853 lines
No EOL
34 KiB
JSON
853 lines
No EOL
34 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-12-10",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Now Mirai Has DGA Feature Built in",
|
|
"publish_timestamp": "1484165876",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1482829103",
|
|
"uuid": "584bdec1-da2c-495b-9e13-4b3402de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:tool=\"Mirai\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#670080",
|
|
"local": "0",
|
|
"name": "ms-caro-malware:malware-platform=\"Linux\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367252",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "584bded4-e034-4de8-af3a-47e202de0b81",
|
|
"value": "Nearly 2 weeks ago, 2 new infection vectors (aka TCP ports of 7547 and 5555) were found being used to spread MIRAI malwares <A Few Observations of The New Mirai Variant on Port 7547>. My colleague Gensheng quickly set up some honeypots for that sort of vectors and soon had his harvests: 11 samples were captured on Nov 28th. Till now 53 unique samples have been captured by our honeypots from 6 hosting servers.\r\n\r\nWhen analyzing one of the new samples, my colleague Wenji found some DGA like code and doubted there was DGA feature there. The doubt was soon verified by evidences collected from our sandboxes. Detailed RE work shows there does exist a DGA feature in the newly distributed MIRAI samples spread through TCP ports 7547 and 5555. In this blog I would like to introduce our findings."
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367290",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584bdefa-5d74-4794-b6aa-4a2e02de0b81",
|
|
"value": "http://blog.netlab.360.com/new-mirai-variant-with-dga/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367321",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf19-5554-47f0-8dce-431802de0b81",
|
|
"value": "005241cf76d31673a752a76bb0ba7118"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367322",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1a-83e8-4fb9-a733-4aa902de0b81",
|
|
"value": "05891dbabc42a36f33c30535f0931555"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367322",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1a-00b4-45cb-b519-417102de0b81",
|
|
"value": "0eb51d584712485300ad8e8126773941"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367322",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1a-01bc-4dbd-adf7-483602de0b81",
|
|
"value": "15b35cfff4129b26c0f07bd4be462ba0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367322",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1a-33b0-4d84-8578-416102de0b81",
|
|
"value": "2da64ae2f8b1e8b75063760abfc94ecf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367323",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1b-fd04-4200-b1db-41fd02de0b81",
|
|
"value": "41ba9f3d13ce33526da52407e2f0589d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367323",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1b-28f0-4df9-82af-4aa502de0b81",
|
|
"value": "4a8145ae760385c1c000113a9ea00a3a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367323",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1b-41ec-4b34-b1c8-4ef202de0b81",
|
|
"value": "551380681560849cee3de36329ba4ed3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367323",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1b-a210-4a37-a1c0-4b5e02de0b81",
|
|
"value": "72bbfc1ff6621a278e16cfc91906109f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367324",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1c-c9e4-4897-9564-4c7e02de0b81",
|
|
"value": "73f4312cc6f5067e505bc54c3b02b569"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367324",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1c-a914-49dd-83b6-415c02de0b81",
|
|
"value": "7d490eedc5b46aff00ffaaec7004e2a8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367324",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1c-0f48-4d8a-afa7-4ae802de0b81",
|
|
"value": "863dcf82883c885b0686dce747dcf502"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367324",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1c-fe5c-4569-b9a3-41c902de0b81",
|
|
"value": "bf136fb3b350a96fd1003b8557bb758a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367325",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1d-833c-4949-8845-4a2c02de0b81",
|
|
"value": "bf650d39eb603d92973052ca80a4fdda"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367325",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1d-4240-48cf-ba1b-413b02de0b81",
|
|
"value": "d89b1be09de36e326611a2abbedb8751"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367325",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1d-08ac-4628-a84e-441402de0b81",
|
|
"value": "dbd92b08cbff8455ff76c453ff704dc6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367325",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "584bdf1d-f734-4b54-9fd5-482502de0b81",
|
|
"value": "eba670256b816e2d11f107f629d08494"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "The hardcoded C2 domains in the samples are as follow",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367346",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "584bdf32-de34-48dd-b8e5-4b9902de0b81",
|
|
"value": "zugzwang.me"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "The hardcoded C2 domains in the samples are as follow",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "584bdf33-d90c-4b98-b08f-408e02de0b81",
|
|
"value": "tr069.online"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "The hardcoded C2 domains in the samples are as follow",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "584bdf33-d9c0-46e1-be48-467402de0b81",
|
|
"value": "tr069.tech"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "The hardcoded C2 domains in the samples are as follow",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "584bdf33-3d68-4758-842e-49c202de0b81",
|
|
"value": "tr069.support"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367371",
|
|
"to_ids": false,
|
|
"type": "whois-registrant-email",
|
|
"uuid": "584bdf4b-e604-4931-92af-4f0302de0b81",
|
|
"value": "dlinchkravitz@gmail.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Enriched via the dns module",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481367401",
|
|
"to_ids": false,
|
|
"type": "ip-src",
|
|
"uuid": "584bdf69-b1a0-4920-b395-43a702de0b81",
|
|
"value": "93.190.142.201"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: eba670256b816e2d11f107f629d08494",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368260",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c4-c5b4-4ba4-9ff0-4a7c02de0b81",
|
|
"value": "c72d95ea10666be3446442bdf40d4b5a672d2f3e4f4627abbfa84389d2458e2d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: eba670256b816e2d11f107f629d08494",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368260",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c4-21e8-478c-987b-4b5302de0b81",
|
|
"value": "8a25dee4ea7d61692b2b95bd047269543aaf0c81"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: eba670256b816e2d11f107f629d08494",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368260",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c4-aa60-4f7d-ac9c-43cb02de0b81",
|
|
"value": "https://www.virustotal.com/file/c72d95ea10666be3446442bdf40d4b5a672d2f3e4f4627abbfa84389d2458e2d/analysis/1481086418/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: dbd92b08cbff8455ff76c453ff704dc6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368260",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c4-e2bc-41f8-ae4f-45b702de0b81",
|
|
"value": "c69eef4b3c773ed94c467307949e5f779557f9908c34d36da52616f967dd518c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: dbd92b08cbff8455ff76c453ff704dc6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368261",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c5-101c-41f9-bda0-4e8502de0b81",
|
|
"value": "6933d555a008a07b859a55cddb704441915adf68"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: dbd92b08cbff8455ff76c453ff704dc6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368261",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c5-d030-4e7e-8e17-457a02de0b81",
|
|
"value": "https://www.virustotal.com/file/c69eef4b3c773ed94c467307949e5f779557f9908c34d36da52616f967dd518c/analysis/1481318102/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: d89b1be09de36e326611a2abbedb8751",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368261",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c5-e460-4cf3-94ee-4a2c02de0b81",
|
|
"value": "31968911e51aef7ab8ff38f6af0b96c12bf100a4018c7fdab357b553f9450b20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: d89b1be09de36e326611a2abbedb8751",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368261",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c5-f220-4c45-bc41-433a02de0b81",
|
|
"value": "4ba724858ab32ca68348c54f284b8b3fad668566"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: d89b1be09de36e326611a2abbedb8751",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368262",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c6-9a68-4e1f-a217-43f302de0b81",
|
|
"value": "https://www.virustotal.com/file/31968911e51aef7ab8ff38f6af0b96c12bf100a4018c7fdab357b553f9450b20/analysis/1480953888/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: bf650d39eb603d92973052ca80a4fdda",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368262",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c6-c3b8-4ab0-bc1c-401a02de0b81",
|
|
"value": "0a1cbf14e86c956cea5869dc88202aaa2f1c22e6a8ef63c9530787c08e2a2bcd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: bf650d39eb603d92973052ca80a4fdda",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368262",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c6-a314-4fd5-9fe8-414102de0b81",
|
|
"value": "03ecd3b49aa19589599c64e4e7a51206a592b4ef"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: bf650d39eb603d92973052ca80a4fdda",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368262",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c6-2788-40f9-b74d-4f0c02de0b81",
|
|
"value": "https://www.virustotal.com/file/0a1cbf14e86c956cea5869dc88202aaa2f1c22e6a8ef63c9530787c08e2a2bcd/analysis/1481085845/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: bf136fb3b350a96fd1003b8557bb758a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368262",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c6-678c-4806-a664-4a8a02de0b81",
|
|
"value": "971156ec3dca4fa5c53723863966ed165d546a184f3c8ded008b029fd59d6a5a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: bf136fb3b350a96fd1003b8557bb758a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368263",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c7-5960-469f-9876-4d9a02de0b81",
|
|
"value": "ac3d4472b885388f7ff1ababa6bbdb326a381c2a"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: bf136fb3b350a96fd1003b8557bb758a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368263",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c7-1bfc-4c5c-b291-400802de0b81",
|
|
"value": "https://www.virustotal.com/file/971156ec3dca4fa5c53723863966ed165d546a184f3c8ded008b029fd59d6a5a/analysis/1481310975/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 863dcf82883c885b0686dce747dcf502",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368263",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c7-79b8-4df7-8370-4dd602de0b81",
|
|
"value": "f2a40a51777ead5ac980cc272a0ed1842eb999e2e9e7a8ff473a4841d6035892"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 863dcf82883c885b0686dce747dcf502",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368263",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c7-5d44-4b2b-a4df-4d0c02de0b81",
|
|
"value": "bdc86295fad70480f0c6edcc37981e3cf11d838c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 863dcf82883c885b0686dce747dcf502",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368264",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c8-cbd8-4f1d-b8f7-4f3202de0b81",
|
|
"value": "https://www.virustotal.com/file/f2a40a51777ead5ac980cc272a0ed1842eb999e2e9e7a8ff473a4841d6035892/analysis/1481086829/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 7d490eedc5b46aff00ffaaec7004e2a8",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368264",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c8-80a8-47a2-b5d3-403902de0b81",
|
|
"value": "73edfb05ff537d798c39e0fcd29ed413b16f4947e80f21434c95f5a3d380100a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 7d490eedc5b46aff00ffaaec7004e2a8",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368264",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c8-1860-4329-b6aa-4b8e02de0b81",
|
|
"value": "90cd69a987ec884e512602e36b0adbb4001da7e7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 7d490eedc5b46aff00ffaaec7004e2a8",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368264",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c8-c2e0-4547-bc5b-452a02de0b81",
|
|
"value": "https://www.virustotal.com/file/73edfb05ff537d798c39e0fcd29ed413b16f4947e80f21434c95f5a3d380100a/analysis/1480771841/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 73f4312cc6f5067e505bc54c3b02b569",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368264",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c8-e06c-4168-b80b-4f2602de0b81",
|
|
"value": "baa0c722bab75882e771d96e9b4050976654ac270c59998f1fed4dabd4faa8cb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 73f4312cc6f5067e505bc54c3b02b569",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368265",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c9-f248-43d9-acd4-477b02de0b81",
|
|
"value": "504311aa20cac6e975fbfd605490b532086410cb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 73f4312cc6f5067e505bc54c3b02b569",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368265",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2c9-e634-4a20-8896-411b02de0b81",
|
|
"value": "https://www.virustotal.com/file/baa0c722bab75882e771d96e9b4050976654ac270c59998f1fed4dabd4faa8cb/analysis/1480771840/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 72bbfc1ff6621a278e16cfc91906109f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368265",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2c9-366c-4add-b9e9-4d8602de0b81",
|
|
"value": "3e49c5d6abb38d2bfb46c75e44502da0346e2358c000adc158f0cd58e4f72c8c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 72bbfc1ff6621a278e16cfc91906109f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368265",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2c9-e3d4-484d-8bf5-429802de0b81",
|
|
"value": "57e8ec1acee10540c94313f29461459a09088b0e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 72bbfc1ff6621a278e16cfc91906109f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368266",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2ca-bf6c-4650-a746-4ef102de0b81",
|
|
"value": "https://www.virustotal.com/file/3e49c5d6abb38d2bfb46c75e44502da0346e2358c000adc158f0cd58e4f72c8c/analysis/1480943070/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 551380681560849cee3de36329ba4ed3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368266",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2ca-75c4-45a0-9589-431702de0b81",
|
|
"value": "9262bb58054acdfc6c2feb4bbca66957ddc9f58873a26d9365a64c2f267b26d6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 551380681560849cee3de36329ba4ed3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368266",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2ca-ede8-4c14-99f4-45a602de0b81",
|
|
"value": "8b7ed8a16dc1796d0ddf95fcdf6b9dc9cb3d3b7f"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 551380681560849cee3de36329ba4ed3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368266",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2ca-6918-4559-b885-419302de0b81",
|
|
"value": "https://www.virustotal.com/file/9262bb58054acdfc6c2feb4bbca66957ddc9f58873a26d9365a64c2f267b26d6/analysis/1480953888/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 4a8145ae760385c1c000113a9ea00a3a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368266",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2ca-bf48-4fa3-831b-40ef02de0b81",
|
|
"value": "453462c1ecfd757e2baa8ac5541460830c3ee9b060ce83a7a5bad912bf3bee07"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 4a8145ae760385c1c000113a9ea00a3a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368267",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2cb-5224-47ef-8db2-4d9002de0b81",
|
|
"value": "395d6ee324cf288b377ae39d2dd5860e07ad43bf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 4a8145ae760385c1c000113a9ea00a3a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368267",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2cb-84e4-497a-965a-420e02de0b81",
|
|
"value": "https://www.virustotal.com/file/453462c1ecfd757e2baa8ac5541460830c3ee9b060ce83a7a5bad912bf3bee07/analysis/1480755180/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 41ba9f3d13ce33526da52407e2f0589d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368267",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2cb-6ca8-4893-b3cf-4b7902de0b81",
|
|
"value": "28a2977adbcb801addc98343ef3821f83c2911dfa8fcab171854fd9183088277"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 41ba9f3d13ce33526da52407e2f0589d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368267",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2cb-7514-450c-affd-4f8e02de0b81",
|
|
"value": "4f876536a9ca9091a2884f08a4365de4202f6f64"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 41ba9f3d13ce33526da52407e2f0589d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368268",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2cc-bad0-4f8b-a5b2-4d4202de0b81",
|
|
"value": "https://www.virustotal.com/file/28a2977adbcb801addc98343ef3821f83c2911dfa8fcab171854fd9183088277/analysis/1480711854/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 2da64ae2f8b1e8b75063760abfc94ecf",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368268",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2cc-3b84-4b81-b7f5-449802de0b81",
|
|
"value": "9f9c38740568cbe1fbb8171b1ad4221c43790ff106623555868abf76f9672e53"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 2da64ae2f8b1e8b75063760abfc94ecf",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368268",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2cc-c8d8-46f7-b6c7-480002de0b81",
|
|
"value": "b7959d5e50e757600d642a09d787913b64c105f8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 2da64ae2f8b1e8b75063760abfc94ecf",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368268",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2cc-448c-4f4f-a700-4bf302de0b81",
|
|
"value": "https://www.virustotal.com/file/9f9c38740568cbe1fbb8171b1ad4221c43790ff106623555868abf76f9672e53/analysis/1481310973/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 15b35cfff4129b26c0f07bd4be462ba0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368269",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2cd-7bc0-417c-8671-4c4102de0b81",
|
|
"value": "c8304790269f92310c3769a19393f690d4f9b4f0c5dc1f017f9067aeea2e7e22"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 15b35cfff4129b26c0f07bd4be462ba0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368269",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2cd-3224-44cd-9cfa-4e1f02de0b81",
|
|
"value": "b2c55c49f1968de9b016b98e2e50e320fe008de1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 15b35cfff4129b26c0f07bd4be462ba0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368269",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2cd-fa24-4442-a2d5-4ded02de0b81",
|
|
"value": "https://www.virustotal.com/file/c8304790269f92310c3769a19393f690d4f9b4f0c5dc1f017f9067aeea2e7e22/analysis/1480771840/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 0eb51d584712485300ad8e8126773941",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368269",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2cd-ef44-4df3-844e-41fd02de0b81",
|
|
"value": "19ae41f248f6af0e942a6e46f004cce21a687d1f16988fbb5edce1a2bb9fa6bf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 0eb51d584712485300ad8e8126773941",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368269",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2cd-ddd4-43ed-8ba1-4daf02de0b81",
|
|
"value": "18bce2f0107b5fab1b0b7c453e2a6b6505200cbd"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 0eb51d584712485300ad8e8126773941",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368270",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2ce-cca4-4731-9717-4ffb02de0b81",
|
|
"value": "https://www.virustotal.com/file/19ae41f248f6af0e942a6e46f004cce21a687d1f16988fbb5edce1a2bb9fa6bf/analysis/1481086259/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 05891dbabc42a36f33c30535f0931555",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368270",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "584be2ce-d4a8-4d01-8d90-45c002de0b81",
|
|
"value": "006b32381cebeffd696678412db703dd0773b4bcb238c8e73437ddb3191e52bc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 05891dbabc42a36f33c30535f0931555",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368270",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "584be2ce-5280-49a3-8d92-4c7902de0b81",
|
|
"value": "3d770480b6410cba39e19b3a2ff3bec774cabe47"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Currently the DGA feature is found in the following samples. - Xchecked via VT: 05891dbabc42a36f33c30535f0931555",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481368270",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "584be2ce-97a8-4a11-977d-4d7002de0b81",
|
|
"value": "https://www.virustotal.com/file/006b32381cebeffd696678412db703dd0773b4bcb238c8e73437ddb3191e52bc/analysis/1481087825/"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1482829103",
|
|
"to_ids": false,
|
|
"type": "threat-actor",
|
|
"uuid": "58622d2f-25f8-426e-9c5a-3566bce2ab96",
|
|
"value": "Mirai"
|
|
}
|
|
]
|
|
}
|
|
} |