196 lines
96 KiB
JSON
196 lines
96 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-03-10",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Wikileaks Vault7 JQJSNICKER code leak",
|
||
|
"publish_timestamp": "1489174184",
|
||
|
"published": true,
|
||
|
"threat_level_id": "2",
|
||
|
"timestamp": "1489174168",
|
||
|
"uuid": "58c2fcf1-283c-45fa-b289-45ae02de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "There are however artifacts that could possibly be left on accident and or on a system that never had a cleanup initialized. One of those examples is a registry key that seems unique to this malware",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "regkey",
|
||
|
"uuid": "58c2fd28-8b98-4107-9d81-432d02de0b81",
|
||
|
"value": "SOFTWARE\\Microsoft\\DRM\\{cd704ff3-cd05-479e-acf7-6474908031dd}"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58c2fd63-b1a4-4f74-aa79-41a602de0b81",
|
||
|
"value": "http://marcmaiffret.com/vault7/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"data": "UEsDBBQACQAIADubakrL1jNRZigAAABOAAAgABwAZDg1ZTI2ODY4MTYyZWVmZWYyMGNhNmY0YWVjYTNhOTlVVAkAA8L9wljC/cJYdXgLAAEEIQAAAAQhAAAAbCcOb4v0Yqm1ErAvNDI1lAYXsKghOrzneWabwV08HQUJ5BTxj+thLJO3TJ2FkIIdLv1Pcc5WF0AxI3HuPR7TR03cSiljY2/Imh/hgM7dN6MqC1AnFjRrHXAfVvXyJfl8wfX6xgxo4pRe3AS2npqEAvA4kOCqkiTt2fk0azZl6+2g5EOs9K4/muMgpPlB57+zyqYP1gSud7t9yXbSFGEGycL+bL3ZcaaWO9ZS6XMW787raPOIVDyWDKe31UzBcG5caffvODh28Ff3RRbqcXRpY81zF2K3sTWiP8pJ5AEpqxwYLXBGbSnKf0xY7QWov+FZzEu4k4ayvylBaGW2PmVyi1GSNpKx4EX3Jkw7PRRNGdedz+I4XdKC6iaGUxxp2Yl6Klm+0i9kHt+kWuMF6DGGriOFJtCsuv9q+s0fw4xrphynyD8DSfiyS2ZB+uMZv+oRw7NdU+Ms7OL64UKbp0YPxRmdAr2pPEwqoEc4JxuWLhvQdNGJ+90TMh4zskj2UGQ5qUXzg3i7PmSt7fXZwE9ezvewUwESNG1nq9u9It54NmD/vg+5fi31BQKIBPXXeDSF/BJv0gYXwAay2A2FzvQqLuQvrZw4tfiv6Tn5sAPe7sHqq/MuSWWvWeXQAROsrjnhkmZdbjTqqwqqxVrU0xc1QVgwPX98Nl+mr25OJCSzNzs6enoOBjOFL9ZgvFsTSDio/LdK19RgYFZSSIypNeRFGoGRi23GERzDY7p2Zo7rNJb7djGGPqe82ock/5/5/PuSKnlam+hE8FLeBq2Xam6Pu9e+kpI3ew7A6GQbouhy1i67N30a66GgCQsN47eomOjwTAbzJXRWF64RHeJVTweZOVfmFY6EausefMJdy3C/CTMyicCI7jS5akDbuicCHRLr76hx+qbasESQdD4jnidIkj2GkhGGxPFp6RORaqxwsKUZ9HPqMoFl0bQdDUsPrRFd/e3I9QA2GFrh/uG97+DlQBaxxkCfNdbTlrw2BzYQpbPi4YdJdV6On/s2YhXGES1x5JQGbYb3d7wT15xNgF1PYuy7cKXKqa2x+eiVVBhRo0EnPkO6enRXhW4twBDkpV7WjtZ9Qr8wgAitX330kQhPnq0qrEESwL6B6jhqOsUqxi2nDDuqVIskhniOiV2OE0gJWWbMqGGJsdY2N6I/i8YylSF5u/928IPzsByrQNRwxn+FTZevOCrJNUe2CtJO2CcGLYovbi69+NPprR/QYitsOeLyFkprFRyVVstJH56QwS3VJnKdNAW3xYb3oOQ98SLtrAnBi78LNczl3LxlsIzAI9TT5jYLF4iJZlxdmk2txuZ4JT4YnqVl5ie32XKsKruSaRHgjz8DOEoSK0ayGqINHKo8PU2dVbQGv8Dr/iyw+4cEC50f0I3cApXyTUknIgHkwrvzILaJ7deXqewEacotuAOBmW5eLZnco+klyfKLd065zaN57uchGxl6T7hGyuWyFakVwHr/OjPg4Wnv8a7CL5Z8LRzjszVynzNgtENZ7RrqsRNjev4KJ3UN8TGes84JKGKGzrF2MC/NiG1iwXzQQTLdeqTgHYeT44E5Y9GGqnsdavO1hNgZ3wb5hKvfR+RkrXY5homAzmriPKk0X+oMf1jP1czEoZ/rHJbxgl/mLmJSXkaBEL6cR+jbcKJpnPhLMlsUGjFYiPnMeIVMuBFMsDt0ofTe7m2z54GM50ZATtZ3HhpizBZn0zDZ6roPAAkKjj/Bu1vK7gCEU2D1+sH6vPL2+uy+RVgAek3gwPhFdzUFu7BaOKsA42WcSMFu2nt3CIKwZyYc5y3XpTUcI9EAeKzohG+vrLncHiFjsv9L3YpQw0H1iUz9182DnKUHL8VfeVVYel98uqWNVkMJC11pLFlgzi3PWxRsfmIkePTq4f2JbG1Ucvvm728Dq38BzvQHjcHEwBnf84svYADFAlryt/LJFBKp2f8p719ipPDJHCoYmgfZJmV/JF9HkG//iTufQCwGCmEO6VEZ140fzF83TDjFMkgDWrRsxKsSzTOQaTA5wwlz6OTlgF5fa9uHg2JF8XRa2HDqqMDhKZXyyL+D2z7www4SiRqRvW62KzJazCOCPjW6ldcIdZ9yrjhudjIio3T4/BTifSgbtjjS4qSxXhoFrZTZ1FQxEteQScrZK3C8XOAeOeev+1GKj6tM6vJmr7ewSpUYjH7UUDq66fOE7uylRtRD/Ww82H0HgnOfycZDUwsMSX4e8+kVbFZNoFaFi9K86Wu5s1DBg+wVyqSrIeucpKNNlCd/KP5XzdoMVeKzMSWPq16KZ6XxKl+v0hhPSIQDTqUqvFV73IiMeyTwUEz1cCy/LaD3HdIWDvLHz/Sn2DlXP2geEvmERnhosKjLgCN3Oql7Z9mioFCgRbWgVPDWg2mD85soTcQWyCzEi41S6RsQ5d9f3mmDmE7hSi3IYAJLNN4fXupNZNs1TMlS7AzvnUhi0VGnxtVOF2B/ARaP5098xnjszKJ05zZS9d9sR2AbEhV5ULDtdBMz0huK4XqTS4CO658bKjlZBzHGlKTGB8MPDAf0VVimOmHTo3vwAHvwuLCOwuBQm7uIT01IHX9w2Ex5svefW7o5kOAP8y08nvT4psSNzmWPIu8LEzGYBvPqf+b6pWPDV6GW1omQJJGCae1fhdeXrxfXLBRlOGk3uW1tLfRTK/5gA2iYURSok4eTuinP8KYEzRN25G8zQ8YIqn7rxfQKjAVpqTpL+Dh6OZQvfMR0FtQ54a/w7m5tIYp3ut7gslliADgl1TzJBtDHIshPSLUUo7W14z4K1DjlNC2Sf90GNLFADxapfjQ/xL5+miYcjPGu/wjdCdRT6DTbp+TpeD+echNhtSyZIVM9nozPogJX4gzGlO/kyIib7aoaPrnBTei5ZJvzXg4fV1nozYsiZB+ck9g1VgrAUe08ZmxPThIxkya5aOS7SHkGRgyzfHTzA1A+xdkKirzV67k/1jrHkXDymQPxLxwAdlxcMzgixUHjX7iZRS2zYAKkFqE9m75XDWJx8FgJmifIU9ZAMPBqT1YChrgi5CEP0w249rHgIBNMilj9u/FCn+cQxAxe68/fPRzVDtrxTsrBaHGIxKxUx6sFRWFvYDBKR1BhZDok8/Ht+u5atbyD8/2BjtYI5WH7pCr1eqwlP8O2WE2qkLDletSvO6E+r37IEL2QmgR4Hf7cU5AJcknhOMGGh8WhkRu6nw6RrQJSSc+QaSF0dqpFbJ0Drt9SjGRmqR2bYKErVahi4iRunIHTTNu9LEGtBRFMLWPFkJofErrvcVqtGIRuogEADHNDhRLPjYsxQrUiTzd18RAzwCKuJkg2+guKifMT0WjwvzwIf3w5U6rSgZfibhJRzidlHGnSapgFQcs0M1cPZlPK2ej4mn3ORGBjOazlyruBzTbolQCc/UYwV4veIkLDc3Rqye2N/gqkjXmIaYQQBHbJAE7ypLPY4LKXlpErYOSU5Al6ObwmJJ2NQZbtyeRmgDLnzwRiiJTGYiiNixfoL0sVauObH8otFYDKqNLTyB33aiOdjXipVWiTbeaMR1iLnmnlt3nZNoL4DO33m9Qqch/erlxUKPvVn1bHL7WLpLPZbGw2x06bTqnTRHB9oPEc6LyCgtSbFnN5LH21au2Zn6TeDZiWU2q5/UvfBWawhrc5OEcIDH5czVa9pyUh7/Itsm+H8qtYs8WEWsbVhg2Vi9nEUqcUj4D34PB1d0XQYJTpSfb40N7Q5JmZ/KtS9rnmUETNEz+89ghkKyg+UkOg5ORURzYmjYgl8o8bziA7l9ODnG/0LLWTgbgg9HnMajxTm7j/x6DkNlDvhqnsVihwLDgPpO+VtXvxagWbWEg6FX4xCh9AeZZ8zH6VTz8LemWqeZGuuPcZ5Xe01R1IFrwkm9Z0G87F1ja5atEmm+aueXTvooEq3AHkrCTP9RFHhRdtGZ+/smlUiIyMI7hmrwfyfl
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "58c2fdc2-d54c-4019-bf44-44c602de0b81",
|
||
|
"value": "Installer.dll.embedded.core.dll.file|d85e26868162eefef20ca6f4aeca3a99"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha1",
|
||
|
"uuid": "58c2fdc4-e6d8-4f6e-9eb5-4dbb02de0b81",
|
||
|
"value": "Installer.dll.embedded.core.dll.file|02aa4d3712f324aa4b125056b52a5200691eb62b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "58c2fdc6-5064-49be-b39a-429402de0b81",
|
||
|
"value": "Installer.dll.embedded.core.dll.file|ea042bd3a7df11273e233c423e9740e6b51001911139855ef39501472a1e5fb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"data": "UEsDBBQACQAIAECbakrjVAPvhlgAAADEAAAgABwAODI2ODQxMjhkZmQ0YTAyN2ZkZGIzMzcxMWJkMmE4ZWNVVAkAA8j9wljI/cJYdXgLAAEEIQAAAAQhAAAAb/vlRwTfNkva0pa6zpEC1S41Bnt3dbRSOoUS2iwcSjCMjpvwvQNVHOtwmZzM692XT9iU+c+kmbvki2R0iLLFfGt/18pXeeInCpbtE9XhWcb4DNshjTVNjz6shrpyozKTv8BnbaGSs2N0SkllQa0PZRYVtX4OZZgJSoMpJU4oZD6ZBzsUPmHKCUa5rSSfIYC8ROzHjwU/lV6d0DrflVehB8NbFW93xIUP4EdfzY4GkXlqhenhtKvkBKbfHmstOWgs20bOwfKVH7/i+7/GHd/RzwHRA5FZRBM1U2Y9H93ehf8g8mdSbE76T2tdd4XWXgWh+aP9pYWVJSrBWttDpvz2Ivq5AsZJVCWp/nit0+zUvlgs9LRa0yLIJRsPeptNQrgGroHsFtlHg2Bf7xz2sGXGkkHm+Y4T79S0jQaxz5+NdgEeF2yq9ipmsYzIeD9PiQEI+dEDw+rqQqOtru3Yg+EgIOg7p2I5K5Ct9bfLRVWQDz8Oj3kVQXhrXnjWwzntE/8iDbXUfz5JgJupOpdIplGpCrnswD6VDcfo4+iOoMS1DWOnAATEJaVqLwdjuo/jeeMYk7kYh9sh4wi/dxzvNaj8iR6nqYanSM4iqti7HkC0W1zNnXheF/y3MO+hCLZz53GEUB7b3YANjpWRK6X+riBzm4TX7ozsswyUAD/eF91lXtQXOhLjmYNs6CG9L3Pc7+3ClY4lQkixwP2nitTT6sAw3VmrASzSF7IQqPv+H/YpZtFgRudxg7G71HnLQowevFc1fwWN9RRgA76mZ8Yxo0NIimQOk16jzcUk7cOkOTgHwMEv+g25zQCuYD8m0cPsbnrTYuvxgtC662jnzwA+oRR3QfkFtxAS1KFa5b2xczrwaagzPmwC9vGHypy5tzy5rm/0MJKGrLr7XLYUOroVVxfrOBSvn54DL2bFWt/U2HRtQHMZRVfqeCrD8cp40a2M9bEa7SR3ZioMHFS1MM83rhBDI4qSQbhdG8AZHzDb5zaxlXmwP6RL9c37C0BmCqzwVsNEgHvJlUdUqITtpJ7OL4fcuRUIjxtCchuHwVEjBTeA8OTowFD/m4OYOBXJPoaKUcZDw55Oc402sZ8HWX/OZBDITxBTqi7xvPp6YCBXIfB4+8JQMV6P3r0a6rCoKsSTgykvXQmWwjRxEjOYvYKMpxonYeTx+5qpuhCNLbudP3RB2ToFW0ENgi50JuL0CX1zNF8IwPoS90kL1zKkKnb05630IxWGfc3zrysGYpltZsIRLSoaIHCv5UJ9q7lpu7fCP7ep3323PCsLyoT4R4GKOBO0Kma2LPHvBlsi5R4BWvNSQTuh3miSRSyBYRdhPlhVm94Pl6WsbVyKWlJRDeWssA1HyqbGXZdX/wdMIZ+X/+5wh0FXP1Y0DyxdD7BYd6fN20dfm9Xxjph7J770jbKpt8cKLHtZjFGclIsTTWURNPG2fNqm2NAqkVn1sn7bO7uEScQl1pk9Nz3v61aV1UIHJ27xfGxEutW4bMHuBBR91F4VvdPEWqRw+3/T3q9ZbWHr+4OvqMFoGHF/Lyq8CoUJuRhwYxkYWdhcHfEundMQWdtOKErjXaJm1RNx9XRUbosdGdj2Gb9yvDHUkGGYmei57chFOVoL/TqkbYtIwK0LGMFkIv3L8Rzstkx3/pBDpj03QaHL23tplyrFVe0AgJWh4f0zUuF1OwEiM+ik3IS2mRWc7KBmpwVrGl2EPtfudVMbMvfrG++Ay2XYxThswEeIeOJe6TeY0z3xfpiC6W5x9Xb/3VN649vQUfvq4vxgY1CjB0oGNKG7jwE72J0IJoLAW9eSUaSj/IOnskYD4Rpdo3dYKlHc3Mzf4VN0fkn9SWkHFzwRJGWnbwBOR1owJRahRky/zFtEH8Yv1RR64jFzO9jY9nW8yfOXfE1K+mieBcTQjO54WJsgaipQx9zmUfES+2zp8HTPuQBJWWGn8SVwSMBK0q+C9eJiMDYSCz8MVNOvPt2FSNOS4y6smSpS0yvs7cFITaTZg4R5MDid0nnnLIYgf3UexFt4E+PvD5IdufmY13LmbypAGYPOdpJWCqb14IzopLamWZELd783UIFdpxH4kL5Y1pYQQ4t+VR8ZNZeEZhJRiOXc0bVU5Lg8zpoV+viNzbTqe6BuroXAfAo+mWijKMaV9CmAcfV/uD2PTCAWGLdoZnBqs34E+qa1hUi+2mle0OwU1GpPvOHYrQbE8iNWMeF+XREK0xAkhvAAzr9g8G0C1GuI4dVxwrc98hkO9kdWZ2I2LcHLg7yi5Acz4EXu1i2siqgkYbqvfh9sdPzwcsuGAkRmAv/ufXpVmkrF7Gm3Fcrd4sZN0INsIC4+KqhBh3WId3oB3H3jmgDOSvZclHUmLUuQVCK98mOV32zHzJCoF+EtlDhzPqRp/mHkBwrZgaRczThJTuxFBQZ0GGqFFHJvtv9O29KkweyKtb1Q7fcykHhKYQpP5Akjh/NaWq5uBEZFzmliJX0YWczNqykXXq4vMNxw6wx5fOzJ3plaQWQIZSvWnMbUfGfmfIqrBAe0KLlpxChLxJ5cJSMq7GwTfYaY+INgsT56YZjLKPxZz+4x1J4fSQ7VL48RJumtN+R0M8QJUgdLdi2panQy80zCfouN98QeGGcS3BbSD5BTfkfRfK75ewiXXEV1H+rfCv8LA8q9TjZb6C8bckqcNgwcYFvR6I5BIAB3gVYqFwkdXRTCIn3Lm5m+PP5EHT1NcmW9Gy56CNOcWag7F/eatoLngfg6LUvzDlU5oL5qSiqnf7sihfaVFZVfIc1e8uVBLEXbhRpT0l7ovgWORCkAuRZqrFiTHq/31RSqmwIeEVl0tK6Qm3pH+UhBKE4vcFjY00xqaj3aI0Uw3ePu2Z3qDJbeXsq35CKGtP1W6R82OCJ18ynTwo2UmpTCKNqUornCzIcEQtcAljoyZfsQCe3pqisMImv9MyKP6HonbqozLx7qiyr4MktNqkwhwETcYhTcbtkFaiK3Wz5gRxFHvELbpNstV9cZUg5V/3D67HQ1VvzXYPfzpOLNrL6ZtFCgqu210l+NyTzPvJ/syb3zen4UZyrWkHbc4BYb9Gj/r51jRPfRN7/pDaaZL/1P+f/1v3zym3BPsHj6+V1FfRrnK8deEQmgBpi8sELSghy7FlhPz3CaVqnHp+6T36NYRySzkaPCeich21/PzP6t3RZY+tuuiDTGAOgsNLJt1vDLI5xz94nP/Fl6Lheo0ggurRwWuUHxErujPDiOqdSvLG/VgHR26hRRSoV90itkyX3XHq1doYitRiMK6aANJw+dg+gujRggLRxrXHAqLTVmLDxTB6qNuqsib+Ab02dKfp4OEEHY+ltSVTAvfQnOak0W03qpyFl/PU3hxDFXmfCIDWbOgvxz9XmZrzY1zxrIILx+cJUL/o8hiYeE2BihrB2XfnQG6/cdq3hZ/4+Q344Dqf+B7tLU7qv0Op50T+pdw8i9UZsxmKgSz9SezQ1att322yTQwAqSQ2wWjFDBBvsArp2kBqFL8DYLf5gVc7/EA1/gJ+xzE2Gu+wAgPTrTZY3axYkXY4MV8qcktkRQik/HVkd+FrGmd6eLj+ctomavRo/oSeme9mUdhvkEGfPApi6/AzPzlHAgkY7hDJdSiD7R7e3eaj7PyjTsSwJWG9tIHaTiaQoqQLssIWyQNaTxH1fai7vGaG5FoAzOxpE/kDY3YuNMU0qEN0QP/1GgTQE7gykG0MPUJOEU5hjjFu11se7xvY+eRrP6c7fFfcBkktHIHuEra3MfpVpMXM4/LL1EaDAAZ9ZxR9ac2lY57hU2PhLzrgVNvDmtxEoBLdPp5kgYuWRW8GFoyUV24ayK+T5tkccTFAyGgc9toXAyIjei6cWPeX7OkOnRwwe4zltEOuejFXYNpJGvpFJSnximo3e6qE9DmKe8lsqQIomOYKqiMShyCpulB+tTWFJGSuX6DekAUWEOFm
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "58c2fdc8-2af0-436e-95e3-477302de0b81",
|
||
|
"value": "install.reg.base64blob.decoded.installer.dll.file|82684128dfd4a027fddb33711bd2a8ec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha1",
|
||
|
"uuid": "58c2fdca-95f4-431e-913e-470602de0b81",
|
||
|
"value": "install.reg.base64blob.decoded.installer.dll.file|c9c76637fe3d5febf0cd3950822fb5836f7272dc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "58c2fdcc-ca28-47bd-a12b-45eb02de0b81",
|
||
|
"value": "install.reg.base64blob.decoded.installer.dll.file|f0d422222b6b39b4a141b6916cb4c844aeb6173fe185fe1030497d273f4e1377"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"data": "UEsDBBQACQAIAEObakozj+IWiIQAAHkkAQAgABwAMjIzMmI0NDI4YTU1YjA5YTMyNzI5YTVlNzA3ODhiYWFVVAkAA879wljO/cJYdXgLAAEEIQAAAAQhAAAAbCcOb4v0Yqm1EsjEnWlWwpn/Rgc/5LRBtap/zCVxel/O7J4jvYwJLoI/H/+SxLeWIxua2nrXgah6FXBYDBgBLDy1iNQbL4Fyty21LkA0LhYYzqUIEff13AddggfT1yT0RDdV9wZM51ly4oM8MRw6z6I8JNJ1pLFuZxFUu9VjK5D7mq6oeJlwm7jfXgMbZU9LmbkPAkVuot97rE7FihE5zTxaM9VhNvV4lnWtoDAMsi2RkYvoIHNXfZOUxbeU3AAdhs8VPT27JhtDLLyU0lp+yx3EFWZ1lNkQmbVZ25Xz9oOQtK+F8cEvRV85+mROiPv7P+EmDGcFjDfmg5oQfhz9w9P5I5YZL+TKYBllwCS+F6A4O+m+rd5Z3N1yuA6yL/nqjuefP87Kkro6uKfl5GkaJ/X7JebzQJlU6hIbdQ8Vybc6q0shmdw5EBrtfiuj0cnXq+bzldg1X7hkU9akj/ryetbcfgtFkmg107Ban6lgBa+JcxxDNHLgeniyqvUxKD16yxoHyEpJUBi+apRde/GzOKVpJc+GOriORW0GBNqwPcVNi2Dqwa7ldCTARFcEbo3mvi2IXz4Gci/jCwHB+DLyxmSAEZrNCWhI7BCCvJhl+Z7kwFbnDiU/w9CvJhJPF9L3J0c34hCgLgk3jfdJQ+iVT+MuDIfSTCz8kwiWoxXRoAGd1nle+QrR6rKtmYPtYV5ArEUY0o8kqX55zKLrA7AkDTREEeemg8bTV+F9FzqSokr8BEqBO4hiTuqFtk9j12d1uI9AtrpDx5hs3DoMBd6g5EBoXm3lMVFa/r/7ifgkgdmJdmg5tfATISGjgY0aBoc+gXM9hOqIU+G2sSeoC3wiVwa4Xc9lhmPORqipkwIfzim1kyO9xPJrwFmR/PhBBjdbBFkoH+91DphmhCAQM966V9JdABmWTvbfj7X8xTX/bwF+opApsbcsYdyEOzufTeNr5TwOBfKVbA5qOTl+8eyc1hY7ySB5YHOrVbSumzKxiRYZfEjOXBkD+J0STSbUy34bxoxFQwwAO/NVsrTmK/dsMXaRIjNqmSP3kvTD9pykBPI7IL6h8iA2tT7jSSBcxAGoyxCLY8+QZLf+gaMzo1z6iy2R4pO+r+UWb+PrtBYl97SuEnNNFn24fl0HTVebcSmH2kliezhs+TFmphLcRxirPHzbtFjw8CsDV2hd2nN1QZD6DR//3W4PCvivdOOCgY/lmPACrD2j94skGcfFzgNCK2GJWbeZrb1rDypjoP1VMGAtHqSHNrM1DLUwl3mpEsXvfUCu29pCFn/KTc9pCvqBLxT8RRowMXYWmE2xoawzwjHd/On52ewuBsh20hjaXr1DXt8uwNYnAlTj6hRU2QvMmnD8AUxK7AwDS+CG9z3YdOQR6GfEHc048XiL+2GcKje8tIiJTms2xSudQB1VKvYtmS/3/ZvVMHOcFI/B/Diwc/b1euY8+sxXw3oGcsM5yT6PRIu2Y+gvv3m0bQbsbbMw4OeBuXG6TuZ+1+uMZYtp/hIaDyeugrBzZ3tcb7siE8kUMwWdzYjV1j8eievvefZ7rondaZbqLi2+DzSlHCWEgSCRK1S7Q4Mp0ZHmVdyy8QB5vCEi9/0oKpJuCcCi2YF43O0koImD6zwulQNbg3I9nejGMbijYwBPi6GqYptFB2i5kw+5extgDOGlmpxj0PrxEo2JU4B1ELlvcfPCKF0NevjBukvrEYKOm3EpHxCSpN80BczgW3UtOQJ1rPzvt9qoBRnf5npnhtrfHPG8JXiXAPcKCcjZLvU9pXd5+NeAELjkK/vaEahODnyJtDjId65RhKPOnkmzHKgbL0M39IJC6lga4B2DPj10GYkHpSL1BTU/SOgVXG6sVX59qfKOAER6BahBMD7ez7pqN96W8YGUGN3pwb9uVVSJ/6rfyb5V6MJl3fVDoTER/R5oAPceaCXzUjgquZcBpB+cBX472ZSn8CT+DfPxn6w8ttJOyZBLPhGKfFbwsRd3jU3SA2U09mMrWZYFt94wXWhef/HZJFYajR6/KiMNx/SgubekuXQIiGy39jGHTzMaRL8zs2M7yJv0HMhLNc+5DYHM3lZV6PTiXADo3izkYzIVMWIAwDddnihyqjANDspiZK22zus01mfyJhJ/7UySLwe5k27n7+o6ZZJttE/Jmr5xVaBsU6ub2VCshSvK4mlfMxZtd8JS0skEkmKlqZDOzbf0cfGTj6EKVzZWsPnhRyxAFqL9ChqhRaQw0VENw91v8f6DIHQB+IZjNKRCS+PM6KjLrVyOsj3qevk5DhKY6JgEiaZyc+gnvGJpkCFpzKJxhipaaWpEY98/H/MeclYZxfhJQWpy0McoiHf4q8FCus5ED+EH/rRN9+gbuyyCFRJ46rOErKb331HCVNtQ1KfURbxizzf4YG4xygMRs3isv8YhSA4dwpVxWYHIiQK5vPw58jRjkq0XXPNi7TPWFQ0eFmJwkPy+P/wH9JM53MgHLvmEILzpXpJsZv0hOTa/hgJsiYnEwBiVcJ8AY1tQDzS9SaSJEv29aX/65MsO2AevAws5t/HhW/HaEldeQ2kfRpHIFV+/AwBwp3LptKb2RmrU2D5BruvR/b1dt3ebllNkOv5qRTOUkI0fPtO5DnqfcN/M+92MuU8D6v8WAmfQFFzYuY9zOJjzwozPYNrpN93dzvA4X//ARUCcyT1ffP8f8BHuHFzn+HoAGQwOcasAtnOuenZqniJ1FgAY+tfEXsLqRuQ+Y9tDNuzP08CRFMvnhg+2R1W4umxXMeNI4SnQEV7AHGf+Gtl2YaYsNMY9vGYkkg6PyNRfDmmBnpupyngAZYgvTaJD035eImW09wiepzxzKtMoRkbJEhvZCBfaIAtR8Z51JAD8r4lO7nUQAj31uqwKSYzEdnNTJSCLn0ZW64QlxC6EOPNy7TudwMv9bfli6gdC4VX2NArlZZe+weUQTnv/ZL6buHrg0yGaeb8Blltgokl0d+I8CGjwJiXOo8b7dj+WAPrU+lUjed85s8RkwQLHk4Aw3UVmZWAdxnIb2U8Jb9ubfEKTq5NyM5sW8S6fHY5+e416ar7eIgDjDx856YPM8aG8E2HQutYqu28G3x215gEIkKIJkvl4O0H2yetrtFtFxUM4FNMDwcjQDIqfONGy98A73TQax9rpCU1t+C+LaPe1gpvHxwlSWaFTTNFZMSRguIRs1xruyCvseQoh5s5W0BV64akaJhdMAIv3bGwRRe6ZY8EjClUBSZ0v5LY2YRXcmgMW4Nj9Mtt/TPlggUw4RWMmlD92ykhJoodWEEdhTZqESO2iDUtVlDWZiBQffy+rp7Gf0zJDLdqMQNPWt/sdQOav56BjkNxbwQLYJSfwty2h/wbiKlOnMch36cRVAUFKAoUbH19ZONQa7znUkQS6jIhsbZffraCAK9giGZ/kXHUqJxviLJZlzEpqVfo+xeQwpLWFoWLK0PWWQhCCelPFbcMv79FeLeCEuhqGNjrej7/ZGwm/zqq23IZFAJwhU5XbSIEQVR8UNNNedmAaTq22t1tmNrhlCIcQFMt+DimPzqqqmHDnbEQy7mRQlNkiNnBq+6bwFGVJvhQGG19Yl+Sune3gGYRnVxZ13fySczAdsiPMzNTOaktRjl3wd5wC8oj8IiSTqTyte0jVZmfX/hR+rQ+p00Urgoduoj8IC5GdE8g63zi3KqsQqv72dd99Dd403hGYr3d0CIebbZxAbY7K+4BlY1ehC3RN4LNYI9qQCGMtVzQidoj1Ok/v75sq6TiINvn3aUefAA5OrJNnkMAEXHNsFqZ5tfprp5XljizQtbZV8QAtK9ixXIPfhrr+dfM2AS3fPjTkXU7xaZ+hwDip4DOIb13Ci7FBlT8EdYjUGXpQbz1jqfkQA6+A70nlgARmZlpYbVGtuTJw4XEEAUjDOhuNU1EqNkZkzVxQYWpZkRo8CSsCKrcC3AmWQ2cHta+Z0n
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "58c2fdce-ac1c-44c2-a010-42fa02de0b81",
|
||
|
"value": "install.reg.file|2232b4428a55b09a32729a5e70788baa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha1",
|
||
|
"uuid": "58c2fdd0-3748-4ea5-95c4-416202de0b81",
|
||
|
"value": "install.reg.file|14914bdfa5e54e9772747b992f3ab27a870b2568"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "JQJSNICKER",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174015",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "58c2fdd1-80e8-4cbe-b1c2-4f3b02de0b81",
|
||
|
"value": "install.reg.file|66670300a301bdcaa9ca3cfdc710805d4c0ecf196cdadc542479f1dfa2d53353"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JQJSNICKER - Xchecked via VT: 66670300a301bdcaa9ca3cfdc710805d4c0ecf196cdadc542479f1dfa2d53353",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174033",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58c2fe11-f24c-4c20-8a69-48be02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/66670300a301bdcaa9ca3cfdc710805d4c0ecf196cdadc542479f1dfa2d53353/analysis/1489140362/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JQJSNICKER - Xchecked via VT: f0d422222b6b39b4a141b6916cb4c844aeb6173fe185fe1030497d273f4e1377",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174033",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58c2fe11-a804-4734-a89e-464b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f0d422222b6b39b4a141b6916cb4c844aeb6173fe185fe1030497d273f4e1377/analysis/1489162563/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "JQJSNICKER - Xchecked via VT: ea042bd3a7df11273e233c423e9740e6b51001911139855ef39501472a1e5fb0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489174034",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58c2fe12-37e0-497a-854c-49b502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ea042bd3a7df11273e233c423e9740e6b51001911139855ef39501472a1e5fb0/analysis/1489162613/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|