578aa644c44947d367266"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5a240514-6284-4d76-8aa6-46d302de0b81",
        "value": "903e3421a8cec914a41e851a31bd5a385f8d95b1"
      },
      {
        "category": "External analysis",
        "comment": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310036",
        "to_ids": false,
        "type": "link",
        "uuid": "5a240514-a630-4963-af31-4add02de0b81",
        "value": "https://www.virustotal.com/file/800f9ffd063dd2526a4a43b7370a8b04fbb9ffeff9c578aa644c44947d367266/analysis/1511337265/"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310116",
        "to_ids": true,
        "type": "filename",
        "uuid": "5a240564-a824-4c62-95b4-43ac02de0b81",
        "value": "/data/system/dnscd.db"
      },
      {
        "category": "External analysis",
        "comment": "An overview of the malware\u00e2\u20ac\u2122s operation.",
        "data": "iVBORw0KGgoAAAANSUhEUgAABYcAAAQaCAYAAAFvAPdQAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFxEAABcRAcom8z8AAP+lSURBVHhe7N0LlBRVmi96H8wMbdPdnGnpw/TQM65znR7m4sx41jjneM6iB+cu+yzmNCoqKAIqKq0oiIyigqIotNJKCyq2iIiotKKCojxEEeRR8gaL96uQ4l1goQgFFFBA3Prv2l+yKyoyKyMzInJHxv+31l4ZsSMyMjNy55dfRu7YcY5DFHNsxBR7bMQUe2zEFHtsxBR7bMQUe2zEFHtsxBR7bMQUe2zEFHvWNuLu3bvrqbNOnTqlp4jOilUjPuccfnFQQ7FqxMCGTG7Wtgg01iVLljhdu3ZVDVrm2YjJzepGXFFR4fyX//JfnH79+qn5Ll26sBFTA1Y34hkzZji//OUvnZdeeslp2bKlqmMjJjerG/G5557boLARk5u1LYI/7Chb1raIt99+O5U+uAuRKRYt4vL5DznnfNRRzxHVF0ojdkfLcePG1bsFrLNly5bUdLt27dS026OPPurccMMNTs2Zun/rWrRoUW/dNm3aqFusN2vWrFS0xn1kGWC5zJvPg+IvtEgsjcmclsZn1u/atUtNg1kvMH3w4EHVKM+56v9RDdW0aNEiPVUf1gc85urVq9W02kbt9sxGPM94LIqn2L2DzWd001PBqS4v11MUR7EMQ2Hlx4zK8RSLd21dx4aNNswfeqerq/UUxUEsGnG6CBlmQ2ZUjo9YN2Jo8vH1eiocu0eN0lNkq1g04k09eugpb12W/0FP1dk/caKeCgajst2K5t2pOH5QT9WZ36SJngrOkosu0lNkk6IOMWFE0GWtW+spskXRf0+GlQowxbBHIt6JRS1b6qlg7ZswQU9RIRVlI66qaXic9/Dy5XoqeIzKhRWbvb/qiiv0VHYGrH9LT0XjTE2NnqKoxaYR5xLtmk3voqeiw6gcvaJuxJDuX72K8eP1VDjYqSg6sWnEZX366Cn/0jXkMI4lmxiVo5GYvZyuIUfR0PL5AFLjEhUq0uXIUTTksKN+kiXu+67/ujf0VH04lryhi/8fguW1uW+nTp30XONKmjXTUxSUxDVi8DqODOWDB+spf6699lrnkUceyarAxjTDEZimTp2qp6gxiWzEQUMjhsOHD6tb086dO9XtY4895jz11FNqWvCHXzBitRdXXnaZnrJLpkb8zDPPqDHkOnfu7Fx/fcO+z0c3btRTDe3bt885c+aMc/r0aTU2c7pyzTXX6HtkZ8SIEXqqOMSqEQcZuTp6nPKUK69GfNttt6Xq4cYbb1QNOR2v14ZGjOdpbgfuuusutT2RSyO+6qqr1LYbK3GQ2EYs3P2Qc9FYOoHlgwYNcoYOHaprveH1mZ2VvBpxr169nHvuuce5+uqrU40sl0bs9a1gRvVly5Y51113nZq2Xawa8df9++up4GDcin977z495w0NJhNpZCdPnlS3XtasWeNs3bpVz2XHqxFjGgWNDbdIN4JqxCD11dXVzrBhw9S07RIfieVrVc7V27Rpk7oVlZWVWTViHHnA7YEDB1RBOuE+MoHiR7p0AnXScEtKSgJrxMtdPf327t2rpxqSbwEbxKoRh0EaMeBfvb59+6qG/MQTT6jGM2bMmKwjMRoGvoKl5AuNGD/qTJh3l6AasbyOxl6vbdiIjUYMaMi3336784c//CHVKAv9pr744oupcuzYMV2bu0zphB/48GBf4dsqnbKystCjNhuxqxEDGrLkg3ijsI4XjOsmBWT8N5A681bGgJO6QkEjBvNbI5dGjX2Dgn8tBeZPnDih5xxnyJAhyW3EUf1j5d7BmEf583fPHmZK14ghXYN0N2KzgZujdRbC8OHD1e17773n3HHHHanil1cjFthvuNYKPhyYDpO1jRi8DllFadS2GXoqWjKKJz4A7g+D+1ZgfvLkyXouGl6N+Oabb3buu+/s0R4JBGGyuhFXVVWpY5c4jGT+Q+Uus2fP1vcInoyL7BeOpIRxNCUXksbg20A+ILiVsZ9x7BnwQcC01AsMjyvrmNCA8XvBHYnnzJmjp+ouW5H4Ruy1E/BpN7/+zJ1mk621X6c2kegtERvz0nCRJ8tyqRdo1F7wD6T7vZHIa5Z0118JSuwaMQ4DIQLgb1f5MeK3EZtvkMl8E4X8CEKdGZ2yFWRDtiWyu+FSbVIKIXaNGNP4CkNDxq9qpBq2RmIRVEMOqxHb+uHIVuwaMWAejRjwj1WQjThTLlt2JP0/WI0JoiFvGzBATwVn79ixeso/SUtwi2upCPMSFpDumy8o1jdi/CNlcv9bhRLGD7t0owZ1WvasnvLPphy55mDuHZ/QKPFjUX4wmse/3SlXunw6SFY3YjnEZv5j9emnn6q6KGxP0+ss3Umn2bChIcc9fXArrlcTEq83Pa4NOawGXMgPBhuxD99MmqSn6kTZkG2OnpmeW//+/X333vPLqj1j/gCQXMr890pyL8A8rm8H7vowLWjaVE/Viaoh59OIv7r8cj0VrGy3K4cpw2JVI44Ts1Fd/Pndesq/sFOLsCK4nwEe0YhxODQssWvEeFPCemP8Mi8VNmnPQj3lX1gNec/o0XoqOLnsezRir15y0sXVfQjVr9g1YrG2QwdnhyWnzwTxoQqyIZ+qqtJTwcnnkFy6Rrx582Y9VQenROUito3YZEtkzvfCNOkasp8Paxj7It9tpmvEIGkGjvd/9NFHatqvvJ4d+jF06xb8tZbzUegGne+/al5Dzmb7moJ+7UENuZWuEeOfPfzzWlNTo84Auemmm/QSf/J+1XJelm3wBlSVluq56BX6w5SvXSNH6qn8oREj/8X5iybMu0suAmvE7vzGtG3bNj1VGIVoUGsP7VC3386cqW7DsvrKK/VUMMLYV2jEgCENjhw5kipBCawRL1myRN264ZcnxiA7dOiQrimcI2vXRjoqZduSgeo2rGFdg2xw333+uZ6Kn1AaMerMwyboFLJgwQI9Zwc0gCguFpPPnyFRiXvqE2okfvzxx1Nn037wwQeqDteyWHjhhWraFmG+ie/vWWhtQ4668SKYmf+o4ocd/m2VOvNfWUlBshFYI8ZwUG6l+ocVTidyj6xj42DTOJS1pn17PZe9X3zWU92ajVWmX9te9zVtW0PONBpn3ATSiJE6PPDAA7rmbJ27ePF7fbqohBGlbGjINqQOQT+HwCLx9OnTU+dZYdoP269nEeROv2xe8IMiZiOMwRj9wD4M6zdI4T+Whk09eugpO+FbY/eoUXoudyUHNuip9ILsjbe4VSs9Fa2oor5VjRhs+LrLRtjPE40434ZciH1ZiMfM6RHNnWtOY5AN9xBN5nL0Dc72jQnjpMgw4CvSxg9elNeaLvTrt2/vG2xsHJmgw/yxsjI91zj5oef+YKcLEtmIap/Z9N7Y80wyCCIPjVpjb/Ll8x8KtBEvv+QSPRUOHN+3NajY+aw8xC0qm9BYMx1eS9dQUZ9tIw7DvgkTYrHfY9cyDkybpqeygwu+uGXTMK5b+ntnTuWa1J8VcgvpGmS/tePUsnRXLU1nx44dqiuiu3z99dd6jeigT7P7PELbxa4Rg5/okK4R//u//7uey01j0TVOStu2dVZceqmei59YNmI/vBoxXHDBBXoqswk756nGihw2TJI6uEtY8Lf/5p51f5fHne+9hItxy790cSANAWO24RJcMt+qVSv1lQ2VJ+q6ieIKSmiwG6t2q/lilM/Ya7bK6aMe5unXQZNGi4EJzUaMW2nEQaQFMgYZtus1DgZu5Ti5FKwnY2fgGLt5Cxh7w1xf1jXrhMxLrzCZRjEH+ytGOTfi7du36zlvR48eLfjlCsB8o+Gbb75x2rdvr+qlEVO8BdqIMVYwRrJEujFx4kR1DbhCu/fee1O/9s2SbU5M9gusEb/00kv1cuWuXbuq/FkU6nhjvj/sCmLXSOwwPUONCTQSAy6e/dBDD6lTtLt06aJr6xoxOp0XojFLjmiWv/u7v9NLY4ANOqPAG/Enn3yibgcMGOB5xR1THP4Nsg4bdAM5N2L32RovvPBCvbM43Msbgw
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1512310223",
        "to_ids": false,
        "type": "attachment",
        "uuid": "5a2405b7-b2e8-47ac-899f-495c02de0b81",
        "value": "20171114-ELF-2.png",
        "Tag": [
          {
            "colour": "#00223b",
            "name": "osint:source-type=\"blog-post\""
          }
        ]
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
			`"Event": {`
			`"analysis": "2",`
			`"date": "2017-12-03",`
			`"extends_uuid": "",`
			`"info": "OSINT - Android Malware Appears Linked to Lazarus Cybercrime Group",`
			`"publish_timestamp": "1512310272",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1512310223",`
			`"uuid": "5a24041c-d7c8-4dc1-b0ed-45f702de0b81",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#13eb00",`
			`"name": "misp-galaxy:threat-actor=\"Lazarus Group\""`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"name": "tlp:white"`
			`},`
			`{`
			`"colour": "#5f0077",`
			`"name": "ms-caro-malware:malware-platform=\"AndroidOS\""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310035",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5a240429-4354-43b6-8940-4e4e02de0b81",`
			`"value": "https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/#sf174581990",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`},`
			`{`
			`"colour": "#007ed9",`
			`"name": "osint:certainty=\"93\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310035",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "5a24043e-7338-4ea0-99e0-401e02de0b81",`
			"value": "The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research Team.)\r\n\r\nThe malware poses as a legitimate APK, available from Google Play, for reading the Bible in Korean. The legit app has been installed more than 1,300 times. The malware has never appeared on Google Play, and we do not know how the repackaged APK is spread in the wild.",
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`},`
			`{`
			`"colour": "#007ed9",`
			`"name": "osint:certainty=\"93\""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-534c-44f0-aaa0-485602de0b81",`
			`"value": "110.45.145.103"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-ff18-49dd-99e9-4bd502de0b81",`
			`"value": "114.215.130.173"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-d7f4-4beb-a63b-44cc02de0b81",`
			`"value": "119.29.11.203"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-16e8-46a5-96c3-455c02de0b81",`
			`"value": "124.248.228.30"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-5c80-44fc-8b58-4b5e02de0b81",`
			`"value": "139.196.55.146"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-87ec-4dfe-b2f3-4df202de0b81",`
			`"value": "14.139.200.107"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-6664-45b5-a902-461302de0b81",`
			`"value": "175.100.189.174"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-a980-40d3-84ec-432602de0b81",`
			`"value": "181.119.19.100"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-75dc-40a5-96f5-498d02de0b81",`
			`"value": "197.211.212.31"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-9f38-4e74-a2e0-4c1002de0b81",`
			`"value": "199.180.148.134"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-6b38-4ece-af7c-4a9502de0b81",`
			`"value": "217.117.4.110"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5a240487-dc90-46ed-a6fa-47b102de0b81",`
			`"value": "61.106.2.96"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "5a2404de-10ec-4843-a865-428c02de0b81",`
			`"value": "mail.wavenet.com.ar"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "5a2404de-bf84-4257-be7e-4e8302de0b81",`
			`"value": "vmware-probe.zol.co.zw"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5a2404de-a8f4-4bcd-8bc7-44f202de0b81",`
			`"value": "wtps.org"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5a2404ef-1f38-47de-a5c5-4b0c02de0b81",`
			`"value": "24f61120946ddac5e1d15cd64c48b7e6"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5a2404ef-bb48-4ffe-8860-471502de0b81",`
			`"value": "8b98bdf2c6a299e1fed217889af54845"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5a2404ef-338c-42d5-af7e-45ad02de0b81",`
			`"value": "9ce9a0b3876aacbf0e8023c97fd0a21d"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "5a240514-e3dc-4f24-bf92-4bfa02de0b81",`
			`"value": "800f9ffd063dd2526a4a43b7370a8b04fbb9ffeff9c578aa644c44947d367266"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "5a240514-6284-4d76-8aa6-46d302de0b81",`
			`"value": "903e3421a8cec914a41e851a31bd5a385f8d95b1"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "- Xchecked via VT: 24f61120946ddac5e1d15cd64c48b7e6",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310036",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5a240514-a630-4963-af31-4add02de0b81",`
			`"value": "https://www.virustotal.com/file/800f9ffd063dd2526a4a43b7370a8b04fbb9ffeff9c578aa644c44947d367266/analysis/1511337265/"`
			`},`
			`{`
			`"category": "Artifacts dropped",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310116",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "5a240564-a824-4c62-95b4-43ac02de0b81",`
			`"value": "/data/system/dnscd.db"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "An overview of the malware\u00e2\u20ac\u2122s operation.",`
			"data": "iVBORw0KGgoAAAANSUhEUgAABYcAAAQaCAYAAAFvAPdQAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFxEAABcRAcom8z8AAP+lSURBVHhe7N0LlBRVmi96H8wMbdPdnGnpw/TQM65znR7m4sx41jjneM6iB+cu+yzmNCoqKAIqKq0oiIyigqIotNJKCyq2iIiotKKCojxEEeRR8gaL96uQ4l1goQgFFFBA3Prv2l+yKyoyKyMzInJHxv+31l4ZsSMyMjNy55dfRu7YcY5DFHNsxBR7bMQUe2zEFHtsxBR7bMQUe2zEFHtsxBR7bMQUe2zEFHvWNuLu3bvrqbNOnTqlp4jOilUjPuccfnFQQ7FqxMCGTG7Wtgg01iVLljhdu3ZVDVrm2YjJzepGXFFR4fyX//JfnH79+qn5Ll26sBFTA1Y34hkzZji//OUvnZdeeslp2bKlqmMjJjerG/G5557boLARk5u1LYI/7Chb1raIt99+O5U+uAuRKRYt4vL5DznnfNRRzxHVF0ojdkfLcePG1bsFrLNly5bUdLt27dS026OPPurccMMNTs2Zun/rWrRoUW/dNm3aqFusN2vWrFS0xn1kGWC5zJvPg+IvtEgsjcmclsZn1u/atUtNg1kvMH3w4EHVKM+56v9RDdW0aNEiPVUf1gc85urVq9W02kbt9sxGPM94LIqn2L2DzWd001PBqS4v11MUR7EMQ2Hlx4zK8RSLd21dx4aNNswfeqerq/UUxUEsGnG6CBlmQ2ZUjo9YN2Jo8vH1eiocu0eN0lNkq1g04k09eugpb12W/0FP1dk/caKeCgajst2K5t2pOH5QT9WZ36SJngrOkosu0lNkk6IOMWFE0GWtW+spskXRf0+GlQowxbBHIt6JRS1b6qlg7ZswQU9RIRVlI66qaXic9/Dy5XoqeIzKhRWbvb/qiiv0VHYGrH9LT0XjTE2NnqKoxaYR5xLtmk3voqeiw6gcvaJuxJDuX72K8eP1VDjYqSg6sWnEZX366Cn/0jXkMI4lmxiVo5GYvZyuIUfR0PL5AFLjEhUq0uXIUTTksKN+kiXu+67/ujf0VH04lryhi/8fguW1uW+nTp30XONKmjXTUxSUxDVi8DqODOWDB+spf6699lrnkUceyarAxjTDEZimTp2qp6gxiWzEQUMjhsOHD6tb086dO9XtY4895jz11FNqWvCHXzBitRdXXnaZnrJLpkb8zDPPqDHkOnfu7Fx/fcO+z0c3btRTDe3bt885c+aMc/r0aTU2c7pyzTXX6HtkZ8SIEXqqOMSqEQcZuTp6nPKUK69GfNttt6Xq4cYbb1QNOR2v14ZGjOdpbgfuuusutT2RSyO+6qqr1LYbK3GQ2EYs3P2Qc9FYOoHlgwYNcoYOHaprveH1mZ2VvBpxr169nHvuuce5+uqrU40sl0bs9a1gRvVly5Y51113nZq2Xawa8df9++up4GDcin977z495w0NJhNpZCdPnlS3XtasWeNs3bpVz2XHqxFjGgWNDbdIN4JqxCD11dXVzrBhw9S07RIfieVrVc7V27Rpk7oVlZWVWTViHHnA7YEDB1RBOuE+MoHiR7p0AnXScEtKSgJrxMtdPf327t2rpxqSbwEbxKoRh0EaMeBfvb59+6qG/MQTT6jGM2bMmKwjMRoGvoKl5AuNGD/qTJh3l6AasbyOxl6vbdiIjUYMaMi3336784c//CHVKAv9pr744oupcuzYMV2bu0zphB/48GBf4dsqnbKystCjNhuxqxEDGrLkg3ijsI4XjOsmBWT8N5A681bGgJO6QkEjBvNbI5dGjX2Dgn8tBeZPnDih5xxnyJAhyW3EUf1j5d7BmEf583fPHmZK14ghXYN0N2KzgZujdRbC8OHD1e17773n3HHHHanil1cjFthvuNYKPhyYDpO1jRi8DllFadS2GXoqWjKKJz4A7g+D+1ZgfvLkyXouGl6N+Oabb3buu+/s0R4JBGGyuhFXVVWpY5c4jGT+Q+Uus2fP1vcInoyL7BeOpIRxNCUXksbg20A+ILiVsZ9x7BnwQcC01AsMjyvrmNCA8XvBHYnnzJmjp+ouW5H4Ruy1E/BpN7/+zJ1mk621X6c2kegtERvz0nCRJ8tyqRdo1F7wD6T7vZHIa5Z0118JSuwaMQ4DIQLgb1f5MeK3EZtvkMl8E4X8CEKdGZ2yFWRDtiWyu+FSbVIKIXaNGNP4CkNDxq9qpBq2RmIRVEMOqxHb+uHIVuwaMWAejRjwj1WQjThTLlt2JP0/WI0JoiFvGzBATwVn79ixeso/SUtwi2upCPMSFpDumy8o1jdi/CNlcv9bhRLGD7t0owZ1WvasnvLPphy55mDuHZ/QKPFjUX4wmse/3SlXunw6SFY3YjnEZv5j9emnn6q6KGxP0+ss3Umn2bChIcc9fXArrlcTEq83Pa4NOawGXMgPBhuxD99MmqSn6kTZkG2OnpmeW//+/X333vPLqj1j/gCQXMr890pyL8A8rm8H7vowLWjaVE/Viaoh59OIv7r8cj0VrGy3K4cpw2JVI44Ts1Fd/Pndesq/sFOLsCK4nwEe0YhxODQssWvEeFPCemP8Mi8VNmnPQj3lX1gNec/o0XoqOLnsezRir15y0sXVfQjVr9g1YrG2QwdnhyWnzwTxoQqyIZ+qqtJTwcnnkFy6Rrx582Y9VQenROUito3YZEtkzvfCNOkasp8Paxj7It9tpmvEIGkGjvd/9NFHatqvvJ4d+jF06xb8tZbzUegGne+/al5Dzmb7moJ+7UENuZWuEeOfPfzzWlNTo84Auemmm/QSf/J+1XJelm3wBlSVluq56BX6w5SvXSNH6qn8oREj/8X5iybMu0suAmvE7vzGtG3bNj1VGIVoUGsP7VC3386cqW7DsvrKK/VUMMLYV2jEgCENjhw5kipBCawRL1myRN264ZcnxiA7dOiQrimcI2vXRjoqZduSgeo2rGFdg2xw333+uZ6Kn1AaMerMwyboFLJgwQI9Zwc0gCguFpPPnyFRiXvqE2okfvzxx1Nn037wwQeqDteyWHjhhWraFmG+ie/vWWhtQ4668SKYmf+o4ocd/m2VOvNfWUlBshFYI8ZwUG6l+ocVTidyj6xj42DTOJS1pn17PZe9X3zWU92ajVWmX9te9zVtW0PONBpn3ATSiJE6PPDAA7rmbJ27ePF7fbqohBGlbGjINqQOQT+HwCLx9OnTU+dZYdoP269nEeROv2xe8IMiZiOMwRj9wD4M6zdI4T+Whk09eugpO+FbY/eoUXoudyUHNuip9ILsjbe4VSs9Fa2oor5VjRhs+LrLRtjPE40434ZciH1ZiMfM6RHNnWtOY5AN9xBN5nL0Dc72jQnjpMgw4CvSxg9elNeaLvTrt2/vG2xsHJmgw/yxsjI91zj5oef+YKcLEtmIap/Z9N7Y80wyCCIPjVpjb/Ll8x8KtBEvv+QSPRUOHN+3NajY+aw8xC0qm9BYMx1eS9dQUZ9tIw7DvgkTYrHfY9cyDkybpqeygwu+uGXTMK5b+ntnTuWa1J8VcgvpGmS/tePUsnRXLU1nx44dqiuiu3z99dd6jeigT7P7PELbxa4Rg5/okK4R//u//7uey01j0TVOStu2dVZceqmei59YNmI/vBoxXHDBBXoqswk756nGihw2TJI6uEtY8Lf/5p51f5fHne+9hItxy790cSANAWO24RJcMt+qVSv1lQ2VJ+q6ieIKSmiwG6t2q/lilM/Ya7bK6aMe5unXQZNGi4EJzUaMW2nEQaQFMgYZtus1DgZu5Ti5FKwnY2fgGLt5Cxh7w1xf1jXrhMxLrzCZRjEH+ytGOTfi7du36zlvR48eLfjlCsB8o+Gbb75x2rdvr+qlEVO8BdqIMVYwRrJEujFx4kR1DbhCu/fee1O/9s2SbU5M9gusEb/00kv1cuWuXbuq/FkU6nhjvj/sCmLXSOwwPUONCTQSAy6e/dBDD6lTtLt06aJr6xoxOp0XojFLjmiWv/u7v9NLY4ANOqPAG/Enn3yibgcMGOB5xR1THP4Nsg4bdAM5N2L32RovvPBCvbM43Msbgw
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1512310223",`
			`"to_ids": false,`
			`"type": "attachment",`
			`"uuid": "5a2405b7-b2e8-47ac-899f-495c02de0b81",`
			`"value": "20171114-ELF-2.png",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"name": "osint:source-type=\"blog-post\""`
			`}`
			`]`
			`}`
			`]`
			`}`
			`}`