Created
October 19, 2018 14:54
-
-
Save ikiril01/b181fbc8d23e0a05da93d28811e4c73a to your computer and use it in GitHub Desktop.
Malware Example (Option 1`)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"type":"bundle", | |
"id":"bundle--5d0092c5-5f74-4287-9642-33f4c354e56d", | |
"spec_version":"2.1", | |
"objects":[ | |
{ | |
"type":"malware", | |
"spec_version":"2.1", | |
"id":"malware--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"is_family":false, | |
"name":"SpyEye", | |
"malware_types":[ | |
"trojan" | |
], | |
"sample_refs":[ | |
"file--f622a25a-7b13-41b0-8158-530737355e62" | |
], | |
"dynamic_analysis_results":[ | |
{ | |
"start_time":"2016-05-11T13:37:00.000000Z", | |
"end_time":"2016-05-11T13:41:00.000000Z", | |
"analysis_tool_refs":[ | |
"software--bc107913-6db4-445c-833e-789875b21723" | |
], | |
"analysis_environment":{ | |
"operating-system-ref":"software--36830b19-289d-4aaa-a1b6-4efc55ce0ce2", | |
"installed-software-refs":[ | |
"software--2a260e53-7337-412f-a9ee-a2e1d94fe7b3", | |
"software--793c5843-a6c9-4919-9ffb-00a7c6b05c2b", | |
"software--b40bb6ea-db61-49ef-8422-0fe2c626256c", | |
"software--8a25bcd7-18f2-499e-96d7-ad1adedf40b3", | |
"software--bad3ceee-a260-4957-921e-13cdb94701f2", | |
"software--31d13ad0-9832-4d5f-bc85-79383cef636d", | |
"software--ce385152-7a52-4263-bffc-ca277158f789" | |
] | |
}, | |
"results":{ | |
"created-file-refs":[ | |
"file--a1fed9d6-d473-4b21-879a-ea714bb87315", | |
"file--5ed80b09-7e93-450e-bd7f-dd08518fda23" | |
], | |
"opened-registry-key-refs":[ | |
"windows-registry-key--5322b2a2-413a-4a2c-b6f0-86a090f1421f" | |
], | |
"created-mutexe-refs":[ | |
"mutex--831376bc-84d2-4651-a57e-588ead966be4" | |
] | |
} | |
} | |
], | |
"static_analysis_results":[ | |
{ | |
"results":{ | |
"strings":[ | |
"tellerplus", | |
"silverlake", | |
"fdmaster.exe" | |
] | |
}, | |
"mission-id":[ | |
"rhze" | |
], | |
"certificate-refs":[ | |
"x509-certificate--2437b702-3f5d-4931-be41-eefdc4e769eb" | |
] | |
} | |
], | |
"av_results":[ | |
{ | |
"product":"ClamAV", | |
"scanned":"2016-08-30T06:31:48Z", | |
"result":"Win.Spyware.SpyEyes-94" | |
} | |
] | |
}, | |
{ | |
"id":"file--f622a25a-7b13-41b0-8158-530737355e62", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"file", | |
"name":"cleansweep.exe", | |
"hashes":{ | |
"MD5":"84714c100d2dfc88629531f6456b8276" | |
}, | |
"size":126464 | |
}, | |
{ | |
"id":"software--bc107913-6db4-445c-833e-789875b21723", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Cuckoo Sandbox", | |
"version":"2.03" | |
}, | |
{ | |
"id":"software--36830b19-289d-4aaa-a1b6-4efc55ce0ce2", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Windows 7", | |
"vendor":"Microsoft" | |
}, | |
{ | |
"id":"software--2a260e53-7337-412f-a9ee-a2e1d94fe7b3", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Office 2010", | |
"vendor":"Microsoft", | |
"version":"14.0.4" | |
}, | |
{ | |
"id":"software--793c5843-a6c9-4919-9ffb-00a7c6b05c2b", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Java", | |
"vendor":"Oracle", | |
"version":"1.8.0_40" | |
}, | |
{ | |
"id":"software--b40bb6ea-db61-49ef-8422-0fe2c626256c", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Flash", | |
"vendor":"Adobe", | |
"version":"16.0.0.305" | |
}, | |
{ | |
"id":"software--8a25bcd7-18f2-499e-96d7-ad1adedf40b3", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Acrobat Reader", | |
"vendor":"Adobe", | |
"version":"11.0.08" | |
}, | |
{ | |
"id":"software--bad3ceee-a260-4957-921e-13cdb94701f2", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Internet Explorer", | |
"vendor":"Microsoft", | |
"version":"11" | |
}, | |
{ | |
"id":"software--31d13ad0-9832-4d5f-bc85-79383cef636d", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"Chrome", | |
"vendor":"Google", | |
"version":"55" | |
}, | |
{ | |
"id":"software--ce385152-7a52-4263-bffc-ca277158f789", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"software", | |
"name":"FireFox", | |
"vendor":"Mozilla", | |
"version":"43" | |
}, | |
{ | |
"id":"file--a1fed9d6-d473-4b21-879a-ea714bb87315", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"file", | |
"name":"foo.dll" | |
}, | |
{ | |
"id":"file--5ed80b09-7e93-450e-bd7f-dd08518fda23", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"file", | |
"name":"bar.exe" | |
}, | |
{ | |
"id":"windows-registry-key--5322b2a2-413a-4a2c-b6f0-86a090f1421f", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"windows-registry-key", | |
"key":"HKEY_LOCAL_MACHINE\\System\\Foo\\Bar" | |
}, | |
{ | |
"id":"mutex--831376bc-84d2-4651-a57e-588ead966be4", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"mutex", | |
"name":"foo__bar" | |
}, | |
{ | |
"id":"x509-certificate--2437b702-3f5d-4931-be41-eefdc4e769eb", | |
"created":"2016-05-12T08:17:27.000000Z", | |
"modified":"2016-05-12T08:17:27.000000Z", | |
"type":"x509-certificate", | |
"issuer":"C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com", | |
"validity_not_before":"2016-03-12T12:00:00Z", | |
"validity_not_after":"2016-08-21T12:00:00Z", | |
"subject":"C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment