adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/55f93f51-b288-4da8-b9eb-4416950d210b.json

539 lines
No EOL
17 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2015-09-14",
"extends_uuid": "",
"info": "OSINT The Shade Encryptor: a Double Threat by Kaspersky",
"publish_timestamp": "1442406045",
"published": true,
"threat_level_id": "3",
"timestamp": "1442405974",
"uuid": "55f93f51-b288-4da8-b9eb-4416950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398046",
"to_ids": false,
"type": "link",
"uuid": "55f93f5e-21b8-45b8-834b-4450950d210b",
"value": "https://securelist.com/analysis/publications/72087/the-shade-encryptor-a-double-threat/"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398102",
"to_ids": true,
"type": "text",
"uuid": "55f93f96-e8e0-4964-b2d8-4318950d210b",
"value": "Trojan-Ransom.Win32.Shade"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398103",
"to_ids": true,
"type": "text",
"uuid": "55f93f97-64a4-4955-9b1e-419c950d210b",
"value": "Trojan.Encoder.858"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398103",
"to_ids": true,
"type": "text",
"uuid": "55f93f97-30bc-410d-a71f-4e24950d210b",
"value": "Ransom:Win32/Troldesh"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398250",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402a-7ba0-4739-8c84-4064950d210b",
"value": "oc_dlea podpisi.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398251",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402b-ec40-4ec3-97a8-451f950d210b",
"value": "doc_dlea podpisi.rar"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398251",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402b-bb0c-4f2a-ad1c-4c9f950d210b",
"value": "documenti_589965465_documenti.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398251",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402b-80e8-4f6f-a87e-4e0e950d210b",
"value": "documenti_589965465_documenti.rar"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398252",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402c-d780-4b80-9826-484c950d210b",
"value": "documenti_589965465_doc.scr"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398253",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402d-beb0-42d4-99c8-48e2950d210b",
"value": "\u00d0\u00bd\u00d0\u00b5\u00d0\u00bf\u00d0\u00be\u00d0\u00b4\u00d1\u201a\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b6\u00d0\u00b4\u00d0\u00b5\u00d0\u00bd 308853.scr"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398253",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402d-1264-422c-9658-4477950d210b",
"value": "documenti dlea podpisi 05.08.2015.scr.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398253",
"to_ids": true,
"type": "email-attachment",
"uuid": "55f9402d-ee00-461c-b0b9-4d8a950d210b",
"value": "akt sverki za 17082015.scr"
},
{
"category": "Antivirus detection",
"comment": "Secondary payload downloaded",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398354",
"to_ids": true,
"type": "text",
"uuid": "55f94092-0d18-4bc9-b72d-4113950d210b",
"value": "Trojan.Win32.CMSBrute"
},
{
"category": "Antivirus detection",
"comment": "Secondary payload downloaded",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398354",
"to_ids": true,
"type": "text",
"uuid": "55f94092-3930-457c-b962-4f59950d210b",
"value": "Trojan.Win32.Muref"
},
{
"category": "Antivirus detection",
"comment": "Secondary payload downloaded",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398355",
"to_ids": true,
"type": "text",
"uuid": "55f94093-fcc0-45d6-91cb-4355950d210b",
"value": "Trojan.Win32.Kovter"
},
{
"category": "Antivirus detection",
"comment": "Secondary payload downloaded",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398355",
"to_ids": true,
"type": "text",
"uuid": "55f94093-20e0-4fbf-8172-490a950d210b",
"value": "Trojan-Downloader.Win32.Zemot"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398435",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e3-e8d4-40bb-9402-4d2c950d210b",
"value": "decode00001@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398435",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e3-fa18-470f-b245-4296950d210b",
"value": "decode00002@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398436",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e4-26fc-495a-808e-44a2950d210b",
"value": "decode010@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398436",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e4-5998-4ebc-b6dc-47c3950d210b",
"value": "decode0987@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398436",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e4-7a10-4bf7-8191-4537950d210b",
"value": "decode098@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398436",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e4-6328-4f0c-a721-4ada950d210b",
"value": "decode1110@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398437",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e5-1b58-47a8-a2de-4e5f950d210b",
"value": "decodefile001@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398437",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e5-f654-4f1c-9465-4d94950d210b",
"value": "decodefile002@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398437",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e5-bc0c-4269-ab0f-403a950d210b",
"value": "decodefiles1@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398437",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e5-ca2c-4988-a30a-49b5950d210b",
"value": "decodefiles@india.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398437",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e5-1d48-46b7-9fc1-4a06950d210b",
"value": "deshifrovka01@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398438",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e6-31b0-4baa-8b90-48d5950d210b",
"value": "deshifrovka@india.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398438",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e6-222c-412c-8fb4-4832950d210b",
"value": "files08880@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398438",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e6-4adc-42b2-af27-4b01950d210b",
"value": "files08881@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398438",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e6-0220-4732-8cc1-4eeb950d210b",
"value": "files1147@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398439",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e7-2e8c-4868-9c7e-42f5950d210b",
"value": "post100023@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398439",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e7-ff6c-4912-a30c-4486950d210b",
"value": "post24932@gmail.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398439",
"to_ids": true,
"type": "email-dst",
"uuid": "55f940e7-7744-4591-8c3d-427a950d210b",
"value": "post8881@gmail.com"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398485",
"to_ids": true,
"type": "md5",
"uuid": "55f94115-a694-4aeb-9a2d-4c57950d210b",
"value": "21723762c841b2377e06472dd9691da2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398485",
"to_ids": true,
"type": "md5",
"uuid": "55f94115-28ac-4993-8211-4466950d210b",
"value": "bb159b6fe30e3c914feac5d4e1b85a61"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442398485",
"to_ids": true,
"type": "md5",
"uuid": "55f94115-46ec-49b8-8d7a-44ac950d210b",
"value": "543d1620ce976cb13fec190ccc1bc83a"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 543d1620ce976cb13fec190ccc1bc83a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405974",
"to_ids": true,
"type": "sha256",
"uuid": "55f95e56-7580-478d-a35c-6ff9950d210b",
"value": "01aa0cc7081760ad0b7259f35a3e4b37b1d8c6c4ed6a03606e74646046c64481"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 543d1620ce976cb13fec190ccc1bc83a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405974",
"to_ids": true,
"type": "sha1",
"uuid": "55f95e56-90ac-40a2-991d-6ff9950d210b",
"value": "3fe92f2e449dc7709b6ce8a9a48f6db3b60daf33"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405974",
"to_ids": false,
"type": "link",
"uuid": "55f95e56-bb58-49a9-b100-6ff9950d210b",
"value": "https://www.virustotal.com/file/01aa0cc7081760ad0b7259f35a3e4b37b1d8c6c4ed6a03606e74646046c64481/analysis/1441135477/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: bb159b6fe30e3c914feac5d4e1b85a61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405975",
"to_ids": true,
"type": "sha256",
"uuid": "55f95e57-70a4-4c04-880d-6ff9950d210b",
"value": "f5eb1e8b5561dc0f861d1edbf43bbc3eeda62ff8ce1cb9b286386248b158dfc5"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: bb159b6fe30e3c914feac5d4e1b85a61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405975",
"to_ids": true,
"type": "sha1",
"uuid": "55f95e57-8fd0-4222-afab-6ff9950d210b",
"value": "a3b639e1cf9d0ed3a73d2061dc40049508ea4e37"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405975",
"to_ids": false,
"type": "link",
"uuid": "55f95e57-15ac-4e23-b13a-6ff9950d210b",
"value": "https://www.virustotal.com/file/f5eb1e8b5561dc0f861d1edbf43bbc3eeda62ff8ce1cb9b286386248b158dfc5/analysis/1440605490/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 21723762c841b2377e06472dd9691da2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405975",
"to_ids": true,
"type": "sha256",
"uuid": "55f95e57-bd98-4366-b475-6ff9950d210b",
"value": "e6154d1c2850170fa81d1405886d0227a7548dc8f012b1b73c84646707e42d27"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 21723762c841b2377e06472dd9691da2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405975",
"to_ids": true,
"type": "sha1",
"uuid": "55f95e57-75a0-427d-a431-6ff9950d210b",
"value": "1f491c497fedd020894a74a6647ab3b7b1c1a90e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1442405976",
"to_ids": false,
"type": "link",
"uuid": "55f95e58-7704-4951-8acc-6ff9950d210b",
"value": "https://www.virustotal.com/file/e6154d1c2850170fa81d1405886d0227a7548dc8f012b1b73c84646707e42d27/analysis/1437292382/"
}
]
}
}
Reference in a new issue View git blame Copy permalink