mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-28 18:01:47 +00:00
1612 lines
66 KiB
JSON
1612 lines
66 KiB
JSON
![]() |
{"response":[{
|
||
|
"Event": {
|
||
|
"id": "5564",
|
||
|
"orgc_id": "2",
|
||
|
"org_id": "2",
|
||
|
"date": "2016-12-13",
|
||
|
"threat_level_id": "2",
|
||
|
"info": "OSINT - The rise of TeleBots: Analyzing disruptive KillDisk attacks",
|
||
|
"published": true,
|
||
|
"uuid": "58503e2f-4c78-442d-833f-8ad202de0b81",
|
||
|
"attribute_count": "95",
|
||
|
"analysis": "2",
|
||
|
"timestamp": "1481654318",
|
||
|
"distribution": "3",
|
||
|
"proposal_email_lock": false,
|
||
|
"locked": false,
|
||
|
"publish_timestamp": "1481654492",
|
||
|
"sharing_group_id": "0",
|
||
|
"Org": {
|
||
|
"id": "2",
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Orgc": {
|
||
|
"id": "2",
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"id": "600511",
|
||
|
"type": "comment",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503e41-62e8-4280-b09c-467402de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653825",
|
||
|
"comment": "",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "In the second half of 2016, ESET researchers identified a unique malicious toolset that was used in targeted cyberattacks against high-value targets in the Ukrainian financial sector. We believe that the main goal of attackers using these tools is cybersabotage. This blog post outlines the details about the campaign that we discovered.\r\n\r\nWe will refer to the gang behind the malware as TeleBots. However it\u2019s important to say that these attackers, and the toolset used, share a number of similarities with the BlackEnergy group, which conducted attacks against the energy industry in Ukraine in December 2015 and January 2016. In fact, we think that the BlackEnergy group has evolved into the TeleBots group.",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600512",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503e4e-56bc-45a0-8a80-e8a002de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653838",
|
||
|
"comment": "",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "http:\/\/www.welivesecurity.com\/2016\/12\/13\/rise-telebots-analyzing-disruptive-killdisk-attacks\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600563",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504030-569c-417e-a638-49e502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654320",
|
||
|
"comment": "XLS documents with malicious macro - Xchecked via VT: c361a06e51d2e2cd560f43d4cc9dabe765536179",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/97b317afa02cd35db40c197fea3a6ef8cdc8c01ca73523983850f323a47d0c2e\/analysis\/1481528849\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600566",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504031-4490-49ed-854e-429202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654321",
|
||
|
"comment": "XLS documents with malicious macro - Xchecked via VT: 7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/a260320bb52eb0fe767d7e30e069492ab063b65a26969dd78d10d8141b850bc8\/analysis\/1481528895\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600569",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504033-4cf4-4a9a-a6d3-405302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654323",
|
||
|
"comment": "Win32\/TrojanDownloader.Agent.CWY - Xchecked via VT: f1bf54186c2c64cd104755f247867238c8472504",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/2ee5a743bd420aa04e0ea9ab7a25e1cc2c346a55d6a518f267896694d75539a2\/analysis\/1479466980\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600572",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504034-db74-413e-a182-4bec02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654324",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 57dad9cda501bc8f1d0496ef010146d9a1d3734f",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/ea57a45dda5b735fc2a982700a21363cbee138de2605d1df06103a5d94c539da\/analysis\/1481525869\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600575",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504036-c064-4e2c-9d3f-484d02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654326",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/dcdc4c72c6e0867e74790a882e8e8c20e8a38416e9b10ed64fbf0f64f4e2567c\/analysis\/1481552578\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600578",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504037-9f80-4883-8f0d-46b302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654327",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 16c206d9cfd4c82d6652afb1eebb589a927b041b",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/904df5d6b900fcdac44c002f03ab1fbc698b8d421a22639819b3b208aaa6ea2c\/analysis\/1481552575\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600581",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504039-f2d8-419a-936a-4f4602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654329",
|
||
|
"comment": "VBS backdoors - Xchecked via VT: f22cea7bc080e712e85549848d35e7d5908d9b49",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/1b2a5922b58c8060844b43e14dfa5b0c8b119f281f54a46f0f1c34accde71ddb\/analysis\/1481552577\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600584",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "5850403a-fdf0-46d5-abcc-4bf802de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654330",
|
||
|
"comment": "VBS backdoors - Xchecked via VT: 35d71de3e665cf9d6a685ae02c3876b7d56b1687",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/eb31a918ccc1643d069cf08b7958e2760e8551ba3b88ea9e5d496e07437273b2\/analysis\/1481552576\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600587",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "5850403c-4150-43c1-be39-482502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654332",
|
||
|
"comment": "Modified Mimikatz - Xchecked via VT: d8614bc1d428ebabccbfae76a81037ff908a8f79",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/b2edc9351b389f1cbcdf0ac52b9d0b3bd982a077e5a3df8cebebc32c450ffeec\/analysis\/1471587292\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600590",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "5850403d-507c-4196-b7e7-461702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654333",
|
||
|
"comment": "LDAP query tool - Xchecked via VT: 81f73c76fbf4ab3487d5e6e8629e83c0568de713",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/a35951855503188a66c94019bd419cd97208291f05e382151fd3c2a9d1848857\/analysis\/1471530894\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600593",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "5850403e-6d80-44e0-8c42-4b7102de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654334",
|
||
|
"comment": "CredRaptor password stealer - Xchecked via VT: 58a45ef055b287bad7b81033e17446ee6b682e2d",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/50b990f6555055a265fde98324759dbc74619d6a7c49b9fd786775299bf77d26\/analysis\/1481650988\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600596",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504040-8818-4b41-b6f3-421502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654336",
|
||
|
"comment": "Win64\/Spy.KeyLogger.G trojan - Xchecked via VT: 7582de9e93e2f35f9a63b59317eba48846eea4c7",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/e3f134ae88f05463c4707a80f956a689fba7066bb5357f6d45cba312ad0db68e\/analysis\/1469022930\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600599",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504041-6110-4ca7-be7a-4fd602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654337",
|
||
|
"comment": "Intercepter-NG and silent WinPCAP installer - Xchecked via VT: 64cb897acc37e12e4f49c4da4dfad606b3976225",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/5f9fef7974d37922ac91365588fbe7b544e13abbbde7c262fe30bade7026e118\/analysis\/1471786034\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600602",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504043-2dc4-43c6-9623-423f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654339",
|
||
|
"comment": "Win32\/KillDisk - Xchecked via VT: 8eb8527562dda552fc6b8827c0ebf50968848f1a",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/8246f709efa922a485e1ca32d8b0d10dc752618e8b3fce4d3dd58d10e4a6a16d\/analysis\/1481528958\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600605",
|
||
|
"type": "link",
|
||
|
"category": "External analysis",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58504044-2238-4999-9bd4-471902de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654340",
|
||
|
"comment": "Win32\/KillDisk - Xchecked via VT: 71a2b3f48828e4552637fa9753f0324b7146f3af",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "https:\/\/www.virustotal.com\/file\/26173c9ec8fd1c4f9f18f89683b23267f6f9d116196ed15655e9cb453af2890e\/analysis\/1481554993\/",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600549",
|
||
|
"type": "hostname",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f27-ec78-4a65-abb3-425702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654055",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "srv70.putdrive.com",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600551",
|
||
|
"type": "hostname",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f28-a918-4725-b7a7-4d4f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654056",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "api.telegram.org",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600556",
|
||
|
"type": "hostname",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f2a-9d08-4001-93a6-43fc02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654058",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "smtp-mail.outlook.com",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600550",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f28-1a5c-46ca-a24e-4a3f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654056",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "188.165.14.185",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600552",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f28-747c-4b4a-8cba-4e9902de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654056",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "149.154.167.200",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600553",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f29-2b9c-4d14-82a6-4dda02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654057",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "149.154.167.197",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600554",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f29-2fbc-4fbc-8e65-4b0202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654057",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "149.154.167.198",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600555",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f2a-a898-494b-8cfa-480f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654058",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "149.154.167.199",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600557",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": false,
|
||
|
"uuid": "58503f2b-c1c4-4de6-b948-4be302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654059",
|
||
|
"comment": "Legitimate servers abused by malware authors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "65.55.176.126",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600558",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503f3a-4414-4e2c-9562-424302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654074",
|
||
|
"comment": "C&C Server",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "93.190.137.212",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600559",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503f3a-a690-4478-a0ef-4fd602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654074",
|
||
|
"comment": "C&C Server",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "95.141.37.3",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600560",
|
||
|
"type": "ip-dst",
|
||
|
"category": "Network activity",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503f3b-6e14-4deb-82c4-47c602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654075",
|
||
|
"comment": "C&C Server",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "80.233.134.147",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600562",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850402f-a854-4c2e-af09-431a02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654319",
|
||
|
"comment": "XLS documents with malicious macro - Xchecked via VT: c361a06e51d2e2cd560f43d4cc9dabe765536179",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "7d4fc63f2096a485d2da3db1150e6d34",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600565",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504031-ffa8-46c5-9bb6-429f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654321",
|
||
|
"comment": "XLS documents with malicious macro - Xchecked via VT: 7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "fd0fd58b20b1476e8f67d6a05307e9bc",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600568",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504032-e93c-4675-bb15-4e5b02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654322",
|
||
|
"comment": "Win32\/TrojanDownloader.Agent.CWY - Xchecked via VT: f1bf54186c2c64cd104755f247867238c8472504",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "1019c101fc1ae71e5c1687e34f0628e6",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600571",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504034-e410-4ff2-ad04-483302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654324",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 57dad9cda501bc8f1d0496ef010146d9a1d3734f",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "24313581bbbffa9a784b48075b525810",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600574",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504035-8c44-4988-8226-488002de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654325",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "0fce93cd9beeea30a7f0e2a819d2b968",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600577",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504037-f7ac-43a0-9e31-485f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654327",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 16c206d9cfd4c82d6652afb1eebb589a927b041b",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "75ee947e31a40ab4b5cde9f4a767310b",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600580",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504038-e2c4-4186-96bf-4f3b02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654328",
|
||
|
"comment": "VBS backdoors - Xchecked via VT: f22cea7bc080e712e85549848d35e7d5908d9b49",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "c404b959b51ad0425f1789f03e2c6ecf",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600583",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403a-eec4-4723-a1e0-4ff902de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654330",
|
||
|
"comment": "VBS backdoors - Xchecked via VT: 35d71de3e665cf9d6a685ae02c3876b7d56b1687",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "2d7866989d659c1f8ae795e5cab40bf3",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600586",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403b-2be0-4103-8f8f-4ceb02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654331",
|
||
|
"comment": "Modified Mimikatz - Xchecked via VT: d8614bc1d428ebabccbfae76a81037ff908a8f79",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "bde6c0dac3e594a4a859b490aaaf1217",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600589",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403d-ac3c-4442-a474-4b2f02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654332",
|
||
|
"comment": "LDAP query tool - Xchecked via VT: 81f73c76fbf4ab3487d5e6e8629e83c0568de713",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "76691c58103431624d26f2b8384a57b0",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600592",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403e-5358-4e0c-be49-485202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654334",
|
||
|
"comment": "CredRaptor password stealer - Xchecked via VT: 58a45ef055b287bad7b81033e17446ee6b682e2d",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "389ae3a4589e355e173e9b077d6f1a0a",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600595",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403f-b088-4448-b8aa-4f4702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654335",
|
||
|
"comment": "Win64\/Spy.KeyLogger.G trojan - Xchecked via VT: 7582de9e93e2f35f9a63b59317eba48846eea4c7",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "4919569cd19164c1f123f97c5b44b03b",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600598",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504041-d378-4427-aafb-415d02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654337",
|
||
|
"comment": "Intercepter-NG and silent WinPCAP installer - Xchecked via VT: 64cb897acc37e12e4f49c4da4dfad606b3976225",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "5bd6b79a4443afd27f7ed1fbf66060ea",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600601",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504042-1fa8-423e-87d2-40ee02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654338",
|
||
|
"comment": "Win32\/KillDisk - Xchecked via VT: 8eb8527562dda552fc6b8827c0ebf50968848f1a",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "b75c869561e014f4d384773427c879a6",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600604",
|
||
|
"type": "md5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504044-c16c-46f8-87e9-48bb02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654340",
|
||
|
"comment": "Win32\/KillDisk - Xchecked via VT: 71a2b3f48828e4552637fa9753f0324b7146f3af",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "ffb1e8babaecc4a8cb3d763412294469",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600513",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e62-222c-4236-aa34-e8a002de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653858",
|
||
|
"comment": "Win32\/KillDisk",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "71a2b3f48828e4552637fa9753f0324b7146f3af",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600514",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e63-0a98-4f7b-a6d3-e8a002de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653859",
|
||
|
"comment": "Win32\/KillDisk",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "8eb8527562dda552fc6b8827c0ebf50968848f1a",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600515",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e73-ef34-4b46-9215-e8ac02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653875",
|
||
|
"comment": "Intercepter-NG and silent WinPCAP installer",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "64cb897acc37e12e4f49c4da4dfad606b3976225",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600516",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e73-66cc-42cd-8dd1-e8ac02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653875",
|
||
|
"comment": "Intercepter-NG and silent WinPCAP installer",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "a0b9a35675153f4933c3e55418b6566e1a5dbf8a",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600517",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e83-6230-4797-8a91-c7c302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653891",
|
||
|
"comment": "Win64\/Spy.KeyLogger.G trojan",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "7582de9e93e2f35f9a63b59317eba48846eea4c7",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600518",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e97-84e4-4fe5-a7cc-4ab602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653911",
|
||
|
"comment": "CredRaptor password stealer",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "fffc20567da4656059860ed06c53fd4e5ad664c2",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600519",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503e97-041c-4ebf-9541-479202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653911",
|
||
|
"comment": "CredRaptor password stealer",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "58a45ef055b287bad7b81033e17446ee6b682e2d",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600520",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ea6-c204-49fc-9ea6-e8a402de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653926",
|
||
|
"comment": "LDAP query tool",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "81f73c76fbf4ab3487d5e6e8629e83c0568de713",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600521",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eb8-4cac-48aa-b1e7-458d02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653944",
|
||
|
"comment": "Modified Mimikatz",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "b0ba3405bb2b0fa5ba34b57c2cc7e5c184d86991",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600522",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eb8-928c-4b35-a948-4f4b02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653944",
|
||
|
"comment": "Modified Mimikatz",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "ad2d3d00c7573733b70d9780ae3b89eeb8c62c76",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600523",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eb9-06f8-44a2-9940-418602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653945",
|
||
|
"comment": "Modified Mimikatz",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "d8614bc1d428ebabccbfae76a81037ff908a8f79",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600524",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ec5-1a14-4455-a56f-49ec02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653957",
|
||
|
"comment": "BCS-server",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "4b692e2597683354e106dfb9b90677c9311972a1",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600525",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ec5-eab8-42f1-ba84-461c02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653957",
|
||
|
"comment": "BCS-server",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "bf3cb98dc668e455188ebb4c311bd19cd9f46667",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600526",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ed8-ce04-4ac2-a419-469502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653976",
|
||
|
"comment": "VBS backdoors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "f00f632749418b2b75ca9ece73a02c485621c3b4",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600527",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ed9-b6d4-4688-ba83-476b02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653977",
|
||
|
"comment": "VBS backdoors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "06e1f816cbaf45bd6ee55f74f0261a674e805f86",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600528",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ed9-66b8-4518-846f-47aa02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653977",
|
||
|
"comment": "VBS backdoors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "35d71de3e665cf9d6a685ae02c3876b7d56b1687",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600529",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eda-0d74-4e8d-a7c3-406702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653978",
|
||
|
"comment": "VBS backdoors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "f22cea7bc080e712e85549848d35e7d5908d9b49",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600530",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eda-bcf0-4241-91ff-425502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653978",
|
||
|
"comment": "VBS backdoors",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "c473ccb92581a803c1f1540be2193bc8b9599bfe",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600531",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eee-5734-415d-a834-44bd02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653998",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "16c206d9cfd4c82d6652afb1eebb589a927b041b",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600532",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eef-e4f4-4565-ba44-4eb702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653999",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "1dc1660677a41b6622b795a1eb5aa5e5118d8f18",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600533",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503eef-cd30-4c21-9acd-409a02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481653999",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "26da35564d04bb308d57f645f353d1de1fb76677",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600534",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef0-c93c-41bf-bd4c-405d02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654000",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "30d2da7caf740baaa8a1300ee48220b3043a327d",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600535",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef0-6a38-4fa9-b633-4bae02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654000",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600536",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef1-3d38-46d8-8e58-405a02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654001",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "4d5023f9f9d0ba7a7328a8ee341dbbca244f72c5",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600537",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef1-eeb0-41eb-8d93-41bf02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654001",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "57dad9cda501bc8f1d0496ef010146d9a1d3734f",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600538",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef2-bfbc-4cce-bc6a-4ae202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654002",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "68377a993e5a85eb39aded400755a22eb7273ca0",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600539",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef2-f5cc-48cb-b254-4afe02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654002",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "77d7ea627f645219cf6b8454459baef1e5192467",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600540",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef3-1630-4ee5-9791-429502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654003",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "7b87ad4a25e80000ff1011b51f03e48e8ea6c23d",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600541",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef3-703c-4518-9dd9-480d02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654003",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "7c822f0fdb5ec14dd335cbe0238448c14015f495",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600542",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef4-ecbc-481e-a3e3-4c1702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654004",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "86abbf8a4cf9828381dde9fd09e55446e7533e78",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600543",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef4-61c0-4b1a-84d8-41c402de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654004",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "9512a8280214674e6b16b07be281bb9f0255004b",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600544",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef4-1f20-4beb-b829-4c4d02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654004",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "b2e9d964c304fc91dcaf39ff44e3c38132c94655",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600545",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503ef5-9cd4-4623-8d55-4c0602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654005",
|
||
|
"comment": "Python\/TeleBot.AA backdoor",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "fe4c1c6b3d8fdc9e562c57849e8094393075bc93",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600546",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503f02-21ec-4514-b5ba-c7c302de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654018",
|
||
|
"comment": "Win32\/TrojanDownloader.Agent.CWY",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "f1bf54186c2c64cd104755f247867238c8472504",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600547",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503f14-99ec-4578-b7dd-451502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654036",
|
||
|
"comment": "XLS documents with malicious macro",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600548",
|
||
|
"type": "sha1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58503f14-a8bc-4338-be8d-448202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654036",
|
||
|
"comment": "XLS documents with malicious macro",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "c361a06e51d2e2cd560f43d4cc9dabe765536179",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600561",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850402e-f8a8-4990-ba17-484002de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654318",
|
||
|
"comment": "XLS documents with malicious macro - Xchecked via VT: c361a06e51d2e2cd560f43d4cc9dabe765536179",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "97b317afa02cd35db40c197fea3a6ef8cdc8c01ca73523983850f323a47d0c2e",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600564",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504030-0760-4dcf-8527-409e02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654320",
|
||
|
"comment": "XLS documents with malicious macro - Xchecked via VT: 7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "a260320bb52eb0fe767d7e30e069492ab063b65a26969dd78d10d8141b850bc8",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600567",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504032-0ec8-49a1-94f3-482b02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654322",
|
||
|
"comment": "Win32\/TrojanDownloader.Agent.CWY - Xchecked via VT: f1bf54186c2c64cd104755f247867238c8472504",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "2ee5a743bd420aa04e0ea9ab7a25e1cc2c346a55d6a518f267896694d75539a2",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600570",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504033-4f20-4199-af62-440802de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654323",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 57dad9cda501bc8f1d0496ef010146d9a1d3734f",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "ea57a45dda5b735fc2a982700a21363cbee138de2605d1df06103a5d94c539da",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600573",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504035-d258-418c-825d-48b102de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654325",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "dcdc4c72c6e0867e74790a882e8e8c20e8a38416e9b10ed64fbf0f64f4e2567c",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600576",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504036-1ce4-46ad-9a87-40f502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654326",
|
||
|
"comment": "Python\/TeleBot.AA backdoor - Xchecked via VT: 16c206d9cfd4c82d6652afb1eebb589a927b041b",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "904df5d6b900fcdac44c002f03ab1fbc698b8d421a22639819b3b208aaa6ea2c",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600579",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504038-7214-4a85-a564-4ee102de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654328",
|
||
|
"comment": "VBS backdoors - Xchecked via VT: f22cea7bc080e712e85549848d35e7d5908d9b49",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "1b2a5922b58c8060844b43e14dfa5b0c8b119f281f54a46f0f1c34accde71ddb",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600582",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504039-15bc-45d6-b60f-4dc602de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654329",
|
||
|
"comment": "VBS backdoors - Xchecked via VT: 35d71de3e665cf9d6a685ae02c3876b7d56b1687",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "eb31a918ccc1643d069cf08b7958e2760e8551ba3b88ea9e5d496e07437273b2",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600585",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403b-0c30-4fe4-b6f1-482e02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654331",
|
||
|
"comment": "Modified Mimikatz - Xchecked via VT: d8614bc1d428ebabccbfae76a81037ff908a8f79",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "b2edc9351b389f1cbcdf0ac52b9d0b3bd982a077e5a3df8cebebc32c450ffeec",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600588",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403c-e308-48a9-b780-415702de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654332",
|
||
|
"comment": "LDAP query tool - Xchecked via VT: 81f73c76fbf4ab3487d5e6e8629e83c0568de713",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "a35951855503188a66c94019bd419cd97208291f05e382151fd3c2a9d1848857",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600591",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403d-6128-4f26-bf07-4fa102de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654333",
|
||
|
"comment": "CredRaptor password stealer - Xchecked via VT: 58a45ef055b287bad7b81033e17446ee6b682e2d",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "50b990f6555055a265fde98324759dbc74619d6a7c49b9fd786775299bf77d26",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600594",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5850403f-49bc-4edb-9e43-451502de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654335",
|
||
|
"comment": "Win64\/Spy.KeyLogger.G trojan - Xchecked via VT: 7582de9e93e2f35f9a63b59317eba48846eea4c7",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "e3f134ae88f05463c4707a80f956a689fba7066bb5357f6d45cba312ad0db68e",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600597",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504040-f9a4-4380-87a4-405a02de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654336",
|
||
|
"comment": "Intercepter-NG and silent WinPCAP installer - Xchecked via VT: 64cb897acc37e12e4f49c4da4dfad606b3976225",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "5f9fef7974d37922ac91365588fbe7b544e13abbbde7c262fe30bade7026e118",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600600",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504042-c64c-4694-a0ff-47b902de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654338",
|
||
|
"comment": "Win32\/KillDisk - Xchecked via VT: 8eb8527562dda552fc6b8827c0ebf50968848f1a",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "8246f709efa922a485e1ca32d8b0d10dc752618e8b3fce4d3dd58d10e4a6a16d",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
},
|
||
|
{
|
||
|
"id": "600603",
|
||
|
"type": "sha256",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "58504043-2408-4775-944a-4c1202de0b81",
|
||
|
"event_id": "5564",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1481654339",
|
||
|
"comment": "Win32\/KillDisk - Xchecked via VT: 71a2b3f48828e4552637fa9753f0324b7146f3af",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"value": "26173c9ec8fd1c4f9f18f89683b23267f6f9d116196ed15655e9cb453af2890e",
|
||
|
"SharingGroup": [],
|
||
|
"ShadowAttribute": []
|
||
|
}
|
||
|
],
|
||
|
"ShadowAttribute": [],
|
||
|
"RelatedEvent": [],
|
||
|
"Galaxy": [
|
||
|
{
|
||
|
"id": "7",
|
||
|
"uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3",
|
||
|
"name": "Threat Actor",
|
||
|
"type": "threat-actor",
|
||
|
"description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
|
||
|
"version": "1",
|
||
|
"GalaxyCluster": [
|
||
|
{
|
||
|
"id": "862",
|
||
|
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
|
||
|
"type": "threat-actor",
|
||
|
"value": "TeleBots",
|
||
|
"tag_name": "misp-galaxy:threat-actor=\"TeleBots\"",
|
||
|
"description": "We will refer to the gang behind the malware as TeleBots. However it\u2019s important to say that these attackers, and the toolset used, share a number of similarities with the BlackEnergy group, which conducted attacks against the energy industry in Ukraine in December 2015 and January 2016. In fact, we think that the BlackEnergy group has evolved into the TeleBots group.",
|
||
|
"galaxy_id": "7",
|
||
|
"source": "MISP Project",
|
||
|
"authors": [
|
||
|
"Alexandre Dulaunoy",
|
||
|
"Florian Roth",
|
||
|
"Thomas Schreck",
|
||
|
"Timo Steffens",
|
||
|
"Various"
|
||
|
],
|
||
|
"tag_id": "1163",
|
||
|
"meta": {
|
||
|
"country": [
|
||
|
"RU"
|
||
|
],
|
||
|
"refs": [
|
||
|
"http:\/\/www.welivesecurity.com\/2016\/12\/13\/rise-telebots-analyzing-disruptive-killdisk-attacks\/"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"Tag": [
|
||
|
{
|
||
|
"id": "1",
|
||
|
"name": "Type:OSINT",
|
||
|
"colour": "#1eed40",
|
||
|
"exportable": true
|
||
|
},
|
||
|
{
|
||
|
"id": "2",
|
||
|
"name": "tlp:white",
|
||
|
"colour": "#ffffff",
|
||
|
"exportable": true
|
||
|
},
|
||
|
{
|
||
|
"id": "1163",
|
||
|
"name": "misp-galaxy:threat-actor=\"TeleBots\"",
|
||
|
"colour": "#0088cc",
|
||
|
"exportable": true
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}]}
|