misp-circl-feed/feeds/circl/misp/57a05786-71b8-49a2-892e-32ec950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2016-08-02",
    "extends_uuid": "",
    "info": "OSINT - LuminosityLink RAT",
    "publish_timestamp": "1470126226",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1470126169",
    "uuid": "57a05786-71b8-49a2-892e-32ec950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#006262",
        "local": false,
        "name": "ecsirt:malicious-code=\"malware\"",
        "relationship_type": ""
      },
      {
        "colour": "#3a7300",
        "local": false,
        "name": "circl:incident-classification=\"malware\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470125972",
        "to_ids": false,
        "type": "link",
        "uuid": "57a05794-7ea4-47f7-9fc3-32ee950d210f",
        "value": "https://virustotal.com/en/file/e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85/analysis/"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470125992",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "57a057a8-1dfc-4534-a5f5-32ea950d210f",
        "value": "190.123.44.134"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126010",
        "to_ids": true,
        "type": "sha256",
        "uuid": "57a057ba-045c-48c4-b603-32f3950d210f",
        "value": "e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85"
      },
      {
        "category": "Network activity",
        "comment": "Used for signing the binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126054",
        "to_ids": false,
        "type": "domain",
        "uuid": "57a057e6-aa78-4e17-b3e6-32f2950d210f",
        "value": "zippa.biz"
      },
      {
        "category": "Payload delivery",
        "comment": "Authenticode",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126081",
        "to_ids": false,
        "type": "x509-fingerprint-sha1",
        "uuid": "57a05801-3198-41a9-b077-32f1950d210f",
        "value": "c1e2727e8fb206f126c10c3ba9a5474874b6bb55"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126111",
        "to_ids": true,
        "type": "sha1",
        "uuid": "57a0581f-4d64-4314-92c0-32eb02de0b81",
        "value": "76ca6782aa5e63d61144225d1b9c282af8fe2259"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126112",
        "to_ids": true,
        "type": "md5",
        "uuid": "57a05820-5d1c-4df7-af97-32eb02de0b81",
        "value": "63116861ea68c75441b6915bbeab0919"
      },
      {
        "category": "External analysis",
        "comment": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126112",
        "to_ids": false,
        "type": "link",
        "uuid": "57a05820-d2f0-4bd8-9425-32eb02de0b81",
        "value": "https://www.virustotal.com/file/e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85/analysis/1470111161/"
      },
      {
        "category": "External analysis",
        "comment": "From https://virustotal.com/en/user/benkow_/",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1470126169",
        "to_ids": false,
        "type": "comment",
        "uuid": "57a05859-655c-497b-8482-35fb950d210f",
        "value": "190.123.44.134|4288|190.123.44.134|Soundmgr.exe|Sound|Packet|Monitor|clientmonitor.exe|eb894fba356e3be7fb05313de362d5b1c44df50ce3e77ba89f295ee647a332d1|Nnamdi|1idsanmvhb|"
      }
    ]
  }
}