{ "Event": { "analysis": "2", "date": "2015-08-30", "extends_uuid": "", "info": "OSINT KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia by Palo Alto Networks Unit 42", "publish_timestamp": "1444718732", "published": true, "threat_level_id": "3", "timestamp": "1444718728", "uuid": "55e6bb38-180c-4497-afd6-601a950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441184587", "to_ids": false, "type": "link", "uuid": "55e6bb4b-4460-4261-9e71-67f5950d210b", "value": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441184595", "to_ids": false, "type": "text", "uuid": "55e6bb53-2c24-434f-a269-36be950d210b", "value": "Keyraider" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627627", "to_ids": true, "type": "sha1", "uuid": "55ed7deb-cc04-406f-8af1-4e21950d210b", "value": "1cba9fe852b05c4843922c123c06117191958e1d" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627627", "to_ids": true, "type": "sha1", "uuid": "55ed7deb-9988-4805-a1e6-49f8950d210b", "value": "4a154eabd5a5bd6ad0203eea6ed68b31e25811d7" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627627", "to_ids": true, "type": "sha1", "uuid": "55ed7deb-8454-4b5c-b739-4907950d210b", "value": "5c7c83ab04858890d74d96cd1f353e24dec3ba66" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627628", "to_ids": true, "type": "sha1", "uuid": "55ed7dec-0a98-4f38-93e9-42ed950d210b", "value": "717373f57ff4398316cce593af11bd45c55c9b91" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627628", "to_ids": true, "type": "sha1", "uuid": "55ed7dec-5b44-43bd-8e36-444c950d210b", "value": "8886d72b087017b0cdca2f18b0005b6cb302e83d" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627628", "to_ids": true, "type": "sha1", "uuid": "55ed7dec-8020-49cf-8cc7-4954950d210b", "value": "9ae5549fdd90142985c3ae7a7e983d4fcb2b797f" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627629", "to_ids": true, "type": "sha1", "uuid": "55ed7ded-7344-4337-bcc8-4aa4950d210b", "value": "a05b9af5f4c40129575cce321cd4b0435f89fba8" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627629", "to_ids": true, "type": "sha1", "uuid": "55ed7ded-1554-47c6-a465-478e950d210b", "value": "af5d7ffe0d1561f77e979c189f22e11a33c7a407" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627629", "to_ids": true, "type": "sha1", "uuid": "55ed7ded-be64-475f-ac4c-4692950d210b", "value": "bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627630", "to_ids": true, "type": "sha1", "uuid": "55ed7dee-bdf8-412f-a134-47dc950d210b", "value": "e0576cd9831f1c6495408471fcacb1b54597ac24" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627667", "to_ids": true, "type": "hostname", "uuid": "55ed7e13-f604-45ad-874c-4f8d950d210b", "value": "top100.gotoip4.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627667", "to_ids": true, "type": "hostname", "uuid": "55ed7e13-1c2c-411f-8f2e-4a50950d210b", "value": "www.wushidou.cn" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627681", "to_ids": true, "type": "ip-dst", "uuid": "55ed7e21-ca24-4ad4-b7c2-4a39950d210b", "value": "113.10.174.167" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: e0576cd9831f1c6495408471fcacb1b54597ac24", "deleted": false, "disable_correlation": false, "timestamp": "1444718661", "to_ids": true, "type": "sha256", "uuid": "561ca845-5de4-4e2d-b895-4ec6950d210b", "value": "20f802f3c74f3452010c2d56f02cac96a6ce191c970f4901156310a5888ab015" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: e0576cd9831f1c6495408471fcacb1b54597ac24", "deleted": false, "disable_correlation": false, "timestamp": "1444718662", "to_ids": true, "type": "md5", "uuid": "561ca846-65ec-485a-96ec-4080950d210b", "value": "ddf224f63ee9c7fba76298664a2b0b00" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718662", "to_ids": false, "type": "link", "uuid": "561ca846-91d4-4cb8-b028-46ee950d210b", "value": "https://www.virustotal.com/file/20f802f3c74f3452010c2d56f02cac96a6ce191c970f4901156310a5888ab015/analysis/1444666982/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d", "deleted": false, "disable_correlation": false, "timestamp": "1444718663", "to_ids": true, "type": "sha256", "uuid": "561ca847-f3ac-420d-b489-42d7950d210b", "value": "63007787f847d4070cc5ea5e69e8772ad8ad877ae3a0dd24c6457480d9db3099" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d", "deleted": false, "disable_correlation": false, "timestamp": "1444718663", "to_ids": true, "type": "md5", "uuid": "561ca847-081c-4932-b45f-45e6950d210b", "value": "2669e97eeb78df448225e6786d34f9ab" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718664", "to_ids": false, "type": "link", "uuid": "561ca848-5284-4b97-9219-491c950d210b", "value": "https://www.virustotal.com/file/63007787f847d4070cc5ea5e69e8772ad8ad877ae3a0dd24c6457480d9db3099/analysis/1444667162/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: af5d7ffe0d1561f77e979c189f22e11a33c7a407", "deleted": false, "disable_correlation": false, "timestamp": "1444718664", "to_ids": true, "type": "sha256", "uuid": "561ca848-f490-4f76-9d44-4e08950d210b", "value": "28177018ef22be760e12c38c447f69f6962f66f07271a83cc8e1e0e86a10221b" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: af5d7ffe0d1561f77e979c189f22e11a33c7a407", "deleted": false, "disable_correlation": false, "timestamp": "1444718664", "to_ids": true, "type": "md5", "uuid": "561ca848-d310-43e7-bfeb-4d0c950d210b", "value": "0f710f8397ec969af26c299a63aeda8b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718665", "to_ids": false, "type": "link", "uuid": "561ca849-176c-4504-988e-4db2950d210b", "value": "https://www.virustotal.com/file/28177018ef22be760e12c38c447f69f6962f66f07271a83cc8e1e0e86a10221b/analysis/1444667161/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: a05b9af5f4c40129575cce321cd4b0435f89fba8", "deleted": false, "disable_correlation": false, "timestamp": "1444718665", "to_ids": true, "type": "sha256", "uuid": "561ca849-1904-451b-abba-4c92950d210b", "value": "9bcbd9c527abc70e5675b6f61a27d1d5a0a7cba0cd0070cc46439b6a564eda6d" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: a05b9af5f4c40129575cce321cd4b0435f89fba8", "deleted": false, "disable_correlation": false, "timestamp": "1444718666", "to_ids": true, "type": "md5", "uuid": "561ca84a-02f8-4291-9de9-4008950d210b", "value": "02464ae6259a2c8194470385781501b7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718666", "to_ids": false, "type": "link", "uuid": "561ca84a-e368-4d86-81fe-42c2950d210b", "value": "https://www.virustotal.com/file/9bcbd9c527abc70e5675b6f61a27d1d5a0a7cba0cd0070cc46439b6a564eda6d/analysis/1444667162/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 9ae5549fdd90142985c3ae7a7e983d4fcb2b797f", "deleted": false, "disable_correlation": false, "timestamp": "1444718666", "to_ids": true, "type": "sha256", "uuid": "561ca84a-a7ec-42ab-a9bf-49b9950d210b", "value": "46df0e140082e650f794df40b43179d276219eff080df87707484ad503d8e3d6" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 9ae5549fdd90142985c3ae7a7e983d4fcb2b797f", "deleted": false, "disable_correlation": false, "timestamp": "1444718667", "to_ids": true, "type": "md5", "uuid": "561ca84b-33b4-4c0a-93a7-4527950d210b", "value": "ec89c9cf095d2d0c45fbd29590365584" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718667", "to_ids": false, "type": "link", "uuid": "561ca84b-4d78-44d9-aae1-4bc2950d210b", "value": "https://www.virustotal.com/file/46df0e140082e650f794df40b43179d276219eff080df87707484ad503d8e3d6/analysis/1444667162/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 8886d72b087017b0cdca2f18b0005b6cb302e83d", "deleted": false, "disable_correlation": false, "timestamp": "1444718668", "to_ids": true, "type": "sha256", "uuid": "561ca84c-c204-4c1d-9f59-472b950d210b", "value": "4b7e730af2239020083ab1f45d1d87049eee8cf7b99cb412928f3936c95f6d06" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 8886d72b087017b0cdca2f18b0005b6cb302e83d", "deleted": false, "disable_correlation": false, "timestamp": "1444718668", "to_ids": true, "type": "md5", "uuid": "561ca84c-6890-4ce4-881a-4c2c950d210b", "value": "caaf060572e57b6d175c3959495bcdbf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718668", "to_ids": false, "type": "link", "uuid": "561ca84c-c31c-4c5a-ac93-45ff950d210b", "value": "https://www.virustotal.com/file/4b7e730af2239020083ab1f45d1d87049eee8cf7b99cb412928f3936c95f6d06/analysis/1444667162/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 717373f57ff4398316cce593af11bd45c55c9b91", "deleted": false, "disable_correlation": false, "timestamp": "1444718669", "to_ids": true, "type": "sha256", "uuid": "561ca84d-056c-46f2-b707-4958950d210b", "value": "f657a54c822e4fe7ae8f6275f1eccd361bac363357f726649cd80623d86fcda1" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 717373f57ff4398316cce593af11bd45c55c9b91", "deleted": false, "disable_correlation": false, "timestamp": "1444718669", "to_ids": true, "type": "md5", "uuid": "561ca84d-b770-461f-bc4c-4880950d210b", "value": "8985ecbc80d257e02c1e30b0268d91e7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718670", "to_ids": false, "type": "link", "uuid": "561ca84e-91b4-41c5-b66e-45a8950d210b", "value": "https://www.virustotal.com/file/f657a54c822e4fe7ae8f6275f1eccd361bac363357f726649cd80623d86fcda1/analysis/1444667289/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 5c7c83ab04858890d74d96cd1f353e24dec3ba66", "deleted": false, "disable_correlation": false, "timestamp": "1444718670", "to_ids": true, "type": "sha256", "uuid": "561ca84e-ffa0-4945-96da-4149950d210b", "value": "ef8f5cd5075df7629c5c6377bd342e0aff15df0b4542d2c96dbb5b15cce61e26" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 5c7c83ab04858890d74d96cd1f353e24dec3ba66", "deleted": false, "disable_correlation": false, "timestamp": "1444718670", "to_ids": true, "type": "md5", "uuid": "561ca84e-1d54-4384-884b-423f950d210b", "value": "dc71cb3a71f159e667367cb07d2660f7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718671", "to_ids": false, "type": "link", "uuid": "561ca84f-2fe0-4735-8873-4236950d210b", "value": "https://www.virustotal.com/file/ef8f5cd5075df7629c5c6377bd342e0aff15df0b4542d2c96dbb5b15cce61e26/analysis/1444667162/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 4a154eabd5a5bd6ad0203eea6ed68b31e25811d7", "deleted": false, "disable_correlation": false, "timestamp": "1444718671", "to_ids": true, "type": "sha256", "uuid": "561ca84f-03a4-44cc-a4bf-4403950d210b", "value": "f09dfe8060648e2cf824c6e6e1f643eefb896dd42e8aacf41506ed03f0a53fcc" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 4a154eabd5a5bd6ad0203eea6ed68b31e25811d7", "deleted": false, "disable_correlation": false, "timestamp": "1444718671", "to_ids": true, "type": "md5", "uuid": "561ca84f-b958-4be6-a063-4dd6950d210b", "value": "1dd1a8c6c213e3b51cd2463d764a9c62" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718672", "to_ids": false, "type": "link", "uuid": "561ca850-3654-407b-a26b-4bb5950d210b", "value": "https://www.virustotal.com/file/f09dfe8060648e2cf824c6e6e1f643eefb896dd42e8aacf41506ed03f0a53fcc/analysis/1444666982/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 1cba9fe852b05c4843922c123c06117191958e1d", "deleted": false, "disable_correlation": false, "timestamp": "1444718672", "to_ids": true, "type": "sha256", "uuid": "561ca850-29f4-47ae-a0bb-4cc6950d210b", "value": "572f53a5fa3b800e05b9a94d0efb3a44c52adfeaf18addac73652f2b1350dc0e" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 1cba9fe852b05c4843922c123c06117191958e1d", "deleted": false, "disable_correlation": false, "timestamp": "1444718673", "to_ids": true, "type": "md5", "uuid": "561ca851-cce8-4d40-b014-40e4950d210b", "value": "3c57e433fbba1ac1e4dc1b84cec038fb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444718673", "to_ids": false, "type": "link", "uuid": "561ca851-3194-494a-9686-4ce4950d210b", "value": "https://www.virustotal.com/file/572f53a5fa3b800e05b9a94d0efb3a44c52adfeaf18addac73652f2b1350dc0e/analysis/1444667161/" } ] } }