{ "Event": { "analysis": "2", "date": "2016-06-22", "extends_uuid": "", "info": "OSINT - The Curious Case of an Unknown Trojan Targeting German-Speaking Users", "publish_timestamp": "1466629390", "published": true, "threat_level_id": "3", "timestamp": "1466629362", "uuid": "576afc2a-6fd8-4b0d-949b-347902de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#ffffff", "name": "tlp:white" } ], "Attribute": [ { "category": "Payload installation", "comment": "Last week, an unidentified malware was discovered", "deleted": false, "disable_correlation": false, "timestamp": "1466629206", "to_ids": true, "type": "sha256", "uuid": "576afc56-f90c-4bbe-90aa-ed0e02de0b81", "value": "171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629242", "to_ids": true, "type": "sha256", "uuid": "576afc7a-3970-48c8-a823-34a202de0b81", "value": "72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629242", "to_ids": true, "type": "sha256", "uuid": "576afc7a-0fd4-475c-b0bf-34a202de0b81", "value": "5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629243", "to_ids": true, "type": "sha256", "uuid": "576afc7b-1880-4d7e-834e-34a202de0b81", "value": "c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629243", "to_ids": true, "type": "sha256", "uuid": "576afc7b-3464-4907-bfd4-34a202de0b81", "value": "171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629244", "to_ids": true, "type": "sha256", "uuid": "576afc7c-7f58-4fb5-91e4-34a202de0b81", "value": "5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629244", "to_ids": true, "type": "sha256", "uuid": "576afc7c-d25c-4c02-b088-34a202de0b81", "value": "103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr):", "deleted": false, "disable_correlation": false, "timestamp": "1466629244", "to_ids": true, "type": "sha256", "uuid": "576afc7c-f4a0-4cde-9d62-34a202de0b81", "value": "cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629285", "to_ids": true, "type": "domain", "uuid": "576afca5-8050-4ee0-82d1-347602de0b81", "value": "yberprojects22017.info" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629285", "to_ids": true, "type": "domain", "uuid": "576afca5-92f4-416a-be70-347602de0b81", "value": "masterhost8981.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629286", "to_ids": true, "type": "domain", "uuid": "576afca6-e670-4045-b465-347602de0b81", "value": "nov15mailmarketing.in" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629286", "to_ids": true, "type": "domain", "uuid": "576afca6-543c-4bd0-a13c-347602de0b81", "value": "auspostresponse22.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629286", "to_ids": true, "type": "domain", "uuid": "576afca6-ea50-4e69-ac50-347602de0b81", "value": "goodwinn8.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629287", "to_ids": true, "type": "domain", "uuid": "576afca7-1d94-4d40-af6f-347602de0b81", "value": "mastehost12312.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629287", "to_ids": true, "type": "domain", "uuid": "576afca7-1f08-4086-a1e7-347602de0b81", "value": "masterhost1333.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629288", "to_ids": true, "type": "hostname", "uuid": "576afca8-bd38-4746-8f03-347602de0b81", "value": "marketingmas.in.net" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629288", "to_ids": true, "type": "domain", "uuid": "576afca8-8abc-4d03-9542-347602de0b81", "value": "remembermetoday4.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629288", "to_ids": true, "type": "domain", "uuid": "576afca8-15cc-4be9-9768-347602de0b81", "value": "startupproject33676.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629289", "to_ids": true, "type": "domain", "uuid": "576afca9-c414-465b-8269-347602de0b81", "value": "bestbrowser-2015.biz" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629289", "to_ids": true, "type": "domain", "uuid": "576afca9-5638-41b5-a53e-347602de0b81", "value": "marketing5050.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629289", "to_ids": true, "type": "domain", "uuid": "576afca9-082c-49df-aa2a-347602de0b81", "value": "marketingking878.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629289", "to_ids": true, "type": "domain", "uuid": "576afca9-8b10-4c3c-a30e-347602de0b81", "value": "yidckntbrmhuuhmq.com" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629289", "to_ids": true, "type": "domain", "uuid": "576afca9-83e8-4a0b-b3ae-347602de0b81", "value": "resdomactivationa.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629290", "to_ids": true, "type": "domain", "uuid": "576afcaa-f518-426f-91fb-347602de0b81", "value": "ukcompanymarketing.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629290", "to_ids": true, "type": "domain", "uuid": "576afcaa-1b54-4285-8824-347602de0b81", "value": "goodvin77787.in" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629290", "to_ids": true, "type": "domain", "uuid": "576afcaa-f148-45a5-a2c1-347602de0b81", "value": "jajajakala8212.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629290", "to_ids": true, "type": "domain", "uuid": "576afcaa-7720-4615-9de9-347602de0b81", "value": "masterhost122133.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629290", "to_ids": true, "type": "domain", "uuid": "576afcaa-e120-4c03-b763-347602de0b81", "value": "masterj.in" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629290", "to_ids": true, "type": "domain", "uuid": "576afcaa-2794-480b-ab84-347602de0b81", "value": "lalalababla.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629291", "to_ids": true, "type": "domain", "uuid": "576afcab-e95c-4f8f-b0b8-347602de0b81", "value": "responder201922.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629291", "to_ids": true, "type": "domain", "uuid": "576afcab-5154-4bf9-826b-347602de0b81", "value": "cyberprojects2727.info" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629291", "to_ids": true, "type": "domain", "uuid": "576afcab-15c8-4001-8012-347602de0b81", "value": "super-sexy-girl2015.net" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629291", "to_ids": true, "type": "domain", "uuid": "576afcab-23c4-4361-a6f4-347602de0b81", "value": "jxsraxhlccokkrob.com" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629291", "to_ids": true, "type": "domain", "uuid": "576afcab-d818-4a28-9b77-347602de0b81", "value": "mastehost88832.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629291", "to_ids": true, "type": "domain", "uuid": "576afcab-124c-40d1-ac8d-347602de0b81", "value": "masterlin888.pw" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629292", "to_ids": true, "type": "domain", "uuid": "576afcac-0850-435b-b55d-347602de0b81", "value": "mamba777.in" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629292", "to_ids": true, "type": "domain", "uuid": "576afcac-61e8-4080-8bc2-347602de0b81", "value": "copolsox.us" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629292", "to_ids": true, "type": "domain", "uuid": "576afcac-b624-4ed2-9682-347602de0b81", "value": "10cyberprojects2016.asia" }, { "category": "Network activity", "comment": "Domains registered by sir777alex@outlook.com:", "deleted": false, "disable_correlation": false, "timestamp": "1466629292", "to_ids": true, "type": "domain", "uuid": "576afcac-2d98-498e-a580-347602de0b81", "value": "startupproject336.asia" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1466629329", "to_ids": false, "type": "link", "uuid": "576afcd1-2ef8-447b-ac63-3cc102de0b81", "value": "https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users" }, { "category": "Payload installation", "comment": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b", "deleted": false, "disable_correlation": false, "timestamp": "1466629362", "to_ids": true, "type": "sha1", "uuid": "576afcf2-595c-452c-9b4c-4f0502de0b81", "value": "9fbbca0a32f609aea6c8b3794429fea6b1cef1f7" }, { "category": "Payload installation", "comment": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b", "deleted": false, "disable_correlation": false, "timestamp": "1466629362", "to_ids": true, "type": "md5", "uuid": "576afcf2-131c-4140-9e0c-4bf302de0b81", "value": "2e624f044f4cd086e3d49ef8b78a5cb6" }, { "category": "External analysis", "comment": "Last week, an unidentified malware was discovered - Xchecked via VT: 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b", "deleted": false, "disable_correlation": false, "timestamp": "1466629362", "to_ids": false, "type": "link", "uuid": "576afcf2-8650-4b94-9554-4f9f02de0b81", "value": "https://www.virustotal.com/file/171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b/analysis/1466577042/" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892", "deleted": false, "disable_correlation": false, "timestamp": "1466629362", "to_ids": true, "type": "sha1", "uuid": "576afcf2-8440-4dbf-bad6-4bd002de0b81", "value": "b8001fb6144f491226306194a08254d04f854cc7" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892", "deleted": false, "disable_correlation": false, "timestamp": "1466629363", "to_ids": true, "type": "md5", "uuid": "576afcf3-d39c-41ee-b8cd-486802de0b81", "value": "9ab0746d527beb6bf141580eb7e39b9f" }, { "category": "External analysis", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892", "deleted": false, "disable_correlation": false, "timestamp": "1466629363", "to_ids": false, "type": "link", "uuid": "576afcf3-9e90-4fcd-b365-4f4602de0b81", "value": "https://www.virustotal.com/file/cec73c7b54c290b297a713e0eb07c7c2d822cc67ed61b9981256464273d63892/analysis/1465950050/" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d", "deleted": false, "disable_correlation": false, "timestamp": "1466629363", "to_ids": true, "type": "sha1", "uuid": "576afcf3-bc34-4747-87df-459e02de0b81", "value": "88261bc52f2bd5a18ff29963b4f5300d66b794d4" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d", "deleted": false, "disable_correlation": false, "timestamp": "1466629363", "to_ids": true, "type": "md5", "uuid": "576afcf3-8ce4-4fdf-aa4f-4edf02de0b81", "value": "ddf0134ee920b0b9930f7d7aa2d1e038" }, { "category": "External analysis", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d", "deleted": false, "disable_correlation": false, "timestamp": "1466629363", "to_ids": false, "type": "link", "uuid": "576afcf3-ff68-41c5-97cf-4d8402de0b81", "value": "https://www.virustotal.com/file/103c6f425cfcd5eb935136f8c4ce51b9556974545bc6b7947039405164d46b0d/analysis/1466578390/" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c", "deleted": false, "disable_correlation": false, "timestamp": "1466629363", "to_ids": true, "type": "sha1", "uuid": "576afcf3-22d0-401d-a0f5-411a02de0b81", "value": "349f5250384621b0e0e29a02947c2bf263234eb4" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c", "deleted": false, "disable_correlation": false, "timestamp": "1466629364", "to_ids": true, "type": "md5", "uuid": "576afcf4-36c0-4221-9b96-450502de0b81", "value": "04c5b2382eecf78729e3c7f28d18cb88" }, { "category": "External analysis", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c", "deleted": false, "disable_correlation": false, "timestamp": "1466629364", "to_ids": false, "type": "link", "uuid": "576afcf4-b404-48a7-ba05-4cff02de0b81", "value": "https://www.virustotal.com/file/5afee15a022fcdb12cc791dd02db0ec6beb2e9152b312b2251f2b8ecfe62e03c/analysis/1465147301/" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca", "deleted": false, "disable_correlation": false, "timestamp": "1466629364", "to_ids": true, "type": "sha1", "uuid": "576afcf4-7ed8-4ab3-9fb6-4a3702de0b81", "value": "aad3a9a14d91f4c371dab192e976b28772a9f5b7" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca", "deleted": false, "disable_correlation": false, "timestamp": "1466629364", "to_ids": true, "type": "md5", "uuid": "576afcf4-8298-42fa-a794-44cf02de0b81", "value": "533fc5d5a9d7c0e06de13af3af0662ba" }, { "category": "External analysis", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca", "deleted": false, "disable_correlation": false, "timestamp": "1466629364", "to_ids": false, "type": "link", "uuid": "576afcf4-8984-46db-b974-43aa02de0b81", "value": "https://www.virustotal.com/file/c16281c83378a597cbc4b01410f997e45b89c5d06efada8000ff79c3a24d63ca/analysis/1459406571/" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f", "deleted": false, "disable_correlation": false, "timestamp": "1466629365", "to_ids": true, "type": "sha1", "uuid": "576afcf5-b9bc-4e4a-aa0a-431902de0b81", "value": "e77be9eaa91ff9429c2837a8291c9ae4a58a76b6" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f", "deleted": false, "disable_correlation": false, "timestamp": "1466629365", "to_ids": true, "type": "md5", "uuid": "576afcf5-53f4-4669-b311-4e8202de0b81", "value": "a4232d262ebfafc8570c034f428e64cb" }, { "category": "External analysis", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f", "deleted": false, "disable_correlation": false, "timestamp": "1466629365", "to_ids": false, "type": "link", "uuid": "576afcf5-813c-45cd-950d-412202de0b81", "value": "https://www.virustotal.com/file/5d759710686db2c5b81c7125aacf70e252de61ab360d95e46cee8a9011c5693f/analysis/1464162631/" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891", "deleted": false, "disable_correlation": false, "timestamp": "1466629365", "to_ids": true, "type": "sha1", "uuid": "576afcf5-2350-4ba0-a4c5-453f02de0b81", "value": "343878c85ff1b66e27e0d1d193fe8fde81bf1db1" }, { "category": "Payload delivery", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891", "deleted": false, "disable_correlation": false, "timestamp": "1466629365", "to_ids": true, "type": "md5", "uuid": "576afcf5-dd9c-4b6f-b8ed-41b102de0b81", "value": "d79c3cce5d103f387955c34a0e429f58" }, { "category": "External analysis", "comment": "DELoader SHA-256 hashes (all detected as W32/DELoader.A!tr): - Xchecked via VT: 72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891", "deleted": false, "disable_correlation": false, "timestamp": "1466629365", "to_ids": false, "type": "link", "uuid": "576afcf5-289c-4baf-8453-49a402de0b81", "value": "https://www.virustotal.com/file/72faed0bc66afe1f42bd7e75b7ea26e0596effac65f67c0ac367a84ec4858891/analysis/1466153872/" } ] } }