Sample

Under Construction

Overview

Definition

A file sample ... samples are often represented using a SHA1, SHA256 or MD5 hash.
Usecase

Threat actors use malware for ...

Example

88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc is the SHA-256 hash of a malware binary used by the threat actor known as Black Basta.¹

Pivot Map

flowchart LR
    classDef secondary stroke-dasharray: 5 5

    %% define nodes
    IP_ADDRESS(IP Address)
    DOMAIN(Domain)
    SERVER(Server)
    SAMPLE(Sample)
    USER_AGENT(User Agent)
    SAMPLE_(Sample):::secondary

    %% define edges
    SERVER -- stores --> SAMPLE
    SAMPLE -- communicates --> SERVER
    SAMPLE -- references --> SERVER
    SAMPLE -- hash --> SAMPLE_
    SAMPLE -- code similarity --> SAMPLE_
    SAMPLE -- behavior --> SAMPLE_
    SAMPLE -- references --> DOMAIN
    SAMPLE -- references --> IP_ADDRESS
    SAMPLE -- uses --> USER_AGENT

Servers

Servers serving it

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In pretium libero libero, at rutrum libero finibus id. In sit amet maximus dui, sed rhoncus lectus. Donec a neque facilisis lacus vestibulum convallis eu et nibh. Vivamus non viverra sapien. Cras scelerisque sem eget sem luctus pulvinar.

Try it out

Shodan (URL)Shodan (API)Censys (URL)Censys (API)

TO DO

TO DO

TO DO

TO DO

#StopRansomware: Black Basta ↩