Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Malware-Misc-RE/2019-03-21-signed-bot-loader-delphi-vk.misp.csv
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
192 lines (179 sloc)
14.4 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uuid | event_id | category | type | value | comment | to_ids | date | object_relation | attribute_tag | object_uuid | object_name | object_meta_category | event_info | event_member_org | event_source_org | event_distribution | event_threat_level_id | event_analysis | event_date | event_tag | event_timestamp | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 5c940670-0348-4b4c-a8c2-157668f8e8cf | 282 | Network activity | url | http://smart.cloudnetwork.kz/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-3204-45d9-aeed-157668f8e8cf | 282 | Network activity | url | http://static.apiinformation.kz/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-236c-4453-9eec-157668f8e8cf | 282 | Network activity | url | http://secure.jscontentmaker.kz/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-2f00-4557-a56d-157668f8e8cf | 282 | Network activity | url | http://secure.jsc0nten1maker.com/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-19c4-4800-a718-157668f8e8cf | 282 | Network activity | url | http://static.apiinformationsec.com/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-0424-4b35-b2b7-157668f8e8cf | 282 | Network activity | url | http://mel.cloudcontentsmak.com/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-f528-4a9e-b1db-157668f8e8cf | 282 | Network activity | url | http://nicru.supermicrotransapi.ru/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-e244-4e70-9ac5-157668f8e8cf | 282 | Network activity | url | http://tel.jsapisettings.kz/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-d0f0-4188-b77a-157668f8e8cf | 282 | Network activity | url | http://js.securetopdevelopment.kz/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940670-0204-41ed-991a-157668f8e8cf | 282 | Network activity | url | http://noone.contentmakersbyakamai.ru/ | URL | 1 | 1553204848 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c94096b-cc8c-4fb4-8d1b-1a4c68f8e8cf | 282 | Network activity | url | http://smart.cloudnetwork.kz/fd/libeay32.dll | Lib Download | 1 | 1553205611 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c94096b-ea18-47d4-934b-1a4c68f8e8cf | 282 | Network activity | url | http://smart.cloudnetwork.kz/fd/ssleay32.dll | Lib Download | 1 | 1553205611 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | ||||||
| 5c940af4-dda0-4e4e-a27e-1e4168f8e8cf | 282 | Payload installation | text | http://smart.cloudnetwork.kz/fd/libeay32.dll http://smart.cloudnetwork.kz/fd/ssleay32.dll POST /c /s Data: [bid]3[/bid][v]3[/v][hwid][/hwid][t]EXE[/t][status]100[/status] [bid]3[/bid][v]3[/v][hwid][/hwid][t]EXE[/t][status]100[/status] [bid]3[/bid][v]3[/v][hwid][/hwid][t]EXE[/t][status]100[/status] [mode]0[/mode] SULT] [mode]0[/mode] Server: nginx [mode] [/mode] Host: [RESULT]OK[/RESULT] http://smart.cloudnetwork.kz/c http://smart.cloudnetwork.kz/ CACHE-CONTROL: NO-CACHE, PRIVATE UTF-8 Cache-Control: no-cache, private UTF-8 http://smart.cloudnetwork.kz/fd/libeay32.dll http://smart.cloudnetwork.kz/fd/ssleay32.dll [bid]3[/bid][s]100[/s][v]3[/v][hwid]BOTID[/hwid][t]EXE[/t] GET /fd/ssleay32.dll HTTP/1.0 Host: smart.cloudnetwork.kz http://smart.cloudnetwork.kz/fd/libeay32.dll http://smart.cloudnetwork.kz/fd/ssleay32.dll [bid]3[/bid][s] [/s][v] [/v][hwid] [/hwid][t] [/t] Searching for domain Nope! Cant Find Domain [hwid] [/hwid][text] [/text] [dd.mm.yyy hh:nn:ss:zzz] - POST Request to: Result: File saved CheckPorts aspmx.l.google.com smtp.mail.yahoo.com smtp.live.com Try SUCCESS ClOsET [hwid] [/hwid] Cant Load dll from stream Cant find Func in Module DLL LOADED SUCCESSFULLY START Cant Load dll from server jjjj LIBEAY32.dll SSLEAY32.dll MSVCR90.dll \WinSxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9* \WinSxs\ \msvcr90.dll Bot Started! Error installing hook Cant Set URL Check For SSL No MSVCR MSVCR error Check SSL Load SSL Loaded Error while load SSL SSL init error Current number of active ports is: Send status Try To Get Commands [bid]3[/bid][v]3[/v][hwid] [/hwid][t] [/t][status] [/status] Mode 9 .exe ut.bat set fl="%s" start "" %%fl%% -%s del /q %%fl%% if exist %%fl%% goto dl del /q %%0 open upd.bat upd.tmp set fl="%s" del /q %%fl%% if exist %%fl%% goto dl move /y "%s" %%fl%% start "" %%fl%% del /q %%0 http://smart.cloudnetwork.kz/ http://static.apiinformation.kz/ http://secure.jscontentmaker.kz/ http://secure.jsc0nten1maker.com/ http://static.apiinformationsec.com/ http://mel.cloudcontentsmak.com/ http://nicru.supermicrotransapi.ru/ http://tel.jsapisettings.kz/ http://js.securetopdevelopment.kz/ http://noone.contentmakersbyakamai.ru/ QWERTYUIOPASDFGHJKLZXCVBNM1234567890782351167890 <?XML version="1.0"?><scriptlet><registration progid="%s"><script language="JScript">var r = new ActiveXObject("WScript.Shell").Run("\"%s\"");</script></registration></scriptlet> 010101 Spfuwbrf\Nidrpspfu\Xiodpwt\DusrfnuVfrtipn]Rvn kernel32.dll ws2_32.dll Error loading Socket interface (ws2_32.dll)! Advapi32.dll RegOpenKeyExW RegSetValueExW RegCloseKey RegQueryValueExW APPDATA .txt regsvr32.exe /s /n /u /i:" " scrobj.dll. 010101 Spfuwbrf\Nidrpspfu\Xiodpwt\DusrfnuVfrtipn]Rvn 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF %.*d en-US,en DVCLAL PACKAGEINFO PLATFORMTARGETS MAINICON Windows Server 2012 R2 Windows 8 Windows 8.1 Windows 10 %s.Seek not implemented The specified file was not found"%s (Version %d.%d, Build %d, %5:s):%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s) 32-bit Edition 64-bit Edition Windows Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 2000 Windows XP Windows Server 2003 Windows Server 2003 R2 Windows Server 2012 | 0 | 1553206044 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||||||
| 5c940df6-c5e0-47ef-8ace-1e8268f8e8cf | 282 | Support Tool | attachment | Screen Shot 2019-03-21 at 6.17.48 PM.png | 0 | 1553206774 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||||||
| 5c940e23-3990-460b-85d8-773e68f8e8cf | 282 | Support Tool | attachment | Screen Shot 2019-03-21 at 6.15.22 PM.png | 0 | 1553206819 | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||||||
| 5c9406a7-7c18-4ff1-b8d1-1a6468f8e8cf | 282 | Payload delivery | malware-sample | 2019-03-21-signed-bot-loader.vk.exe|0af6b85a08553f6dd67898a1e9446706 | 1 | 1553204903 | malware-sample | 5c9406a7-a3ec-4603-bb6c-1a6468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406a7-3560-46a3-a0a7-1a6468f8e8cf | 282 | Payload delivery | filename | 2019-03-21-signed-bot-loader.vk.exe | 0 | 1553204903 | filename | 5c9406a7-a3ec-4603-bb6c-1a6468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406a7-e450-446b-ae83-1a6468f8e8cf | 282 | Payload delivery | md5 | 0af6b85a08553f6dd67898a1e9446706 | 1 | 1553204903 | md5 | 5c9406a7-a3ec-4603-bb6c-1a6468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406a7-e3b8-41fc-863f-1a6468f8e8cf | 282 | Payload delivery | sha1 | 21b653ffb161a4e9e8dc4ebb3623a87b8436251c | 1 | 1553204903 | sha1 | 5c9406a7-a3ec-4603-bb6c-1a6468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406a7-4a64-4253-a686-1a6468f8e8cf | 282 | Payload delivery | sha256 | 1e30ddc39836f64fe2356848d603c00247f796dcc8a56652a5d2f431273427e6 | 1 | 1553204903 | sha256 | 5c9406a7-a3ec-4603-bb6c-1a6468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406a7-9eb4-4cea-8a96-1a6468f8e8cf | 282 | Other | size-in-bytes | 819520 | 0 | 1553204903 | size-in-bytes | 5c9406a7-a3ec-4603-bb6c-1a6468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406f5-15b8-450a-8cd9-157468f8e8cf | 282 | Payload delivery | malware-sample | 2019-03-21-signed-bot-loader.unpacked.vk.exe|4be8c7e61cf8880c56fb7623a0eb69dc | 1 | 1553204981 | malware-sample | 5c9406f5-97ac-428e-b69e-157468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406f5-6204-4787-8efc-157468f8e8cf | 282 | Payload delivery | filename | 2019-03-21-signed-bot-loader.unpacked.vk.exe | 0 | 1553204981 | filename | 5c9406f5-97ac-428e-b69e-157468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406f5-dcb8-4b0a-addd-157468f8e8cf | 282 | Payload delivery | md5 | 4be8c7e61cf8880c56fb7623a0eb69dc | 1 | 1553204981 | md5 | 5c9406f5-97ac-428e-b69e-157468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406f5-e150-49a3-8223-157468f8e8cf | 282 | Payload delivery | sha1 | d37c66ad0e179b1041d29e480b2dda0b787470ba | 1 | 1553204981 | sha1 | 5c9406f5-97ac-428e-b69e-157468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406f5-1da8-4869-97b3-157468f8e8cf | 282 | Payload delivery | sha256 | 7341dc8f3d2e4284667ebdd16eade3515f7fbf5b7829a462844fec1a67efd9ae | 1 | 1553204981 | sha256 | 5c9406f5-97ac-428e-b69e-157468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 | |||
| 5c9406f5-7b74-4208-a41d-157468f8e8cf | 282 | Other | size-in-bytes | 105472 | 0 | 1553204981 | size-in-bytes | 5c9406f5-97ac-428e-b69e-157468f8e8cf | file | file | 2019-03-21: Signed Delphi "Loader" Bot | VK-Intel | VK-Intel | 3 | Medium | 0 | 2019-03-21 | Malware: Generic,version: 3,CN = SILCROW DESIGN LTD,"Bot Started!","Error installing hook","Loader.exe",Delphi | 1553206869 |