adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/57b47152-b938-42f7-aa36-4bf1950d210f.json

297 lines
No EOL
11 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2016-08-17",
"extends_uuid": "",
"info": "OSINT Generic Yara rule to detect PlugX by Jay DiMartino",
"publish_timestamp": "1474835789",
"published": true,
"threat_level_id": "2",
"timestamp": "1471443370",
"uuid": "57b47152-b938-42f7-aa36-4bf1950d210f",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443310",
"to_ids": false,
"type": "link",
"uuid": "57b4716e-624c-431e-af53-40c2950d210f",
"value": "https://github.com/Neo23x0/signature-base/blob/master/yara/apt_plugx.yar"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443327",
"to_ids": true,
"type": "yara",
"uuid": "57b4717f-cc50-4b81-9fd1-4f64950d210f",
"value": "rule APTGroupX_PlugXTrojanLoader_StringDecode {\r\n meta:\r\n author = \"Jay DiMartino\"\r\n \tdescription = \"Rule to detect PlugX Malware\"\r\n\t\tscore = 80\r\n \treference = \"https://t.co/4xQ8G2mNap\"\r\n hash1 = \"0535e8c300204e257f0fa57630f386e9fcc8e779\"\r\n hash2 = \"088ebf9ccde958f32d11f4e7eb14f5332332f97d\"\r\n hash3 = \"0c999d0bffa007e9e6b6fe593933b52f40c75b3d\"\r\n hash4 = \"2f644e7131ec0a4f12ce04ba1e54d23856dbbfbf\"\r\n hash5 = \"3be9148ad132ca342d5fbabea1119a175ef1df7c\"\r\n hash6 = \"4c1ee94ec0e15491fc4f6b4095f67eee6309e62a\"\r\n hash7 = \"587af7ce05e61d4c312d6bae12ea380116b08d7e\"\r\n hash8 = \"5990efd83b5646a7ba419541d3a2c19260224ca3\"\r\n hash9 = \"67970367c250c44a5feb263843cf45fd91336df5\"\r\n hash10 = \"68f53f7188910a4cf67843aedd38c1523f1f2e7c\"\r\n hash11 = \"962dc7e0ad37286df012f623423ac4182fe791ca\"\r\n hash12 = \"aa0976906807af2e1b127608040aa3ef6e118a13\"\r\n hash13 = \"b170d015e32b39fa4ac15f94d58e45e65cd16d6c\"\r\n hash14 = \"c9b3d2cef3b34c7ee18fc2f60ff022965959613d\"\r\n hash15 = \"cd425ce7f3e4a823d9027780e1b439759c4dc665\"\r\n hash16 = \"d5e82513c6472d3826a22d9a15c05af8c0d33b58\"\r\n hash17 = \"d9b32084f27ef13001060e1dcee8a1a9e95d89a6\"\r\n hash18 = \"daa2d1cb9148b7ba5a86fa9ab593678e77c92672\"\r\n hash19 = \"e2c098a95d1c1f0e29f207af9c5ffc5bd69a92ee\"\r\n hash20 = \"ef8cf68dc3c80e9cb5a3fa0f92b544eab583812e\"\r\n hash21 = \"f0fc0a4e4e0748464caa6a202d0083cd33458677\"\r\n hash22 = \"fe1abe55529c1d6aa6b2a2f02d7e41ea58040feb\"\r\n strings:\r\n $byte1 = { 8A [2-4] 8A [2-4] FF 05 00 30 00 10 [0-5] 2A [1-6] 80 [2-7] 02 [1-6] 88 0? }\r\n $byte2 = { 8B [2-4] 8A [2-4] FF 05 00 30 00 10 [0-5] 2A [1-6] 80 [2-7] 02 [1-6] 88 0? }\r\n condition:\r\n any of them\r\n}"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443365",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a5-25b0-4f2d-9181-489a950d210f",
"value": "0535e8c300204e257f0fa57630f386e9fcc8e779"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443365",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a5-9708-4b32-885d-4249950d210f",
"value": "088ebf9ccde958f32d11f4e7eb14f5332332f97d"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443366",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a6-5574-48ae-84e9-4d11950d210f",
"value": "0c999d0bffa007e9e6b6fe593933b52f40c75b3d"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443366",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a6-137c-4dd7-9756-46db950d210f",
"value": "2f644e7131ec0a4f12ce04ba1e54d23856dbbfbf"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443366",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a6-4dc4-4f35-a8f4-4d2d950d210f",
"value": "3be9148ad132ca342d5fbabea1119a175ef1df7c"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443366",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a6-c6e0-49f9-8e12-440b950d210f",
"value": "4c1ee94ec0e15491fc4f6b4095f67eee6309e62a"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443366",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a6-7f80-4c6d-8825-4e11950d210f",
"value": "587af7ce05e61d4c312d6bae12ea380116b08d7e"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443367",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a7-58e0-40fe-9ce5-400c950d210f",
"value": "5990efd83b5646a7ba419541d3a2c19260224ca3"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443367",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a7-43b0-44ef-80f9-4b20950d210f",
"value": "67970367c250c44a5feb263843cf45fd91336df5"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443367",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a7-a564-48fd-8a5e-4c05950d210f",
"value": "68f53f7188910a4cf67843aedd38c1523f1f2e7c"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443367",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a7-9994-4528-be80-45fe950d210f",
"value": "962dc7e0ad37286df012f623423ac4182fe791ca"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443367",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a8-357c-4f03-aff5-4230950d210f",
"value": "aa0976906807af2e1b127608040aa3ef6e118a13"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443368",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a8-c8a8-4844-8897-46b1950d210f",
"value": "b170d015e32b39fa4ac15f94d58e45e65cd16d6c"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443368",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a8-fb7c-4dd7-b366-495f950d210f",
"value": "c9b3d2cef3b34c7ee18fc2f60ff022965959613d"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443368",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a8-fb24-4246-8f8e-4093950d210f",
"value": "cd425ce7f3e4a823d9027780e1b439759c4dc665"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443368",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a8-c074-49c5-a84a-4c2b950d210f",
"value": "d5e82513c6472d3826a22d9a15c05af8c0d33b58"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443369",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a9-29f0-4524-9743-4ffb950d210f",
"value": "d9b32084f27ef13001060e1dcee8a1a9e95d89a6"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443369",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a9-4a44-46d5-94ad-400c950d210f",
"value": "daa2d1cb9148b7ba5a86fa9ab593678e77c92672"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443369",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a9-0f70-4473-9189-41f6950d210f",
"value": "e2c098a95d1c1f0e29f207af9c5ffc5bd69a92ee"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443369",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a9-2588-4b70-8997-4f2f950d210f",
"value": "ef8cf68dc3c80e9cb5a3fa0f92b544eab583812e"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443369",
"to_ids": true,
"type": "sha1",
"uuid": "57b471a9-83b8-4570-81c2-45f8950d210f",
"value": "f0fc0a4e4e0748464caa6a202d0083cd33458677"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471443370",
"to_ids": true,
"type": "sha1",
"uuid": "57b471aa-ef54-405c-a475-4d95950d210f",
"value": "fe1abe55529c1d6aa6b2a2f02d7e41ea58040feb"
}
]
}
}
Reference in a new issue View git blame Copy permalink