2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "0" ,
"date" : "2017-01-20" ,
"extends_uuid" : "" ,
"info" : "OSINT - Spora - the Shortcut Worm that is also a Ransomware" ,
"publish_timestamp" : "1484898922" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1484898903" ,
"uuid" : "5881bff7-0bd0-4c84-a206-4eb4950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:preventive-measure=\"Backup and Restore Process\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#001cad" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "estimative-language:likelihood-probability=\"very-likely\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#420053" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "ms-caro-malware:malware-type=\"Ransom\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#2c4f00" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "malware_classification:malware-category=\"Ransomware\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898385" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5881c051-8680-4604-8ee6-4195950d210f" ,
"value" : "https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898407" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5881c067-6158-41a5-8bd6-4eb7950d210f" ,
"value" : "Spora spreads via USB drives like Gamarue and Dinihou aka Jenxcus whilst also encrypting files. The sophistication of this threat could easily make it the new Locky. We discuss its infection and encryption procedure and show how it uses statistical values about encrypted files to calculate the ransom amount."
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898514" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5881c0d2-7b5c-499d-9582-4c61950d210f" ,
"value" : "\u00d0\u00a1\u00d0\u00ba\u00d0\u00b0\u00d0\u00bd-\u00d0\u00ba\u00d0\u00be\u00d0\u00bf\u00d0\u00b8\u00d1\u008f _ 10 \u00d1\u008f\u00d0\u00bd\u00d0\u00b2\u00d0\u00b0\u00d1\u20ac\u00d1\u008f 2017\u00d0\u00b3. \u00d0\u00a1\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00be \u00d0\u00b8 \u00d0\u00bf\u00d0\u00be\u00d0\u00b4\u00d0\u00bf\u00d0\u00b8\u00d1\u0081\u00d0\u00b0\u00d0\u00bd\u00d0\u00be \u00d0\u00b3\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00bc \u00d0\u00b1\u00d1\u0192\u00d1\u2026\u00d0\u00b3\u00d0\u00b0\u00d0\u00bb\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d0\u00be\u00d0\u00bc. \u00d0\u00ad\u00d0\u00ba\u00d1\u0081\u00d0\u00bf\u00d0\u00be\u00d1\u20ac\u00d1\u201a \u00d0\u00b8\u00d0\u00b7 1\u00d0\u00a1.a01e743_\u00d1\u20acdf.hta"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898568" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5881c108-c4fc-4a3d-a379-47d4950d210f" ,
"value" : "3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Script.Trojan-Dropper.Spora.G - close.js" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898595" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5881c123-f2f8-443f-9f38-4f64950d210f" ,
"value" : "e2fe74d890ddb516b4f21a6588c6e0bdbf3dd6f8c5116d707d08db7ebddf505a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32.Worm.Spora.B - a277a133-ecde-c0f5-1591-ab36e22428bb.exe - 81063163ded.exe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898648" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5881c158-4b98-444b-a384-4b3c950d210f" ,
"value" : "dbfd24cd70f02ddea6de0a851c1ef0f45f18b4f70e6f3d0f2e2aec0d1b4a2cbf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Corrupt Word document\t doc_6d518e.docx" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898679" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5881c177-8a80-44cb-a014-4d27950d210f" ,
"value" : "0ba39054a70802d0b59a18b873aab519e418dc9b0c81400d27614c9c085409ad"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Ransom note" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898723" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5881c1a3-1400-4a34-b267-4aca950d210f" ,
"value" : "RU302-15XRK-GXTFO-GZTET-KTXFF-ORTXA-AYYYY.HTML"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Contains statistics, campaignID, username, locale, timestamp and private RSA key C1; encrypted" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898724" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5881c1a4-9518-4365-8ea5-403f950d210f" ,
"value" : "RU302-15XRK-GXTFO-GZTET-KTXFF-ORTXA-AYYYY.KEY"
} ,
{
"category" : "Payload delivery" ,
"comment" : "List of encrypted files; encrypted" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898724" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5881c1a4-7ab8-4d54-83c7-452d950d210f" ,
"value" : "RU302-15XRK-GXTFO-GZTET-KTXFF-ORTXA-AYYYY.LST"
} ,
{
"category" : "External analysis" ,
"comment" : "spora encryption" ,
"data" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 2 w B D A A I C A g I C A g I C A g I D A g I C A w Q D A g I D B A U E B A Q E B A U G B Q U F B Q U F B g Y H B w g H B w Y J C Q o K C Q k M D A w M D A w M D A w M D A w M D A z / 2 w B D A Q M D A w U E B Q k G B g k N C w k L D Q 8 O D g 4 O D w 8 M D A w M D A 8 P D A w M D A w M D w w M D A w M D A w M D A w M D A w M D A w M D A w M D A w M D A w M D A z / w g A R C A J n A 34 D A R E A A h E B A x E B / 8 Q A H A A B A A E F A Q E A A A A A A A A A A A A A A A Y B A w Q F B w I I / 8 Q A G g E B A A M B A Q E A A A A A A A A A A A A A A A E C A w Q F B v / a A A w D A Q A C E A M Q A A A B 411 c 4 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F C o A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Q q A A A U L k q H i F Q A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A U K g A G R a Z h 19 E i 6 d s u 1 q G u z p F + X C K 82 F I A A A A A A A A A A A A A A A A A A A U K g A A A A A A A A A A A A A A A A A A A A A A A A A A A A o V A B t N b 9 I 9 H t y b S A A N R l n z f z u O z W A O m 1 t 9 J 5 X h F o + V d c 6 g A A A A A y T u 1 L x i Y 5 j a u K A A A A A A S 2 J i M x P K z A 7 R U A A A A A A A A A A A A A A A A A A A A A A A A A A A A o V A M i 0 9 U 9 T v y b S J T j E 8 w p d h y H t 0 w 5 D R Y Z c 387 j A + u c t I D M c M 0 p 1 q l u w 0 t u E / G m 2 X 1 H l p v 4 n 5 f 1 z 7 t n e Q Q 4 b p X u W d + f 2 r 87 a U z T q F b c w t X Z Q n 8 W z I c W v X s d L a e W I j Z p 1 U x z + Y n l Z 3 i f B g o 6 J W 3 L b V v G m l N o n H I x M S m J z 4 c a v W o A A A A A A A A A A A A A A A A A A A A A A A A B Q q C h O e 3 p l v X 0 A d h 4 s + O 9 u m R D q f J T k v Z c D m 3 n c W j w z G a f S u V + t 1 v w i 9 N P M S e J 9 E s i f m n S n 0 1 l e Y R b 4 K 3 x m d Z 7 R S 3 Y K 3 + A t 8 c w 7 r n f m V q 2 Z C V w 15 D J j U y 7 B W 3 H b V n t Z 0 E x O I t k Q 5 H e v Y K 2 H H b V 69 S 1 Z c h t X r 1 b a Z E P t H R a z y O 0 e w A A A A A A A A A A A A A A A A A A A A A A A A C h U F D r f r d + X a w m u F e n 8 l O d 9 V x 0 b l p y L t 0 i 2 s i L 82 E B 4 O U f R u d / Z 3 T O / B N K T 2 s y i J + U d c / r f L T m t o j c x 2 q l / g n f H 7 X x 0 5 j a O 6 U t 8 D b 5 Z h 0 + t u a W r I Y n w S u E J m J X E x G U 9 i e Q 2 q P o + l + B 3 p 2 O l u L X r 1 u l r E u S W r 1 e l r c u f z X q 9 b R G Y i V o 6 J W e S W j 2 A A A A A A A A A A A A A A A A A A A A A A A A A U K g 9 y 7 F 6 / o i k u 18 G f M O u 4 A 6 Z y 0 4 x 26 D T Y 58 y 83 i q X z p F b Q i a 9 s p f I O Q 3 r E Z j e w k s T z y 0 S 6 s x G 0 b W E p i d N K N z H o n 9 Z E R t G I Z E N f K U x N 40 M x r S p 1 y t u R W r 2 K l t P M c 6 t F 0 m V Z i t o 1 p 0 S s x G Y x p Y 5 m G u K g A A A A A A A A A A A A A A A A A A A A A A A A F C o P U u x e v 6 N S k u u c W e j 0 t g W a e 87 z O J V l X k P Z o N J j l z T z e O o A J l W c W U X m A A A A A A A A A A B M Y n A I 7 M S + J i E w A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Q q C h 1 T 1 O 7 Z a X p L r n F n y r s 0 o W y 7 D r H J n y H s 0 E Q 5 O e E c X N U A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A o V A J Z 17 z n t 6 q H e v P y 0 m k g D J q 4 x 3 a U O V + X w a / O o A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A o V A K y 6 d 6 X b t t d A A A B D u T m h X F z 1 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Q q A C / a e h + h 17 v b U A C h E O T n h X F z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C h U A A G 931 k P R r s N L + I j V 5 U j H N j r s 6 V A K H S 9 / M g e P f v L 4 Z C s T z 65 p r x a C n R 6 m N 9 b C E Z d 0 w 14 s O u m n r t K t O S L U 6 t t O W d b O G Z d s 514 d F X e 3 E y C / P C 8 + 2 V 35 L K 2 h p 0 T 7 b z u a Y e o A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Q q A A A C g B U A A F x F t I A A A A A A A F D t d L a 6 X J b V q A D 0 j y k A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C h U A A A A A A A F C Z a c U N z 7 a g F D b Q 18 r Q A A A L p a O j V m U J o Q u Y g 0 w A J p r w w v L u A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A o V A A A A A A A A J b p x 4 m X Z u 0 7 q J m N Z g F q 3 y Y x M J m L 6 d 7 D S y 0 s x K q z F 7 R P 6 z o j j 969 O r O q l q S U Q 5 r a A B K N O S L 59 Y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F C o A A A A A A A B k T X 1 F p x W c a X k t G p R v Y m 3 L W m S Y K N s n A J D C U R P O b R F p j u F L R y Y q b N P H 7 V A 2 l s t 9 b n 0 1 d 9 N X Y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A U K g A A A A A A A o T v X g g u X e A A A A A K A F Q e C g P R 6 A M + c + x d P i 8 o 5 / X 0 t d w A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Q q A A A A A A A C h v b 4 a O m 4 A A A A A A A A A A A o d K 28 z m 2 P p g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A U K g A A A A A A A G 5 t j p q 7 A A A A A A A A U J / 5 v d c i Q A B e V s r A A A c + 9 P g o A A A A A A A A A A A A A A A A A A A A A A A A A A A A A U K g A A A A A A A o T v X g g u X e A A A A A B d L Q B 5 R 9 Y / G f U 5 V L A A A A A A D 5 K + 1 + W t z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F C o A A A A A A A K G Z N M S L g A D 0 f Q F L I m L 2 j Y w s y 1 a J d E 4 B g y 5 F a t h H 1 j 8 Z 9 T l U s A A A A A A P k r 7 X 5 a 3 M A A A A A A A A A A A A A A A A A A A A A A A A A A A A A U K g A A u F o q A A A A S v T k i m f W A A L 59 B Z 35 V e u q R t 4 n A l e M 6 F m V o j E x i I + s f j P q c q l g A A A A A B 8 l f a / L W 5 g A A A A A A C b R O 9 i e W 2 r Q A A A A A A A A A A A A A A A A A A A A o V A A N 5 D 6 l z 0 4 R e m / i c A 18 x v I n w c 8 t E f m B Q m m n F C 8 + 2 o A L 8 z s r 211 a 7 n S 2 l y r s 9 L W 4 j E r G 20 v j V r 0 v u 6 o j z Y x L D L 6 n + K + n y q W l v X z Z F q + U 5 + l I N w d f R v S 4 Y b x d V 20 Y W d 9 v t l t 9 s u e e d 3 D 5 K + 1 + W t z A A A A A A A y T q l b R + Y s E J m A A A A A A A A A A A A A A A A A A A A K F Q A D a Q + n 89 P J r J j F L h B Z j s t b c c v X j 9 q g V R R I A G 91 v t t L x T D L c X v p s 6 b O 9 r S M W s b W 9 s e I 6 X 3 d U R 5 s Y l h l 9 T / F f T 5 V L T r v 49 r r n q s t L F b a 3 O 8 r 6 u e i N J h t u N s t L j t t d c u e e d 3 D 5 K + 1 + W t z A A A v G X C x L y T G s 4 c t D M a 86 r W Y x K p P K z x O 9 f Q A A A A A A A A A A A A A A A A A A A K F Q A C h n n Q K z z m 0 V L B Q y D H K A o T z X g g m X e A B 6 l U 8 Q E l i Z 7 W d w c + m I N a B Q F E f W P x n 1 O V S w o A V B Q v 2 j P v T V Z a U K g + S v t f l r c w A A O t 1 t O q z Q 8 G g m N V L c R P P b V 28 I h M b F M s h y W 0 e g A A A A A A A A A e j y A A A A A A A A A U K g A G 5 O 953 i c x y + 9 d l E 4 i M M 2 y d L M e D D B I r 80 d p 0 g A b 3 W 96 Z j m O Y 7 B S 2 t l h o m 0 T w a 9 a g H l H 1 j 8 Z 9 T l U s A A A A A A P k r 7 X 5 a 3 M A A C p U 8 g 9 F A e y R x M k g P J z W 0 V A A A A A A A P J 0 O s 48 v J m w z i 4 n H R z C 0 V A A A A A A A B Q q A A S a J + k c 77 E g 0 x j S y Y T 2 J + c N K f Q O d / l P X P W l D a W y 1 d d a g A y r T 6 M O s D s d b a p G I T a J 4 L e t Q D y j 6 x + M + p y q W A A A A A A H y V 9 r 8 t b m A A B 2 q l s K W T D S z H h O c W k Z i e Q 2 q A K A A A A A A A A o d y p a N S 2 p h G k m L 5 I o n j t q 1 K A A A A A F Q A U K g A G e d n p a H T G t l a J r W d b M Q C 0 f Q G d / m z S l S h O 9 e C C 5 d 4 A G 20 t d m d J l Q S a J n 9 Z 25 z 6 Y g l o A F D d Y b e o A A D f X 59 D T o A A A 0 n R i A A B L 4 n B M 8 y 4 a K X T 6 z C 7 R r y L T A A 6 L x e v M u T 0 g A A A A A B z f v 8 W I d P B m l w x D J P B Q 2 M B o p d G 25 Z F f M A A A D U 0 v y / H r o A U K g G T M V A A A A K l A D Y z n r o 0 A x o m h t L 2 u T O n z o B Q F Q A C h t I Z B a P M
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898761" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5881c1c9-609c-4eea-aefe-4027950d210f" ,
"value" : "G_DATA_spora_encryption_infographic_web_78175w894h615.jpg"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32.Worm.Spora.B - a277a133-ecde-c0f5-1591-ab36e22428bb.exe - 81063163ded.exe - Xchecked via VT: dbfd24cd70f02ddea6de0a851c1ef0f45f18b4f70e6f3d0f2e2aec0d1b4a2cbf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898812" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5881c1fc-8464-4d81-9590-4f8602de0b81" ,
"value" : "d3c89ccaf190890fc0583ea24396b1a2cd8317c4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Win32.Worm.Spora.B - a277a133-ecde-c0f5-1591-ab36e22428bb.exe - 81063163ded.exe - Xchecked via VT: dbfd24cd70f02ddea6de0a851c1ef0f45f18b4f70e6f3d0f2e2aec0d1b4a2cbf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898813" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5881c1fd-a9c8-4edc-a4d6-4e7f02de0b81" ,
"value" : "312445d2cca1cf82406af567596b9d8c"
} ,
{
"category" : "External analysis" ,
"comment" : "Win32.Worm.Spora.B - a277a133-ecde-c0f5-1591-ab36e22428bb.exe - 81063163ded.exe - Xchecked via VT: dbfd24cd70f02ddea6de0a851c1ef0f45f18b4f70e6f3d0f2e2aec0d1b4a2cbf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898814" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5881c1fe-5b2c-406e-a9c9-48ad02de0b81" ,
"value" : "https://www.virustotal.com/file/dbfd24cd70f02ddea6de0a851c1ef0f45f18b4f70e6f3d0f2e2aec0d1b4a2cbf/analysis/1484855168/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Script.Trojan-Dropper.Spora.G - close.js - Xchecked via VT: e2fe74d890ddb516b4f21a6588c6e0bdbf3dd6f8c5116d707d08db7ebddf505a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898814" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5881c1fe-fe68-4c71-983c-441a02de0b81" ,
"value" : "ae22308bd176a06f3522b8547bd7d9988e1b56fa"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Script.Trojan-Dropper.Spora.G - close.js - Xchecked via VT: e2fe74d890ddb516b4f21a6588c6e0bdbf3dd6f8c5116d707d08db7ebddf505a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898815" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5881c1ff-9ffc-43a4-96dd-446f02de0b81" ,
"value" : "fc1b2bec47aaa059319f4a47cb37c5e2"
} ,
{
"category" : "External analysis" ,
"comment" : "Script.Trojan-Dropper.Spora.G - close.js - Xchecked via VT: e2fe74d890ddb516b4f21a6588c6e0bdbf3dd6f8c5116d707d08db7ebddf505a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898816" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5881c200-5668-4e6e-a169-441202de0b81" ,
"value" : "https://www.virustotal.com/file/e2fe74d890ddb516b4f21a6588c6e0bdbf3dd6f8c5116d707d08db7ebddf505a/analysis/1484641209/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "- Xchecked via VT: 3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898817" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5881c201-7fa8-44d8-aebd-4b4202de0b81" ,
"value" : "0696d0a4d6fddf137733b867f0334902903e2a0e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "- Xchecked via VT: 3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898817" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5881c201-1fb8-4c0d-a85a-49be02de0b81" ,
"value" : "37477dec05d8ae50aa5204559c81bde3"
} ,
{
"category" : "External analysis" ,
"comment" : "- Xchecked via VT: 3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1484898818" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5881c202-c4bc-4470-974a-44a702de0b81" ,
"value" : "https://www.virustotal.com/file/3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553/analysis/1484819616/"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}
