misp-circl-feed/feeds/circl/misp/5500579e-e1b4-43fe-b7c5-73da950d210b.json

356 lines
No EOL
11 KiB
JSON

{
"Event": {
"analysis": "0",
"date": "2015-02-19",
"extends_uuid": "",
"info": "OSINT Backdoor.Win32.Equationdrug.A report by Telus",
"publish_timestamp": "1498163341",
"published": true,
"threat_level_id": "1",
"timestamp": "1498163215",
"uuid": "5500579e-e1b4-43fe-b7c5-73da950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#33FF00",
"name": "tlp:green"
},
{
"colour": "#096b00",
"name": "misp-galaxy:tool=\"EquationDrug\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"Equation Group\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085814",
"to_ids": false,
"type": "link",
"uuid": "550057b6-5448-42be-8d12-78ac950d210b",
"value": "http://telussecuritylabs.com/threats/show/TSL20150219-06"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085835",
"to_ids": true,
"type": "md5",
"uuid": "550057cb-d4ec-49dc-af05-66d8950d210b",
"value": "4556ce5eb007af1de5bd3b457f0b216d"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085835",
"to_ids": true,
"type": "md5",
"uuid": "550057cb-04d4-466e-b522-66d8950d210b",
"value": "5767b9d851d0c24e13eca1bfd16ea424"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085835",
"to_ids": true,
"type": "md5",
"uuid": "550057cb-667c-4b34-9062-66d8950d210b",
"value": "c4f8671c1f00dab30f5f88d684af1927"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085853",
"to_ids": true,
"type": "sha1",
"uuid": "550057dd-bcdc-469d-87a2-b0e6950d210b",
"value": "597715224249e9fb77dc733b2e4d507f0cc41af6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085853",
"to_ids": true,
"type": "sha1",
"uuid": "550057dd-ccf8-4241-9569-b0e6950d210b",
"value": "61fab1b8451275c7fd580895d9c68e152ff46417"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085853",
"to_ids": true,
"type": "sha1",
"uuid": "550057dd-e1cc-412b-a961-b0e6950d210b",
"value": "febc4f30786db7804008dc9bc1cebdc26993e240"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-743c-40a5-91ce-a62f950d210b",
"value": "TROJAN.WIN32.EQUATIONDRUG.GEN"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-0c10-4aa6-9901-a62f950d210b",
"value": "BACKDOOR-FKQ"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-f5b0-488a-8f44-a62f950d210b",
"value": "TROJAN:WIN32/EQTONDRAG.A!DHA"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-5b74-4b5f-8eda-a62f950d210b",
"value": "TROJ/EQDRUG-A"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-bbc8-4a52-b652-a62f950d210b",
"value": "TROJAN.EQUDRUG"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-1198-438e-acbd-a62f950d210b",
"value": "TROJ_DOTTUN.VTH"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-b4f8-4575-bd92-a62f950d210b",
"value": "WIN-TROJAN/EQUATION.380928"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-c87c-4ff5-965d-a62f950d210b",
"value": "TR/DLDR.DOTTUN.380928"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-e388-436f-98f6-a62f950d210b",
"value": "TROJAN.WIN32.EQUATIONDRUG.AFQK"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005815-f5d8-457a-868a-a62f950d210b",
"value": "TROJAN.EQUATIONDRUG.R4"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005816-1e40-4a7a-878a-a62f950d210b",
"value": "TROJWARE.WIN32.EQUATIONDRUG.A"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005816-8c14-4ffd-8bb9-a62f950d210b",
"value": "TROJAN.SIGGEN6.30429"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085929",
"to_ids": false,
"type": "text",
"uuid": "55005816-fa70-4133-9ec0-a62f950d210b",
"value": "WIN32/DOTTUN.AA"
},
{
"category": "External analysis",
"comment": "Related Telus reports",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085985",
"to_ids": false,
"type": "link",
"uuid": "55005861-315c-4a3c-b489-6d66950d210b",
"value": "http://telussecuritylabs.com/threats/show/TSL20110614-01"
},
{
"category": "External analysis",
"comment": "Related Telus reports",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426085985",
"to_ids": false,
"type": "link",
"uuid": "55005861-0cc0-4bc4-99fc-6d66950d210b",
"value": "http://telussecuritylabs.com/threats/show/TSL20150217-05"
},
{
"category": "Artifacts dropped",
"comment": "Trojan.Win32.Micstus.A",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426086018",
"to_ids": true,
"type": "md5",
"uuid": "55005882-d8dc-47aa-b9d5-723f950d210b",
"value": "51e0a0fb96fa2f6f7ea1b53f656c1b1a"
},
{
"category": "Artifacts dropped",
"comment": "Trojan.Win32.Micstus.A",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426086037",
"to_ids": true,
"type": "sha1",
"uuid": "55005895-b290-4c42-818e-66d8950d210b",
"value": "99fe38d1c06b31803120598232e20b650a0616a7"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1426087646",
"to_ids": false,
"type": "text",
"uuid": "55005ede-ce48-4b86-a041-6d66950d210b",
"value": "Equation Group"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 4556ce5eb007af1de5bd3b457f0b216d)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455839160",
"to_ids": true,
"type": "sha256",
"uuid": "56c657b8-fdf8-4a90-a5ee-c654950d210f",
"value": "1b0eb1a1591140175d1ac111a98c89472b196599baf13ef67ee7f63d0052b00e"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 5767b9d851d0c24e13eca1bfd16ea424)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455839162",
"to_ids": true,
"type": "sha256",
"uuid": "56c657ba-18c8-4ee5-bcbf-599f950d210f",
"value": "9df733c565cf3c98878911af11ff17f8788c06e56466db6eaab81f8fa80344e4"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via c4f8671c1f00dab30f5f88d684af1927)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455839162",
"to_ids": true,
"type": "sha256",
"uuid": "56c657ba-b680-4acd-a75c-5ca1950d210f",
"value": "9f1b82e6c2e9760284c53c5377a054d6cfcb2bd5e36329e0f7c395aa02d79d0d"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 51e0a0fb96fa2f6f7ea1b53f656c1b1a)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1455839163",
"to_ids": true,
"type": "sha256",
"uuid": "56c657bb-ed34-4fb5-a5f0-599d950d210f",
"value": "40930aee76cdc9fff5db261154ed42f74945c17ad6f15905762aa024508b861a"
}
]
}
}