2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2017-07-10" ,
"extends_uuid" : "" ,
"info" : "OSINT - SpyDealer: Android Trojan Spying on More Than 40 Apps" ,
"publish_timestamp" : "1499693807" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1499693801" ,
"uuid" : "59637327-79cc-430b-af94-0701950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#37ab00" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "enisa:nefarious-activity-abuse=\"mobile-malware\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-6ea0-494e-b5e9-74c9950d210f" ,
"value" : "ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-33e0-4f58-86d4-74c9950d210f" ,
"value" : "9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-adec-4464-a4c3-74c9950d210f" ,
"value" : "ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-3f38-41dc-95f2-74c9950d210f" ,
"value" : "e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-59e0-406b-9cef-74c9950d210f" ,
"value" : "4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-9964-456c-b19d-74c9950d210f" ,
"value" : "c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-564c-412d-a8af-74c9950d210f" ,
"value" : "13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-e580-4c71-a388-74c9950d210f" ,
"value" : "77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-113c-4d64-9892-74c9950d210f" ,
"value" : "d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-a36c-4249-80e3-74c9950d210f" ,
"value" : "1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-a788-43d5-8e94-74c9950d210f" ,
"value" : "b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-ecc4-45f8-be34-74c9950d210f" ,
"value" : "e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "59637341-de68-42b1-b492-74c9950d210f" ,
"value" : "8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab"
} ,
{
"category" : "Payload delivery" ,
"comment" : "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5963734f-4454-42c3-8ead-4be0950d210f" ,
"value" : "cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-6218-4390-99ae-74c9950d210f" ,
"value" : "219.150.214.117"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-65f8-465a-a26f-74c9950d210f" ,
"value" : "110.167.201.44"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-cb98-4b01-b469-74c9950d210f" ,
"value" : "192.160.2.78"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-0734-4be5-a89c-74c9950d210f" ,
"value" : "222.208.85.119"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-da28-48c9-8f67-74c9950d210f" ,
"value" : "116.52.154.114"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-d3ec-40bf-9b5d-74c9950d210f" ,
"value" : "124.117.219.254"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-1e4c-43a7-8570-74c9950d210f" ,
"value" : "124.117.237.46"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-b668-445a-9963-74c9950d210f" ,
"value" : "116.53.130.192"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7850-4423-ab3d-74c9950d210f" ,
"value" : "203.156.200.214"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-4eec-4098-af58-74c9950d210f" ,
"value" : "61.186.137.213"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-ce6c-44a3-8f57-74c9950d210f" ,
"value" : "218.10.2.237"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-2678-454b-8ec3-74c9950d210f" ,
"value" : "220.171.99.118"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-afbc-469e-a589-74c9950d210f" ,
"value" : "222.82.238.70"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-ec4c-44e7-bbe2-74c9950d210f" ,
"value" : "222.82.253.110"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-566c-4deb-99bb-74c9950d210f" ,
"value" : "121.26.229.201"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7290-4bcb-aa25-74c9950d210f" ,
"value" : "202.103.207.227"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-be5c-4d2d-a978-74c9950d210f" ,
"value" : "218.65.18.193"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-9ebc-4711-9670-74c9950d210f" ,
"value" : "222.82.228.134"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-6708-41d5-89f6-74c9950d210f" ,
"value" : "219.146.144.162"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-dce8-46f8-9210-74c9950d210f" ,
"value" : "222.86.225.194"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-3004-4bc2-a845-74c9950d210f" ,
"value" : "121.12.154.233"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-5de0-48fe-95e8-74c9950d210f" ,
"value" : "124.117.249.126"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-f2dc-4423-9ef1-74c9950d210f" ,
"value" : "117.40.226.57"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-5744-4971-8eeb-74c9950d210f" ,
"value" : "124.117.246.78"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-a504-4b3e-884b-74c9950d210f" ,
"value" : "202.97.135.68"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-54f4-4b8b-a8ee-74c9950d210f" ,
"value" : "222.82.250.62"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-2744-464b-9284-74c9950d210f" ,
"value" : "124.117.254.194"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-fac0-4cee-901f-74c9950d210f" ,
"value" : "59.48.105.14"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-be38-44ea-8272-74c9950d210f" ,
"value" : "61.166.10.147"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-db24-4972-b6e4-74c9950d210f" ,
"value" : "120.68.194.138"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-31e0-4911-8dbb-74c9950d210f" ,
"value" : "59.33.110.101"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-59bc-4191-8431-74c9950d210f" ,
"value" : "124.117.238.62"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-6a8c-4db2-8ecc-74c9950d210f" ,
"value" : "47.88.100.148"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-79e8-4230-a9b2-74c9950d210f" ,
"value" : "218.10.191.6"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-d254-43c4-b20c-74c9950d210f" ,
"value" : "202.103.202.227"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-83f0-4e1f-a888-74c9950d210f" ,
"value" : "60.223.252.190"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-034c-4b20-85e8-74c9950d210f" ,
"value" : "120.76.118.153"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-0b84-487a-b3b6-74c9950d210f" ,
"value" : "49.116.41.219"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-0d7c-4746-91b7-74c9950d210f" ,
"value" : "222.87.144.137"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-0678-4c18-8203-74c9950d210f" ,
"value" : "124.119.15.6"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-e1c4-4315-a058-74c9950d210f" ,
"value" : "210.26.168.71"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-15bc-4744-80a9-74c9950d210f" ,
"value" : "222.82.252.18"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-ea00-47c2-baf3-74c9950d210f" ,
"value" : "222.82.236.226"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7b78-4054-9803-74c9950d210f" ,
"value" : "192.160.2.76"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-8370-40c7-b945-74c9950d210f" ,
"value" : "218.84.75.243"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7f8c-48fc-8fec-74c9950d210f" ,
"value" : "125.46.78.60"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-d904-434b-b22f-74c9950d210f" ,
"value" : "222.82.229.66"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-b450-4671-b65a-74c9950d210f" ,
"value" : "120.76.118.53"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-bc88-4150-90ef-74c9950d210f" ,
"value" : "120.68.46.150"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-19e8-4e20-baac-74c9950d210f" ,
"value" : "218.58.124.146"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-2a54-4bec-9680-74c9950d210f" ,
"value" : "222.172.200.200"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-102c-4e72-a5e9-74c9950d210f" ,
"value" : "58.242.244.70"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-0220-47a4-b15a-74c9950d210f" ,
"value" : "218.84.35.39"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-5b34-478f-bb70-74c9950d210f" ,
"value" : "124.117.249.170"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-73d4-4809-ba4d-74c9950d210f" ,
"value" : "124.117.232.114"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-e264-4e45-b9e7-74c9950d210f" ,
"value" : "222.82.252.138"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7e68-4796-9844-74c9950d210f" ,
"value" : "124.117.212.218"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7c9c-49c5-96c0-74c9950d210f" ,
"value" : "221.212.235.46"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-d5b0-41b9-b299-74c9950d210f" ,
"value" : "222.82.230.202"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-fb90-47d6-ac7f-74c9950d210f" ,
"value" : "118.122.180.173"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-0c08-4d8b-bda5-74c9950d210f" ,
"value" : "124.235.96.235"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-8968-42e7-8229-74c9950d210f" ,
"value" : "120.77.177.167"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-38ec-4755-9557-74c9950d210f" ,
"value" : "222.88.154.148"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-2cf0-4779-9397-74c9950d210f" ,
"value" : "60.30.134.99"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-e1c0-4cbe-b31b-74c9950d210f" ,
"value" : "222.82.230.146"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-e708-4a44-acde-74c9950d210f" ,
"value" : "120.68.203.46"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-c4e4-4f4b-b568-74c9950d210f" ,
"value" : "222.82.250.122"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-e678-4e15-9772-74c9950d210f" ,
"value" : "124.117.218.218"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-90fc-4323-8255-74c9950d210f" ,
"value" : "220.167.224.171"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-d594-48be-8085-74c9950d210f" ,
"value" : "60.164.210.48"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-d650-4031-bc9d-74c9950d210f" ,
"value" : "222.82.210.250"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-6094-4100-b9bc-74c9950d210f" ,
"value" : "222.88.118.104"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-423c-4f52-8275-74c9950d210f" ,
"value" : "218.31.175.32"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-4fc0-4617-b92d-74c9950d210f" ,
"value" : "27.191.191.2"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-6358-4909-91bb-74c9950d210f" ,
"value" : "124.117.249.26"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-803c-48d1-9411-74c9950d210f" ,
"value" : "124.117.217.194"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "59637397-7548-4fbf-8e40-74c9950d210f" ,
"value" : "softupdate.eicp.net"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-f45c-4337-a84f-74c9950d210f" ,
"value" : "221.235.152.85"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-2d84-44fc-ae6c-74c9950d210f" ,
"value" : "220.171.24.178"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-5814-4bb8-bebc-74c9950d210f" ,
"value" : "60.28.53.174"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-7788-41d0-8fa4-74c9950d210f" ,
"value" : "124.117.218.18"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-c97c-4383-a211-74c9950d210f" ,
"value" : "222.80.52.5"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-13f0-4750-a7cd-74c9950d210f" ,
"value" : "113.12.190.254"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-a300-46ce-be3e-74c9950d210f" ,
"value" : "222.208.163.112"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-9084-40cf-af51-74c9950d210f" ,
"value" : "125.39.138.47"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-3068-4bff-878a-74c9950d210f" ,
"value" : "124.117.232.198"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-44b4-4fb7-95d1-74c9950d210f" ,
"value" : "59.46.177.140"
} ,
{
"category" : "Network activity" ,
"comment" : "IP/Domain List of C2 Servers" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "59637397-75e0-4cb7-8ec4-74c9950d210f" ,
"value" : "124.117.236.194"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "596373c6-1710-4045-a7ce-44b5950d210f" ,
"value" : "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/" ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690767" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "596373f8-7ad8-4fa8-9f2f-442d950d210f" ,
"value" : "With the prevalence of Google Android smartphones and the popularity of feature-rich apps, more and more people rely on smartphones to store and handle kinds of personal and business information which attracts adversaries who want to steal that information. Recently, Palo Alto Networks researchers discovered an advanced Android malware we\u00e2\u20ac\u2122ve named \u00e2\u20ac\u0153SpyDealer\u00e2\u20ac\u009d which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. SpyDealer uses exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft.\r\n\r\nSpyDealer has many capabilities, including:\r\n\r\nExfiltrate private data from more than 40 popular apps including: WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk\r\nAbuses the Android Accessibility Service feature to steal sensitive messages from popular communication and social apps such as WeChat, Skype, Viber, QQ\r\nTakes advantage of the commercial rooting app \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d to gain root privilege and maintain persistence on the compromised device\r\nHarvests an exhaustive list of personal information including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information\r\nAutomatically answer incoming phone calls from a specific number\r\nRemote control of the device via UDP, TCP and SMS channels\r\nSpy on the compromised user by:\r\nRecording the phone call and the surrounding audio & video.\r\nTaking photos via both the front and rear camera\r\nMonitoring the compromised device\u00e2\u20ac\u2122s location\r\nTaking screenshots\r\nThere are multiple factors that mitigate the risk of this threat to most users.\r\n\r\nAs far as we know, SpyDealer has not been distributed through the Google Play store\r\nWe do not know exactly how devices are initially infected with SpyDealer, but have seen evidence to suggest Chinese users becoming infected through compromised wireless networks.\r\nWe have reported information on this threat to Google, and they have created protections through Google Play Protect.\r\nSpyDealer is only completely effective against Android devices running versions between 2.2 and 4.4, as the rooting tool it uses only supports those versions. This represents approximately 25% of active Android devices worldwide. On devices running later versions of Android, it can still significant amounts of information, but it cannot take actions that require higher privileges.\r\nAs of June 2017, we have captured 1046 samples of SpyDealer. Our analysis shows that SpyDealer is currently under active development. There are three versions of this malware currently in the wild, 1.9.1, 1.9.2 and 1.9.3. Starting from 1.9.3, content of configuration files and almost all constant strings in the code are encrypted or encoded. An accessibility service was also introduced in 1.9.3 to steal targeted apps\u00e2\u20ac\u2122 messages. According to our dataset, most of these samples use the app name \u00e2\u20ac\u0153GoogleService\u00e2\u20ac\u009d or \u00e2\u20ac\u0153GoogleUpdate\u00e2\u20ac\u009d. The most recent sample we have observed was created in May, 2017 while the oldest sample dates back to October, 2015, indicating this malware family has been active for over a year and a half. We also observed evidence of infected users discussing the malware in October 2015 and February 2016 as shown in Figure 1." ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d - Xchecked via VT: cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-6b48-44be-8df6-441702de0b81" ,
"value" : "cab0563884d8f866fca49003045f0b7b8662f93d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d - Xchecked via VT: cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-54f8-4283-bf8a-40e102de0b81" ,
"value" : "a785b302e213f0bebf282588b1389fb1"
} ,
{
"category" : "External analysis" ,
"comment" : "The downloaded raw.zip which contains exploits stolen from \u00e2\u20ac\u0153Baidu Easy Root\u00e2\u20ac\u009d - Xchecked via VT: cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-c608-42ae-b3c5-41bb02de0b81" ,
"value" : "https://www.virustotal.com/file/cfd0a4f266a51c45ff7b33e5854bc62a49cfc769e62e1d73dd06ff92a7088f51/analysis/1499378507/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-e8d4-4a67-88c6-430f02de0b81" ,
"value" : "04c10a373700327d81a7671933f343c9e8e7c7f9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-8ff0-4446-a985-4c1f02de0b81" ,
"value" : "5f2e3a898a03ed872cd968a1d5408d2f"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-7348-4dee-b796-45f402de0b81" ,
"value" : "https://www.virustotal.com/file/8001e0258b13cd6971ef1d227cfc9c2f51036f1faf400cff7042fb099d1d11ab/analysis/1499418104/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-2c94-45e3-be20-40a302de0b81" ,
"value" : "534bb2be12a55b5c3b197998431e49af2e61e5a1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-a95c-47a6-810d-4c5e02de0b81" ,
"value" : "c742939eaa293ec55350adcc690de568"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-dbec-4934-94fb-470602de0b81" ,
"value" : "https://www.virustotal.com/file/e4604fc23d2c89707748e42c8ae8631b8e1db235ec3c9b2488dae4963de46b1a/analysis/1499378506/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-f5bc-42fd-ab43-40ad02de0b81" ,
"value" : "ea9e939f6d0b8fdb8825b62478615303160b4119"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-a5d4-4ca7-b1c7-439402de0b81" ,
"value" : "113f3f9f4ef2d12919842f8b9849977a"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-c1a0-4be7-a7b2-46fe02de0b81" ,
"value" : "https://www.virustotal.com/file/b913bdb396d87c1f71073cdfef901697b512bd409c59447bcde1ddab07e5b7e6/analysis/1499378506/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-0e1c-40e8-98b8-4b3d02de0b81" ,
"value" : "7acf937aa42365aed9940d94c9630e00116ed003"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-fd7c-41f6-8d9e-419402de0b81" ,
"value" : "33daeac2909d8939131624da0312be52"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-6a1c-4b3b-b99d-442d02de0b81" ,
"value" : "https://www.virustotal.com/file/1a941833df8434c7e96ca3cda4465f3cdbb6bd239e6bfd939eb603948b975cd7/analysis/1499592840/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-a138-40cc-9a83-445202de0b81" ,
"value" : "cafebb6cb5f868ca4c6e9f9ce35094f4b924850b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-7e58-419e-8f2d-4bae02de0b81" ,
"value" : "1cd72b1ded9e34810302fdc654e0ff5d"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-5904-4470-8063-4ea302de0b81" ,
"value" : "https://www.virustotal.com/file/d991e1ef7c8a502079d71e2d779b3ae8f081e2af9d1e2709f08b72a7de2a519e/analysis/1499378505/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-978c-429b-9086-4f5502de0b81" ,
"value" : "045d115f979cd8701946648b6960752a5a1138ea"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-1758-414d-b4b6-4b8402de0b81" ,
"value" : "c5a3b1d89c642360d4a09a90fa7f4665"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-ed28-40ed-be1a-47cd02de0b81" ,
"value" : "https://www.virustotal.com/file/77c196544a2a778c63579f1a205ffd631b1999d69043679ab60b13cedc13db0e/analysis/1499378505/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-9e74-44e3-bb4e-40b002de0b81" ,
"value" : "78d1c02f572fb082aaa9af9d2038536edb1ea099"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-0d58-4f19-9985-47da02de0b81" ,
"value" : "d798eadd306bb8655d2ef1507e1e56da"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-4f88-4e2e-90e7-45ba02de0b81" ,
"value" : "https://www.virustotal.com/file/13aa7fdf838a7c0bb79a805db25c99d75ccf4088b65c4e1f3741d3c467376faf/analysis/1499378504/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-91f8-4bdf-9cb0-4fab02de0b81" ,
"value" : "e4a114510581eb30fc56718b8c4c5bf20d8352cf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-05c4-411e-9c16-47da02de0b81" ,
"value" : "211e7910d6d5c1b369a4de1dbdde4080"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637711-3278-433a-b63a-47f802de0b81" ,
"value" : "https://www.virustotal.com/file/c39a2962c2734f6350cd45a399c58f203cd1b97aa12bec166a27c0fffc850280/analysis/1499378504/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637711-71a4-41b2-8c31-430302de0b81" ,
"value" : "ce3fa365d929f42fc8cc230fa669eb44ccd1df2d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690769" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637711-c780-4668-a6d9-4c6302de0b81" ,
"value" : "042f2f3a0df4aef0460d1ee74f1df033"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637712-f100-44c1-a240-46d402de0b81" ,
"value" : "https://www.virustotal.com/file/4e4a31c89613704bcace4798335e6150b7492c753c95a6683531c2cb7d78b3a2/analysis/1499592920/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637712-fb68-4634-bb6d-490402de0b81" ,
"value" : "86c80f1b6c24f461bbee3834f8b9a0dcca004ddb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637712-8e90-4b94-ab31-454e02de0b81" ,
"value" : "8a266e277c61ffd6afa3d15b8691b9fb"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637712-d678-4974-ad54-47ca02de0b81" ,
"value" : "https://www.virustotal.com/file/e9a0b8b780999a64838c492b70032a076d052eb321c99d68ab1d230bd91d0100/analysis/1499592939/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637712-5a74-449d-a836-4e8402de0b81" ,
"value" : "a820124934ff6d6a57b18881db6f39338afd238a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637712-46bc-4406-9aab-47ac02de0b81" ,
"value" : "6a3ae5a916bc109e0186b40093084a78"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637712-52c4-4774-a574-4dbe02de0b81" ,
"value" : "https://www.virustotal.com/file/ec3b506c7fc80717d9ae19ca46ad2599d8d8d4880d6b980da03f054bbcf00cbd/analysis/1499378503/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637712-e104-477a-92fe-432602de0b81" ,
"value" : "b49dc371e7651ef34fe2b06e52408c522f617c89"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637712-70e4-4655-9758-498b02de0b81" ,
"value" : "3b07862da0b78632d8e4486444adbbfd"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: 9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637712-cbf8-4ae2-843e-448002de0b81" ,
"value" : "https://www.virustotal.com/file/9973133dcdaeea5a7d519359ba2272db5de9e9bb5759d169e0454632c3d91401/analysis/1499592898/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "59637712-9294-4a32-a88e-482c02de0b81" ,
"value" : "bf09ab508ea67c2ff87dd45cd995fd3c1dab96bd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "59637712-7744-4fa3-b9de-4b4b02de0b81" ,
"value" : "b64ad45480856719bf8fd348141791f5"
} ,
{
"category" : "External analysis" ,
"comment" : "Sample of SpyDealer - Xchecked via VT: ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1499690770" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "59637712-9db8-40b1-aeb9-425d02de0b81" ,
"value" : "https://www.virustotal.com/file/ea472586b6f958fb79051aee5b7b7134dc37818b72ab97d1d542a9f94fdc63f7/analysis/1499378502/"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}