524 lines
No EOL
18 KiB
JSON
524 lines
No EOL
18 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-08-30",
|
|
"extends_uuid": "",
|
|
"info": "OSINT KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia by Palo Alto Networks Unit 42",
|
|
"publish_timestamp": "1444718732",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1444718728",
|
|
"uuid": "55e6bb38-180c-4497-afd6-601a950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441184587",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55e6bb4b-4460-4261-9e71-67f5950d210b",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441184595",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "55e6bb53-2c24-434f-a269-36be950d210b",
|
|
"value": "Keyraider"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627627",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7deb-cc04-406f-8af1-4e21950d210b",
|
|
"value": "1cba9fe852b05c4843922c123c06117191958e1d"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627627",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7deb-9988-4805-a1e6-49f8950d210b",
|
|
"value": "4a154eabd5a5bd6ad0203eea6ed68b31e25811d7"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627627",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7deb-8454-4b5c-b739-4907950d210b",
|
|
"value": "5c7c83ab04858890d74d96cd1f353e24dec3ba66"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627628",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7dec-0a98-4f38-93e9-42ed950d210b",
|
|
"value": "717373f57ff4398316cce593af11bd45c55c9b91"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627628",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7dec-5b44-43bd-8e36-444c950d210b",
|
|
"value": "8886d72b087017b0cdca2f18b0005b6cb302e83d"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627628",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7dec-8020-49cf-8cc7-4954950d210b",
|
|
"value": "9ae5549fdd90142985c3ae7a7e983d4fcb2b797f"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627629",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7ded-7344-4337-bcc8-4aa4950d210b",
|
|
"value": "a05b9af5f4c40129575cce321cd4b0435f89fba8"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627629",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7ded-1554-47c6-a465-478e950d210b",
|
|
"value": "af5d7ffe0d1561f77e979c189f22e11a33c7a407"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627629",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7ded-be64-475f-ac4c-4692950d210b",
|
|
"value": "bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627630",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ed7dee-bdf8-412f-a134-47dc950d210b",
|
|
"value": "e0576cd9831f1c6495408471fcacb1b54597ac24"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627667",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7e13-f604-45ad-874c-4f8d950d210b",
|
|
"value": "top100.gotoip4.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627667",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7e13-1c2c-411f-8f2e-4a50950d210b",
|
|
"value": "www.wushidou.cn"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627681",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7e21-ca24-4ad4-b7c2-4a39950d210b",
|
|
"value": "113.10.174.167"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: e0576cd9831f1c6495408471fcacb1b54597ac24",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718661",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca845-5de4-4e2d-b895-4ec6950d210b",
|
|
"value": "20f802f3c74f3452010c2d56f02cac96a6ce191c970f4901156310a5888ab015"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: e0576cd9831f1c6495408471fcacb1b54597ac24",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718662",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca846-65ec-485a-96ec-4080950d210b",
|
|
"value": "ddf224f63ee9c7fba76298664a2b0b00"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718662",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca846-91d4-4cb8-b028-46ee950d210b",
|
|
"value": "https://www.virustotal.com/file/20f802f3c74f3452010c2d56f02cac96a6ce191c970f4901156310a5888ab015/analysis/1444666982/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718663",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca847-f3ac-420d-b489-42d7950d210b",
|
|
"value": "63007787f847d4070cc5ea5e69e8772ad8ad877ae3a0dd24c6457480d9db3099"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: bb56acf8b48900f62eb4e4380dcf7f5acfbdf80d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718663",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca847-081c-4932-b45f-45e6950d210b",
|
|
"value": "2669e97eeb78df448225e6786d34f9ab"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718664",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca848-5284-4b97-9219-491c950d210b",
|
|
"value": "https://www.virustotal.com/file/63007787f847d4070cc5ea5e69e8772ad8ad877ae3a0dd24c6457480d9db3099/analysis/1444667162/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: af5d7ffe0d1561f77e979c189f22e11a33c7a407",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718664",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca848-f490-4f76-9d44-4e08950d210b",
|
|
"value": "28177018ef22be760e12c38c447f69f6962f66f07271a83cc8e1e0e86a10221b"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: af5d7ffe0d1561f77e979c189f22e11a33c7a407",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718664",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca848-d310-43e7-bfeb-4d0c950d210b",
|
|
"value": "0f710f8397ec969af26c299a63aeda8b"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718665",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca849-176c-4504-988e-4db2950d210b",
|
|
"value": "https://www.virustotal.com/file/28177018ef22be760e12c38c447f69f6962f66f07271a83cc8e1e0e86a10221b/analysis/1444667161/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: a05b9af5f4c40129575cce321cd4b0435f89fba8",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718665",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca849-1904-451b-abba-4c92950d210b",
|
|
"value": "9bcbd9c527abc70e5675b6f61a27d1d5a0a7cba0cd0070cc46439b6a564eda6d"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: a05b9af5f4c40129575cce321cd4b0435f89fba8",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718666",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca84a-02f8-4291-9de9-4008950d210b",
|
|
"value": "02464ae6259a2c8194470385781501b7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718666",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca84a-e368-4d86-81fe-42c2950d210b",
|
|
"value": "https://www.virustotal.com/file/9bcbd9c527abc70e5675b6f61a27d1d5a0a7cba0cd0070cc46439b6a564eda6d/analysis/1444667162/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 9ae5549fdd90142985c3ae7a7e983d4fcb2b797f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718666",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca84a-a7ec-42ab-a9bf-49b9950d210b",
|
|
"value": "46df0e140082e650f794df40b43179d276219eff080df87707484ad503d8e3d6"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 9ae5549fdd90142985c3ae7a7e983d4fcb2b797f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718667",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca84b-33b4-4c0a-93a7-4527950d210b",
|
|
"value": "ec89c9cf095d2d0c45fbd29590365584"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718667",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca84b-4d78-44d9-aae1-4bc2950d210b",
|
|
"value": "https://www.virustotal.com/file/46df0e140082e650f794df40b43179d276219eff080df87707484ad503d8e3d6/analysis/1444667162/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 8886d72b087017b0cdca2f18b0005b6cb302e83d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718668",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca84c-c204-4c1d-9f59-472b950d210b",
|
|
"value": "4b7e730af2239020083ab1f45d1d87049eee8cf7b99cb412928f3936c95f6d06"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 8886d72b087017b0cdca2f18b0005b6cb302e83d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718668",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca84c-6890-4ce4-881a-4c2c950d210b",
|
|
"value": "caaf060572e57b6d175c3959495bcdbf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718668",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca84c-c31c-4c5a-ac93-45ff950d210b",
|
|
"value": "https://www.virustotal.com/file/4b7e730af2239020083ab1f45d1d87049eee8cf7b99cb412928f3936c95f6d06/analysis/1444667162/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 717373f57ff4398316cce593af11bd45c55c9b91",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718669",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca84d-056c-46f2-b707-4958950d210b",
|
|
"value": "f657a54c822e4fe7ae8f6275f1eccd361bac363357f726649cd80623d86fcda1"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 717373f57ff4398316cce593af11bd45c55c9b91",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718669",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca84d-b770-461f-bc4c-4880950d210b",
|
|
"value": "8985ecbc80d257e02c1e30b0268d91e7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718670",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca84e-91b4-41c5-b66e-45a8950d210b",
|
|
"value": "https://www.virustotal.com/file/f657a54c822e4fe7ae8f6275f1eccd361bac363357f726649cd80623d86fcda1/analysis/1444667289/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 5c7c83ab04858890d74d96cd1f353e24dec3ba66",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718670",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca84e-ffa0-4945-96da-4149950d210b",
|
|
"value": "ef8f5cd5075df7629c5c6377bd342e0aff15df0b4542d2c96dbb5b15cce61e26"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 5c7c83ab04858890d74d96cd1f353e24dec3ba66",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718670",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca84e-1d54-4384-884b-423f950d210b",
|
|
"value": "dc71cb3a71f159e667367cb07d2660f7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718671",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca84f-2fe0-4735-8873-4236950d210b",
|
|
"value": "https://www.virustotal.com/file/ef8f5cd5075df7629c5c6377bd342e0aff15df0b4542d2c96dbb5b15cce61e26/analysis/1444667162/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 4a154eabd5a5bd6ad0203eea6ed68b31e25811d7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718671",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca84f-03a4-44cc-a4bf-4403950d210b",
|
|
"value": "f09dfe8060648e2cf824c6e6e1f643eefb896dd42e8aacf41506ed03f0a53fcc"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 4a154eabd5a5bd6ad0203eea6ed68b31e25811d7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718671",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca84f-b958-4be6-a063-4dd6950d210b",
|
|
"value": "1dd1a8c6c213e3b51cd2463d764a9c62"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718672",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca850-3654-407b-a26b-4bb5950d210b",
|
|
"value": "https://www.virustotal.com/file/f09dfe8060648e2cf824c6e6e1f643eefb896dd42e8aacf41506ed03f0a53fcc/analysis/1444666982/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 1cba9fe852b05c4843922c123c06117191958e1d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718672",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "561ca850-29f4-47ae-a0bb-4cc6950d210b",
|
|
"value": "572f53a5fa3b800e05b9a94d0efb3a44c52adfeaf18addac73652f2b1350dc0e"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 1cba9fe852b05c4843922c123c06117191958e1d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718673",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "561ca851-cce8-4d40-b014-40e4950d210b",
|
|
"value": "3c57e433fbba1ac1e4dc1b84cec038fb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1444718673",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "561ca851-3194-494a-9686-4ce4950d210b",
|
|
"value": "https://www.virustotal.com/file/572f53a5fa3b800e05b9a94d0efb3a44c52adfeaf18addac73652f2b1350dc0e/analysis/1444667161/"
|
|
}
|
|
]
|
|
}
|
|
} |