Skip to content

Instantly share code, notes, and snippets.

@ikiril01

ikiril01/malware_example_opt_1.json

Created October 19, 2018 14:54
Show Gist options
  • Save ikiril01/b181fbc8d23e0a05da93d28811e4c73a to your computer and use it in GitHub Desktop.
Save ikiril01/b181fbc8d23e0a05da93d28811e4c73a to your computer and use it in GitHub Desktop.
Download ZIP
Malware Example (Option 1`)
Raw
malware_example_opt_1.json
{
"type":"bundle",
"id":"bundle--5d0092c5-5f74-4287-9642-33f4c354e56d",
"spec_version":"2.1",
"objects":[
{
"type":"malware",
"spec_version":"2.1",
"id":"malware--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"is_family":false,
"name":"SpyEye",
"malware_types":[
"trojan"
],
"sample_refs":[
"file--f622a25a-7b13-41b0-8158-530737355e62"
],
"dynamic_analysis_results":[
{
"start_time":"2016-05-11T13:37:00.000000Z",
"end_time":"2016-05-11T13:41:00.000000Z",
"analysis_tool_refs":[
"software--bc107913-6db4-445c-833e-789875b21723"
],
"analysis_environment":{
"operating-system-ref":"software--36830b19-289d-4aaa-a1b6-4efc55ce0ce2",
"installed-software-refs":[
"software--2a260e53-7337-412f-a9ee-a2e1d94fe7b3",
"software--793c5843-a6c9-4919-9ffb-00a7c6b05c2b",
"software--b40bb6ea-db61-49ef-8422-0fe2c626256c",
"software--8a25bcd7-18f2-499e-96d7-ad1adedf40b3",
"software--bad3ceee-a260-4957-921e-13cdb94701f2",
"software--31d13ad0-9832-4d5f-bc85-79383cef636d",
"software--ce385152-7a52-4263-bffc-ca277158f789"
]
},
"results":{
"created-file-refs":[
"file--a1fed9d6-d473-4b21-879a-ea714bb87315",
"file--5ed80b09-7e93-450e-bd7f-dd08518fda23"
],
"opened-registry-key-refs":[
"windows-registry-key--5322b2a2-413a-4a2c-b6f0-86a090f1421f"
],
"created-mutexe-refs":[
"mutex--831376bc-84d2-4651-a57e-588ead966be4"
]
}
}
],
"static_analysis_results":[
{
"results":{
"strings":[
"tellerplus",
"silverlake",
"fdmaster.exe"
]
},
"mission-id":[
"rhze"
],
"certificate-refs":[
"x509-certificate--2437b702-3f5d-4931-be41-eefdc4e769eb"
]
}
],
"av_results":[
{
"product":"ClamAV",
"scanned":"2016-08-30T06:31:48Z",
"result":"Win.Spyware.SpyEyes-94"
}
]
},
{
"id":"file--f622a25a-7b13-41b0-8158-530737355e62",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"file",
"name":"cleansweep.exe",
"hashes":{
"MD5":"84714c100d2dfc88629531f6456b8276"
},
"size":126464
},
{
"id":"software--bc107913-6db4-445c-833e-789875b21723",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Cuckoo Sandbox",
"version":"2.03"
},
{
"id":"software--36830b19-289d-4aaa-a1b6-4efc55ce0ce2",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Windows 7",
"vendor":"Microsoft"
},
{
"id":"software--2a260e53-7337-412f-a9ee-a2e1d94fe7b3",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Office 2010",
"vendor":"Microsoft",
"version":"14.0.4"
},
{
"id":"software--793c5843-a6c9-4919-9ffb-00a7c6b05c2b",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Java",
"vendor":"Oracle",
"version":"1.8.0_40"
},
{
"id":"software--b40bb6ea-db61-49ef-8422-0fe2c626256c",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Flash",
"vendor":"Adobe",
"version":"16.0.0.305"
},
{
"id":"software--8a25bcd7-18f2-499e-96d7-ad1adedf40b3",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Acrobat Reader",
"vendor":"Adobe",
"version":"11.0.08"
},
{
"id":"software--bad3ceee-a260-4957-921e-13cdb94701f2",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Internet Explorer",
"vendor":"Microsoft",
"version":"11"
},
{
"id":"software--31d13ad0-9832-4d5f-bc85-79383cef636d",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"Chrome",
"vendor":"Google",
"version":"55"
},
{
"id":"software--ce385152-7a52-4263-bffc-ca277158f789",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"software",
"name":"FireFox",
"vendor":"Mozilla",
"version":"43"
},
{
"id":"file--a1fed9d6-d473-4b21-879a-ea714bb87315",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"file",
"name":"foo.dll"
},
{
"id":"file--5ed80b09-7e93-450e-bd7f-dd08518fda23",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"file",
"name":"bar.exe"
},
{
"id":"windows-registry-key--5322b2a2-413a-4a2c-b6f0-86a090f1421f",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"windows-registry-key",
"key":"HKEY_LOCAL_MACHINE\\System\\Foo\\Bar"
},
{
"id":"mutex--831376bc-84d2-4651-a57e-588ead966be4",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"mutex",
"name":"foo__bar"
},
{
"id":"x509-certificate--2437b702-3f5d-4931-be41-eefdc4e769eb",
"created":"2016-05-12T08:17:27.000000Z",
"modified":"2016-05-12T08:17:27.000000Z",
"type":"x509-certificate",
"issuer":"C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/[email protected]",
"validity_not_before":"2016-03-12T12:00:00Z",
"validity_not_after":"2016-08-21T12:00:00Z",
"subject":"C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/[email protected]"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment