{ "Event": { "analysis": "2", "date": "2015-09-14", "extends_uuid": "", "info": "OSINT The Shade Encryptor: a Double Threat by Kaspersky", "publish_timestamp": "1442406045", "published": true, "threat_level_id": "3", "timestamp": "1442405974", "uuid": "55f93f51-b288-4da8-b9eb-4416950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398046", "to_ids": false, "type": "link", "uuid": "55f93f5e-21b8-45b8-834b-4450950d210b", "value": "https://securelist.com/analysis/publications/72087/the-shade-encryptor-a-double-threat/" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398102", "to_ids": true, "type": "text", "uuid": "55f93f96-e8e0-4964-b2d8-4318950d210b", "value": "Trojan-Ransom.Win32.Shade" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398103", "to_ids": true, "type": "text", "uuid": "55f93f97-64a4-4955-9b1e-419c950d210b", "value": "Trojan.Encoder.858" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398103", "to_ids": true, "type": "text", "uuid": "55f93f97-30bc-410d-a71f-4e24950d210b", "value": "Ransom:Win32/Troldesh" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398250", "to_ids": true, "type": "email-attachment", "uuid": "55f9402a-7ba0-4739-8c84-4064950d210b", "value": "oc_dlea podpisi.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398251", "to_ids": true, "type": "email-attachment", "uuid": "55f9402b-ec40-4ec3-97a8-451f950d210b", "value": "doc_dlea podpisi.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398251", "to_ids": true, "type": "email-attachment", "uuid": "55f9402b-bb0c-4f2a-ad1c-4c9f950d210b", "value": "documenti_589965465_documenti.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398251", "to_ids": true, "type": "email-attachment", "uuid": "55f9402b-80e8-4f6f-a87e-4e0e950d210b", "value": "documenti_589965465_documenti.rar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398252", "to_ids": true, "type": "email-attachment", "uuid": "55f9402c-d780-4b80-9826-484c950d210b", "value": "documenti_589965465_doc.scr" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398253", "to_ids": true, "type": "email-attachment", "uuid": "55f9402d-beb0-42d4-99c8-48e2950d210b", "value": "\u00d0\u00bd\u00d0\u00b5\u00d0\u00bf\u00d0\u00be\u00d0\u00b4\u00d1\u201a\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b6\u00d0\u00b4\u00d0\u00b5\u00d0\u00bd 308853.scr" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398253", "to_ids": true, "type": "email-attachment", "uuid": "55f9402d-1264-422c-9658-4477950d210b", "value": "documenti dlea podpisi 05.08.2015.scr.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398253", "to_ids": true, "type": "email-attachment", "uuid": "55f9402d-ee00-461c-b0b9-4d8a950d210b", "value": "akt sverki za 17082015.scr" }, { "category": "Antivirus detection", "comment": "Secondary payload downloaded", "deleted": false, "disable_correlation": false, "timestamp": "1442398354", "to_ids": true, "type": "text", "uuid": "55f94092-0d18-4bc9-b72d-4113950d210b", "value": "Trojan.Win32.CMSBrute" }, { "category": "Antivirus detection", "comment": "Secondary payload downloaded", "deleted": false, "disable_correlation": false, "timestamp": "1442398354", "to_ids": true, "type": "text", "uuid": "55f94092-3930-457c-b962-4f59950d210b", "value": "Trojan.Win32.Muref" }, { "category": "Antivirus detection", "comment": "Secondary payload downloaded", "deleted": false, "disable_correlation": false, "timestamp": "1442398355", "to_ids": true, "type": "text", "uuid": "55f94093-fcc0-45d6-91cb-4355950d210b", "value": "Trojan.Win32.Kovter" }, { "category": "Antivirus detection", "comment": "Secondary payload downloaded", "deleted": false, "disable_correlation": false, "timestamp": "1442398355", "to_ids": true, "type": "text", "uuid": "55f94093-20e0-4fbf-8172-490a950d210b", "value": "Trojan-Downloader.Win32.Zemot" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398435", "to_ids": true, "type": "email-dst", "uuid": "55f940e3-e8d4-40bb-9402-4d2c950d210b", "value": "decode00001@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398435", "to_ids": true, "type": "email-dst", "uuid": "55f940e3-fa18-470f-b245-4296950d210b", "value": "decode00002@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398436", "to_ids": true, "type": "email-dst", "uuid": "55f940e4-26fc-495a-808e-44a2950d210b", "value": "decode010@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398436", "to_ids": true, "type": "email-dst", "uuid": "55f940e4-5998-4ebc-b6dc-47c3950d210b", "value": "decode0987@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398436", "to_ids": true, "type": "email-dst", "uuid": "55f940e4-7a10-4bf7-8191-4537950d210b", "value": "decode098@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398436", "to_ids": true, "type": "email-dst", "uuid": "55f940e4-6328-4f0c-a721-4ada950d210b", "value": "decode1110@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398437", "to_ids": true, "type": "email-dst", "uuid": "55f940e5-1b58-47a8-a2de-4e5f950d210b", "value": "decodefile001@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398437", "to_ids": true, "type": "email-dst", "uuid": "55f940e5-f654-4f1c-9465-4d94950d210b", "value": "decodefile002@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398437", "to_ids": true, "type": "email-dst", "uuid": "55f940e5-bc0c-4269-ab0f-403a950d210b", "value": "decodefiles1@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398437", "to_ids": true, "type": "email-dst", "uuid": "55f940e5-ca2c-4988-a30a-49b5950d210b", "value": "decodefiles@india.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398437", "to_ids": true, "type": "email-dst", "uuid": "55f940e5-1d48-46b7-9fc1-4a06950d210b", "value": "deshifrovka01@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398438", "to_ids": true, "type": "email-dst", "uuid": "55f940e6-31b0-4baa-8b90-48d5950d210b", "value": "deshifrovka@india.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398438", "to_ids": true, "type": "email-dst", "uuid": "55f940e6-222c-412c-8fb4-4832950d210b", "value": "files08880@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398438", "to_ids": true, "type": "email-dst", "uuid": "55f940e6-4adc-42b2-af27-4b01950d210b", "value": "files08881@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398438", "to_ids": true, "type": "email-dst", "uuid": "55f940e6-0220-4732-8cc1-4eeb950d210b", "value": "files1147@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398439", "to_ids": true, "type": "email-dst", "uuid": "55f940e7-2e8c-4868-9c7e-42f5950d210b", "value": "post100023@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398439", "to_ids": true, "type": "email-dst", "uuid": "55f940e7-ff6c-4912-a30c-4486950d210b", "value": "post24932@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398439", "to_ids": true, "type": "email-dst", "uuid": "55f940e7-7744-4591-8c3d-427a950d210b", "value": "post8881@gmail.com" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398485", "to_ids": true, "type": "md5", "uuid": "55f94115-a694-4aeb-9a2d-4c57950d210b", "value": "21723762c841b2377e06472dd9691da2" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398485", "to_ids": true, "type": "md5", "uuid": "55f94115-28ac-4993-8211-4466950d210b", "value": "bb159b6fe30e3c914feac5d4e1b85a61" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442398485", "to_ids": true, "type": "md5", "uuid": "55f94115-46ec-49b8-8d7a-44ac950d210b", "value": "543d1620ce976cb13fec190ccc1bc83a" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 543d1620ce976cb13fec190ccc1bc83a", "deleted": false, "disable_correlation": false, "timestamp": "1442405974", "to_ids": true, "type": "sha256", "uuid": "55f95e56-7580-478d-a35c-6ff9950d210b", "value": "01aa0cc7081760ad0b7259f35a3e4b37b1d8c6c4ed6a03606e74646046c64481" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 543d1620ce976cb13fec190ccc1bc83a", "deleted": false, "disable_correlation": false, "timestamp": "1442405974", "to_ids": true, "type": "sha1", "uuid": "55f95e56-90ac-40a2-991d-6ff9950d210b", "value": "3fe92f2e449dc7709b6ce8a9a48f6db3b60daf33" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442405974", "to_ids": false, "type": "link", "uuid": "55f95e56-bb58-49a9-b100-6ff9950d210b", "value": "https://www.virustotal.com/file/01aa0cc7081760ad0b7259f35a3e4b37b1d8c6c4ed6a03606e74646046c64481/analysis/1441135477/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: bb159b6fe30e3c914feac5d4e1b85a61", "deleted": false, "disable_correlation": false, "timestamp": "1442405975", "to_ids": true, "type": "sha256", "uuid": "55f95e57-70a4-4c04-880d-6ff9950d210b", "value": "f5eb1e8b5561dc0f861d1edbf43bbc3eeda62ff8ce1cb9b286386248b158dfc5" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: bb159b6fe30e3c914feac5d4e1b85a61", "deleted": false, "disable_correlation": false, "timestamp": "1442405975", "to_ids": true, "type": "sha1", "uuid": "55f95e57-8fd0-4222-afab-6ff9950d210b", "value": "a3b639e1cf9d0ed3a73d2061dc40049508ea4e37" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442405975", "to_ids": false, "type": "link", "uuid": "55f95e57-15ac-4e23-b13a-6ff9950d210b", "value": "https://www.virustotal.com/file/f5eb1e8b5561dc0f861d1edbf43bbc3eeda62ff8ce1cb9b286386248b158dfc5/analysis/1440605490/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 21723762c841b2377e06472dd9691da2", "deleted": false, "disable_correlation": false, "timestamp": "1442405975", "to_ids": true, "type": "sha256", "uuid": "55f95e57-bd98-4366-b475-6ff9950d210b", "value": "e6154d1c2850170fa81d1405886d0227a7548dc8f012b1b73c84646707e42d27" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 21723762c841b2377e06472dd9691da2", "deleted": false, "disable_correlation": false, "timestamp": "1442405975", "to_ids": true, "type": "sha1", "uuid": "55f95e57-75a0-427d-a431-6ff9950d210b", "value": "1f491c497fedd020894a74a6647ab3b7b1c1a90e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442405976", "to_ids": false, "type": "link", "uuid": "55f95e58-7704-4951-8acc-6ff9950d210b", "value": "https://www.virustotal.com/file/e6154d1c2850170fa81d1405886d0227a7548dc8f012b1b73c84646707e42d27/analysis/1437292382/" } ] } }