misp-circl-feed/feeds/circl/misp/5b9ba490-0e84-4127-916f-4f75950d210f.json

233 lines
530 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2014-03-30",
"extends_uuid": "",
"info": "OSINT - old njRAT activity",
"publish_timestamp": "1536927633",
"published": true,
"threat_level_id": "3",
"timestamp": "1536927610",
"uuid": "5b9ba490-0e84-4127-916f-4f75950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#054000",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:tool=\"njRAT\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00bde6",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "veris:action:misuse:vector=\"Remote access\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#3b7500",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0026eb",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "estimative-language:confidence-in-analytic-judgment=\"moderate\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536926886",
"to_ids": false,
"type": "link",
"uuid": "5b9ba4a6-64b8-4561-a3c1-4d97950d210f",
"value": "https://www.symantec.com/connect/blogs/simple-njrat-fuels-nascent-middle-east-cybercrime-scene"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536926928",
"to_ids": true,
"type": "hostname",
"uuid": "5b9ba4d0-b15c-4860-b9b6-46d5950d210f",
"value": "njr.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536926953",
"to_ids": true,
"type": "hostname",
"uuid": "5b9ba4e9-ff3c-4024-98a4-4760950d210f",
"value": "njratmoony.no-ip.biz"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927009",
"to_ids": false,
"type": "text",
"uuid": "5b9ba521-bde4-4769-806b-4f44950d210f",
"value": "Backdoor.Ratenjay"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927039",
"to_ids": false,
"type": "text",
"uuid": "5b9ba53f-6cfc-4071-b166-4fdd950d210f",
"value": "Symantec has observed the growth of indigenous groups of attackers in the Middle East, centered around a simple piece of malware known as njRAT. While njRAT is similar in capability to many other remote access tools (RATs), what is interesting about this malware is that it is developed and supported by Arabic speakers, resulting in its popularity among attackers in the region.\r\n\r\nThe malware can be used to control networks of computers, known as botnets. While most attackers using njRAT appear to be engaged in ordinary cybercriminal activity, there is also evidence that several groups have used the malware to target governments in the region.\r\n\r\nSymantec analyzed 721 samples of njRAT and uncovered a fairly large number of infections, with 542 control-and-command (C&C) server domain names found and 24,000 infected computers worldwide. Nearly 80 percent of the C&C servers were located in regions in the Middle East and North Africa, including Saudi Arabia, Iraq, Tunisia, Egypt, Algeria, Morocco, the Palestinian Territories and Libya."
},
{
"category": "Network activity",
"comment": "Potential sinkhole",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927248",
"to_ids": false,
"type": "ip-dst",
"uuid": "5b9ba610-0314-4618-b854-4cb4950d210f",
"value": "204.95.99.26"
},
{
"category": "Network activity",
"comment": "Old allocated IP",
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927315",
"to_ids": false,
"type": "ip-dst",
"uuid": "5b9ba653-5788-43a1-86b1-4de4950d210f",
"value": "83.71.169.49"
},
{
"category": "External analysis",
"comment": "Screenshots",
"data": "iVBORw0KGgoAAAANSUhEUgAAAb8AAADDCAIAAACd5ogrAAAACXBIWXMAAA7CAAAOwgEVKEqAAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAJiRJREFUeNrsnXlsHFl+37ubpERdQ1GiRPGYGWk0WWdkJJvFArm8RhIDgZFAWRuYBIvEyB9G4AUC5EA2gY0ECDbxTIAg3sU6CAx7vYGTANkdLwIn2BnNjkYHKfGmeJPi2ffddd93NZk/Xnezye4uVjcpiiK/HzwIxepXr163mh/+3lmBHQAAAM0TwEcAAACwJwAAwJ4AAAB7AgAA7AkAAAD2BAAA2BMAAGBPAACAPQEA4EzZc3R09P79+z09PYFjp6en5/79+8PDw/gfAgC8Yfb8wQ9+0N7eHnittLe3f/TRR4d8hx989esffPXrPrNVknfmnz0erU5+qvGff/gT71crqal3V31hs9c2VdsjLByA02zPn/70pzdu3AicALq6uj755JNX/SnsU6eHQOvq0qdAfa
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927431",
"to_ids": false,
"type": "attachment",
"uuid": "5b9ba6c7-7a04-42c3-933f-4e63950d210f",
"value": "figure2_17.png"
},
{
"category": "External analysis",
"comment": "Screenshots",
"data": "iVBORw0KGgoAAAANSUhEUgAAApQAAAGiCAYAAABZBFYRAAAgAElEQVR4nOyd6ZcVx3n/v9Xd987CMAzDsCMQCASSECAQsrXZkuzIlrxEsZPYcbZz4pPjk7zNP5DXyav8AzknJ7ZkxSfOz/IuyXFsWZKRwaAFEDDsy8Aww+zLXbqf34uuqn66blXfi5gxw6jqnJnbt6vq+TxVXcu3q5cr9u3bR2ghEBGEEPa4JEk3BE8PqOR8u5iRpiPp0c3k+SjBlvdW7M0Hl9cJ/2xm21b/zY5JUR4ieXiFsLYD1T54Oyna12reZuF2c5v5BMDJ/Sh2PNdzFyPXtGFymvVLm52iOM/13I8Tt1wuI4oilMtlBEHg5N5qiFwFMUORiCh3dUsl0pI29eGODKmqrFdmkdRr2V5HJ1GNWX3y9K6JrGii4vsWItdMxzu42dltk3OzyVrZ8VzPXSxck9EsFE3CrfRLV9k813MXO7dWqyFJElSr1ZZ8+6ihQVCaoajQIIKIImx87BmUl3Yjqcdz7Z8PCyIQhAiQ1Ou4cuhNjF85jyDMNx3zTIlPODZxx7dtZ1dmnC3vQuCawSVWTdFrs2dO1jy/sw96rufewdyi/mfa4yxX33WVyeWf53rux4FLRKjX6zquGbdVEWvubxCUrRRGGUiSBIEIsP7hJ9C1dgOS2vyqXx9uU6D0und9dhY3zp7EyMUzEEHY0mSUmSiegIryqjyuuNvFtU2WvAPbJlKbXRVvS2/aNj8913PvdK454domWzOOfzfZ3CebfZt/nuu5nnvr3Iir1psNca0GCkIQBAIRgMT8XZv34fYFogSAAAGI63XUa3WIILzdbvnggw8++OCDDwskiJdeeqm1C/6WUK9WMTY1jcF7Hkbc3gUk6SVvrX6JQAIABIRStvJ7qnrVDlKLYAAJyNv1oB7y0Vqa9D+VGErocL1NoCyZLqnJVaZEmh6Nql0b4TUkhHQjdVho30VrXOJ+F3FtK2kk60U0xOozf+kjSFdlzqzJzGqQO0zZNhGSJEYSE+LKNLovHcdqUUVX9zKL3z744IMPPvjgw8cxCEpDY4SxXKq2eXytUsHFq9fwvQuTGI0JkUyXJIl88lsulcrVLKIkeyJc2WGXTimOteCBFE5B6MhLgAgy20mSAEmSU3JBGEAgvTSfrrLly1fkVxCEEEEAShIkiXFvqBAIgjDVW4mtTAECEYJASOIYhiLN8trqg/uVxFmdS40ZhCGECGQd2/yKAFDql1lmWddElM9LAALpF5DLK0QAogRxPUZSmcHjvSU8es8GrFy9Jve0mG0p3LXftgTP8/Bgu2TG091OrktQ2y4h2i752VhFlwg913MXK7donmnGb+aL7XKf53qu5849NzITmgBzkOHx9Xod1Wo1E4EyJHEd1dlpCBIIowhReweEEKhXq4hrNfAVsFJbG6JyGyhJUKvMpgJMLpIFUYRSWzuCMES9UkO9VskgBETlMkrtEYgIcbWS2lZ5wxCRzJvUa6hVq4wLhFEJpfZ2AAJxrYo6e/pJQKDU3oEgSIVbbWYmV8YwKiFoU3lrqFcNv9rbEZRDUJykT0Uz8RZGEYJyO4QIUa/JMrHqS/3qAADUK1XE9axMIgxQbu+ECJGWaXY2twQZhBHKHakojOs1WSbS4rvU1gFRKoHiOmqzs9CCk1KuaGuDCAKZtwIiQlQqIyyVQJSAiFCtVjE7W0nvnw2ChsnD1V5Um7HFNWvgNtsLgVtk3+xXNjtmv+N2TJsuG57ruXc6l9u0cXmcrc/y+GaToOd6rufOHzcyjXCACTMVrBkIUvskCYQIUG5vT1fFZHypXEYUlfKZgkBeeU5FHLhtIdJVQiKE5TLCKGrMK9NH5TZEpXJDXgiBsFRGEEXILxQKKDUWlcoIoxLTuWleASAIA5Q7Oy150xCWpF88XpZJBIG1TBACBEIYlRrzMttRWxuicmOZiAhBVEJbp3EfY2D4xZ/EFtArn6nw7Gysa8kOS2WIIEStKkUnAUjSJzYpIbni625ctonF1o7M0MokZOa9nVyXTc5t1mds5XD577meu5i4tknKDLY5ycxr9t2iCdI16Xqu53rurXMjnsAcBIoMW1zWwlEEAaKolL5aRl4WFQBIhDDfqalEKCAgwpDfvZfbFkKgITO3EYZ8sY7FERAECBA05lH/RQibZQIgRAARuh42IgBBKlxzZZFcAX3J3sYF8zmfN00jWF4dTyTFH4DA8tYnHS8yYWuLDy0P1ajEQiAAUvFPBFC2PkuqbCzYJgnXxMHbj0sc8m2zvdkmt9vFVX3GZBV1RJdPtrRF+T3Xc+90rq2vueYfWz7XvGT2VV4u7o/neq7nzi034kaLBgC+bZtweZogjCDUSiQriLYrs+qHRpjqETmJKaUV5YVCvoIAI4qJr9SKjje5EICRP1eJjvJlvijZa3HgJrm8IPnSG/Ui0rwk7RMR1IM/gjH0cUW+MQkhpDskfRBMSGa+CCH0rQhJwZsAzEbFG6it8RXZsLXBZp+3k2vatsWZfYn3NZdvto7O/fRcz/04cF37msWric/ms+mT53qu584dN7IlUgmVEXPbJSZhTO6NE7t8IjrdoZ7vtgxcBPVQDucKoXSXFFOwD2LZE+XSlnTN5HJRp+0ycUgywsqVT0ALIfT3uefysimbQilGLSoB7WDODrOmLQAEoeuWWJrMRu6YNXkVlCnEzAbG20GDsLWcbDSblGxnWreL6+wHhj+mb9wv019332k8y/Rcz72TuTxdUWjW9022y26RT57ruZ5761x9D2WzwcKceK3OC6RPVcd1xHGS3h8o7/kTeo1NIKd51OodF4ck0xLkihtpQOaaEkDMR/kqHqFFFgBVeAtXiGwVUIAayp5JLjsXQmR2aD64+UD8tgIh8nKQH7Oc0LaIb2HkYZ+6sSWEuF6FegLcFcy2YpsszLZj22/mNe25Pm8n1/bdZq+ZDVuwpTHL6LmeeydzW4kr4jazcbNl9VzP9dxb4wa2s0suItUfEeX+GkN2Z129nj69nKaTA5KAujKby6P2CSFSoQYl1gASJPc5KkvlUflFJrRI2WWMBi7zmwRnkNrr5qo0grQ4m2uusqf+BKDrQ38qkal35+P5kVLWVRVnEVkezSVCrVpFvVa1rHryrI2rEryNmMLPzKv+XI3W1e4WOtfF5HE2uy5WkX+e67l3IrfIpiudy3dbaNZ/PddzPXduuRGQHzRsE7FN0TYaZKtnZlq5j4uidOVRXS6Wl8KVUCN5mZmtDCrfSOZXog6CXTrXdx8qMUZNuGjIy1IXcomVOCv33HJV2bJ6VEvVhiAEUmGr9wudQJD6mopvkmpSk2W8ts380MewSdvj7cQm0GwTh5q8chxLMNsmb6O3m9uMZ+Pa7Jm+uMrouZ67mLjF80kWbPOTi2va434W+eO5nuu5t84NzEgVYU66NoMueK4QxBzPJYa6MoxMmnFRBC3PMj8IgpQgY2KM2SYLy8klJQvzg6oWhLrCGrlKHIJICrX54XID+Uv6mUiXVWA0CMtxEjKNqmMiLSCVLDclbCuhlYnB1ljVpGK2Ob5t2iuatG4Hl/cP235bfzJ5Nn6RTc/13MXAtQXXPMO5pk2+X/2ZE6arXJ7ruZ47d9xAgfmnLYNpsDGQ/atUPUIIpaYAbYegZBcpkaTTqYvGeYlGyqa8EZAotcdxQmT3a6bpHVxVWeAVx/IVcLNipnbmhUtZA1DXqgUvKKtoLajN42PqQzKjZcMDWdII5dicBLPtmI3dtY/HFcX/obl8MuUTbJEfraTzXM/9OHHNicsWf7M2XWnMbc/1XM+dO66+5G1GcuOmk87BQ+4PozKCMNHvZ9QLicYKmLCJxVR/5fj6VThSjJFKLdRlW50pi1dalQASDq7Ws0KbyAlrKQJtXOkNNzLnXMHqNPukvA3iHiB90lwYQlzvg9aIRq2zS+WUrioH6S8R5URtQeAnIhk2fxLCG54tr8sOjzN9WUhcM87Wh1qZeG08z/Xcxcgtmmds/dY2N9ls3Iw/nuu5njs33IanvF0GmwOEvlwbhAGAAMTEiLqHMA1yH9sj1MVXKbS0s0pMMk1E2oK0KR
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927434",
"to_ids": false,
"type": "attachment",
"uuid": "5b9ba6ca-7d00-4c71-a955-42e5950d210f",
"value": "figure6_1.png"
},
{
"category": "External analysis",
"comment": "Screenshots",
"data": "iVBORw0KGgoAAAANSUhEUgAAApQAAABTCAYAAAAhvZcZAAAgAElEQVR4nOy9d1gVR9s//lmqVAELKKgoihUbdo0RjSXGGGOJ5THGEkskYhc1EaMxajTGGI3GLljQqLGjxsTYjb2BEYJgF0QE6X1/f/DuvLtzZmb3AD7Pc31/731dXOfslLvN3WZ29yBlZmbKoECWZUiSpLkGAEmSSB89hh6rjGeBCJ96Pg8Ha74e7yycNK8sHmj6LHw8fo2M5cmtN8foNc0XS988HPQctUy8Pj06LL2w+DBqazyb4c2l8fP0RNOhcfN0UJo55gLPTkV6M6eNxitqF/EoigM8fykL3eitiREejdJi4WTRKgt6Ivw8fzSXrrnrb65MpV17PXq8WKSmYa4tm8tPWeqKxlNWuHlzePHKHH8uDb2Sgjm6Kil+PbsV5T4eHh4tFt8ieYzahSh+KG28GkHEt4VIGDrhKtesTzUxtWJ5c1jCqOfzlCgqJvWAFVx5xSULaBmVceprWm9qXLRc5hSnLB5ovPSi07T0ikgWXyy903LSMvMCN8um6HFq/CwbEK0TrQO9gpG1jiybpe1EpAOe0/HsQ+RTtAw0PZ6vsGRVr78a1Lag/uPZql4S5/GgZ+ss3KJ15OmH1aYXm2hfEAHLhnl6YrWLYqpevOTJwuOTZYMieVi2RfNgbsxkyayMZ/kZbx4v/rP61LLTeqD9nUeHxqe3biyZeTGYBSx8vHjC40UEIvuj9cBqE+Gk57D6aHnoMXqxnrcGItw8v2fxZYQ2rRcj62BUlyx5aFq8mMXzTzWwah81Hr24wosJNF8WPCF5BZNeIGPhoQWgBVRf85yOLjhYOERtrEKKlTxFgYNVsLAWhAeigELPpYtDWhYWbnqsEUNTj2UFWnrNaRloG2E5kJGATq8Nq/ii+eU5GE2TnkPrhrfGLCdk8UXLR+OnZaRxsnTPAiPFryhgi/ylpP7NwqXQZgVHdT9PV7xYwbM7ER+iYo83Tg94wVzdR9s+y6bofpZviHxf5GssO2XZC8umeDyq8dDXesmSBXr6Z/Wz4iLrkxd7RDRYfay4z8IrymfKp8i3eLLSMYcnl5H4L6LLy9E8PzO63jReXvxnzaHlEtklz19o+xfJy6LFyoEsOqy8wZvDygM08OIyj45eXmPFYhafPF5oXbL4BAAL3kAWU3rIeP2idpawJU1ovIApCi4sY+IZuHoca6yoaBAlC7qwYDmFSCeswpaWl6UfHn2ewfOSp8gYzQGenCI74xk7LxHQvIt0S+vKaKEgChgi22LJzOOJloMFLByiolrEp5GkpW7T82FRcNbjRa+dh7+kcUWEn+VjrBgmihssEMVdmgcWH0qbKKHRRQo9Ro+uKCGx7Jy+5sVcPd0Y8Q1zCiBWotfLH6y5LH70ihp1uxG/0eOb18+TgUdXz695eYq+5sUgHvAKIhbPLLpqGWn6In3x7FXEP51fRDbPyrv0WNqPRLpg+S8vp7N0w+NRFIv15gLULW+RcdFtrAQqcmgW0ElfFGj1ChdWole3q5VPG4GefDweePLqGbxe4GMtMs0vjze9IoouhOjvvHUQBTsRLb3kQM9hySdKrkaCpTn0lXks+1HrV80vTw4aL4tHI2DEr+hAr5dAWcFDlDx5+HhBi04+LDwinObqjJWc9eiY00/rReT/LGAVXSJe9GyMx7ue3LT98pIYq00Um9X4ab5ZBbaRNTbHd9U0WTzz1o01n+ZHtLaiwoNVfIl8jLfWevlCjzf1PJavsvxTJA+PFi9+6+HmFaN6fND5nI7ferGSxRfLXtSf6nGsGCCax5or0okRG1T7MGs8q0/hi5UDaN55c1k0AMCK7uBNUhMAADkjHXmHDiL77GkUJiZCzs0FZBluu/fBwt6eKTwLj1oYvUKpNIZCt9F06QTIK6yMAF2gsfihF40Geiz9KdKVXlAqKxAVU0b5MKpjI0mAp0uRvfDWR8QD7YR0YGPNMyInzy9oHKKCjYeH9h0aL4ue+lrPRo3KJNItLZceiPAaiQXqdh7Q/OjJzIuX6msjdmKOzlj0RTbAa+PFQjVuXsJl4Rfxose/UdDTlZF4YI7NsebwbIRHk8eTKH4Z5dFoDDGHj9L4pJqWyI94cUfEJ4s/I3lVxBetK17804t59DiWXsrC1kVxjVc7sOocWja9uoTHmxXNqJ6gclERspctQeb+XyHJhbBt1QRWvp6QrCyREb4fKCwUBi6esYqMWFQpswqKkjh4UVERioqKYGFh+p6SXgJn4VQCs4KPV1QYSYQsGXk8sopW1jWLH9a1HvBk0gts6k9z6YoKWSNzWMmQBawgxyvmRbhph2aNLSoqYtoXL/DqJSBlrp498YKOiI+ioiJi2zQfLF9Vj2fxrvQD0PgLS5+FhYUEP+1jRgIlSy+8ZEbLxfNpWres70bXRQ/oRKgXD9R0eXiMyE7rlpeYWHbFk5PFIy/O8mySh0OEk7U2ar3RNFm4RDlLL5fyYq5IFh6PorhnNA7zZGP1sUDkBzS/RtaRN1akb1bcYdlHSfxCZMMse+flOZEueDZpJE7R+GicIhvg4eTNp+MhzYeFejJLAYTZzEwUHD2ClF7dkXP2BBx7tEH5IQFw8AUc3GNQvrU1qoy3goWNlsDLly8RHx+P/Px8AEBubi7i4uLw6tUrjfJ5i2sk0Cp4Xr16hbi4OOTl5Wna1X80bkXW999/H87OztyAwZqr1hXdNmTIEDg7OyMtLU1oYOpreh3UdHkGQPPGcjD1XFYwV/PBSxz0eGVcVlYW4uPjkZqaajKHZ3Q0X6KAyNI/3VZQUIC4uDi8fPnSZL5aLlawZzmaLMvIyclBXFwc4uLiEB8fT2xYPSc1NZX0FRYWAgCys7M1c+Lj48l1QkKChg9ZLi4kjx49Cg8PD3z33XdCHah1pXymp6cjLi4O6enpAIBHjx5p+E5JSdHoIj8/n/S9fv2a4Hnw4IGGV+V7XFwcKXYVHAsWLIC7uztOnTqlm5AlSUJYWBicnZ2xa9cuk7VLS0vDhAkTULt2bTRp0oTwRMstSRKSk5Ph7OyMTz75BAAwefJkODs7459//mHqjWe/vGQnAkmSMGjQIDg7OyMjI8NkPXh4WUUpDcqYrKwsxMXF4fXr16Tv4cOHePLkiQavXlKkx6qvaZ3Q43l4eNesPt54XnHESoysOMjLESw5eWvBKnZEeFn80niMrIUaL02X9119rbfOrO9G+kT2QY9j5Tq1XLy5eutIy25Uv7x1YxVHrNzKAlFeEuUyUeFPx3xWXWHUJnn2TtNRrnkFMUsmkZ+w4jwrP5scx7EMuOjVK2RvXI+07xbBpnYVOHaqB1v7WNjaXoON62NYV7OG5FYOUmVHQMW7LMtYsGAB/Pz8EB8fDwC4efMm/Pz8sGrVKqGQLEXT42kjX7JkCfz8/BATE6NRDP1dLStLWSK+RLzwDEuhxQucLGOnv9OFBM07L1GJkhjNH2uOyLkkScLFixfh5+eHDRs2CJ2KJR/LaNW64BXXtMxJSUkICgrCzp07dYMJS5esIHjnzh34+fmhV69eCAoKwttvv41ffvkFRUVFZNyaNWvg5+cHPz8/PHv2DAAQHR2NoKAgBAUF4Z133oGfnx/GjRuHoKAg/Pzzzyayp6enY8CAAejSpQumT5/ODSS0DpTPK1euICgoCJcuXQIAdO/eHa1atUJQUBAGDBiA2bNnIzExkcyPi4sjPG/ZsoXoZ9asWQgKCsKQIUPg5+eHvn37Ejlyc3M1fMyZMwft2rVDr169yEaRx3NKSgqio6NRs2ZNuLu7m4zZtWsXtmzZgmXLluHOnTsoX768EB+tB3qMyF5oW2P5lJGiQJnDSj48HtTXvEB9/vx5+Pn5YdOmTaR91qxZWLx4sQl9XoIUxQMjMvHw8a6VNpYeWMUEC4+RQpOXBEWy0PNEOFljWcmbV+jw+BPFRB6vrNgnymWs73rrzxqnlx9F+UskE0vnenzyCmwWfSP1Agu3Ggfru3osK0+z8iQLL02bZxeiHM7jm4WLp2P1WtF6Y42h9cWzM/V3K3Wn2omUz6LUVGRvC0XOgb0o16oB7GrZwDL/b1
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927438",
"to_ids": false,
"type": "attachment",
"uuid": "5b9ba6ce-cd60-489a-8016-4f1f950d210f",
"value": "figure4_8.png"
},
{
"category": "External analysis",
"comment": "Screenshots",
"data": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAGlCAIAAACp4B/RAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwQAADsEBuJFr7QAAABR0RVh0QXV0aG9yAEVsbHluZSBQaG5lYWhay0tlAAAAIHRFWHRDcmVhdGlvblRpbWUAMjAxNDowMzoxOCAxNToyNjo0OK4mwwkAAAAadEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My41LjEwMPRyoQAA/0BJREFUeF7M/XV07Hl+HYo64Lzn9xxD/BzbsW+S68SO7YkpHg83TDN3nz6MOiBmxlJVqZiZmRkklZiZmaGYVCiVWAd65n5OT/Je7lp3ru2/Xtb6La2SWi2VdFS//d37s/f+/IphLKMbO/9f4TKPXLBVPY8f3y199uDTN9+49dV7laVZmIZqYlMZpjYfU5PXUJJFbCymt1TRMdWUlgomsZZFquGQamjoksaSe2x8hYqLEpArCPUP8dX3Wcg8EaGSgijANxU01zyltRShKh+QETnVedeayx7K6C3NJXnoiiK7VmjXChw6oYyNM8pZSj6JS0ZoeBSHnNtlUTqNEouWp5FSLVqOVkKhYmoFNIxexLSImUp6i0vD6zGLXHq+lk82SZgdekm/VdVrkndohHYpa7rbPDdgWRqxr462TnbounRCE5/CQlSqCA2TRtFqn2mhTz/sECz1ajb6tAtO8dawfbHHsDFqH2+XtSpJnQZ6n43dbWR0aWhqWq2MWDlg5Mx0KBa61Z4Z1+aYY8Klnu02zvaYN8c7ErvTuzPt+/Ptc72m0VbV9lT73kybb9614FL2q1jjJtFUq2SxS7k1ZFjtUW0MGiKrg/7loe3xjr3Rzr2JrtUhR2R9LLw8uNyl3x20L7tUK93qxW7VsIULT2+mTdKrJO8OmbZH9eHljvU+XWy5PzjfvT5q1XCbqIinSkqliYdW83B7axPnR+FUzHN6GEpH9y/S/uTeXK+GZWIhPXP9pzHPyWF4YdgpxpbKkPkaVB677JaoOcfIR61NdWSS/tN0+CQeuEyFIpuzIzaZllbPR+azm3Mt/BYzB6ekop1KoXt14cV55puL05enmcuT48NUMhE7uDzPXJwmj+P+oHf5xWXsOO07Pw4fpwKZZOA8c3B8GL44T52eJI4P4+eZ5Hn6IHPgPU35r47iL04zmczB4WEoE/edHQRO49HLk6OLi9PTs6PnV6dHR9FQaOcwHTjOBI8zgavz6Nlx8DQTODn0R3yrOyvjh9Hdo7gnFnFHgruHydDL5ycvrk4uz44uzzLHqfjVeeriLHR2FozF3Ilk5OQ0fXgUOT+O/+ybi/PzI3j3/Ozw9Ojg8ihykvafnQSjofVMcv846TnPRF5eHSdi4ZPj5Pl58vw0fpqJwm81Ft5NRfZPU8GTePDqKHqW9J8k9k+T7ph/Hd69SIePontXxwfwLZ5fHj+/OMnAN02HX5zGrzKRk4z3PLOf9s9H10YjG2PejdGjg52r49DL8+jFSeD5Wfg47T4/9j+/iGTS/ufnscujYCq4cRTePI5tvzjxvzoLXmU8R/GdkGclkw5cZKLfXKQOI7sp31rCvXh8sPXyxH+W2j3wzp1E17459jw/2glujx94VgLbq0cHwdNUNJOC35sv5J7ptgll9BoVq84mxZrE2FYd266hMfHFchZqY7IvvDF/5Fs/9C32WbmkqttKYokEW6qh14iJhRxMbmhjJLQ+cxxZm+rRcjBFTFTufL/mKDAX3BzZWehaGTVlAjPx3SFW89Onn/8tMu9Tes1tETZ/bdgw0yUecTDdc5bJDv5Uh2ixXz3VoxhwsJzqhgE7sl1Tzmu5buWXTVgZ063iuQ75ar9mpl08bGbMukTLvbKVXum4lcFFPBu1CjeGrVPtCvjj7zYw+gwMWuMzMrKgwymZHW+d7bcOGUUdIqKeVuMQtjil1Il2o2d5yr+5sDI1OD3UsbU4NjfS2eNQ99jlnSbxRLdhfbJjrFPfa5evTnYujLTNDDhmB1s3pweG2wwyJqnDpJCxWvjkBgWnpb9VYZJTrSpWu1XU26rscSoXxzsnum09VlWHQdbnUE0PWobbVVo+lo+vFOGr2hXUAQPXKSXpOCiXhmWXUtrV7G6TaKhVtTzaNuxUdun5Y22aQausWydoV7AMbKyJR7TJGAYB0SyhstCVQmKjSyto0/AlFHRLRZ6EihSRGiWUJgUTreEQxCSUjkPUMPEcdK2YgJSRMXIKjo9BsBH1mKLCZ19+evv9N5pKnzZXZLMJTTRMvVbEoqIb0VXFTaW5NFQtBVGBrynCVedzsA0MVK1BRNfx4KniKfWF5Pp8Sl0Brbmc1FCCqc6ryr7TVJyFrc7DVOVVP7uVf/2j2sc3C65/1Jz/EFeZi60rQNflt1Rm1+feqXj0demDr4rvfVX95E5z0TNSbSmyKrexPLuh+Fl90TNESUFTUcHbf/3XP/iLP31y54sndz4venLz0fUPs29/kn/v819Rj18pxr/5X+HSjjzn6Abv3r9x/cO3/+IP/+Av/uPv1pdmFT68XZL1dXNpVsWTr+vz7+KqcxDFDxsK72GqnokoDfiGPEZLKZ9Yia64z0TnsVvyUWU3iHX3peQyHateQiin1GdTm/L5xBpy41NC3aPyJx8W3Hu3oeAWvjq3ueixXcruMovMMqpBTGrX8yxympqHVXExFgkFXmcaHqbbKjQpSHoZ3qalmuQEJQ9nlXOcSq5ZQJps1zrlVLMIp+O36Pl4p4LZqeMu9pvmerQzXaqZLuV8r6pDT6I0PrLLMT0G+nK/dswmmLALl1vF80bWklOw1iObsrN05CJh7T0TvnDUxF4b0M93KhZ71dMuyUyXbLxdMNUu7JJjHLzGCQtrwsJc6ZJ6JyxbA5rVXoWFUz/tFCy4ZGt92nEre8rBHjFTl3q10y7Var9uc8jQJceb6LUDSsq0mTfr4LpHtJ4RdXDScDBn2x3RhRZc6d2x3fHWtQHzUo9upV+f3hkNzXV4xmyrndKtfrl/0rg9qPSN62dMNE+vwj+gDs6ZvdPG4Ix9Z0i/1CEb0FFM3Foju8rGqtbRql1qetK3fJLwvL6tHwaTgbXE/ox3vpNd/0SJL42u9GeCK8ngmk2MYdXc02KyJTU3JTU3LNRiA7My5R4/im1fpL1HwY35PptdQGwTYO2sBiO10sapbxWi2kT4NhlzotN2Eg9fZFIXR8kXx4en6cTVWeY8k0rHglfHsRensbB38cC3dJLcu8wEjhP7hwe7B7413/bcUXw3HYGvH4TrDBBlF+62S5cxz2HAnY55T46C+2vT7uWpmeHuUGDn8ur46ur45CQRi3mjoZ1UzB32rR7Dz3XkvzqLXJ1G4sGNwO7Cecr3/CR6dRw9TgfOjw+uzpLHqchxKhoLeY8S0dPD2MVJ9CCyGj9YP0x5z06SJ8fx87PYy8vUi6vU86vDFy+O4S188eOEe3d19Ci+fXHie34WODnYcq+OJQNb8fD+cTqUONg/PQrFwlsnKe/LM0C1UCK0HvMux72Lga2Ji9ROzDt3mdq/THuj8EMF118eh0+SvrB3I+zdzCT8qfBedG/uOLK4v961PmWa7xTHFjvD8x0H28NXx/sAjcepzcP4ylF8KRGeOU0tnh+uPb8IXwIiptxnobUT33xieyTtHk97J6+O9xLBpbBn/jTtOYxte7cmE77FQ8/MsXviyD32PLZ4Fp6+iMycByYO9wYzgTn38lBkd/E46oXDDZwz4ABxeRY6T+3vLPR2GV+f8FwaklWC1nIbrZIWE7+ZgypSUhFL/fZj//JJaGl1zCTBZ6uIeXpquZldraEXURtveZfazyLrp+Hldg2VWPuQi84z8ppS+xNJ74xvuSvtHYpsdkY32yfaaAZ2oZKcpaE8VpOzDYzilR7eQidjwkaYbaXvDKumHawpJ23Mhp1pR1q5dwf1BX2K/GF15WIrea6NO9PKHjGR+jQtUw7aer9oqYs772LOtNKXugRzbbxuFXbEQh+3M5Z6xaNmmoZe2a4lb8y12zXU6S4lHBM3utWjRvKCS7g9bFnus3jmhsbajNO9zqle29pE5+p4+8
"deleted": false,
"disable_correlation": false,
"timestamp": "1536927441",
"to_ids": false,
"type": "attachment",
"uuid": "5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
"value": "figure5_6.png"
}
],
"Object": [
{
"comment": "The main reason for njRAT\u00e2\u20ac\u2122s popularity in the Middle East and North Africa is a large online community providing support in the form of instructions and tutorials for the malware\u00e2\u20ac\u2122s development. The malware\u00e2\u20ac\u2122s author also appears to hail from the region. njRAT appears to have been written by a Kuwait-based individual who uses the Twitter handle @njq8. The account has been used to provide updates on when new versions of the malware are available to download.",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "4",
"timestamp": "1536927169",
"uuid": "5b9ba5c1-9ee8-44e4-b15d-4d2e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1536927169",
"to_ids": false,
"type": "text",
"uuid": "5b9ba5c1-2a0c-4b9f-94e6-4843950d210f",
"value": "njRAT v0.7d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1536927171",
"to_ids": false,
"type": "text",
"uuid": "5b9ba5c3-da00-419a-be68-4c2b950d210f",
"value": "Twitter"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1536927171",
"to_ids": false,
"type": "text",
"uuid": "5b9ba5c3-a768-4922-a9bb-4413950d210f",
"value": "njq8"
}
]
}
]
}
}