{ "Event": { "analysis": "2", "date": "2016-11-21", "extends_uuid": "", "info": "OSINT - Nemucod downloader spreading via Facebook", "publish_timestamp": "1479724522", "published": true, "threat_level_id": "3", "timestamp": "1479723737", "uuid": "5832c7f9-9148-4e20-8122-4f19950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723012", "to_ids": false, "type": "link", "uuid": "5832c804-e910-4061-97aa-4126950d210f", "value": "https://bartblaze.blogspot.lu/2016/11/nemucod-downloader-spreading-via.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723072", "to_ids": false, "type": "comment", "uuid": "5832c840-6754-4153-b4bc-4cb3950d210f", "value": "Earlier today, a friend of mine notified me of something strange going on with his Facebook account; a message containing only an image (an .svg file in reality) had been sent automatically, effectively bypassing Facebook's file extension filter:" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723710", "to_ids": true, "type": "sha256", "uuid": "5832cabe-9f88-4e97-a285-4986950d210f", "value": "83ad5665517c351edc837b302f2a7f526bac35efe3ddc37019a635b128c5b17f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723711", "to_ids": true, "type": "sha256", "uuid": "5832cabf-c618-4415-9c56-498f950d210f", "value": "4716c34d635acb09888eefb6914d3fff4c80e43a08b261e82dd64389248061d4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723711", "to_ids": true, "type": "sha256", "uuid": "5832cabf-7840-4178-8d39-492d950d210f", "value": "7034f525f3d32e3f115ccac73480125678a58da3fd025e0741c454fc152c8d34" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723712", "to_ids": true, "type": "sha256", "uuid": "5832cac0-bea0-4519-8d2a-40a2950d210f", "value": "32b1207717894c71c0fb71c064bace8d8a1c15056702f4172be61d7f1a0757bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723712", "to_ids": true, "type": "sha256", "uuid": "5832cac0-0b78-407c-b6a6-41eb950d210f", "value": "cf4b8eaaa62ad7dc9afe0db4e38c36d41eee07c729db7d1c72bab0734d17ef7b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723713", "to_ids": true, "type": "sha256", "uuid": "5832cac1-5d20-40c1-a771-4f97950d210f", "value": "5b8343d71ab93baee8fad73f8aa6a49f25d7e32bba3a485ece46609cff56b33e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723713", "to_ids": true, "type": "sha256", "uuid": "5832cac1-d390-49bf-a5c8-4c2c950d210f", "value": "fca1da5694b2c2c2da2a473f2972cfa808e906439e3f0cd23c650489f2b58755" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723714", "to_ids": true, "type": "sha256", "uuid": "5832cac2-aae8-451f-8f2e-4693950d210f", "value": "b7b4be0656dd68fa1e2e5d830d1183f0b667fb7977f8a1a462f1f7a9aa5a7b9a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723714", "to_ids": true, "type": "sha256", "uuid": "5832cac2-6f1c-46d6-bebf-4365950d210f", "value": "5e9e3f9f96ce2333473a4c7eae8e07a0d0a38b24cb9effc67f0063f2eaec4c92" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723715", "to_ids": true, "type": "domain", "uuid": "5832cac3-5ca4-4ba3-a2d5-4dbb950d210f", "value": "afisutovu.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723715", "to_ids": true, "type": "domain", "uuid": "5832cac3-1a7c-488d-b184-4c5e950d210f", "value": "8cb5d3e.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723716", "to_ids": true, "type": "domain", "uuid": "5832cac4-94c0-4390-a50b-4139950d210f", "value": "kerman.pw" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723716", "to_ids": true, "type": "url", "uuid": "5832cac4-a928-4812-894e-4f26950d210f", "value": "http://kerman.pw/8cb5d3e.jpg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723717", "to_ids": true, "type": "url", "uuid": "5832cac5-f7c8-4bb7-93de-4296950d210f", "value": "https://8cb5d3e.com/8cb5d3e.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723717", "to_ids": true, "type": "url", "uuid": "5832cac5-e970-4318-8ac9-416c950d210f", "value": "http://kerman.pw/8cb5d3e.jpg.jpg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723718", "to_ids": true, "type": "url", "uuid": "5832cac6-9120-4294-ac3a-46ec950d210f", "value": "http://afisutovu.com/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723718", "to_ids": true, "type": "md5", "uuid": "5832cac6-fa74-457b-8266-43a2950d210f", "value": "dd556768261bc12f21adf55641ca25f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723719", "to_ids": true, "type": "md5", "uuid": "5832cac7-8d40-417b-aa5a-47bc950d210f", "value": "d629a6f74954be2914c9eef87d077cda" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723719", "to_ids": true, "type": "md5", "uuid": "5832cac7-02c0-4ab0-871a-41f8950d210f", "value": "caea168f978301c878fc2cdb49da2dd1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723719", "to_ids": true, "type": "md5", "uuid": "5832cac7-60fc-45c7-bd89-4d7a950d210f", "value": "c82c05017b12899d673f78c744ff8c5d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723720", "to_ids": true, "type": "md5", "uuid": "5832cac8-b250-4597-9a0d-481b950d210f", "value": "9c72ed9e33fb079566458cbc4e77f48a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723720", "to_ids": true, "type": "md5", "uuid": "5832cac8-0954-43e2-89db-43e5950d210f", "value": "9097171197b4f02d7b090dc1d04107bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723721", "to_ids": true, "type": "md5", "uuid": "5832cac9-2f2c-4889-a2c9-4ba3950d210f", "value": "a5c51da26364442b10e784932944f4a7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723721", "to_ids": true, "type": "md5", "uuid": "5832cac9-1964-4b1f-8481-4984950d210f", "value": "c533e9e9545ae38a5d30270f1e14ea53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723722", "to_ids": true, "type": "md5", "uuid": "5832caca-e5bc-493c-9ed9-4e5b950d210f", "value": "a56722542884d0a2e7640a5e07812560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723722", "to_ids": true, "type": "sha1", "uuid": "5832caca-7654-4a9c-82c0-4c07950d210f", "value": "cabdd3935ad24f70bc90538222bc3773673de3c0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723723", "to_ids": true, "type": "sha1", "uuid": "5832cacb-89e8-4f53-b8ea-4ebf950d210f", "value": "b1f7460937b25430f0f2b070ab5bcd091d22d1ee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723723", "to_ids": true, "type": "sha1", "uuid": "5832cacb-7bf0-4828-8462-4526950d210f", "value": "8c05af5485b6575fe547a35cf7d1e8d571c416b0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723724", "to_ids": true, "type": "sha1", "uuid": "5832cacc-4408-4f47-af07-4658950d210f", "value": "cf246278d6c27b34c7b398c9e843df2031902706" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723724", "to_ids": true, "type": "sha1", "uuid": "5832cacc-eb00-4c0d-ae59-4602950d210f", "value": "bebb25343cb1d5b713218ff28d015ad839d93c44" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723725", "to_ids": true, "type": "sha1", "uuid": "5832cacd-3314-4277-8174-4c1d950d210f", "value": "9d91a39f13089822317b277caf0db909fd4db478" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723725", "to_ids": true, "type": "sha1", "uuid": "5832cacd-9428-4a3e-a873-4a64950d210f", "value": "abe3431d56875e2ed7bb7552c89fc9f41224f91e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723726", "to_ids": true, "type": "sha1", "uuid": "5832cace-8428-4e81-90e9-4a6c950d210f", "value": "d707b4f20e952858e91fd3e597f731d664d18f68" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723726", "to_ids": true, "type": "sha1", "uuid": "5832cace-1ecc-45ea-9859-4635950d210f", "value": "2f9b85e8ba34509d8e24c9dd4947d3d2bcd5e834" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723727", "to_ids": true, "type": "ip-dst", "uuid": "5832cacf-02fc-41b8-93a1-4c2f950d210f", "value": "178.32.125.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723727", "to_ids": true, "type": "domain", "uuid": "5832cacf-a334-4452-9ce3-4d8e950d210f", "value": "ukay.pw" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723728", "to_ids": true, "type": "domain", "uuid": "5832cad0-86f0-403f-83fd-4ec4950d210f", "value": "yadozalamom.pw" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723728", "to_ids": true, "type": "ip-dst", "uuid": "5832cad0-387c-4b76-94f2-4a59950d210f", "value": "139.59.153.214" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723729", "to_ids": true, "type": "sha256", "uuid": "5832cad1-61f4-4688-af5f-4ca5950d210f", "value": "0210143a2016779f31099289a1238a81e8d9165f56cbeb4969091af9cb0ed6c1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723729", "to_ids": true, "type": "md5", "uuid": "5832cad1-a7b4-49ea-aabf-44d2950d210f", "value": "f29e82d44b067c802576e7470dd0ad8e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723730", "to_ids": true, "type": "sha1", "uuid": "5832cad2-7bc0-4460-a291-4ab9950d210f", "value": "45e20b4ed53a367f53639b01cf330a622d577789" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723730", "to_ids": true, "type": "sha256", "uuid": "5832cad2-5b28-482e-9b28-4228950d210f", "value": "18ee4078bb2b0de650354b9e30f750479b9d217e4ac5dc6497c49fc9408332f1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723730", "to_ids": true, "type": "sha256", "uuid": "5832cad2-2c30-41bc-b642-447c950d210f", "value": "fe1520639a0255697ea7f21acaaa5b113558ee8fd91e7898bb748040740dbac6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723731", "to_ids": true, "type": "sha256", "uuid": "5832cad3-40b4-499d-b975-4816950d210f", "value": "e30af36bdc23acbd0b1ae0397bea0dc29285599ef56a1599b0708e11de275b67" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723731", "to_ids": true, "type": "sha256", "uuid": "5832cad3-9758-40c4-9c00-466b950d210f", "value": "df56b0ea56e20079e5e5bda8a937dcfff4128c2e4f78b794379e7d1c2a8752c1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723732", "to_ids": true, "type": "md5", "uuid": "5832cad4-3c50-4fb1-a33c-4200950d210f", "value": "24c73af97aaa0f5436d523d42da8d36c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723733", "to_ids": true, "type": "md5", "uuid": "5832cad5-e948-4f35-bf11-449d950d210f", "value": "c268c4214ff0f146cbc71fe445950de1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723733", "to_ids": true, "type": "md5", "uuid": "5832cad5-67d4-48b7-92a6-436a950d210f", "value": "32d21fe8f01fa65a3d4189e84db35e7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723734", "to_ids": true, "type": "md5", "uuid": "5832cad6-a7ec-4a4b-afb3-43f3950d210f", "value": "a19f44309f23e6323d9a26f9a8a6246e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723734", "to_ids": true, "type": "sha1", "uuid": "5832cad6-7f14-4cc1-ba46-4a7e950d210f", "value": "c88b3be2484c2c1f62479aaea5f1490abdfc7d90" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723735", "to_ids": true, "type": "sha1", "uuid": "5832cad7-de70-48bd-b8d3-4597950d210f", "value": "04645687615eb072bb4220ef47c261d733a05e59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723736", "to_ids": true, "type": "sha1", "uuid": "5832cad8-013c-40ce-b765-488b950d210f", "value": "f797fb11a0ceb6f429d698975bbdb540cd528f6a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1479723736", "to_ids": true, "type": "sha1", "uuid": "5832cad8-aa84-4eb5-9901-4429950d210f", "value": "214a5940bb28afdb830a0077b932a3f7ee88c98d" } ] } }