e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1

Sample information


0

Antivirus detections

0

IDS alerts

0

Processes

0

Http events

0

Contacted hosts

0

DNS Requests


    Score

Current activity of this Sample

G0050 - APT32

https://attack.mitre.org/groups/G0050


Blacklist timeline

Decoy Document

Maltiverse

First seen: Thu Jul 11 2024 09:32:15 GMT+0000
Last seen: Thu Jul 11 2024 10:32:15 GMT+0000
Period: an hour
Hashes
Filename:
e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1
md5:
2d6b3b3e13600721fc9f398cd7df05ca
sha1:
536a59b70a79878c6b4f0548c096738181471c0e
sha256:
e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1

In depth details
Filetype:
application/vnd.openxmlformats-officedocument.wordprocessingml.document
Classification:
malicious

Dates
Indexed:
Thu Jul 11 2024 10:23:10 GMT+0000 (9 months ago)
Last modified:
Thu Jul 11 2024 10:32:16 GMT+0000 (9 months ago)

Developers can check API Specification here:

API Specification

Request:

          
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1

Request:

Alternatively you can use Maltiverse Python3 Library: 
          
import requests
import json

url = 'https://api.maltiverse.com/sample/e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1'
response = requests.get(url)
parsed = json.loads(response.text)
print(json.dumps(parsed, indent=4, sort_keys=True))

Request:

          
$url = 'https://api.maltiverse.com/sample/e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1'
$headers =  @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response

Response:

      
{
    "blacklist": [
        {
            "count": 1,
            "description": "Decoy Document",
            "external_references": [
                {
                    "description": "APT32",
                    "external_id": "G0050",
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0050"
                }
            ],
            "first_seen": "2024-07-11 10:32:15",
            "last_seen": "2024-07-11 10:32:15",
            "ref": [
                2
            ],
            "source": "Maltiverse"
        },
        {
            "count": 1,
            "description": "Generic.Malware",
            "first_seen": "2024-07-11 09:30:26",
            "labels": [
                "malicious-activity"
            ],
            "last_seen": "2024-07-11 09:30:26",
            "ref": [
                1
            ],
            "source": "MalwareBazaar Abuse.ch"
        }
    ],
    "classification": "malicious",
    "creation_time": "2024-07-11 10:23:10",
    "filename": [
        "e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1"
    ],
    "filetype": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
    "is_alive": false,
    "is_cdn": false,
    "is_cnc": false,
    "is_distributing_malware": false,
    "is_hosting": false,
    "is_iot_threat": false,
    "is_known_attacker": false,
    "is_known_scanner": false,
    "is_mining_pool": false,
    "is_open_proxy": false,
    "is_phishing": false,
    "is_sinkhole": false,
    "is_storing_phishing": false,
    "is_tor_node": false,
    "is_vpn_node": false,
    "md5": "2d6b3b3e13600721fc9f398cd7df05ca",
    "modification_time": "2024-07-11 10:32:16",
    "scoring_executed_time": "2025-02-16 07:24:11",
    "sha1": "536a59b70a79878c6b4f0548c096738181471c0e",
    "sha256": "e652d9d69aa49fd91e107888c1790067a757750c99223cddceeee2676cfbe6b1",
    "type": "sample"
}