adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a1e6e1d-4cc0-4ce6-aeba-7e44950d210f.json

1064 lines
No EOL
39 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-11-28",
"extends_uuid": "",
"info": "OSINT - UBoatRAT Navigates East Asia",
"publish_timestamp": "1514467539",
"published": true,
"threat_level_id": "3",
"timestamp": "1512010840",
"uuid": "5a1e6e1d-4cc0-4ce6-aeba-7e44950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "2017 annual salary raise inquiry related feedback survey",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "filename",
"uuid": "5a1e6e92-b21c-4355-83bc-7e3d950d210f",
"value": "2017\u00eb\u2026\u201e \u00ec\u2014\u00b0\u00eb\u00b4\u2030\u00ec\u009d\u00b8\u00ec\u0192\u0081 \u00eb\u00ac\u00b8\u00ec\u009d\u02dc \u00ec\u201a\u00ac\u00ed\u2022\u00ad\u00ea\u00b4\u20ac\u00eb\u00a0\u00a8 \u00ed\u201d\u00bc\u00eb\u201c\u0153\u00eb\u00b0\u00b1 \u00ec\u00a1\u00b0\u00ec\u201a\u00ac.exe"
},
{
"category": "Payload delivery",
"comment": "2017 annual salary raise feedback",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "filename",
"uuid": "5a1e6e93-357c-4320-a5df-7e3d950d210f",
"value": "2017\u00eb\u2026\u201e \u00ec\u2014\u00b0\u00eb\u00b4\u2030\u00ec\u009d\u00b8\u00ec\u0192\u0081 \u00eb\u00ac\u00b8\u00ec\u009d\u02dc \u00ec\u201a\u00ac\u00ed\u2022\u00ad\u00ea\u00b4\u20ac\u00eb\u00a0\u00a8 \u00ed\u201d\u00bc\u00eb\u201c\u0153\u00eb\u00b0\u00b1 \u00ec\u00a0\u201e\u00eb\u2039\u00ac.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "filename",
"uuid": "5a1e6e93-1ed4-40d6-837d-7e3d950d210f",
"value": "[Business]RyoKim\u00e2\u20ac\u2122s__resume__20170629.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "filename",
"uuid": "5a1e6e93-feb4-4918-b303-7e3d950d210f",
"value": "[Project W]Gravity business cooperation.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "filename",
"uuid": "5a1e6fb8-21e0-46a4-9a14-42bb950d210f",
"value": "%ALLUSERSPROFILE%\\svchost.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "filename",
"uuid": "5a1e6fb8-0dc0-42a7-ab67-44a0950d210f",
"value": "%ALLUSERSPROFILE%\\init.bat"
},
{
"category": "Network activity",
"comment": "Web Access",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "url",
"uuid": "5a1e7047-f180-48e6-abe3-ad09950d210f",
"value": "https://raw.githubusercontent.com/r1ng/news/master/README.md"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-b744-4bba-b544-acff950d210f",
"value": "bf7c6e911f14a1f8679c9b0c2b183d74d5accd559e17297adcd173d76755e271"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-c980-4731-bca2-acff950d210f",
"value": "6bea49e4260f083ed6b73e100550ecd22300806071f4a6326e0544272a84526c"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-68a8-43af-8d79-acff950d210f",
"value": "cf832f32b8d27cf9911031910621c21bd3c20e71cc062716923304dacf4dadb7"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-3560-4100-a6a3-acff950d210f",
"value": "7b32f401e2ad577e8398b2975ecb5c5ce68c5b07717b1e0d762f90a6fbd8add1"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-f338-4937-a779-acff950d210f",
"value": "04873dbd63279228a0a4bb1184933b64adb880e874bd3d14078161d06e232c9b"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-befc-4df5-be4e-acff950d210f",
"value": "42d8a84cd49ff3afacf3d549fbab1fa80d5eda0c8625938b6d32e18004b0edac"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-4538-462c-adf7-acff950d210f",
"value": "7be6eaa3f9eb288de5606d02bc79e6c8e7fc63935894cd793bc1fab08c7f86c7"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-4d24-49e4-bc30-acff950d210f",
"value": "460328fe57110fc01837d80c0519fb99ea4a35ea5b890785d1e88c91bea9ade5"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-433c-43fd-83cf-acff950d210f",
"value": "55dd22448e9340d13b439272a177565ace9f5cf69586f8be0443b6f9c81aa6e7"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948360",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-0db0-42d3-b8a7-acff950d210f",
"value": "9db387138a1fdfa04127a4841cf024192e41e47491388e133c00325122b3ea82"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7201-61ec-43e5-8249-acff950d210f",
"value": "e52d866e5b77e885e36398249f242f8ff1a224ecce065892dc200c57595bb494"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7202-7cbc-4824-b342-acff950d210f",
"value": "eb92456bf3ab86bd71d74942bb955062550fa10248d67faeeeedd9ff4785f41e"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7202-cb70-43c3-a458-acff950d210f",
"value": "452b1675437ef943988c48932787e2e4decfe8e4c3bed728f490d55b3d496875"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7202-df9c-48d3-9105-acff950d210f",
"value": "66c2baa370125448ddf3053d59085b3d6ab78659efee9f152b310e61d2e7edb5"
},
{
"category": "Payload delivery",
"comment": "Downloader SHA256",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha256",
"uuid": "5a1e7366-3338-4056-a20a-acff950d210f",
"value": "f4c659238ffab95e87894d2c556f887774dce2431e8cb87f881df4e4d26253a3"
},
{
"category": "Network activity",
"comment": "Web Access",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "url",
"uuid": "5a1e7383-fef4-40da-bb60-7e41950d210f",
"value": "https://raw.githubusercontent.com/elsa999/uuu/master/README.md"
},
{
"category": "Network activity",
"comment": "Web Access",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "url",
"uuid": "5a1e7383-4c5c-45d4-9e1d-7e41950d210f",
"value": "http://www.ak(masked).jp/images/"
},
{
"category": "Network activity",
"comment": "Web Access",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "url",
"uuid": "5a1e7383-0664-463e-80d9-7e41950d210f",
"value": "http://elsakrblog.blogspot.hk/2017/03/test.html"
},
{
"category": "Payload delivery",
"comment": "Downloader SHA256 - Xchecked via VT: f4c659238ffab95e87894d2c556f887774dce2431e8cb87f881df4e4d26253a3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-b69c-43a4-96a5-494b02de0b81",
"value": "ea26c32d2a31d2bc5575ef9ff4d32458e1c7ff58"
},
{
"category": "Payload delivery",
"comment": "Downloader SHA256 - Xchecked via VT: f4c659238ffab95e87894d2c556f887774dce2431e8cb87f881df4e4d26253a3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-979c-4d90-897b-4b7302de0b81",
"value": "fe4be1bd2c058d8aa53c38eb02dd0255"
},
{
"category": "External analysis",
"comment": "Downloader SHA256 - Xchecked via VT: f4c659238ffab95e87894d2c556f887774dce2431e8cb87f881df4e4d26253a3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-e1b0-4576-b543-4a8d02de0b81",
"value": "https://www.virustotal.com/file/f4c659238ffab95e87894d2c556f887774dce2431e8cb87f881df4e4d26253a3/analysis/1498777151/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 66c2baa370125448ddf3053d59085b3d6ab78659efee9f152b310e61d2e7edb5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-dcb8-4f36-a9b0-4d9b02de0b81",
"value": "35ed718e257b6b1fc3eb30059d0233c0fa4eb4c4"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 66c2baa370125448ddf3053d59085b3d6ab78659efee9f152b310e61d2e7edb5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-0fc0-4609-ba7e-44db02de0b81",
"value": "46665b820a922b61816aa2aa6e022304"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 66c2baa370125448ddf3053d59085b3d6ab78659efee9f152b310e61d2e7edb5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-1298-425d-a5cd-4e7302de0b81",
"value": "https://www.virustotal.com/file/66c2baa370125448ddf3053d59085b3d6ab78659efee9f152b310e61d2e7edb5/analysis/1496917903/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 452b1675437ef943988c48932787e2e4decfe8e4c3bed728f490d55b3d496875",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-ce98-4b73-9cf0-4fe902de0b81",
"value": "95887abfea573a0e21ded335068a897893665033"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 452b1675437ef943988c48932787e2e4decfe8e4c3bed728f490d55b3d496875",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-9988-45e7-bdc0-47f102de0b81",
"value": "b46e9f052ed043ecc89641390c20884b"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 452b1675437ef943988c48932787e2e4decfe8e4c3bed728f490d55b3d496875",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-47e4-4922-9b3b-4ec802de0b81",
"value": "https://www.virustotal.com/file/452b1675437ef943988c48932787e2e4decfe8e4c3bed728f490d55b3d496875/analysis/1511928794/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: eb92456bf3ab86bd71d74942bb955062550fa10248d67faeeeedd9ff4785f41e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-1f4c-4a0e-9058-4d9502de0b81",
"value": "6310a51b921ffed41f01ced009e90b774f41f3bf"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: eb92456bf3ab86bd71d74942bb955062550fa10248d67faeeeedd9ff4785f41e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-dc30-4b6f-b0b5-4df202de0b81",
"value": "b1c97373575f0be0a1391959c4aed24b"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: eb92456bf3ab86bd71d74942bb955062550fa10248d67faeeeedd9ff4785f41e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-fbcc-40ac-b6a0-4d1902de0b81",
"value": "https://www.virustotal.com/file/eb92456bf3ab86bd71d74942bb955062550fa10248d67faeeeedd9ff4785f41e/analysis/1511928784/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: e52d866e5b77e885e36398249f242f8ff1a224ecce065892dc200c57595bb494",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-2574-4b8b-b0f9-4f5d02de0b81",
"value": "d1795a10bbd8883e442547634e9a89cf67b8ebd8"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: e52d866e5b77e885e36398249f242f8ff1a224ecce065892dc200c57595bb494",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-b830-4eed-be4c-470002de0b81",
"value": "02a7993fcd5fea4442271e91e12d2df7"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: e52d866e5b77e885e36398249f242f8ff1a224ecce065892dc200c57595bb494",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-8b3c-4179-95b1-4d9202de0b81",
"value": "https://www.virustotal.com/file/e52d866e5b77e885e36398249f242f8ff1a224ecce065892dc200c57595bb494/analysis/1511928640/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 9db387138a1fdfa04127a4841cf024192e41e47491388e133c00325122b3ea82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-2220-4788-8461-433702de0b81",
"value": "6d729ff088d06fa5a24c474b97bd6de368da281b"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 9db387138a1fdfa04127a4841cf024192e41e47491388e133c00325122b3ea82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-08fc-4965-9237-4d8a02de0b81",
"value": "447b4aae6a8b286b846367e59a6960c8"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 9db387138a1fdfa04127a4841cf024192e41e47491388e133c00325122b3ea82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-05d4-42a7-8f65-4b9302de0b81",
"value": "https://www.virustotal.com/file/9db387138a1fdfa04127a4841cf024192e41e47491388e133c00325122b3ea82/analysis/1511941637/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 55dd22448e9340d13b439272a177565ace9f5cf69586f8be0443b6f9c81aa6e7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-ace0-42c5-bb84-4cc102de0b81",
"value": "d959f60eef45678e1885c5ce128380faf6c24298"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 55dd22448e9340d13b439272a177565ace9f5cf69586f8be0443b6f9c81aa6e7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-5b58-4001-81a2-45a602de0b81",
"value": "61e89917c5efa241d5130afe53b2bbfd"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 55dd22448e9340d13b439272a177565ace9f5cf69586f8be0443b6f9c81aa6e7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-da68-4a49-8bed-4a7802de0b81",
"value": "https://www.virustotal.com/file/55dd22448e9340d13b439272a177565ace9f5cf69586f8be0443b6f9c81aa6e7/analysis/1511912899/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 460328fe57110fc01837d80c0519fb99ea4a35ea5b890785d1e88c91bea9ade5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-3cec-4105-9987-498d02de0b81",
"value": "ad1d8d3b27cc3a269bcf2b7b0c52228c2e5ab18c"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 460328fe57110fc01837d80c0519fb99ea4a35ea5b890785d1e88c91bea9ade5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-e118-4099-b7fb-47d102de0b81",
"value": "6cdd41daf6f36231b608b11cbe3c159b"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 460328fe57110fc01837d80c0519fb99ea4a35ea5b890785d1e88c91bea9ade5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-28b0-456e-a8ce-4b7402de0b81",
"value": "https://www.virustotal.com/file/460328fe57110fc01837d80c0519fb99ea4a35ea5b890785d1e88c91bea9ade5/analysis/1507085530/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 7be6eaa3f9eb288de5606d02bc79e6c8e7fc63935894cd793bc1fab08c7f86c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-9618-4c87-974c-40f102de0b81",
"value": "3a2c1f4a013da2f79f40f227e14d5cfc0de05afc"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 7be6eaa3f9eb288de5606d02bc79e6c8e7fc63935894cd793bc1fab08c7f86c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-89d8-4cb8-a0fc-493302de0b81",
"value": "80501fa0d1880fd84f49a84eb8b8cb8e"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 7be6eaa3f9eb288de5606d02bc79e6c8e7fc63935894cd793bc1fab08c7f86c7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-33c4-40de-b45c-454302de0b81",
"value": "https://www.virustotal.com/file/7be6eaa3f9eb288de5606d02bc79e6c8e7fc63935894cd793bc1fab08c7f86c7/analysis/1507104251/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 42d8a84cd49ff3afacf3d549fbab1fa80d5eda0c8625938b6d32e18004b0edac",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-aba8-4247-83fb-4be402de0b81",
"value": "8ea67fb6bb931d17ef0c889385684586404900f0"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 42d8a84cd49ff3afacf3d549fbab1fa80d5eda0c8625938b6d32e18004b0edac",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-3888-4811-8660-444802de0b81",
"value": "3bc02082ff458cd0134460b7a5c0c0cf"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 42d8a84cd49ff3afacf3d549fbab1fa80d5eda0c8625938b6d32e18004b0edac",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-a068-49ac-8650-4bb602de0b81",
"value": "https://www.virustotal.com/file/42d8a84cd49ff3afacf3d549fbab1fa80d5eda0c8625938b6d32e18004b0edac/analysis/1506053846/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 04873dbd63279228a0a4bb1184933b64adb880e874bd3d14078161d06e232c9b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-cd94-4382-92cf-410202de0b81",
"value": "51cb7116a6710cebbc3c63f8a28ab6a873f6d9aa"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 04873dbd63279228a0a4bb1184933b64adb880e874bd3d14078161d06e232c9b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-db38-4b22-a47c-499f02de0b81",
"value": "c06ed2a7fa9f6d2364912942d2dc0312"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 04873dbd63279228a0a4bb1184933b64adb880e874bd3d14078161d06e232c9b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-2a3c-4635-b8dc-492c02de0b81",
"value": "https://www.virustotal.com/file/04873dbd63279228a0a4bb1184933b64adb880e874bd3d14078161d06e232c9b/analysis/1507120388/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 7b32f401e2ad577e8398b2975ecb5c5ce68c5b07717b1e0d762f90a6fbd8add1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-72d8-44da-8e6e-4b5f02de0b81",
"value": "850b53088e71b5445a5aba5a6c1f9e8a9570165a"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 7b32f401e2ad577e8398b2975ecb5c5ce68c5b07717b1e0d762f90a6fbd8add1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-e7bc-4a42-8956-4b6d02de0b81",
"value": "8c46853cce03a402d1f62403fd064f68"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 7b32f401e2ad577e8398b2975ecb5c5ce68c5b07717b1e0d762f90a6fbd8add1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-a034-436b-9d4d-442302de0b81",
"value": "https://www.virustotal.com/file/7b32f401e2ad577e8398b2975ecb5c5ce68c5b07717b1e0d762f90a6fbd8add1/analysis/1507671973/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: cf832f32b8d27cf9911031910621c21bd3c20e71cc062716923304dacf4dadb7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-043c-43d5-bad4-428002de0b81",
"value": "ba2006c89c2de8735135ca73e6de4990432d8043"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: cf832f32b8d27cf9911031910621c21bd3c20e71cc062716923304dacf4dadb7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-8134-4d5d-853b-4a5a02de0b81",
"value": "ea3209b83b3493419c61a2c30602a06d"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: cf832f32b8d27cf9911031910621c21bd3c20e71cc062716923304dacf4dadb7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-7768-4dd7-9831-466002de0b81",
"value": "https://www.virustotal.com/file/cf832f32b8d27cf9911031910621c21bd3c20e71cc062716923304dacf4dadb7/analysis/1511913145/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 6bea49e4260f083ed6b73e100550ecd22300806071f4a6326e0544272a84526c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-2340-4ea4-9040-4be202de0b81",
"value": "eb23b1962cf1a9492aa864d93583a10afec02b48"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 6bea49e4260f083ed6b73e100550ecd22300806071f4a6326e0544272a84526c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-df00-4dce-b580-4c1f02de0b81",
"value": "e3c63cfcd9fa3fbff4215b1a812c6b77"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: 6bea49e4260f083ed6b73e100550ecd22300806071f4a6326e0544272a84526c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e8049-6e54-4386-a4da-433902de0b81",
"value": "https://www.virustotal.com/file/6bea49e4260f083ed6b73e100550ecd22300806071f4a6326e0544272a84526c/analysis/1511947376/"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: bf7c6e911f14a1f8679c9b0c2b183d74d5accd559e17297adcd173d76755e271",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "sha1",
"uuid": "5a1e8049-4de0-4df9-b443-4a0502de0b81",
"value": "d3b74adb11e1267d46f434c34fdfb45b295019cf"
},
{
"category": "Payload delivery",
"comment": "UBoatRAT SHA256 - Xchecked via VT: bf7c6e911f14a1f8679c9b0c2b183d74d5accd559e17297adcd173d76755e271",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": true,
"type": "md5",
"uuid": "5a1e8049-03c4-4862-8761-4df902de0b81",
"value": "6fc94b35c3ae2c824becbe3619ef5634"
},
{
"category": "External analysis",
"comment": "UBoatRAT SHA256 - Xchecked via VT: bf7c6e911f14a1f8679c9b0c2b183d74d5accd559e17297adcd173d76755e271",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511948361",
"to_ids": false,
"type": "link",
"uuid": "5a1e804a-b920-4d71-85dc-478602de0b81",
"value": "https://www.virustotal.com/file/bf7c6e911f14a1f8679c9b0c2b183d74d5accd559e17297adcd173d76755e271/analysis/1511913412/"
}
],
"Object": [
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511945640",
"uuid": "5a1e75a8-4948-48c0-badd-acff950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511945640",
"to_ids": false,
"type": "port",
"uuid": "5a1e75a8-00c4-415b-a98b-acff950d210f",
"value": "80"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511945640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e75a8-68d8-43d3-9532-acff950d210f",
"value": "115.68.49.179"
}
]
},
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511945659",
"uuid": "5a1e75bb-62c4-482b-ac3d-7e3d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511945659",
"to_ids": false,
"type": "port",
"uuid": "5a1e75bb-adc8-45ba-87fb-7e3d950d210f",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511945659",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e75bb-adf8-4097-b9f7-7e3d950d210f",
"value": "115.68.49.179"
}
]
},
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511945698",
"uuid": "5a1e75e2-d86c-4630-ae37-48b2950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511945698",
"to_ids": false,
"type": "port",
"uuid": "5a1e75e2-27a4-472e-b7c0-43ac950d210f",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511945698",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e75e2-0610-4b6b-938e-4bd9950d210f",
"value": "60.248.190.36"
}
]
},
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511945717",
"uuid": "5a1e75f5-b104-487d-a256-4731950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511945717",
"to_ids": false,
"type": "port",
"uuid": "5a1e75f5-ca38-41a4-a82c-4700950d210f",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511945717",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e75f5-eca4-44b4-b002-4100950d210f",
"value": "115.68.52.66"
}
]
},
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511946298",
"uuid": "5a1e783a-aef0-4a28-ad00-453d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511946298",
"to_ids": false,
"type": "port",
"uuid": "5a1e783a-9fcc-44a0-94b2-4def950d210f",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511946298",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e783a-6b38-48bd-864d-4e38950d210f",
"value": "115.68.49.180"
}
]
},
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511946319",
"uuid": "5a1e784f-971c-40c2-bca6-aa74950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511946319",
"to_ids": false,
"type": "port",
"uuid": "5a1e784f-f3f8-4351-9401-aa74950d210f",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511946319",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e784f-5610-4f30-962f-aa74950d210f",
"value": "122.147.187.173"
}
]
},
{
"comment": "C2",
"deleted": false,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "4",
"timestamp": "1511946333",
"uuid": "5a1e785d-404c-45f8-8d98-aa74950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1511946333",
"to_ids": false,
"type": "port",
"uuid": "5a1e785d-f620-4389-a59f-aa74950d210f",
"value": "443"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1511946333",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a1e785d-308c-44b0-add9-aa74950d210f",
"value": "124.150.140.131"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink