{ "Event": { "analysis": "0", "date": "2019-06-02", "extends_uuid": "", "info": "OSINT - FlawedAmmy RAT", "publish_timestamp": "1566895453", "published": true, "threat_level_id": "3", "timestamp": "1566894446", "uuid": "5cf51bbd-6180-4dc7-a2dd-4baa950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#0071c3", "name": "osint:lifetime=\"perpetual\"" }, { "colour": "#0087e8", "name": "osint:certainty=\"50\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#0088cc", "name": "misp-galaxy:rat=\"FlawedAmmy\"" } ], "Attribute": [ { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1559571387", "to_ids": true, "type": "ip-dst", "uuid": "5cf52bbb-4290-499c-89de-44eb950d210f", "value": "185.117.89.130" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "6", "timestamp": "1559571065", "uuid": "5cf52a79-5fac-4e72-a9f0-446f950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1559571065", "to_ids": false, "type": "text", "uuid": "5cf52a79-7e0c-45fd-851b-454a950d210f", "value": "2019-06-02: #FlawedAmmy RAT #Signed \r\n\u00f0\u0178\u0090\u20ac\r\n\r\nDigital Signature -> [JIN CONSULTANCY LIMITED] Thawte\r\nh/t @malwrhunterteam\r\n \r\nC2: 185[.]117.89.130\r\nMD5: fe3e4635f555f86b64be6e8c9cfa6d6f\r\nLeaked AmmyAdmin Source Code Still Relevant as Compiled Into RAT \r\n\u00f0\u0178\u00a4\u201d" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1559571065", "to_ids": true, "type": "url", "uuid": "5cf52a79-8b90-4387-a28b-476b950d210f", "value": "https://mobile.twitter.com/VK_Intel/status/1135497995351449600" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username-quoted", "timestamp": "1559571065", "to_ids": false, "type": "text", "uuid": "5cf52a79-e2a4-4094-8d07-4802950d210f", "value": "@malwrhunterteam" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1559571065", "to_ids": false, "type": "text", "uuid": "5cf52a79-9310-4d16-b3d5-431b950d210f", "value": "VK_Intel" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "creation-date", "timestamp": "1559571065", "to_ids": false, "type": "datetime", "uuid": "5cf52a79-65ec-4835-80ba-49ac950d210f", "value": "2019-06-03T12:46:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1559571629", "uuid": "5cf52cad-d400-4d77-b041-4ab4950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1559571630", "to_ids": true, "type": "md5", "uuid": "5cf52cae-ae70-402c-be88-4206950d210f", "value": "fe3e4635f555f86b64be6e8c9cfa6d6f" } ] } ] } }