adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a3bcbe0-3d70-427d-8744-4bdb950d210f.json

1530 lines
No EOL
53 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-09-13",
"extends_uuid": "",
"info": "OSINT - DownAndExec: Banking malware utilizes CDNs in Brazil",
"publish_timestamp": "1518771437",
"published": true,
"threat_level_id": "3",
"timestamp": "1518231673",
"uuid": "5a3bcbe0-3d70-427d-8744-4bdb950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": false,
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#002f76",
"local": false,
"name": "ms-caro-malware-full:malware-family=\"Banker\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1518185087",
"to_ids": false,
"type": "link",
"uuid": "5a3cc4fd-5fd0-4c16-a65a-4c62950d210f",
"value": "https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1518185087",
"to_ids": false,
"type": "comment",
"uuid": "5a5c6f2a-afc8-41e1-8a1f-43b9950d210f",
"value": "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware.\r\n\r\nThe attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent \u00e2\u20ac\u0153fileless\u00e2\u20ac\u009d banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.\r\n\r\nThe purpose of this article is to offer an analysis of the downAndExec standard that is making extensive use of JS scripts to download and execute \u00e2\u20ac\u201d in this particular instance, banking malware on victims\u00e2\u20ac\u2122 computers.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516009242",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c771a-0068-47dc-8e20-47ad950d210f",
"value": "30fc877887d6845007503f3abd44ec261a0d40c7"
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516009243",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c771b-1804-42f0-9701-4e5d950d210f",
"value": "34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d"
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516009243",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c771b-5054-4f25-914e-4aee950d210f",
"value": "bffaabcce3f4cced896f745a7ec4eba207028683"
},
{
"category": "Payload delivery",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516009243",
"to_ids": true,
"type": "md5",
"uuid": "5a5c771b-6a2c-45ff-8d55-47b0950d210f",
"value": "2ad3b1669e8302035e24c838b3c08f2c"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516009244",
"to_ids": true,
"type": "md5",
"uuid": "5a5c771c-9a58-45ea-a3c7-4555950d210f",
"value": "51aed47cc54e9671f3ea71f8ee584952"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1518185088",
"to_ids": true,
"type": "url",
"uuid": "5a5c7a0d-71d4-465e-b761-ae5c950d210f",
"value": "https://1402712571.rsc.cdn77.org"
},
{
"category": "Network activity",
"comment": "inactive",
"deleted": false,
"disable_correlation": false,
"timestamp": "1518185088",
"to_ids": true,
"type": "url",
"uuid": "5a5c7a0e-4c48-42d5-acbc-ae5c950d210f",
"value": "https://1356485243.rsc.cdn77.org"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1516007689",
"uuid": "5a5c7109-1514-4b03-aca8-c84f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1516007689",
"to_ids": true,
"type": "filename",
"uuid": "5a5c7109-5130-4ebe-b03f-c84f950d210f",
"value": "AppAdobeFPlayer_1497851813.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516007689",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c7109-2f84-45bc-9d98-c84f950d210f",
"value": "37648e4b95636e3ee5a68e3fa8c0735125126c17"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1516007690",
"to_ids": false,
"type": "text",
"uuid": "5a5c710a-8db4-4e36-b0fb-c84f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1516007724",
"uuid": "5a5c712c-c8f0-4033-a3c6-ae5c950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1516007724",
"to_ids": true,
"type": "filename",
"uuid": "5a5c712c-0134-4465-ba20-ae5c950d210f",
"value": "Consulta_Resultado05062017.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516007725",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c712d-e004-466f-962e-ae5c950d210f",
"value": "38b7611bb20985512f86dc2c38247593e58a1df6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1516007725",
"to_ids": false,
"type": "text",
"uuid": "5a5c712d-95c8-4631-9db2-ae5c950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1516007763",
"uuid": "5a5c7153-7a80-4f92-a162-af7f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1516007763",
"to_ids": true,
"type": "filename",
"uuid": "5a5c7153-0adc-445d-b839-af7f950d210f",
"value": "NotaFiscal.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516007763",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c7153-2508-479f-9107-af7f950d210f",
"value": "67458b503047852dd603080946842472e575b856"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1516007764",
"to_ids": false,
"type": "text",
"uuid": "5a5c7154-87f0-429a-841b-af7f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1516007781",
"uuid": "5a5c7165-f8fc-41f9-84f1-4c94950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1516007782",
"to_ids": true,
"type": "filename",
"uuid": "5a5c7166-b778-4b50-bf8c-4a77950d210f",
"value": "n\u00c3\u00a3o confirmado 923337.crdownload"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516007782",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c7166-feb8-4fe9-850f-4c20950d210f",
"value": "8ea2c548bcb974a380fece046a7e3f0218632ff2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1516007782",
"to_ids": false,
"type": "text",
"uuid": "5a5c7166-c488-4cde-ba04-4555950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1516007805",
"uuid": "5a5c717d-7e58-4fbf-8c33-c84f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1516007805",
"to_ids": true,
"type": "filename",
"uuid": "5a5c717d-99a0-43bb-bdae-c84f950d210f",
"value": "5ae9e0f3867ae8a317031fc9a5ed886e.virus"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516007806",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c717e-2c94-40f8-8d01-c84f950d210f",
"value": "bffaabcce3f4cced896f745a7ec4eba2070286b3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1516007806",
"to_ids": false,
"type": "text",
"uuid": "5a5c717e-5a6c-4020-b20d-c84f950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "9",
"timestamp": "1516007826",
"uuid": "5a5c7192-cb54-4a77-8f2f-ae1e950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1516007826",
"to_ids": true,
"type": "filename",
"uuid": "5a5c7192-e888-4aa3-a6ee-ae1e950d210f",
"value": "Consulta_Resultado05062017.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1516007827",
"to_ids": true,
"type": "sha1",
"uuid": "5a5c7193-8034-49ae-8259-ae1e950d210f",
"value": "effb36259accdfff07c036c5a41b357692577265"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1516007827",
"to_ids": false,
"type": "text",
"uuid": "5a5c7193-8710-4df4-b99d-ae1e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185091",
"uuid": "352791b2-86bb-41ad-9481-10549ebea11f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "352791b2-86bb-41ad-9481-10549ebea11f",
"referenced_uuid": "db289675-d7e8-42b0-a80d-1d0f73eac08b",
"relationship_type": "analysed-with",
"timestamp": "1518771436",
"uuid": "5a7daa9b-5060-452a-89f5-448a02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185089",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa81-4b18-40ae-8f01-431e02de0b81",
"value": "5c5d23fcb759d900c0158948695b43f63df4a99d"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185089",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa81-64f8-4faa-a99c-4d5302de0b81",
"value": "08895e31448976adfbe419d1db92650bfb8b937f13597e6222fba965d3e999e0"
},
{
"category": "Payload delivery",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185089",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa81-8ca8-4479-8be1-451102de0b81",
"value": "51aed47cc54e9671f3ea71f8ee584952"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185090",
"uuid": "db289675-d7e8-42b0-a80d-1d0f73eac08b",
"Attribute": [
{
"category": "External analysis",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185090",
"to_ids": false,
"type": "link",
"uuid": "5a7daa82-5084-4e96-b1b7-481e02de0b81",
"value": "https://www.virustotal.com/file/08895e31448976adfbe419d1db92650bfb8b937f13597e6222fba965d3e999e0/analysis/1509045877/"
},
{
"category": "Other",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185090",
"to_ids": false,
"type": "text",
"uuid": "5a7daa82-ce04-4a13-b4dc-4dd902de0b81",
"value": "42/66"
},
{
"category": "Other",
"comment": "Win32/Spy.Banker.ADYV",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185091",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa83-7f20-42ba-9919-459c02de0b81",
"value": "2017-10-26T19:24:37"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185094",
"uuid": "323bf06e-4c08-4825-9e3d-490b985d27f1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "323bf06e-4c08-4825-9e3d-490b985d27f1",
"referenced_uuid": "3c950c89-f255-4ce4-bdf5-b3cb9a34eada",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-1a14-4a07-a404-480c02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185091",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa83-dc7c-4d41-8a83-439d02de0b81",
"value": "21e6bfad68531acefa1a059015fb008742b5aeec"
},
{
"category": "Payload delivery",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185092",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa84-4450-4d1f-8a39-428802de0b81",
"value": "15a739c1e02245e4f686ff46ca616ab73663fffac9c4de4290a1af4668405878"
},
{
"category": "Payload delivery",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185092",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa84-7690-4c43-bbf7-407302de0b81",
"value": "2ad3b1669e8302035e24c838b3c08f2c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185093",
"uuid": "3c950c89-f255-4ce4-bdf5-b3cb9a34eada",
"Attribute": [
{
"category": "External analysis",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185093",
"to_ids": false,
"type": "link",
"uuid": "5a7daa85-4e94-4767-b81b-491502de0b81",
"value": "https://www.virustotal.com/file/15a739c1e02245e4f686ff46ca616ab73663fffac9c4de4290a1af4668405878/analysis/1509155544/"
},
{
"category": "Other",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185093",
"to_ids": false,
"type": "text",
"uuid": "5a7daa85-34f4-42de-856c-427902de0b81",
"value": "26/59"
},
{
"category": "Other",
"comment": "JS/TrojanDownloader.Agent.QPA",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185094",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa86-e0c4-4f48-a687-466c02de0b81",
"value": "2017-10-28T01:52:24"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185097",
"uuid": "989dca8a-94e7-414f-9bb9-299b6407cfe4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "989dca8a-94e7-414f-9bb9-299b6407cfe4",
"referenced_uuid": "b8d9d264-06d8-465a-81c9-a4cd48c9deaa",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-4a50-4114-bb65-418202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185094",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa86-b30c-4e77-b3a5-4bef02de0b81",
"value": "37648e4b95636e3ee5a68e3fa8c0735125126c17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185094",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa87-3a34-46e3-b034-4e5602de0b81",
"value": "ce300e38c0adbba46b1d46066cc3be3e5ce990c6406cb3e1713936acd124d174"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185095",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa87-95f8-4f8e-b7f8-495a02de0b81",
"value": "c5d56198560f2e263c7ae1af6fccae6c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185095",
"uuid": "b8d9d264-06d8-465a-81c9-a4cd48c9deaa",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185095",
"to_ids": false,
"type": "link",
"uuid": "5a7daa87-4afc-47dd-876d-492602de0b81",
"value": "https://www.virustotal.com/file/ce300e38c0adbba46b1d46066cc3be3e5ce990c6406cb3e1713936acd124d174/analysis/1509045679/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185096",
"to_ids": false,
"type": "text",
"uuid": "5a7daa88-e2ac-4bd7-a8c1-484502de0b81",
"value": "45/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185096",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa88-7f20-461d-890d-44bc02de0b81",
"value": "2017-10-26T19:21:19"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185100",
"uuid": "ec87a3b7-5f72-4b59-8d53-6e2767f4328f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ec87a3b7-5f72-4b59-8d53-6e2767f4328f",
"referenced_uuid": "8c9d5426-4f3b-4bfd-b166-40f4e69c8998",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-fed4-4fae-a8a4-48cb02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185097",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa89-5b00-47b6-8e10-414002de0b81",
"value": "67458b503047852dd603080946842472e575b856"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185097",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa89-0be8-4c1a-9aed-4fa802de0b81",
"value": "d7b430e18426fad00576add9e88c6b0c78eb194376dfa416ab805f5757188990"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185098",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa8a-a198-4534-a467-4db302de0b81",
"value": "1a5748d445565bf35a3cb6e6b6959fe2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185098",
"uuid": "8c9d5426-4f3b-4bfd-b166-40f4e69c8998",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185098",
"to_ids": false,
"type": "link",
"uuid": "5a7daa8a-7c2c-4d8b-b395-413b02de0b81",
"value": "https://www.virustotal.com/file/d7b430e18426fad00576add9e88c6b0c78eb194376dfa416ab805f5757188990/analysis/1509045752/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185099",
"to_ids": false,
"type": "text",
"uuid": "5a7daa8b-6934-465e-8d8e-4ff202de0b81",
"value": "40/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185099",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa8b-a6c8-404d-af6d-4e1302de0b81",
"value": "2017-10-26T19:22:32"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185102",
"uuid": "5e44b32b-6d75-4ac9-a643-96970dee4e3e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e44b32b-6d75-4ac9-a643-96970dee4e3e",
"referenced_uuid": "532bbc5d-ad5f-4281-88f9-a027f31718ae",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-8594-4197-bfec-42de02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185099",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa8b-3a50-4639-b8cf-440f02de0b81",
"value": "30fc877887d6845007503f3abd44ec261a0d40c7"
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185100",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa8c-34c4-4126-8a4c-45b102de0b81",
"value": "74c115091077182b4e9f1dc141fd2c91c50b0c61fd22117f71f880ebc4fe72bc"
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185100",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa8c-c330-4a61-a4e8-412602de0b81",
"value": "ab4832be975c95ce0348416741225143"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185101",
"uuid": "532bbc5d-ad5f-4281-88f9-a027f31718ae",
"Attribute": [
{
"category": "External analysis",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185101",
"to_ids": false,
"type": "link",
"uuid": "5a7daa8d-995c-4415-90b2-41a602de0b81",
"value": "https://www.virustotal.com/file/74c115091077182b4e9f1dc141fd2c91c50b0c61fd22117f71f880ebc4fe72bc/analysis/1509045590/"
},
{
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185101",
"to_ids": false,
"type": "text",
"uuid": "5a7daa8d-7378-4f23-913b-467a02de0b81",
"value": "36/66"
},
{
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185101",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa8d-bf5c-453b-8111-49d202de0b81",
"value": "2017-10-26T19:19:50"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185105",
"uuid": "362d20e1-90b1-45c8-b536-5e2fc281fe8a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "362d20e1-90b1-45c8-b536-5e2fc281fe8a",
"referenced_uuid": "0d641165-660b-4c56-a989-5f27840d94f1",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-f4c4-4ba5-9428-4b5002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185102",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa8e-faf0-4774-bfb6-4c6c02de0b81",
"value": "34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d"
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185102",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa8e-2fb4-4d5d-8ceb-408602de0b81",
"value": "027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745"
},
{
"category": "Payload delivery",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185103",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa8f-fccc-4952-a114-445002de0b81",
"value": "71b6a493388e7d0b40c83ce903bc6b04"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185103",
"uuid": "0d641165-660b-4c56-a989-5f27840d94f1",
"Attribute": [
{
"category": "External analysis",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185103",
"to_ids": false,
"type": "link",
"uuid": "5a7daa8f-e930-4c13-b96f-493d02de0b81",
"value": "https://www.virustotal.com/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/1517914078/"
},
{
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185104",
"to_ids": false,
"type": "text",
"uuid": "5a7daa90-99dc-4e0c-b651-4bbc02de0b81",
"value": "59/65"
},
{
"category": "Other",
"comment": "NSIS/TrojanDropper.Agent.CL",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185104",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa90-e0ec-488b-87f7-418802de0b81",
"value": "2018-02-06T10:47:58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185108",
"uuid": "9e1132f7-a6f0-4966-8d8e-a8ba91337184",
"ObjectReference": [
{
"comment": "",
"object_uuid": "9e1132f7-a6f0-4966-8d8e-a8ba91337184",
"referenced_uuid": "9ddbe62a-df3a-4968-8fb1-4b46e61d0abe",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-7d98-4166-acd6-475202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185105",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa91-0ed8-4164-ad3f-4f8e02de0b81",
"value": "bffaabcce3f4cced896f745a7ec4eba2070286b3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185105",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa91-3f68-4a2c-ab50-47f202de0b81",
"value": "45211c815cac28a399e3ad01d742b5811dae54d93918e969c685d4e8356d7c28"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185105",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa91-ce94-4fb6-a16d-4b8602de0b81",
"value": "5ae9e0f3867ae8a317031fc9a5ed886e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185106",
"uuid": "9ddbe62a-df3a-4968-8fb1-4b46e61d0abe",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185106",
"to_ids": false,
"type": "link",
"uuid": "5a7daa92-a268-4a80-8fe2-422502de0b81",
"value": "https://www.virustotal.com/file/45211c815cac28a399e3ad01d742b5811dae54d93918e969c685d4e8356d7c28/analysis/1505331152/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185106",
"to_ids": false,
"type": "text",
"uuid": "5a7daa92-9ac8-48be-a710-4ceb02de0b81",
"value": "39/64"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185107",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa93-b3d4-4672-b604-454802de0b81",
"value": "2017-09-13T19:32:32"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185110",
"uuid": "a4602179-8407-4714-8ce8-73e739f8f93e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a4602179-8407-4714-8ce8-73e739f8f93e",
"referenced_uuid": "23e90ff7-f68e-4f1e-abfb-1d24b0480d18",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-f750-46d3-9e5b-41c302de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185107",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa93-e5f8-4fb3-80ad-46ef02de0b81",
"value": "38b7611bb20985512f86dc2c38247593e58a1df6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185108",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa94-e6a0-4933-a1a8-443202de0b81",
"value": "6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185108",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa94-c79c-4d5b-8de5-4edc02de0b81",
"value": "e383d317b3c7bbd65a7c303746b7f12d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185108",
"uuid": "23e90ff7-f68e-4f1e-abfb-1d24b0480d18",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185109",
"to_ids": false,
"type": "link",
"uuid": "5a7daa95-e77c-431d-bc9c-4cdc02de0b81",
"value": "https://www.virustotal.com/file/6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2/analysis/1509045704/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185109",
"to_ids": false,
"type": "text",
"uuid": "5a7daa95-db80-4bcf-8c20-450a02de0b81",
"value": "39/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185109",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa95-88e8-49fe-be81-421b02de0b81",
"value": "2017-10-26T19:21:44"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185113",
"uuid": "368ea62b-9c92-41fd-aa29-ad77f6f49144",
"ObjectReference": [
{
"comment": "",
"object_uuid": "368ea62b-9c92-41fd-aa29-ad77f6f49144",
"referenced_uuid": "ffa1925f-32e0-4ddf-ac99-db930609d495",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-de8c-45d3-bcdd-433202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185110",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa96-4bf0-4ab4-950f-4a8e02de0b81",
"value": "8ea2c548bcb974a380fece046a7e3f0218632ff2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185110",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa96-26bc-4e71-8b7d-40f602de0b81",
"value": "66d9360a2a41a119a9337539e110d79f6e74e405755029d9241bf9afc20beed6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185111",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa97-0970-4c6b-9cc0-4c4102de0b81",
"value": "782eace45e76c28862396a2b6d5b3f1c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185111",
"uuid": "ffa1925f-32e0-4ddf-ac99-db930609d495",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185111",
"to_ids": false,
"type": "link",
"uuid": "5a7daa97-96ac-4b57-877e-4cc502de0b81",
"value": "https://www.virustotal.com/file/66d9360a2a41a119a9337539e110d79f6e74e405755029d9241bf9afc20beed6/analysis/1510180391/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185111",
"to_ids": false,
"type": "text",
"uuid": "5a7daa97-1e08-4336-bef5-44c302de0b81",
"value": "41/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185112",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa98-6474-4cc5-85d9-481a02de0b81",
"value": "2017-11-08T22:33:11"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1518185115",
"uuid": "b4c72aed-63bf-4f2a-8794-047d36abe533",
"ObjectReference": [
{
"comment": "",
"object_uuid": "b4c72aed-63bf-4f2a-8794-047d36abe533",
"referenced_uuid": "43e3402c-ec4a-4afc-859b-18cdd344f48f",
"relationship_type": "analysed-with",
"timestamp": "1518771437",
"uuid": "5a7daa9b-37dc-4b69-808c-4fc502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1518185112",
"to_ids": true,
"type": "sha1",
"uuid": "5a7daa98-4df8-4fcf-a9f7-400e02de0b81",
"value": "effb36259accdfff07c036c5a41b357692577265"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1518185113",
"to_ids": true,
"type": "sha256",
"uuid": "5a7daa99-e394-4da0-b7ab-47ba02de0b81",
"value": "91301d3daab1a87dfc8b4e39f8a120ea5523e04ac86fee970cecc6760e05c8fe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1518185113",
"to_ids": true,
"type": "md5",
"uuid": "5a7daa99-ace0-4814-8d0c-469e02de0b81",
"value": "b917b09c778d7aa7e5a2d98a5fba5b1e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1518185113",
"uuid": "43e3402c-ec4a-4afc-859b-18cdd344f48f",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1518185114",
"to_ids": false,
"type": "link",
"uuid": "5a7daa9a-b7e8-4340-a315-416602de0b81",
"value": "https://www.virustotal.com/file/91301d3daab1a87dfc8b4e39f8a120ea5523e04ac86fee970cecc6760e05c8fe/analysis/1509045798/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1518185114",
"to_ids": false,
"type": "text",
"uuid": "5a7daa9a-f554-4959-827d-4d0702de0b81",
"value": "38/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1518185114",
"to_ids": false,
"type": "datetime",
"uuid": "5a7daa9a-d1fc-4984-9be0-45e902de0b81",
"value": "2017-10-26T19:23:18"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink