2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2016-03-21" ,
"extends_uuid" : "" ,
"info" : "OSINT - STOP SCANNING MY MACRO" ,
"publish_timestamp" : "1458581977" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1458581850" ,
"uuid" : "56f0302e-e494-494b-b012-42d7950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#004646" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "type:OSINT" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581592" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "56f03058-8564-4afc-bce3-4ace950d210f" ,
"value" : "FireEye Labs detected an interesting evasion strategy in two recent, large Dridex campaigns. These campaigns changed the attachment file-type and location of malicious logic in an attempt to avoid scanners."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581602" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03062-d6d4-4c13-aa02-468e950d210f" ,
"value" : "https://www.fireeye.com/blog/threat-research/2016/03/stop_scanning_mymac.html"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581624" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f03078-7514-43db-af07-4d66950d210f" ,
"value" : "858451ad73050bda48e5470abd2643ac"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581624" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f03078-4650-4fbf-92f5-4922950d210f" ,
"value" : "aff54d68cbf6ac8611fe89cd9f0dc2de"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581624" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f03078-8794-489e-ab48-4075950d210f" ,
"value" : "876d081e8b474a3c1ac57cf435e330cb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581625" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f03079-5ca8-41f6-be41-46df950d210f" ,
"value" : "d8eebe2a08fff86abd06ec94e8bdd165"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581625" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f03079-5dec-4fe9-aac4-479d950d210f" ,
"value" : "8c07b9337deda3c589d50e4ff3aadcd6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581625" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f03079-a4c4-471a-9c81-43b3950d210f" ,
"value" : "73c7bf49caa0d1bd37053b99a986ebe8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581626" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f0307a-f030-48bf-b212-4546950d210f" ,
"value" : "770fede93cc4220a371569daed2a4bc1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581626" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f0307a-a890-4d66-a26d-455a950d210f" ,
"value" : "5b7813105cf9ebccb46cf7e63a5a836d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581626" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f0307a-c1a4-4f4a-b5a7-4fc0950d210f" ,
"value" : "8f787ddedbaa8af3f6a73d0c6cd4e33e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581746" ,
"to_ids" : true ,
"type" : "email-attachment" ,
"uuid" : "56f03094-ea38-44b9-be1d-4b79950d210f" ,
"value" : "Invoice_GIINV02514_from_tip_top_delivery.rtf"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581665" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "56f030a1-a7dc-47b4-bc85-4bb8950d210f" ,
"value" : "parts.woodwardcounselinginc.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581693" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030bd-9368-4ab8-b4b0-481f950d210f" ,
"value" : "8840c20ac74281c0580e8637caf1edea"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581693" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030bd-7df0-4fb7-b858-4a23950d210f" ,
"value" : "800f90f29d13716eb1f7059fb84089ed"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581694" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030be-7d3c-4868-98f3-440a950d210f" ,
"value" : "7e74d5a3a20038fe0a66445eb76fa066"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581694" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030be-c334-4c0f-a9ae-4c62950d210f" ,
"value" : "7a4b7762f8db2438b4ad3d991864431d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581695" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030bf-f1a0-4cc0-b43e-43e2950d210f" ,
"value" : "74f9da1ce1ff900113ae7cb28b3eb56f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581695" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030bf-0664-4194-bb39-4874950d210f" ,
"value" : "6ccc678c3ec284fad015ed0eaa875733"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581695" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030bf-193c-45f5-a885-4fed950d210f" ,
"value" : "3ea5c225132f0d7423417b3c7ce98c7d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581695" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "56f030bf-31c4-4f80-8007-4ab8950d210f" ,
"value" : "33b2a2d98aca34b66de9a11b7ec2d951"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581713" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "56f030d1-5904-4f85-8080-4b68950d210f" ,
"value" : "house.nochildforgotten.org"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581736" ,
"to_ids" : true ,
"type" : "email-attachment" ,
"uuid" : "56f030e1-4bc0-4463-9a0f-4aa3950d210f" ,
"value" : "IGINV51905.rtf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 33b2a2d98aca34b66de9a11b7ec2d951" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581782" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03116-e580-4803-91f7-4c2302de0b81" ,
"value" : "fb36a810bf9a543384cb23b103394aad380548f871297f6a580773c138c8f8c8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 33b2a2d98aca34b66de9a11b7ec2d951" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581783" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03117-3234-41d0-9d7e-495402de0b81" ,
"value" : "4ca1f37cb52c33b9678d499ed8b6a37b8577a680"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581783" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03117-6aa4-4140-92de-40c102de0b81" ,
"value" : "https://www.virustotal.com/file/fb36a810bf9a543384cb23b103394aad380548f871297f6a580773c138c8f8c8/analysis/1458552924/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 3ea5c225132f0d7423417b3c7ce98c7d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581783" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03117-324c-400a-bd86-4c1002de0b81" ,
"value" : "cccbd3f2d121575290c19304faf1abeac1a3bbf4c1ad4af0c34479c95006ac5e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 3ea5c225132f0d7423417b3c7ce98c7d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581784" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03118-c954-4830-bfe2-4e2002de0b81" ,
"value" : "28f463492c3d5683405ac76fce2e43f2a2ae58db"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581784" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03118-0468-48ac-9571-43aa02de0b81" ,
"value" : "https://www.virustotal.com/file/cccbd3f2d121575290c19304faf1abeac1a3bbf4c1ad4af0c34479c95006ac5e/analysis/1458544469/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 6ccc678c3ec284fad015ed0eaa875733" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581784" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03118-7e30-47c8-9c66-48ef02de0b81" ,
"value" : "cbec8323a70876fa9d2261ed2a81cc3917c45c516e14cd24600fdc062bcf0889"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 6ccc678c3ec284fad015ed0eaa875733" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581784" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03118-2ffc-4c44-b133-406a02de0b81" ,
"value" : "585e82ec384cce5f329bbe6d917946723845da91"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581785" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03119-8dbc-41f3-a54d-47b102de0b81" ,
"value" : "https://www.virustotal.com/file/cbec8323a70876fa9d2261ed2a81cc3917c45c516e14cd24600fdc062bcf0889/analysis/1458424209/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 74f9da1ce1ff900113ae7cb28b3eb56f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581785" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03119-b7c4-4c29-80e1-4bc702de0b81" ,
"value" : "fe523db2e1b86127d21cd9b3476ba7b1b0cee35bbaa8965841fce71ed54eb576"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 74f9da1ce1ff900113ae7cb28b3eb56f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581785" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03119-bb00-4100-a128-45a202de0b81" ,
"value" : "9aa3cb387006af303e43b564140fd2bd302f83d4"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581786" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f0311a-17cc-4844-88bc-437f02de0b81" ,
"value" : "https://www.virustotal.com/file/fe523db2e1b86127d21cd9b3476ba7b1b0cee35bbaa8965841fce71ed54eb576/analysis/1458537966/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 7a4b7762f8db2438b4ad3d991864431d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581786" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f0311a-d55c-438e-8b49-44eb02de0b81" ,
"value" : "2c7c3650f85a6ec5fab51078318cbeb2781305e5713df98e2ed3b0dd689d0bda"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 7a4b7762f8db2438b4ad3d991864431d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581786" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f0311a-37c4-468f-9805-460802de0b81" ,
"value" : "333e2815f05401ea4d365b7b8052aca7ffa92861"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581787" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f0311b-22d8-4b20-9edc-459702de0b81" ,
"value" : "https://www.virustotal.com/file/2c7c3650f85a6ec5fab51078318cbeb2781305e5713df98e2ed3b0dd689d0bda/analysis/1458454881/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 7e74d5a3a20038fe0a66445eb76fa066" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581787" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f0311b-3690-48dc-992f-47f202de0b81" ,
"value" : "28e80edc15b3bebac008a4cdb030603e1477d20b7814cea491fc8506b9388c1c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 7e74d5a3a20038fe0a66445eb76fa066" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581787" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f0311b-d7d4-4101-9f0a-4eef02de0b81" ,
"value" : "747cb0aaa3c48d2b1e46b2e36027ebe55681218b"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581788" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f0311c-cc34-4132-ab1e-4eb902de0b81" ,
"value" : "https://www.virustotal.com/file/28e80edc15b3bebac008a4cdb030603e1477d20b7814cea491fc8506b9388c1c/analysis/1458468781/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 800f90f29d13716eb1f7059fb84089ed" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581788" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f0311c-8d54-43d2-a1f2-466402de0b81" ,
"value" : "81ec6bc642130d1f5f9882a4cef9256636f543d46da759081bcf8886f13394ff"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 800f90f29d13716eb1f7059fb84089ed" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581788" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f0311c-a69c-4368-af80-4bac02de0b81" ,
"value" : "5bf90ec91adba8c2684c3e31c1bd0ddfe2a9397b"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581789" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f0311d-bd54-4f90-836d-489202de0b81" ,
"value" : "https://www.virustotal.com/file/81ec6bc642130d1f5f9882a4cef9256636f543d46da759081bcf8886f13394ff/analysis/1458424210/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 8840c20ac74281c0580e8637caf1edea" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581789" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f0311d-b0d0-4c28-a75a-40f602de0b81" ,
"value" : "b1088ada9a80ae8a5bfa6a54994573afaee16cecec1fcafdcca877d182ba088f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "IMAGINiT campaign - Xchecked via VT: 8840c20ac74281c0580e8637caf1edea" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581789" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f0311d-a360-4732-ae42-466b02de0b81" ,
"value" : "f577ff9b4c62b784d04cb3a22d733f07ec195881"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581790" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f0311e-1a20-46b0-bf9b-4ab502de0b81" ,
"value" : "https://www.virustotal.com/file/b1088ada9a80ae8a5bfa6a54994573afaee16cecec1fcafdcca877d182ba088f/analysis/1458547416/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 8f787ddedbaa8af3f6a73d0c6cd4e33e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581790" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f0311e-3bec-4ea9-a949-4f2002de0b81" ,
"value" : "e5ccec9d24b4d518de6c6722c1c72b6b23b3bb4ddddfc03a2b9a5630702e59c0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 8f787ddedbaa8af3f6a73d0c6cd4e33e" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581790" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f0311e-cdb8-4e97-8352-4acc02de0b81" ,
"value" : "20fb89ae7ec81f28dc5fd29a5664d257150a7f7c"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581791" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f0311f-03fc-4a48-b5a6-4cfb02de0b81" ,
"value" : "https://www.virustotal.com/file/e5ccec9d24b4d518de6c6722c1c72b6b23b3bb4ddddfc03a2b9a5630702e59c0/analysis/1458424207/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 5b7813105cf9ebccb46cf7e63a5a836d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581791" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f0311f-932c-4f37-b1e7-4fa802de0b81" ,
"value" : "7a1df6c77168f06b06df8e53120d3a5c0c465d6319d42fc95dcc08593a4d1108"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 5b7813105cf9ebccb46cf7e63a5a836d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581791" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f0311f-8930-42de-8706-46c702de0b81" ,
"value" : "5d38822aa1ce863eb260e38684a781a13ccd450c"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581792" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03120-b2ac-4451-9d81-485102de0b81" ,
"value" : "https://www.virustotal.com/file/7a1df6c77168f06b06df8e53120d3a5c0c465d6319d42fc95dcc08593a4d1108/analysis/1458577767/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 770fede93cc4220a371569daed2a4bc1" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581792" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03120-a018-434b-8970-420e02de0b81" ,
"value" : "cd9fdb4c3a7b647bda3aec1b5afa2e7b9e2fbdb49ee833e56f7cd8104bba3547"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 770fede93cc4220a371569daed2a4bc1" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581792" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03120-f604-4c60-af93-4b3f02de0b81" ,
"value" : "681cb976de29f799c037e11c030d28dd490b04e4"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581792" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03120-16e0-48b2-abba-4eb702de0b81" ,
"value" : "https://www.virustotal.com/file/cd9fdb4c3a7b647bda3aec1b5afa2e7b9e2fbdb49ee833e56f7cd8104bba3547/analysis/1458424507/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: d8eebe2a08fff86abd06ec94e8bdd165" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581793" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03121-84f4-48ca-ab99-475b02de0b81" ,
"value" : "aa74d7d58b474d4fe9cd92826093c8c7af080452f19165c501fb0925ed8b2920"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: d8eebe2a08fff86abd06ec94e8bdd165" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581793" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03121-0ec0-42f9-a7a9-42b702de0b81" ,
"value" : "745f519e41610bd5a89edb1359ced486474cca7f"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581793" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03121-31bc-44d1-8270-4cb902de0b81" ,
"value" : "https://www.virustotal.com/file/aa74d7d58b474d4fe9cd92826093c8c7af080452f19165c501fb0925ed8b2920/analysis/1458473661/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 876d081e8b474a3c1ac57cf435e330cb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581794" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03122-3824-4a64-8802-408d02de0b81" ,
"value" : "ed603ed10f71e2eb33d77bc4ef32ba8d00b410610b92df9bda4659a4eacc2a79"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: 876d081e8b474a3c1ac57cf435e330cb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581794" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03122-3c30-40bd-bf7a-4f1002de0b81" ,
"value" : "d50e97f803ef65e6f0ff136d81dba2c396287567"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581794" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03122-1260-43f2-8ba9-483e02de0b81" ,
"value" : "https://www.virustotal.com/file/ed603ed10f71e2eb33d77bc4ef32ba8d00b410610b92df9bda4659a4eacc2a79/analysis/1458580699/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: aff54d68cbf6ac8611fe89cd9f0dc2de" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581795" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "56f03123-1744-4203-80e7-42b502de0b81" ,
"value" : "7f1548c7549c6a452d95ae9ed821f83e29a1ca9a225a3f7294c0d58f204b5d41"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Tip Top Delivery campaign - Xchecked via VT: aff54d68cbf6ac8611fe89cd9f0dc2de" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581795" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "56f03123-7fc8-4e21-8e46-456402de0b81" ,
"value" : "f83f899e5e12f610cb932014c1d05096cf5c7144"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581795" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "56f03123-fbc0-42ad-8b1c-4e1302de0b81" ,
"value" : "https://www.virustotal.com/file/7f1548c7549c6a452d95ae9ed821f83e29a1ca9a225a3f7294c0d58f204b5d41/analysis/1458579160/"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581850" ,
"to_ids" : true ,
"type" : "pattern-in-file" ,
"uuid" : "56f0315a-4820-4860-9a00-4c79950d210f" ,
"value" : "<wx:uiName wx:val=\"\u00d0\u017e\u00d1\u0081\u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d0\u00bd\u00d0\u00be\u00d0\u00b9 \u00d1\u02c6\u00d1\u20ac\u00d0\u00b8\u00d1\u201e\u00d1\u201a \u00d0\u00b0\u00d0\u00b1\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b0\"/>"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581850" ,
"to_ids" : true ,
"type" : "pattern-in-file" ,
"uuid" : "56f0315a-bf78-42bb-9d6c-4e36950d210f" ,
"value" : "<wx:uiName wx:val=\"\u00d0\u017e\u00d0\u00b1\u00d1\u2039\u00d1\u2021\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d1\u201a\u00d0\u00b0\u00d0\u00b1\u00d0\u00bb\u00d0\u00b8\u00d1\u2020\u00d0\u00b0\"/>"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581850" ,
"to_ids" : true ,
"type" : "pattern-in-file" ,
"uuid" : "56f0315a-ef1c-4929-be90-4d1c950d210f" ,
"value" : "<wx:uiName wx:val=\"\u00d0\u009d\u00d0\u00b5\u00d1\u201a \u00d1\u0081\u00d0\u00bf\u00d0\u00b8\u00d1\u0081\u00d0\u00ba\u00d0\u00b0\"/>"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1458581851" ,
"to_ids" : true ,
"type" : "pattern-in-file" ,
"uuid" : "56f0315b-2cd8-4fdc-b80a-4ca8950d210f" ,
"value" : "<o:LastAuthor>\u00d0\u00bf\u00d0\u00b0\u00d0\u00b2\u00d1\u0192\u00d0\u00b2\u00d0\u00b0\u00d1\u2039\u00d0\u00b2\u00d0\u00b0</o:LastAuthor>"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}