adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5867a9dc-dde8-4877-b46f-42cc950d210f.json

1093 lines
459 KiB
JSON
Raw Permalink Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "1",
"date": "2016-12-31",
"extends_uuid": "",
"info": "OSINT - GRIZZLY STEPPE \u00e2\u20ac\u201c Additional expansion",
"publish_timestamp": "1483438068",
"published": true,
"threat_level_id": "3",
"timestamp": "1483371464",
"uuid": "5867a9dc-dde8-4877-b46f-42cc950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#12e000",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#006262",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "ecsirt:malicious-code=\"malware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "webshell found on an C2 server",
"data": "ICAgZGVmaW5lKCdNQUlOX0RJUicsICcuL2NvbmZpbmUvQ29ubmVjdGl2aXR5L0RldXRzY2hsYW5kLycpOwogZGVmaW5lKCdUQVNLU19ESVInLCAnLi9jb25maW5lL0Nvbm5lY3Rpdml0eS9EZXV0c2NobGFuZC9Jbm9kZS8nKTsKIGRlZmluZSgnRklMRVNfRElSJywgJy4vY29uZmluZS9Db25uZWN0aXZpdHkvRGV1dHNjaGxhbmQvTmVzc3VzLycpOwogZGVmaW5lKCdQQVNTJywgJzhiNmY5N2JkM2NkOWM4YzQyZjFlZTU4Mjc4Yjg0MmZlJyk7CiBkZWZpbmUoJ01BSU5fRklMRV9OQU1FJywgJ0RldXRzY2hsYW5kLnBuZycpOwogZGVmaW5lKCdGSUxFU19FWFRFTlNJT04nLCAnLnBuZycpOwogIGRlZmluZSgnTUFJTl9GSUxFX1BBVEgnLCBNQUlOX0RJUiAuIE1BSU5fRklMRV9OQU1FKTsKICAgZXJyb3JfcmVwb3J0aW5nKDApOwogICBjbGFzcyBUYXNrIHsKICAJdmFyICR0YXNrX2lkOwogCXZhciAkdGFza19kYXRhOwogCXZhciAkY3JlYXRlZF9hdDsKIAl2YXIgJGFuc3dlcl9kYXRhOwogCXZhciAkY3VycmVudF9jaHVuazsKIAl2YXIgJHRvdGFsX2NodW5rczsKIAl2YXIgJGNvbXBsZXRlZDsKICAJZnVuY3Rpb24gX19jb25zdHJ1Y3QoJHRhc2tfdXVpZCkgewogCQkkdGhpcy0+c2V0X2RhdGEoJycpOwogCQkkdGhpcy0+dGFza19pZCA9ICR0YXNrX3V1aWQ7CiAJCSR0aGlzLT5jdXJyZW50X2NodW5rID0gMDsKIAkJJHRoaXMtPnRvdGFsX2NodW5rcyA9IDA7CiAJfQogIAlmdW5jdGlvbiBfX3NsZWVwKCkgewogIAkJaWYgKCEkdGhpcy0+dGFza19kYXRhICYmICEkdGhpcy0+YW5zd2VyX2RhdGEpIHsKIAkJCXJldHVybjsKIAkJfQogIAkJJGZpbGVuYW1lID0gVEFTS1NfRElSLiR0aGlzLT50YXNrX2lkLkZJTEVTX0VYVEVOU0lPTjsKIAkJJGRhdGFbJ3Rhc2tfZGF0YSddID0gJHRoaXMtPnRhc2tfZGF0YTsKIAkJJGRhdGFbJ2Fuc3dlcl9kYXRhJ10gPSAkdGhpcy0+YW5zd2VyX2RhdGE7CiAJCSRkYXRhWydjdXJyZW50X2NodW5rJ10gPSAkdGhpcy0+Y3VycmVudF9jaHVuazsKIAkJJGRhdGFbJ3RvdGFsX2NodW5rcyddID0gJHRoaXMtPnRvdGFsX2NodW5rczsKIAkJZmlsZV9wdXRfY29udGVudHMoJGZpbGVuYW1lLCBzZXJpYWxpemUoJGRhdGEpKTsKIAkJcmV0dXJuIGFycmF5KCd0YXNrX2lkJywgJ2NyZWF0ZWRfYXQnLCAnY29tcGxldGVkJyk7CiAJfQogIAlmdW5jdGlvbiBfX3dha2V1cCgpIHsKIAkJJGZpbGVuYW1lID0gVEFTS1NfRElSLiR0aGlzLT50YXNrX2lkLkZJTEVTX0VYVEVOU0lPTjsKIAkJaWYgKGZpbGVfZXhpc3RzKCRmaWxlbmFtZSkpIHsKIAkJCSRkYXRhID0gdW5zZXJpYWxpemUoZmlsZV9nZXRfY29udGVudHMoJGZpbGVuYW1lKSk7CiAJCQkkdGhpcy0+dGFza19kYXRhID0gJGRhdGFbJ3Rhc2tfZGF0YSddOwogCQkJJHRoaXMtPmFuc3dlcl9kYXRhID0gJGRhdGFbJ2Fuc3dlcl9kYXRhJ107CiAJCQkkdGhpcy0+Y3VycmVudF9jaHVuayA9ICRkYXRhWydjdXJyZW50X2NodW5rJ107CiAJCQkkdGhpcy0+dG90YWxfY2h1bmtzID0gJGRhdGFbJ3RvdGFsX2NodW5rcyddOwogCQl9CiAJfQogIAlmdW5jdGlvbiBfX3RvU3RyaW5nKCkgewogCQlyZXR1cm4gJHRoaXMtPnRhc2tfaWQ7CiAJfQogIAlwdWJsaWMgZnVuY3Rpb24gaXNfY29tcGxldGVkKCkgewogCQlyZXR1cm4gJHRoaXMtPmNvbXBsZXRlZDsKIAl9CiAgCXB1YmxpYyBmdW5jdGlvbiBzZXRfZGF0YSgkZGF0YSkgewogCQkkdGhpcy0+dGFza19kYXRhID0gJGRhdGE7CiAJCSR0aGlzLT5jcmVhdGVkX2F0ID0gdGltZSgpOwogCQkkdGhpcy0+YW5zd2VyX2RhdGEgPSBhcnJheSgpOwogCQkkdGhpcy0+Y29tcGxldGVkID0gZmFsc2U7CiAJCXJldHVybiAkdGhpcy0+dGFza19pZDsKIAl9CiAgCXB1YmxpYyBmdW5jdGlvbiBhcHBlbmRfYW5zd2VyKCRkYXRhLCAkY3VycmVudF9jaHVuaywgJHRvdGFsX2NodW5rcykgewogCQkkdGhpcy0+Y3VycmVudF9jaHVuayA9ICRjdXJyZW50X2NodW5rICsgMTsKIAkJJHRoaXMtPnRvdGFsX2NodW5rcyA9ICR0b3RhbF9jaHVua3M7CiAJCSR0aGlzLT5hbnN3ZXJfZGF0YVskY3VycmVudF9jaHVua10gPSAkZGF0YTsKIAl9CiAgfQogIGNsYXNzIENsaWVudCB7CiAgCXZhciAkdXVpZDsKIAl2YXIgJGNyZWF0ZWRfYXQ7CiAJdmFyICRsYXN0OwogCXZhciAkdGFza3M7CiAgCWZ1bmN0aW9uIF9fY29uc3RydWN0KCR1dWlkKSB7CiAJCSR0aGlzLT51dWlkID0gJHV1aWQ7CiAJCSR0aGlzLT5jcmVhdGVkX2F0ID0gdGltZSgpOwogCQkkdGhpcy0+cHJldl9sYXN0ID0gdGltZSgpOwogCQkkdGhpcy0+bGFzdCA9IHRpbWUoKTsKIAkJJHRoaXMtPnRhc2tzID0gYXJyYXkoKTsKIAl9CiAgCWZ1bmN0aW9uIF9fc2xlZXAoKSB7CiAgCQlyZXR1cm4gYXJyYXkoJ3V1aWQnLCAnY3JlYXRlZF9hdCcsICdwcmV2X2xhc3QnLCAnbGFzdCcsICd0YXNrcycpOwogCX0KICAJZnVuY3Rpb24gX193YWtldXAoKSB7CiAJCSR0aGlzLT50YXNrcyA9IGFycmF5X3ZhbHVlcygkdGhpcy0+dGFza3MpOwogIAl9CiAgCXB1YmxpYyBmdW5jdGlvbiBzZWFyY2hfdGFzaygkdGFza19pZCkgewogCQlmb3JlYWNoICgkdGhpcy0+dGFza3MgYXMgJHRhc2spIHsKIAkJCWlmICgkdGFzay0+dGFza19pZCA9PSAkdGFza19pZCkgewogCQkJCXJldHVybiAkdGFzazsKIAkJCX0KIAkJfQogCQlyZXR1cm4gZmFsc2U7CiAJfQogIAlwdWJsaWMgZnVuY3Rpb24gdXVpZCgpIHsKIAkJcmV0dXJuICR0aGlzLT51dWlkOwogCX0KICAJcHVibGljIGZ1bmN0aW9uIHBpbmcoKSB7CiAJCSR0aGlzLT5wcmV2X2xhc3QgPSAkdGhpcy0+bGFzdDsKIAkJJHRoaXMtPmxhc3QgPSB0aW1lKCk7CiAJCSR0YXNrc190b193b3JrID0gYXJyYXkoKTsKIAkJZm9yZWFjaCgkdGhpcy0+dGFza3MgYXMgJHRhc2spIHsKIAkJCWlmKCR0YXNrICYmICEkdGFzay0+aXNfY29tcGxldGVkKCkpIHsKIAkJCQlhcnJheV9wdXNoKCR0YXNrc190b193b3JrLCBhcnJheSgndGFza19pZCcgPT4gJHRhc2stPnRhc2tfaWQsICd0YXNrX2RhdGEnID0+ICR0YXNrLT50YXNrX2RhdGEpKTsKIAkJCX0KIAkJfQogCQlyZXR1cm4gYXJyYXkoJ3Rhc2tzJyA9PiAkdGFza3NfdG9fd29yay
"deleted": false,
"disable_correlation": false,
"timestamp": "1483371555",
"to_ids": false,
"type": "attachment",
"uuid": "586a7423-3470-4ce5-a56d-1239538826be",
"value": "smokeping3b-attack.php"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188714",
"to_ids": false,
"type": "link",
"uuid": "5867a9ea-679c-4cc7-b729-4e9f950d210f",
"value": "http://pastebin.com/raw/gxq0FMsU"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188923",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabb-08e0-4ff3-8987-4c28950d210f",
"value": "55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188923",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabb-51b4-4423-b360-44bc950d210f",
"value": "3367623638d42bdc1c45c44cb1843c00b510814170bc4e5da61eba2ddb212672"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188924",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabc-3e7c-4dfa-8c70-40ce950d210f",
"value": "da9f2804b16b369156e1b629ad3d2aac79326b94284e43c7b8355f3db71912b8"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188925",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabd-2bc4-40e4-abd2-4574950d210f",
"value": "972866536f195079071d23b9f8ec90eb32ae3aa493d8cdf5ad34b85dec1a0775"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188926",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabe-05f8-4f84-b473-462d950d210f",
"value": "d285115e97c02063836f1cf8f91669c114052727c39bf4bd3c062ad5b3509e38"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188927",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabf-09e4-4bde-ba43-46e2950d210f",
"value": "1025f33ff026495d7f7fdb527e127e2b7780d9d28cb1e7912a9be84f38ba858e"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188927",
"to_ids": true,
"type": "sha256",
"uuid": "5867aabf-1cc8-4337-9149-4cda950d210f",
"value": "b8313a966f93f773b031d386afe56792fe1edb0ffd1bc07a9ae72cec48e0d6f1"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188928",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac0-292c-445a-9f0d-419c950d210f",
"value": "324eafb0da0943d2f83be775bfb58646765712642a4ed1ece1a27eeec65ad086"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188929",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac1-e534-40a9-8f8f-494a950d210f",
"value": "edd14d44423bfd37f213906fbd3057f793e71cad5b11832375c98a421621d1d0"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188929",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac1-921c-4a4f-a662-40c0950d210f",
"value": "64ad97ddebc2f0e95b03b56cb2fff1c2c494d2c417c84572be09ae5794638f19"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188930",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac2-f4a0-4d76-8691-48ee950d210f",
"value": "cec64faea1a318d599039d5d84bd73939e88814fbbbacd0b36c7372ab2415ddb"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188930",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac2-ed84-4af7-acad-4b2a950d210f",
"value": "0fb3367b73539f37ce4c28287ea6587cc846f70723f1fad3793704f8d8adb6e6"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188931",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac3-6e80-433a-91b3-4f15950d210f",
"value": "7b28b9b85f9943342787bae1c92cab39c01f9d82b99eb8628abc638afd9eddaf"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188932",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac4-9b2c-41cd-b2b0-4222950d210f",
"value": "9eaed1ce36dfac5ced34b5205b8e21dc49d328177336c0b0c9aee89760a45422"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188932",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac4-1264-42fd-859e-4841950d210f",
"value": "7c3ddada48fbd31ee2cf3ecd9ed1ec73a9bdb9881ccbbeaa7bfbc43b315af501"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188933",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac5-1b88-42ae-805d-40a4950d210f",
"value": "9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188934",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac6-f56c-4213-b3f8-4585950d210f",
"value": "bbe4ea94d637978719a16cb49ad7a5e15bf30e81c9dd6c7c17a4139184dabf3b"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188934",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac6-f834-4883-86bf-49f4950d210f",
"value": "4b67a97f89b92a25dfd52e369a363a877b3cb146fd0e18e8d638a04e52f9764b"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188935",
"to_ids": true,
"type": "sha256",
"uuid": "5867aac7-95c0-462e-bc38-47f3950d210f",
"value": "31d8af71cbe74194b58a89f17109c44b81f45ea724719b0556bb46c9e1f04288"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188975",
"to_ids": true,
"type": "sha256",
"uuid": "5867aaef-e408-43a9-a5c6-4bb0950d210f",
"value": "043d24f7635ddd2d90a804f1b2f3248d44ec19073af8e0c76cd49a172330985d"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188975",
"to_ids": true,
"type": "sha256",
"uuid": "5867aaef-416c-45e6-9f42-49be950d210f",
"value": "ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483188992",
"to_ids": false,
"type": "link",
"uuid": "5867ab00-a5fc-4109-95e5-477a950d210f",
"value": "https://twitter.com/cyb3rops/status/814769499555659776"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189054",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab3e-d314-452e-9571-437202de0b81",
"value": "9cb7716d83c0d06ab356bdfa52def1af64bc5210"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189054",
"to_ids": true,
"type": "md5",
"uuid": "5867ab3e-201c-47d1-8679-463a02de0b81",
"value": "81f1af277010cb78755f08dfcc379ca6"
},
{
"category": "External analysis",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189055",
"to_ids": false,
"type": "link",
"uuid": "5867ab3f-5450-4736-9af6-466902de0b81",
"value": "https://www.virustotal.com/file/ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8e/analysis/1483145855/"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: 043d24f7635ddd2d90a804f1b2f3248d44ec19073af8e0c76cd49a172330985d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189056",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab40-b8e0-43b2-a07a-4c9902de0b81",
"value": "541d3721705aee0925488a3c2bc4155d1bc07644"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: 043d24f7635ddd2d90a804f1b2f3248d44ec19073af8e0c76cd49a172330985d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189056",
"to_ids": true,
"type": "md5",
"uuid": "5867ab40-df2c-4b8b-a450-42a702de0b81",
"value": "c6ba492461f9e437e66b920b0418971d"
},
{
"category": "External analysis",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: 043d24f7635ddd2d90a804f1b2f3248d44ec19073af8e0c76cd49a172330985d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189057",
"to_ids": false,
"type": "link",
"uuid": "5867ab41-ef38-4409-a401-434502de0b81",
"value": "https://www.virustotal.com/file/043d24f7635ddd2d90a804f1b2f3248d44ec19073af8e0c76cd49a172330985d/analysis/1482735244/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 31d8af71cbe74194b58a89f17109c44b81f45ea724719b0556bb46c9e1f04288",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189057",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab41-18ec-4589-8c03-468e02de0b81",
"value": "5e8d0fb775779f42c58f10e1e805d31b094d318a"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 31d8af71cbe74194b58a89f17109c44b81f45ea724719b0556bb46c9e1f04288",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189058",
"to_ids": true,
"type": "md5",
"uuid": "5867ab42-0f20-42e5-b3a1-45d702de0b81",
"value": "e9e50ac57bd6972ac0bc8a4d207c9be8"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 31d8af71cbe74194b58a89f17109c44b81f45ea724719b0556bb46c9e1f04288",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189059",
"to_ids": false,
"type": "link",
"uuid": "5867ab43-eca4-4951-86b7-4b6b02de0b81",
"value": "https://www.virustotal.com/file/31d8af71cbe74194b58a89f17109c44b81f45ea724719b0556bb46c9e1f04288/analysis/1479291303/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 4b67a97f89b92a25dfd52e369a363a877b3cb146fd0e18e8d638a04e52f9764b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189059",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab43-6134-4a87-8706-4c8702de0b81",
"value": "1b1d2b405b5822cad009ca78a06508d1f904e04d"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 4b67a97f89b92a25dfd52e369a363a877b3cb146fd0e18e8d638a04e52f9764b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189060",
"to_ids": true,
"type": "md5",
"uuid": "5867ab44-3338-4e84-ac8c-454102de0b81",
"value": "cf234fc1428c1c373329ef8968f15a18"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 4b67a97f89b92a25dfd52e369a363a877b3cb146fd0e18e8d638a04e52f9764b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189060",
"to_ids": false,
"type": "link",
"uuid": "5867ab44-0f7c-4a97-af10-4c3702de0b81",
"value": "https://www.virustotal.com/file/4b67a97f89b92a25dfd52e369a363a877b3cb146fd0e18e8d638a04e52f9764b/analysis/1477574567/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: bbe4ea94d637978719a16cb49ad7a5e15bf30e81c9dd6c7c17a4139184dabf3b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189061",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab45-c924-4de1-b9ab-467c02de0b81",
"value": "87daaf2f780070d27b33121dac32a551c414118b"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: bbe4ea94d637978719a16cb49ad7a5e15bf30e81c9dd6c7c17a4139184dabf3b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189062",
"to_ids": true,
"type": "md5",
"uuid": "5867ab46-dc58-4709-8ae0-4d1402de0b81",
"value": "5b3cd08ff49c275db2d43b49f8b48536"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: bbe4ea94d637978719a16cb49ad7a5e15bf30e81c9dd6c7c17a4139184dabf3b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189062",
"to_ids": false,
"type": "link",
"uuid": "5867ab46-ba50-4053-81bc-4c3f02de0b81",
"value": "https://www.virustotal.com/file/bbe4ea94d637978719a16cb49ad7a5e15bf30e81c9dd6c7c17a4139184dabf3b/analysis/1479979215/"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: 9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189063",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab47-d8ec-4ab6-b28d-46e002de0b81",
"value": "7cefb021fb30f985b427b584be9c16e364836739"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: 9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189063",
"to_ids": true,
"type": "md5",
"uuid": "5867ab47-d048-4e88-bf6a-4e7d02de0b81",
"value": "617ba99be8a7d0771628344d209e9d8a"
},
{
"category": "External analysis",
"comment": "GRIZZLY_STEPPE_Malware_1 - Xchecked via VT: 9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189064",
"to_ids": false,
"type": "link",
"uuid": "5867ab48-a968-445a-ba1b-465b02de0b81",
"value": "https://www.virustotal.com/file/9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5/analysis/1483140658/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 7c3ddada48fbd31ee2cf3ecd9ed1ec73a9bdb9881ccbbeaa7bfbc43b315af501",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189065",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab49-2f70-477a-80b0-4bee02de0b81",
"value": "d096f0d002248fbd9dc1974aacc8488055164952"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 7c3ddada48fbd31ee2cf3ecd9ed1ec73a9bdb9881ccbbeaa7bfbc43b315af501",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189065",
"to_ids": true,
"type": "md5",
"uuid": "5867ab49-3744-422a-a88d-4a9c02de0b81",
"value": "33b50141621d210c7f9ea459df51ca0d"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 7c3ddada48fbd31ee2cf3ecd9ed1ec73a9bdb9881ccbbeaa7bfbc43b315af501",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189066",
"to_ids": false,
"type": "link",
"uuid": "5867ab4a-4bd8-46c6-aa14-427502de0b81",
"value": "https://www.virustotal.com/file/7c3ddada48fbd31ee2cf3ecd9ed1ec73a9bdb9881ccbbeaa7bfbc43b315af501/analysis/1481219566/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 9eaed1ce36dfac5ced34b5205b8e21dc49d328177336c0b0c9aee89760a45422",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189066",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab4a-c524-42b3-8c3b-428402de0b81",
"value": "8d44025cada9c6b944972a2654d010cc033da46e"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 9eaed1ce36dfac5ced34b5205b8e21dc49d328177336c0b0c9aee89760a45422",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189067",
"to_ids": true,
"type": "md5",
"uuid": "5867ab4b-a970-41e0-9852-4ecb02de0b81",
"value": "b3ed966817f5eec53e544e78159e3d88"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 9eaed1ce36dfac5ced34b5205b8e21dc49d328177336c0b0c9aee89760a45422",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189067",
"to_ids": false,
"type": "link",
"uuid": "5867ab4b-a214-4922-a374-41ce02de0b81",
"value": "https://www.virustotal.com/file/9eaed1ce36dfac5ced34b5205b8e21dc49d328177336c0b0c9aee89760a45422/analysis/1480710869/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 7b28b9b85f9943342787bae1c92cab39c01f9d82b99eb8628abc638afd9eddaf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189068",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab4c-a6a4-4421-86a1-481602de0b81",
"value": "d1828dce4bf476ca07629e1613dd77c3346e2c5a"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 7b28b9b85f9943342787bae1c92cab39c01f9d82b99eb8628abc638afd9eddaf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189069",
"to_ids": true,
"type": "md5",
"uuid": "5867ab4d-83e0-4c70-a4ee-455602de0b81",
"value": "38f7149d4ec01509c3a36d4567125b18"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 7b28b9b85f9943342787bae1c92cab39c01f9d82b99eb8628abc638afd9eddaf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189069",
"to_ids": false,
"type": "link",
"uuid": "5867ab4d-09a0-46be-90b6-42d102de0b81",
"value": "https://www.virustotal.com/file/7b28b9b85f9943342787bae1c92cab39c01f9d82b99eb8628abc638afd9eddaf/analysis/1483125346/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 0fb3367b73539f37ce4c28287ea6587cc846f70723f1fad3793704f8d8adb6e6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189070",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab4e-0a04-45cb-972a-44e502de0b81",
"value": "a968da4b9995c5447922cd8a2e64ca1f12b7732d"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 0fb3367b73539f37ce4c28287ea6587cc846f70723f1fad3793704f8d8adb6e6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189071",
"to_ids": true,
"type": "md5",
"uuid": "5867ab4f-b268-4b7d-a305-406302de0b81",
"value": "2084cea563407db815b86b412ef7c876"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 0fb3367b73539f37ce4c28287ea6587cc846f70723f1fad3793704f8d8adb6e6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189071",
"to_ids": false,
"type": "link",
"uuid": "5867ab4f-b148-40b8-9d4a-405f02de0b81",
"value": "https://www.virustotal.com/file/0fb3367b73539f37ce4c28287ea6587cc846f70723f1fad3793704f8d8adb6e6/analysis/1477125094/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: cec64faea1a318d599039d5d84bd73939e88814fbbbacd0b36c7372ab2415ddb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189072",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab50-0eac-468d-aadb-44a902de0b81",
"value": "0e887d8a4223d38d4a7f2950a8b420a86610a72a"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: cec64faea1a318d599039d5d84bd73939e88814fbbbacd0b36c7372ab2415ddb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189072",
"to_ids": true,
"type": "md5",
"uuid": "5867ab50-8ac4-419f-ae00-414302de0b81",
"value": "ca22387a1c8eeb8fcf73cf745154ae63"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: cec64faea1a318d599039d5d84bd73939e88814fbbbacd0b36c7372ab2415ddb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189073",
"to_ids": false,
"type": "link",
"uuid": "5867ab51-0a10-44bf-91f0-460d02de0b81",
"value": "https://www.virustotal.com/file/cec64faea1a318d599039d5d84bd73939e88814fbbbacd0b36c7372ab2415ddb/analysis/1477637515/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 64ad97ddebc2f0e95b03b56cb2fff1c2c494d2c417c84572be09ae5794638f19",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189074",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab52-f1f4-4003-afe1-409502de0b81",
"value": "d16531f0b29ff74c25ab2972726d02324a631ac3"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 64ad97ddebc2f0e95b03b56cb2fff1c2c494d2c417c84572be09ae5794638f19",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189074",
"to_ids": true,
"type": "md5",
"uuid": "5867ab52-5264-4faf-9aa1-4ba302de0b81",
"value": "ac7d3cb8db93534c30667b0b7d5cc443"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 64ad97ddebc2f0e95b03b56cb2fff1c2c494d2c417c84572be09ae5794638f19",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189075",
"to_ids": false,
"type": "link",
"uuid": "5867ab53-47cc-41f0-b7e5-4c5102de0b81",
"value": "https://www.virustotal.com/file/64ad97ddebc2f0e95b03b56cb2fff1c2c494d2c417c84572be09ae5794638f19/analysis/1480711757/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: edd14d44423bfd37f213906fbd3057f793e71cad5b11832375c98a421621d1d0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189075",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab53-cfd4-4844-a83c-4da102de0b81",
"value": "a6c6027eabde338021a59d37008874f8139d519e"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: edd14d44423bfd37f213906fbd3057f793e71cad5b11832375c98a421621d1d0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189076",
"to_ids": true,
"type": "md5",
"uuid": "5867ab54-f570-4e06-9e43-45dd02de0b81",
"value": "f189fdf925c710e9e110ae09b91afbc3"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: edd14d44423bfd37f213906fbd3057f793e71cad5b11832375c98a421621d1d0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189076",
"to_ids": false,
"type": "link",
"uuid": "5867ab54-f590-4254-97dc-47bd02de0b81",
"value": "https://www.virustotal.com/file/edd14d44423bfd37f213906fbd3057f793e71cad5b11832375c98a421621d1d0/analysis/1479994492/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 324eafb0da0943d2f83be775bfb58646765712642a4ed1ece1a27eeec65ad086",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189077",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab55-4468-4e85-be37-454c02de0b81",
"value": "e8f80180622b001eeacc584a54a231346face5b5"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 324eafb0da0943d2f83be775bfb58646765712642a4ed1ece1a27eeec65ad086",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189078",
"to_ids": true,
"type": "md5",
"uuid": "5867ab56-85dc-46b2-8b29-4e4b02de0b81",
"value": "91176827364ed0b81322f78c90eb2af3"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 324eafb0da0943d2f83be775bfb58646765712642a4ed1ece1a27eeec65ad086",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189078",
"to_ids": false,
"type": "link",
"uuid": "5867ab56-44c4-4de0-8352-4a1f02de0b81",
"value": "https://www.virustotal.com/file/324eafb0da0943d2f83be775bfb58646765712642a4ed1ece1a27eeec65ad086/analysis/1477380701/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: b8313a966f93f773b031d386afe56792fe1edb0ffd1bc07a9ae72cec48e0d6f1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189079",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab57-8950-4855-8d5e-46c002de0b81",
"value": "98d37c2d0450e4715584970c281cb163002cbb8e"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: b8313a966f93f773b031d386afe56792fe1edb0ffd1bc07a9ae72cec48e0d6f1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189080",
"to_ids": true,
"type": "md5",
"uuid": "5867ab58-6ec4-48e7-8cf6-4eb602de0b81",
"value": "6f19d3ccb1ba38b11794876b2be345b2"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: b8313a966f93f773b031d386afe56792fe1edb0ffd1bc07a9ae72cec48e0d6f1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189080",
"to_ids": false,
"type": "link",
"uuid": "5867ab58-6044-4572-8efe-4fea02de0b81",
"value": "https://www.virustotal.com/file/b8313a966f93f773b031d386afe56792fe1edb0ffd1bc07a9ae72cec48e0d6f1/analysis/1481525510/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 1025f33ff026495d7f7fdb527e127e2b7780d9d28cb1e7912a9be84f38ba858e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189081",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab59-2814-4089-a276-4a7102de0b81",
"value": "7597be3cae3680e89e14f7f7cc1138c6c0b482e1"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 1025f33ff026495d7f7fdb527e127e2b7780d9d28cb1e7912a9be84f38ba858e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189082",
"to_ids": true,
"type": "md5",
"uuid": "5867ab5a-12f8-4159-b3bd-405602de0b81",
"value": "bd7b3f08183cf531f09b47311dec69d7"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 1025f33ff026495d7f7fdb527e127e2b7780d9d28cb1e7912a9be84f38ba858e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189083",
"to_ids": false,
"type": "link",
"uuid": "5867ab5b-ff04-4404-8841-4d9c02de0b81",
"value": "https://www.virustotal.com/file/1025f33ff026495d7f7fdb527e127e2b7780d9d28cb1e7912a9be84f38ba858e/analysis/1477902539/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: d285115e97c02063836f1cf8f91669c114052727c39bf4bd3c062ad5b3509e38",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189083",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab5b-1274-4245-b71a-46d502de0b81",
"value": "adf649354ff4d1812e7de745214362959e0174b1"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: d285115e97c02063836f1cf8f91669c114052727c39bf4bd3c062ad5b3509e38",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189084",
"to_ids": true,
"type": "md5",
"uuid": "5867ab5c-c818-4db9-84a5-4ce402de0b81",
"value": "fc45abdd5fb3ffa4d3799737b3f597f4"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: d285115e97c02063836f1cf8f91669c114052727c39bf4bd3c062ad5b3509e38",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189084",
"to_ids": false,
"type": "link",
"uuid": "5867ab5c-0194-421b-b029-41ac02de0b81",
"value": "https://www.virustotal.com/file/d285115e97c02063836f1cf8f91669c114052727c39bf4bd3c062ad5b3509e38/analysis/1483125351/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 972866536f195079071d23b9f8ec90eb32ae3aa493d8cdf5ad34b85dec1a0775",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189085",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab5d-e71c-4547-ad36-4ef002de0b81",
"value": "0de0be33ffbb98a60286be3bd19e02099d87a978"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 972866536f195079071d23b9f8ec90eb32ae3aa493d8cdf5ad34b85dec1a0775",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189086",
"to_ids": true,
"type": "md5",
"uuid": "5867ab5e-dbdc-45e2-aa3e-4f9a02de0b81",
"value": "5bced75b16bb0a00b7fd61bf03e5f602"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 972866536f195079071d23b9f8ec90eb32ae3aa493d8cdf5ad34b85dec1a0775",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189086",
"to_ids": false,
"type": "link",
"uuid": "5867ab5e-88ac-476b-89cc-4e2702de0b81",
"value": "https://www.virustotal.com/file/972866536f195079071d23b9f8ec90eb32ae3aa493d8cdf5ad34b85dec1a0775/analysis/1476900530/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: da9f2804b16b369156e1b629ad3d2aac79326b94284e43c7b8355f3db71912b8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189087",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab5f-5434-40c4-90b3-405c02de0b81",
"value": "efcc0c18e10072b50deeca9592c76bc90f4d18ce"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: da9f2804b16b369156e1b629ad3d2aac79326b94284e43c7b8355f3db71912b8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189088",
"to_ids": true,
"type": "md5",
"uuid": "5867ab60-d440-410f-a9c4-4db102de0b81",
"value": "bfcb50cffca601b33c285b9f54b64cb1"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: da9f2804b16b369156e1b629ad3d2aac79326b94284e43c7b8355f3db71912b8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189088",
"to_ids": false,
"type": "link",
"uuid": "5867ab60-be3c-4cdc-88aa-499c02de0b81",
"value": "https://www.virustotal.com/file/da9f2804b16b369156e1b629ad3d2aac79326b94284e43c7b8355f3db71912b8/analysis/1483160795/"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 3367623638d42bdc1c45c44cb1843c00b510814170bc4e5da61eba2ddb212672",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189089",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab61-03c0-4aa4-b522-4bb802de0b81",
"value": "fd82bec721c32851806721b7ab25bbba3f957f49"
},
{
"category": "Payload delivery",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 3367623638d42bdc1c45c44cb1843c00b510814170bc4e5da61eba2ddb212672",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189090",
"to_ids": true,
"type": "md5",
"uuid": "5867ab62-6f68-4447-9007-4f3a02de0b81",
"value": "44a4173ce6928aa30acd276252bc1267"
},
{
"category": "External analysis",
"comment": "PAS_TOOL_PHP_WEB_KIT_mod - Xchecked via VT: 3367623638d42bdc1c45c44cb1843c00b510814170bc4e5da61eba2ddb212672",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189090",
"to_ids": false,
"type": "link",
"uuid": "5867ab62-efd4-45e1-b6c2-44fd02de0b81",
"value": "https://www.virustotal.com/file/3367623638d42bdc1c45c44cb1843c00b510814170bc4e5da61eba2ddb212672/analysis/1481880509/"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_2 - Xchecked via VT: 55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189091",
"to_ids": true,
"type": "sha1",
"uuid": "5867ab63-cc40-4146-9b84-4d8e02de0b81",
"value": "8ccaa941af229cf57a0a97327d99a46f989423f0"
},
{
"category": "Payload delivery",
"comment": "GRIZZLY_STEPPE_Malware_2 - Xchecked via VT: 55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189091",
"to_ids": true,
"type": "md5",
"uuid": "5867ab63-37b4-4e0a-9066-40c002de0b81",
"value": "8f154d23ac2071d7f179959aaba37ad5"
},
{
"category": "External analysis",
"comment": "GRIZZLY_STEPPE_Malware_2 - Xchecked via VT: 55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189092",
"to_ids": false,
"type": "link",
"uuid": "5867ab64-2004-4d85-8222-4e5302de0b81",
"value": "https://www.virustotal.com/file/55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641/analysis/1483162756/"
},
{
"category": "Support Tool",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189144",
"to_ids": false,
"type": "link",
"uuid": "5867ab98-aeb0-40b7-97d2-4400950d210f",
"value": "https://raw.githubusercontent.com/Neo23x0/signature-base/master/yara/apt_apt29_grizzly_steppe.yar"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189167",
"to_ids": true,
"type": "yara",
"uuid": "5867abaf-a80c-4ef4-87d0-4427950d210f",
"value": "rule GRIZZLY_STEPPE_Malware_1 {\r\n meta:\r\n description = \"Auto-generated rule - file HRDG022184_certclint.dll\"\r\n author = \"Florian Roth\"\r\n reference = \"https://goo.gl/WVflzO\"\r\n date = \"2016-12-29\"\r\n hash1 = \"9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5\"\r\n strings:\r\n $s1 = \"S:\\\\Lidstone\\\\renewing\\\\HA\\\\disable\\\\In.pdb\" fullword ascii\r\n $s2 = \"Repeat last find command)Replace specific text with different text\" fullword wide\r\n $s3 = \"l\\\\Processor(0)\\\\% Processor Time\" fullword wide\r\n $s6 = \"Self Process\" fullword wide\r\n $s7 = \"Default Process\" fullword wide\r\n $s8 = \"Star Polk.exe\" fullword wide\r\n condition:\r\n ( uint16(0) == 0x5a4d and filesize < 300KB and 4 of them )\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189187",
"to_ids": true,
"type": "yara",
"uuid": "5867abc3-674c-47d9-8082-4d44950d210f",
"value": "rule GRIZZLY_STEPPE_Malware_2 {\r\n meta:\r\n description = \"Auto-generated rule - file 9acba7e5f972cdd722541a23ff314ea81ac35d5c0c758eb708fb6e2cc4f598a0\"\r\n author = \"Florian Roth\"\r\n reference = \"https://goo.gl/WVflzO\"\r\n date = \"2016-12-29\"\r\n hash1 = \"9acba7e5f972cdd722541a23ff314ea81ac35d5c0c758eb708fb6e2cc4f598a0\"\r\n hash2 = \"55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641\"\r\n strings:\r\n $x1 = \"GoogleCrashReport.dll\" fullword ascii\r\n\r\n $s1 = \"CrashErrors\" fullword ascii\r\n $s2 = \"CrashSend\" fullword ascii\r\n $s3 = \"CrashAddData\" fullword ascii\r\n $s4 = \"CrashCleanup\" fullword ascii\r\n $s5 = \"CrashInit\" fullword ascii\r\n condition:\r\n ( uint16(0) == 0x5a4d and filesize < 1000KB and $x1 ) or ( all of them )\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189205",
"to_ids": true,
"type": "yara",
"uuid": "5867abd5-2b98-4087-9c66-4a70950d210f",
"value": "rule PAS_TOOL_PHP_WEB_KIT_mod {\r\n meta:\r\n description = \"Detects PAS Tool PHP Web Kit\"\r\n reference = \"https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity\"\r\n author = \"US CERT - modified by Florian Roth due to performance reasons\"\r\n date = \"2016/12/29\"\r\n strings:\r\n $php = \"<?php\"\r\n $base64decode1 = \"='base'.(\"\r\n $strreplace = \"str_replace(\\\"\\\\n\\\", ''\"\r\n $md5 = \".substr(md5(strrev(\"\r\n $gzinflate = \"gzinflate\"\r\n $cookie = \"_COOKIE\"\r\n $isset = \"isset\"\r\n condition:\r\n $php at 0 and\r\n (filesize > 10KB and filesize < 30KB) and\r\n #cookie == 2 and\r\n #isset == 3 and\r\n all of them\r\n}"
},
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAAAmMAAALvCAIAAACm2FWJAAAAA3NCSVQICAjb4U/gAAAAGXRFWHRTb2Z0d2FyZQBnbm9tZS1zY3JlZW5zaG907wO/PgAAIABJREFUeJzsnXd4FFXXwM/M9t6ym94rocVQQijSe0cUERv2T1FBsTesr4IN7B1REJDeBKTXhBJKIJCQXjbJJtleZ3Zmvj8uYCCFNAT1/p598mx279w5c3dmzpxzzzmX4DgOMBgMBoPBNAF5owXAYDAYDOamBmtKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCaA2tKDAaDwWCag9/+LmiaLiws3Ldv39atW+12e3l5OcuySqVSKpV6PB4+n8/n89VqNY/H02q1HMcJhUK/3+/z+cLCwkQiEUVRBEFIJBKFQiEUCoVCIZ/PF4vFcrlcLpdrtVqRSCSTyYKCggCAYRg+n08QBMdxaGVNgiBIEut7DAbzr+VUleelDQU2m5Ng/TdalpsLjuQr1fJ5o2PSwqTXdUft1ZQ2m83v9584ceKXX37xeDw+n4/jOIIgvF4vSZJer1cgEBAE4XQ6ZTKZw+HQaDRer1ehUPB4PJfL5Xa7nU6nVColSVIoFAoEApqmPR6P1+vlOI7P59fU1IhEIpFIxLIsUoosy/L5fI7jWJYlSZIgCJZlAQDrSwwG8+/jVJXn8V9P0UqDIDKULxTeaHFuLmiKqrNanll++pt7U7oYxNdvR+3SlGazuaKiIjQ0dPPmzRUVFXq93uVy8fl8gUDA4/EoihIKhRKJRCwWC4VCqVTq9/sdDoff77fb7Xw+nyRJkUgkFotpmnY4HGq1miRJiqIAQCAQ+P1+j8cjEAhIkmQYxuFwiMVijuMYhpFIJCzLIpV8+Q3620HDgsFgMDcFL20ooJUGr8pQS3F+L3ujxbm54JN8ucoAAC+sL9j8cOfruKP2bOzxeLp27bp+/frs7GylUul0OgEA6T+/389xHDIW+Xy+TqdTqVRisdjtdns8HpIkLytFkiQ9Hg+Px0P6UiAQiMVihmGQyQgAyEL1er1SqdRsNlMUJRaLRSKRXC4HAOSGZVmWpmmx+Do+U2AwGMzfj81q94aGWn3cjRbkZsTPgtXHqaQaa2X1dd1RuzQlwzAej2fr1q0URYlEIoZhxGIxn8+XSqVut1sul/v9fqlUGhQUFBMTo9VqlUolx3Eej4fjOOR3ZRgG6VSCIOx2OwBotVqapjmO02q1SH3SNI2csV6v1+PxSCQSkiQ5jnM4HACADFaPx4M0aMeMCgaDwdwcEBzrZHjAYU3ZJC6Wp2KZ67qLdmnK8vLy8vLympoaFGWDzEeVSsVxnFKplMlkLMuGhYXFx8cnJCSIxWIej+f3+2madrvdYrFYrVYLBAKKokiStNvtZrPZ7Xbb7fbQ0FCVSsUwDEVRHMf5fD5kpPr9frVaLZVKeTye2+32+XwkSdI0jdSt2+3uqEHBYDCYmwc/1pLN8jeMT7s0pcViKSgoYBgGhbBKJBKBQAAAIpFIqVQyDKPT6aKjo0NCQuRyOQp59Xq9NE0TBIH+JQiCz+ezLCuRSFB8rFgs9vl8VqtVoVAgt6pCoRCJRAKBQC6Xo/YAIJFIlEoly7Iul4umacARPRgMBoO5PrRLU8bExISEhOzbt4/jON4lkMcVhdhotdr4+PiAgAAAQGE+Pp+PpmnUEhmXqCXKJJHL5Q6Hw+12I1sTACQSCYr9EQqFKHgHuV55PN5lK1YikTgcDrQXDAaD+deBjcobTLvssNLSUpFIVFlZif4ViUTI+8rj8bxer0qlCg0NRQmRKJ2D4ziBQCAUCgmCQE5Xv9+Psj7Qt8g6lEqlAoFAJBJJJBKUdqLT6TQaDcq2RF2hPbpcLp/PR1GUy+Wqra1t51hgMBgMBtOQdtmUR48eLS4u1mg0TqfT5/Oh/A0+n0/TNEoLEQqFKFpHIpFcdr2iT5C2uxyDg74iSRLZowCAgmA5jgsODg4ODmZZFnlraZqWSqUMw6D3KJkEAIxGY1hYWLsHBIPBYNoDU3ts9Ue/5xC973llSqyMAADGlLF8wcaqkMHT/m9omBjnsv0DaZemJEmyoqICAFD0KXKT+v1+pPBQYiWfz+fxeADg9XoBAAXmkCQpFotRxQCKopCaBACUc4lK/BAEgTSl2+1GehEVInC5XHK5XCKR8Hg8h8OBTE+xWGyz2TpgPDAYDKZd+E1nL5g5gMyNm3s8MiGIT3jOLttwwe4H+4kCy+CwYF7ru8SBrzeadmnKhx566NSpUxkZGWj6UCQSoblDiUQik8lQxojf72cYBk0rAsDlkjpCoZDH43k8HoZhSJJEs5gsy6JKPei90+k0GAwKhQJlgKDoHrfbXVdXFx0djaY5aZoWiUSFhYUom7N5djzY86njjX+lu/2nP59X/Hz71IXFAF1e37tkgr5tnmmmYsmdE9+/ABD/zLbld4W34apoDk/Wm+PvXmtt8DmpDO8y9J65L0xNVrZIbKY2c8XSjDpGFDlx5oRYEQBd/E37jx2DwYAgJDkQzpYDWHd+OX9nvS+UsTG6Dr4hYP4m2qUpf/rpp/j4eKFQiGw7rVZLEATSfHK5PDw8XKvVojlIpCZZlkWxPAzDoLhWZImyLMuyrFgsRpE7DMNYLBZknkZEROj1epFI5PP5ysrK0F5QwonNZkMFB1iWrampQemY/1VYe9npte/NLIE1i+8IbcGPytRlLv/mJyPALV2mT4gVXX8BMZj/BhxVc+KMudGvfLXlVd6wCOx+/QfSLk1pNBr9fj+PxyNJUqfTeTwej8ejVqtDQ0NjY2NjY2ORE5VhGOQ+FQgEqEI6y7IookcikaBCr8hPixo7nU6KouRyOao2cLkKj1QqRbmVVqvV6/WazWZUfECtVuv1+sDAwBYLHvHA+3P7KOp/QopDooXQETFBhDx5/F13VfgFoUmK63hFaMe9+uqEYD4AsLTTeGLtJz8fdQCT9cOK8xOf6YI1Hwbzt0KX71u1OIsKionUVGdsv+AFAEIdM6B3UoxeCo7KUxkZJ0yML3/bh0u8UzuxxYVVTNywGf0CW1rFFXtfbzTt0pR1dXU1NTXIoerxePx+v0Qi6dGjR58+fdA8JTIWUbUBpPBQJiUAoK/kcrnFYkGhQF6vl8fjoQhYFEbrdDpRnyUlJUFBQUFBQS6Xi2GYqqoqq9UaGBiIdDNae0Qkarl+UCelpffXNNBjdENNyXkr9n//6c/bTuYV1FDKkNjkXuOeeHpaDy0PAMCX87/x9/5iAjLtw63/VzJ/3g8ZIe/sXBhxfM2yZcUAXZIeuDsVADhP6c4lX327PjPPaKdIqS6yy7BpDz15e6qWV6+H3u/9NvnMl0t2ZJ4zkYHJQ+999qXp3dXNuUDlUanp/WMEF/8b0MV/eMJ7eQB1xXV+AFGzkjOVy+4a/04u2vLE7IE9E1/YsGrqX6Ng3PPlOz/+ceBMJRHUbdyjL86dmCDHzlgMphnoqj27c8tcUGYsQh/oet/x3ORkzUVfa5f0vn3ObPz5s4O1vvy9S/MBACCP17vHnZ1xVbF/CO3SlDU1NREREUKhsKioyO/3CwSCyMjIlJQUnU6HsiEJgkB5k2iZLQBAaR4AgJYHAQBUzc7r9SJVx3EcyipBobBCodDlcmVmZoaHh4eHhwcEBDgcDoqi3G53Xl4e0sdFRUVOpzMiIiI6OroDhuQvWGvGR3c/tqLw0v92Y17G+o8ztu1+7pfPZsb/dY6z1X/MfXTnaR+QDc1atnb7G/fP2X7JM8y664qOrHj/2Bn38qUPxFx+omRPfXrfEZMX/VOds3HBLJtm9RdjDC2e1OAuFk7WhGn515I8VhTWs19X88HsGgAQxvZISwsTE0BdbJr3/UPP1LjQ+6rTK9+cxQSveruPsqWCYDD/QfiBg0d2zV2bbUK2n67/oxMvq0kAACAVXcZOm1Twxboq9D8vtEf30O
"deleted": false,
"disable_correlation": false,
"timestamp": "1483189284",
"to_ids": false,
"type": "attachment",
"uuid": "5867ac24-76c0-48b5-829b-4f0e950d210f",
"value": "tweet-florian.png"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAHo7I0oICB9DXj8AAIpTAAAgABwANDRhNDE3M2NlNjkyOGFhMzBhY2QyNzYyNTJiYzEyNjdVVAkAA3hSa1h4UmtYdXgLAAEEIQAAAAQhAAAA3bz7UiXUPM/U4Sh4/VIH6OWksV2YJGgIwW7mMKqLlWx9FdJdZr8QoJ3Cz11ixKpszT58szJbXuL3mMfN9EC30JODhlFFnYmU6p4Jqd2eF2ImwkN4nJheogo7xmobwhpxyDij58xyCBjryes8Dfym/GKyCvXR8IiuwV0pnS6MPdRUHxXrQPfIk2E8IiUuV8y7jLzyt7OfgoPiIHQ7a2Mwa6T2OxzbzfZoYPGPi1N+rULkZj9pw9E1zISsxyso9rnJJKREIwniJYDxJf4QOjA6PDOb8vqCiCCe9I3LsGYcsik1t8acbofrx6oAnP67aey4GdHzP5+CZfQiIRJnVD1qCM+xYPUPA6w1/aTU46z9zlnBBXDRv6M+z2aGhTyGC3sMjwdrlzEzdbyv2d0CR02IOezXg3eA40Vgc5WySffDz03J/bWZVcg8OSCBTW85OzvOTF0dcAPJPpanYDIAf5ckd8sNrCmIKcS2MjNx1EwooUK7qwi3+Ptm8euuz2Rlj38xNsvISFNSqs1ec4K9wpwyNFUvYXV1tfsvpEdsRN8+54ACTEAVtiVK5bPUfbCrxtjSuw45uUIURB7umoewk93nm6ddXNaPTrt2EFWAOkYLjTc4Or0xM/cRdZDKgGeDozRenw2lRJAKS9fLRVAKCDn9adG+fDF4Tt0vxyQ5HWAFYiyXDWxbbFPZOzWiYpgG6v2FZSsZdEwpJBsO+2evvVZoJaIskvc+LUmP/X5jewAwTjuh1sNxM9KoJu4e3QiVkZwPBqQ97GNUYpS6dJyinJ3JQ9xF1dHNqTgpdSkLQ2INKgdiz9Ft1yOg1T3+I+YefnEjrPik9Gn6rbVM3VtxyT6WnaVnrNbiI978aj6tvVHPkNVqwo6yyG0T716TYFlb4kTFelwbtrfG1s2qhPdyMXPDswx3v6pN5Jf1NAc+adIwTcMICw4WEieB59tkQF3NOAaMfFeueIf4Nw8NkAOR14eF5Nse9x2ikU5eaeTR9bIqtmZOQwRriRaMpXqQCSk0YSnxXoKiJ2nvkrU4ae6lNo7tEVKJuf7TYYKz4/fsi21/ncBa9K/5o9hzPBh+NKOVQ/jwu2f6WBwNhccscPWbjN4s758vYAl4QRvOi0qQ+e3cGH2Xm+lIWxaWI5dbRgQBFXg8PM8tmX4p1GcuOHWIFOt9TSd2A5yzQ0mejAl1+mBF8/8ypM0lzWzPQIvuZxXh38fso551Xnr2S1AusWWgSzGn1/oghF60wjmIivCu5/xSlQikOPLyG4EHbhQjeHtg14NyXH3/7PN3v76W/V9kC8Mq7yhpKvEjqK31fDRCGSnywAmxs34u8HdDXplWqWdT5ffniNl5WxdTgppnBFHWlnxBttOLyMRCUfApcRX7n528CzD/tgN/tp40UhOvCdGyWqYA1pUmed0vuh0rBzmhN+K6APZgGJAFhjJbNQHGQm76H5BEQ2n2AD5Gtb0WLdGa5e5Ziu8dMVjM8T6U4EUBvi/qX6i5rZvc54k/a9de9Mv6ww//Oy5zVr8JnGQk71uhZzALY5TdVtATeIiUQaEWua/Y8ZlBTqW/W326+5YG3fCGQDeU2YqwrWBSquAr8RsB6md+fJjFIhACfyyYt53fbCOfd7Jk0k8obfOEtgwA69OTKRaDy0vKoFLCO9SOQIKWuXEiZjeMMdG7FkGpZR+JJUnRXc8CeYh9rn0Bqjf+8cOaVEbm6xWIColWlBioCIO1ntZftSmvOXHpCEGpmnQ3WMLl6qwQb3Cg9QZpdqCpNDVUFKlXDWzb6d+PGUaNp0Ov7qk8EQ1xPgi0JQ5shOw/yAH/ZGsfD0hPcIOTfE+67U4Pz/ROsS8um1clRd1UPwWJHCscC5Ybszl6a7vkoOzuZghtoYZD2fk9RmZPZ+9ISE5Vwgvz2hhGoi9WpoyYlW9alEb14MjtTouV0BBowKtK7BxCi3Ml5v6Dr/b2O09JYHTbXCNW9optT6/+bmr6/U+snZtHnDRZjfWTIduPAVS/NLMBk2qi+LV68COc6Wrvm49O+beBtuQf7QVqWXy8hHhzXQlIRBnjlWqo621GTd9z8Uqb9yPT2RZjFSbbaiByQpjJ2m8TIzAUdN2rvybC0f89bvKPU8bXB61Zz97w3ONDoKMD35B3mGOg75MejImIC/wHbK8CJ6vdWiz0qzIEwHlukLeTW0y6Fps9ujgVe/FrK+eyPVt7M/Yy1BnNOa6FcUJ4G0PyNNzsIIkRjKhitV6UgNCVbpDhOXitpq585kEiNxfCqno+nHIKsrlZ6okB6e/0C9UOY12VEAIzmmplGwG1BIVNYDAORPQ7ve02vG+n0orCdh90/1cbwQMzTthjUv64iHD8jJ0tW1T69mUhyE4hOdGdstBcNQ1xk0UB8jH8PUciMfGIyMQfJ+sDXIti9TeLQxKEI/3EfY+mzVVgV7nRv+N9lcN6kN3jDFeGGY7Ks4rLzF8uxm1QQBJgJS0OyF3pimf2wABXcB91cdrKY+diUI9ludB9YprrNAUbRC8H9wUAZKK6Wtd+bUPvPVtbg+5mcg3+T2qZhu4CGohKG4h+ULldEbY/rNCJyO4J/Uz3EPWvTxCfZT28wppvdH0m0VckPBaNR8+bWjKFXSycPrNABK8t0YEPue+0D5cR94Ez7a3DThJyAHM4JUltFDlWsogFBKhEzxSbTHR57zGFr9j5LK5iu+P2lyYyUhlTgSblzBU8qvStOjxCVtkBqapnJadAzx0rVPtuGuOS2UAUnrMXVRdIBYCWRg6ZrKMHJ9jTPh5da2SU42OYBMtIf1lYp4zt5VhByKfNeZgD0e7LwPEnFRnlkAY+qNMIb2XCybMuWlEC2h6LQfR4HxBrqXLVU5w1f7woxzB0yuW8LTcK4jUGgNditmUduXX+M7oIQk2vl50nwz8yo+iHmzV1e+QnC1TCfqeBk8dyrSOGkzvTIlt5b1b5r6wp396TWMlFttNP/BNViwIcb3N3g9oebvyeFPjWh8rWVzVMNLpTCid6uUXADYjP53sUCPoLMjIjso5W1BO4aE6xy6QPbxIfoaRM5866qniutSti/NZP+IQHgyEL9jhlx63HiOMSQQ9RsrQ/lz2CNHcYwYtpVtGXhVgXJzcq/On4PW8MnTjoabXGHpFCLRz8efGYSS4AdQGjX4T0wWceuXVVI+mNkc9vtZ/LPHmHbid1kAp7hdX2iKQsiOQkasYmdRit6lBNNfiC9mNd+vKHUS9UgjKZu1a0kldfkuCyHuYEoRkCSCuZj/vXDTqL4jAaz/Gum0Ux3m3OMaY3WSTKy0u8zN3PhLXF+zF1WpeTTJDb6vJREq1s8bvh06qDKPHytmhy44sscLQsYYk6xl+Y5xrIsC6fFIJmWqNR7WAmoB2R4uF4HdXFxxFeohMqfhL93czM9/yE9pGkf/wipUWueW/6CUs+d1BO+qb0QmxrPaG6xE0VFLE9PwzPveVSQ+tF+kcc8qW1gAPWQ6lHfeCBfhEJLf/BzU3QDrf1APEaCr+fsNG1uV2ez3WTy4LNedOBnWcxesosvJEqLsWjDPhx8cPI/KX5FnSb/kPzrapWoKSxp/1GofmgzhBNdrKwMuscmX+NuORQKiTFoOAlA1ppR8z85qRWCoZx7QA7MxzGkgpELQg9/4DEyVixIzxoPgcmXLUqireCSI3I6PnFe/v0mCGW7JUenign5/A3/aKFw63nqAj2gjxj78tOj1splDY1fTBS1eFxNXZ/gmwKfMR7D7iPDUczsACeT5ePdykx5jsd9Xqh2NVnUsfX6YbZ6M51F7+lwdOg2zLnxrK/5Uz+w7QID6FfCjhsPFBD/kv5LJTv/MTY5C2ReZ4UTX6w7fX+WKvV7goBbLa0BYClksfxFtcJhNGoqEIbInJfMfM3mTBkVUl6wdYfO2JThok/rVCMiU1ReTaD2Lslk38PW97xIkc0Lhj8wHvM7mO0WxkpC5dIw0a/GiTxGA
"deleted": false,
"disable_correlation": false,
"timestamp": "1483428472",
"to_ids": true,
"type": "malware-sample",
"uuid": "586b5278-1c38-4615-8db5-46e3950d210f",
"value": "webshell.php|44a4173ce6928aa30acd276252bc1267"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483428474",
"to_ids": true,
"type": "filename|sha1",
"uuid": "586b527a-c690-4f5a-a7b5-4a1e950d210f",
"value": "webshell.php|fd82bec721c32851806721b7ab25bbba3f957f49"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1483428475",
"to_ids": true,
"type": "filename|sha256",
"uuid": "586b527b-fb50-4977-9f99-4584950d210f",
"value": "webshell.php|3367623638d42bdc1c45c44cb1843c00b510814170bc4e5da61eba2ddb212672"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink