{ "Event": { "id": "750", "orgc_id": "2", "org_id": "2", "date": "2014-12-10", "threat_level_id": "1", "info": "OSINT - F-Secure W32/Regin, Stage #1", "published": true, "uuid": "54884656-2da8-4625-bf07-43ef950d210b", "attribute_count": "39", "analysis": "2", "timestamp": "1418217625", "distribution": "3", "proposal_email_lock": false, "locked": false, "publish_timestamp": "1418217647", "sharing_group_id": "0", "Galaxy": [], "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Attribute": [ { "id": "96642", "type": "filename", "category": "Artifacts dropped", "to_ids": false, "uuid": "54884832-f2a8-46ff-be58-1ac6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217522", "comment": "", "sharing_group_id": "0", "value": "abiosdsk.sys", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" } ] }, { "id": "96643", "type": "filename", "category": "Artifacts dropped", "to_ids": false, "uuid": "54884832-2608-4fe6-959e-1ac6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217522", "comment": "", "sharing_group_id": "0", "value": "ser8uart.sys", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" } ] }, { "id": "96644", "type": "filename", "category": "Artifacts dropped", "to_ids": false, "uuid": "54884832-93a4-4fb0-aeba-1ac6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217522", "comment": "", "sharing_group_id": "0", "value": "usbclass.sys", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96645", "type": "filename", "category": "Artifacts dropped", "to_ids": false, "uuid": "54884832-983c-4e4c-a692-1ac6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217522", "comment": "", "sharing_group_id": "0", "value": "pcidump.sys", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96646", "type": "filename", "category": "Artifacts dropped", "to_ids": false, "uuid": "54884832-5134-460e-bea2-1ac6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217522", "comment": "", "sharing_group_id": "0", "value": "atdisk.sys", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96647", "type": "filename", "category": "Artifacts dropped", "to_ids": false, "uuid": "54884832-6fb4-4c63-937c-1ac6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217522", "comment": "", "sharing_group_id": "0", "value": "rdpmdd.sys", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96648", "type": "regkey", "category": "Artifacts dropped", "to_ids": true, "uuid": "5488486c-a044-4c31-830c-15ba950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217580", "comment": "", "sharing_group_id": "0", "value": "HKLM\\System\\CurrentControlSet\\Control\\", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96649", "type": "regkey", "category": "Artifacts dropped", "to_ids": true, "uuid": "5488486c-47ec-4952-8e60-15ba950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217580", "comment": "", "sharing_group_id": "0", "value": "Class\\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96650", "type": "regkey", "category": "Artifacts dropped", "to_ids": true, "uuid": "5488486c-1418-4624-b87c-15ba950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217580", "comment": "", "sharing_group_id": "0", "value": "Class\\{4F20E605-9452-4787-B793-D0204917CA58}", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96614", "type": "link", "category": "External analysis", "to_ids": false, "uuid": "5488466a-f0d0-4b58-89a5-15bc950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217066", "comment": "", "sharing_group_id": "0", "value": "https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96652", "type": "text", "category": "Other", "to_ids": false, "uuid": "54884899-35b8-48a3-9da2-15c6950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217625", "comment": "", "sharing_group_id": "0", "value": "Regin", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2824", "org_id": "2", "info": "OSINT: An analysis of Regin’s Hopscotch and Legspin" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "833", "org_id": "2", "info": "OSINT - An analysis of Regin's Hopscotch and Legspin" }, { "id": "759", "org_id": "26", "info": "OSINT F-Secure W64/Regin, Stage #1" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "726", "org_id": "2", "info": "Regin fake certificates thumbprints" }, { "id": "715", "org_id": "26", "info": "OSINT Regin samples shared by VirusShare" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "700", "org_id": "2", "info": "Regin Yara rules" }, { "id": "699", "org_id": "2", "info": "OSINT - The Regin Espionage Toolkit" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96615", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d8-9db0-4df6-8206-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217432", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "26297dc3cd0b688de3b846983c5385e5", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" } ] }, { "id": "96616", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d8-05f8-49e7-af79-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217432", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "47d0e8f9d7a6429920329207a32ecc2e", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "715", "org_id": "26", "info": "OSINT Regin samples shared by VirusShare" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" } ] }, { "id": "96617", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d8-a33c-41f3-9f7a-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217432", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "01c2f321b6bfdb9473c079b0797567ba", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" } ] }, { "id": "96618", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d8-c950-48eb-b960-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217432", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "4b6b86c7fec1c574706cecedf44abded", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96619", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d8-01e0-4231-a739-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217432", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "744c07e886497f7b68f6f7fe57b7ab54", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "715", "org_id": "26", "info": "OSINT Regin samples shared by VirusShare" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" } ] }, { "id": "96620", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d8-3fbc-4a06-ba82-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217432", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "2c8b9d2885543d7ade3cae98225e263b", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96621", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-8b18-4654-9766-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "f3ffc2aaaa1e2ab55ec26ff098653347", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96622", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-3b28-449e-b527-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "e94393561901895cb0783edc34740fd4", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96623", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-e6fc-4b93-a773-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "bfbe8c3ee78750c3a520480700e440f8", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96624", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-fd54-4e49-909b-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "89003e9a1ae635c97ebad07aebc67f00", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96625", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-b63c-4c95-a2bd-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "1800def71006ca6790767e202fae9b9a", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96626", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-1404-4331-ae3c-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "90fecc6a89b2e22d82d58878d93477d4", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96627", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-4020-41da-b5f3-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "db405ad775ac887a337b02ea8b07fddc", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" } ] }, { "id": "96628", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-a564-4178-b8e6-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "6662c390b2bbbd291ec7987388fc75d7", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96629", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-39dc-4247-b23d-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "06665b96e293b23acc80451abb413e50", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96630", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-6340-44a0-8f33-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "ffb0b9b5b610191051a7bdf0806e1e47", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96631", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847d9-afe0-4531-a4b0-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217433", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "187044596bc1328efa0ed636d8aa4a5c", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96632", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-ac78-474c-86fe-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "b29ca4f22ae7b7b25f79c1d4a421139d", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "715", "org_id": "26", "info": "OSINT Regin samples shared by VirusShare" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96633", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-49c0-404d-ae42-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "d240f06e98c8d3e647cbf4d442d79475", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96634", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-2134-43d7-ba22-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "8fcf4e53ece6111758a1dd3139dc7cad", "SharingGroup": [], "ShadowAttribute": [] }, { "id": "96635", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-71ec-4b2b-bae5-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "148c1bb9d405d717252c77593aff4bd8", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" } ] }, { "id": "96636", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-3e40-4ab2-a5eb-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "1c024e599ac055312a4ab75b3950040a", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96637", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-c2d0-4d24-821e-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "b269894f434657db2b15949641a67532", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "715", "org_id": "26", "info": "OSINT Regin samples shared by VirusShare" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96638", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-9798-4b6d-b422-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "ba7bb65634ce1e30c1e5415be3d1db1d", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96639", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-ffe4-4a90-9f2a-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "22bfc970f707fd775d49e875b63c2f0c", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" } ] }, { "id": "96640", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847da-1660-4562-a1f8-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217434", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "b505d65721bb2453d5039a389113b566", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "2825", "org_id": "2", "info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS" }, { "id": "2006", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec" }, { "id": "730", "org_id": "26", "info": "Regin Scanner" }, { "id": "714", "org_id": "3", "info": "Script to detect Regin VFS" }, { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" }, { "id": "709", "org_id": "2", "info": "OSINT - Regin: Nation-state ownage of GSM networks" }, { "id": "697", "org_id": "2", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance" } ] }, { "id": "96641", "type": "md5", "category": "Payload installation", "to_ids": true, "uuid": "548847db-060c-4275-a0c7-15bb950d210b", "event_id": "750", "distribution": "3", "timestamp": "1418217435", "comment": "Regin samples collected.", "sharing_group_id": "0", "value": "049436bb90f71cf38549817d9b90e2da", "SharingGroup": [], "ShadowAttribute": [], "RelatedAttribute": [ { "id": "710", "org_id": "26", "info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept" } ] } ], "ShadowAttribute": [], "RelatedEvent": [ { "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Event": [ { "id": "2006", "date": "2015-08-27", "threat_level_id": "1", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec", "published": true, "uuid": "55df7369-7d68-428b-aa03-4f5d950d210b", "analysis": "2", "timestamp": "1440752388", "distribution": "3", "org_id": "2", "orgc_id": "2" } ] }, { "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Event": [ { "id": "833", "date": "2015-01-22", "threat_level_id": "1", "info": "OSINT - An analysis of Regin's Hopscotch and Legspin", "published": true, "uuid": "54c0ce92-9d00-42b7-8cfc-f03f950d210b", "analysis": "2", "timestamp": "1422266910", "distribution": "3", "org_id": "2", "orgc_id": "2" } ] }, { "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Event": [ { "id": "697", "date": "2014-11-24", "threat_level_id": "1", "info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance", "published": true, "uuid": "5472cdc5-3e3c-47c9-a3b1-47be950d210b", "analysis": "2", "timestamp": "1416818985", "distribution": "3", "org_id": "2", "orgc_id": "2" } ] }, { "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Event": [ { "id": "699", "date": "2014-11-24", "threat_level_id": "1", "info": "OSINT - The Regin Espionage Toolkit", "published": true, "uuid": "5472fbd1-1a38-484a-b3f4-4502950d210b", "analysis": "2", "timestamp": "1416821880", "distribution": "3", "org_id": "2", "orgc_id": "2" } ] }, { "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Event": [ { "id": "700", "date": "2014-11-24", "threat_level_id": "1", "info": "Regin Yara rules", "published": true, "uuid": "5473051e-2db8-4467-b6d5-4b1d950d210b", "analysis": "1", "timestamp": "1417157341", "distribution": "3", "org_id": "2", "orgc_id": "2" } ] }, { "Org": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Orgc": { "id": "2", "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Event": [ { "id": "709", "date": "2014-11-24", "threat_level_id": "1", "info": "OSINT - Regin: Nation-state ownage of GSM networks", "published": true, "uuid": "5473429a-bc10-498d-a195-46e2950d2109", "analysis": "2", "timestamp": "1416843113", "distribution": "3", "org_id": "2", "orgc_id": "2" } ] } ], "Tag": [ { "id": "1", "name": "Type:OSINT", "colour": "#1eed40", "exportable": true } ] } }