misp-circl-feed/feeds/circl/misp/595c89fd-d638-433e-b586-4a60950d210f.json

225 lines
No EOL
8.1 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2017-07-05",
"extends_uuid": "",
"info": "OSINT - Analysis of TeleBots\u00e2\u20ac\u2122 cunning backdoor",
"publish_timestamp": "1499327309",
"published": true,
"threat_level_id": "3",
"timestamp": "1499327306",
"uuid": "595c89fd-d638-433e-b586-4a60950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237223",
"to_ids": false,
"type": "link",
"uuid": "595c8a1b-87b0-47d3-b8c1-4488950d210f",
"value": "https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237223",
"to_ids": false,
"type": "text",
"uuid": "595c8a34-a9c8-4848-9d2a-4059950d210f",
"value": "On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, the malware authors\u00e2\u20ac\u2122 intention was to cause damage, so they did all that they could to make data decryption very unlikely.\r\nIn our previous blogpost, we attributed this attack to the TeleBots group and uncovered details about other similar supply chain attacks against Ukraine. This article reveals details about the initial distribution vector that was used during the DiskCoder.C outbreak.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": false,
"type": "text",
"uuid": "595c8a44-7348-442b-ad78-4150950d210f",
"value": "MSIL/TeleDoor.A"
},
{
"category": "Network activity",
"comment": "Legitimate servers abused by malware authors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": false,
"type": "hostname",
"uuid": "595c8a55-dea4-4b76-91d5-4095950d210f",
"value": "upd.me-doc.com.ua"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "sha1",
"uuid": "595c8a67-f748-4d4b-9e6d-4231950d210f",
"value": "7b051e7e7a82f07873fa360958acc6492e4385dd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "sha1",
"uuid": "595c8a67-f3e8-4c1f-92ef-49aa950d210f",
"value": "7f3b1c56c180369ae7891483675bec61f3182f27"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "sha1",
"uuid": "595c8a67-873c-4735-a362-4f7d950d210f",
"value": "3567434e2e49358e8210674641a20b147e0bd23c"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 3567434e2e49358e8210674641a20b147e0bd23c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "sha256",
"uuid": "595c8b18-cad4-4836-b9f1-4c8702de0b81",
"value": "2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 3567434e2e49358e8210674641a20b147e0bd23c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "md5",
"uuid": "595c8b18-1e74-4a88-adfa-492802de0b81",
"value": "3efe62f6cb7285153114f888900a0962"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 3567434e2e49358e8210674641a20b147e0bd23c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": false,
"type": "link",
"uuid": "595c8b18-58b0-4e77-a3b9-4b5402de0b81",
"value": "https://www.virustotal.com/file/2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277/analysis/1499236176/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7f3b1c56c180369ae7891483675bec61f3182f27",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "sha256",
"uuid": "595c8b18-85d0-48bd-8690-430602de0b81",
"value": "d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7f3b1c56c180369ae7891483675bec61f3182f27",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "md5",
"uuid": "595c8b18-04d4-4133-b4c6-4b5502de0b81",
"value": "87db6af04613f4bd70467720239117e5"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 7f3b1c56c180369ae7891483675bec61f3182f27",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": false,
"type": "link",
"uuid": "595c8b18-8d78-458a-bde0-43b902de0b81",
"value": "https://www.virustotal.com/file/d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac/analysis/1499232770/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7b051e7e7a82f07873fa360958acc6492e4385dd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "sha256",
"uuid": "595c8b18-91b0-46d6-90d4-415602de0b81",
"value": "f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7b051e7e7a82f07873fa360958acc6492e4385dd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": true,
"type": "md5",
"uuid": "595c8b18-0f48-4815-988c-4cbf02de0b81",
"value": "8f5718be4ba2c6e4f8ce1597248bb03f"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 7b051e7e7a82f07873fa360958acc6492e4385dd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499237144",
"to_ids": false,
"type": "link",
"uuid": "595c8b18-5990-458f-a79b-440b02de0b81",
"value": "https://www.virustotal.com/file/f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740/analysis/1499234664/"
}
]
}
}