2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2017-02-20" ,
"extends_uuid" : "" ,
"info" : "OSINT - LAZARUS\u00e2\u20ac\u2122 FALSE FLAG MALWARE" ,
"publish_timestamp" : "1487601138" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1487600957" ,
"uuid" : "58aafac5-c984-43f3-a1b9-493e950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58aafaf8-405c-4b7d-8f4e-4357950d210f" ,
"value" : "http://baesystemsai.blogspot.com/2017/02/lazarus-false-flag-malware.html" ,
"Tag" : [
{
"colour" : "#075200" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "admiralty-scale:source-reliability=\"b\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "58aafb3a-9b70-48a9-b715-4dab950d210f" ,
"value" : "We continue to investigate the recent wave of attacks on banks using watering-holes on at least two financial regulator websites as well as others. Our initial analysis of malware disclosed in the BadCyber blog hinted at the involvement of the 'Lazarus' threat actor. Since the release of our report, more samples have come to light, most notably those described in the Polish language niebezpiecznik.pl blog on 7 February 2017." ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "srservice.chm" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafb6d-f0b0-4362-9eb4-4ced950d210f" ,
"value" : "9216b29114fb6713ef228370cbfe4045"
} ,
{
"category" : "Payload delivery" ,
"comment" : "srservice.hlp" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafb6e-427c-4e7a-8919-4c2d950d210f" ,
"value" : "8e32fccd70cec634d13795bcb1da85ff"
} ,
{
"category" : "Payload delivery" ,
"comment" : "srservice.dll" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafb6f-8294-45f2-bacc-4de2950d210f" ,
"value" : "e29fe3c181ac9ddbb242688b151f3310"
} ,
{
"category" : "Payload delivery" ,
"comment" : "fdsvc.exe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafb70-5898-4011-b1e4-48d8950d210f" ,
"value" : "9914075cc687bdc352ee136ac6579707"
} ,
{
"category" : "Payload delivery" ,
"comment" : "fdsvc.dll" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafb70-b22c-4584-8088-456d950d210f" ,
"value" : "9cc6854bc5e217104734043c89dc4ff8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "cambio.swf" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafb91-71a4-476f-981d-41e1950d210f" ,
"value" : "6dffcfa68433f886b2e88fd984b4995a"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B k A A A A T 2 C A I A A A D 1 Y v i x A A A A A 3 N C S V Q I C A j b 4 U / g A A A A l n p U W H R S Y X c g c H J v Z m l s Z S B 0 e X B l I E F Q U D E A A H i c V Y 5 B D s M g D A T v v I I n j G 0 w 8 B x U k S p S 1 V b 5 / 6 E H S N v s Z a V Z a 9 f h P p 7 j 2 G / x f b y 2 / T F C j D F G k R p S S 0 0 7 U J l S M E F Q o C z k 0 73 V Q g J k 8 c F F G W 9 u L s V 8 X h h A m z 2 J h U x N D a T P f H V 9 P X f + N / L 51 y l d m f 46 s 1 q z u t h 1 S 2 w + A U D 4 A O d V N X T v L P 3 V A A A g A E l E Q V R 4 n O z d d 1 x T V x s H 8 C c J Y e + w k S G g 7 A 1 u A R e 4 J 25 b t 3 X W U W u X d V u t b V / r r K 27 r a t a t 3 W P i n s v B L f s P R J C y L 7 v H 9 e m a Q K I b R G s v + 9 f + Z x z 7 r 3 P T S I m T 55 z D o d h G A I A A A A A A A A A A K i v u H U d A A A A A A A A A A A A Q H W Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e s 2 g r g M A A I D X S q V S 5 e T k p K a m 8 n i 8 u o 4 F A A C g V q h U q o C A A C c n J y 4 X P 9 g D A P x H I I E F A P B 2 k U g k B w 4 c G D 9 + f F 0 H A g A A U I v W r l 0 7 c O B A M z O z u g 4 E A A D + H f h F A g D g 7 c L h c A w N D e s 6 C g A A g N p l a G j I 4 X D q O g o A A P j X I I E F A A A A A A A A A A D 1 G h J Y A A A A A A A A A A B Q r y G B B Q A A A A A A A A A A 9 R o W c Q c A e N t 1 i O 84 d e o 0 V 1 c X t V p d 17 E A A A C 8 M i 6 X m 5 G Z 9 d W S L 38 / c 6 q u Y w E A g N q C B B Y A w N v O y s o y w N / P w 8 O t r g M B A A D 4 m y w s z C 0 t z O s 6 C g A A q E W Y Q g g A 8 L Z j G L V K p a r r K A A A A P 4 + l U r F M E x d R w E A A L U I C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H o N C S w A A A A A A A A A A K j X k M A C A A A A A A A A A I B 6 D Q k s A A A A A A A A A A C o 15 D A A g A A A A A A A A C A e g 0 J L A A A A A A A A A A A q N e Q w A I A A A A A A A A A g H r N o K 4 D A A A A A I A X x O J y t V r F M I y V l V V d x 1 I J h m H K y 8 v V a j W X y z U 3 N 6 / r c A A A A O A t g g o s A A A A g P o i s V 9 / K y s r a 2 v r u g 6 k c i U l p Z 26 d L O y s o q P j 6 / r W A A A A O D t g g o s A A C A 102 p V C k U C r V a p V K p G I Y h I g 6 H w + V y e T w D P t / A w A D / O 78 + c r l C K q 2 o P / V E 1 l b 1 N H X F 4 n I 5 A l t b I h I I B P / 6 y R m G k c p k C r n c 0 N D Q 2 N j 4 X z 9 / z c n l 8 o q K C m N j Y y M j I y J S K p U S i c T A w M D U 1 L S q Q 1 Q q t U w m V S g U H A 7 H 2 N j Y 0 N D w N c Y L A A D w V k A F F g A A w O u j V K q K i o u P n z w 1 Z + 78 H j 17 s 7 U 21 t b W V l Z W 7 d r H f z 577 p n f k 8 r E 4 r o O 8 y 2 y Z d s O K y u r 7 j 16 Z W X n 1 H U s b 7 v i 4 p K 58 x Z a W V k t / n J J p f 8 K l E q l Q q m s 7 T B U K t X + / Q e s r a 137 v q V b b l 167 a H p 8 + c u X N U a r X + e L V a L R S J z l + 48 N 7 Y C d b W 1 u 6 e X g c O H K z t I A E A A N 5 C + I 0 X A A D g d W C I R E L h 70 n n V 65 Y e f z Y Y S I y N j Z p 4 O b + R 70 V 8 + j h g y u X L x Y V F n o 19 L S o H 9 V A b 4 P 5 c 2 c T 0 e l T J 3 b s / H X a 5 I l 1 H c 5 b r a S k + M t F C 4 h o //79zZq16JjQXtOlUqlyc/Pu3Es2NTWJbd2qVsMQCkXP0zMCg4I1EznLykSlJQVOjs48ru5Pv2Kx+PrNW+vWrf/5x01si5enJ8qvAAAAagMSWAAAAK/D8+dpmzZuWvbtt0JRqYenZ0R4RGRUtGfDhsbGxgxDXC43KzPjt0MH4+M7ODk51XWwb5E+fRJ/2fmLSCQMDgyo61jediYmpol9+505c6Zx48Zu7g20u1JTU4OCgrgGhiuXL6vtBJZCqRSLy5ydXezs7DUtZmaWLi4uOiMrpNJdv+4ePmwoEbVr38HI0PC33w7VamwAAABvMySwAAAAal1BYeHq1au//moJEQ0e8s6AAQPbtm1jaqK7ys+IEcP4BnxDQ35dxPiWWvzloqbNm9vZ2cXF1G5aBF7K1dVlxYrl5y9c8vfzC/D31e7icDhE1NDTg1f7K8RJpdKC/EIDAx6XyyWiouLi23fuOTjaGxoZ6Yw0NjISCGxdXRsMGjxk2LBh6WnPkMACAACoPUhgAQAA1LoD+w/8uPlHIho/YdJHMz50d3erdJhZ1UtEQy3hcbmJvXvWdRTwgpOjY59ePfTb2VwS549MVq1iGEahVDg6OTk6Or5oUavt7R2sLK10RnI4nODgkN179jaJjiSizIy02o4NAADgbYYEFgAAQO26eu36vgMH8/NzR48Z++GHH1SVvaqGWq2Wy+VKpVKpVKrVag6HY2BgwOcbGhkZ6n+fr6iokEqlfD7f1NSUy+XKZDL2WIZhDAwMjIyMjYz+XKBHKpXK5XJ2M0QDA76RsZGR3vI9EolEJpPxDAzMzcy4XK5CoZDJ5AqFnGEYDofD5/ONjIz5fN1PFOXl5TKZzNDIyNzMjGFIKq2QyWQqlcrGxob714WElCqV4o+7Y1v4fEM+38BIr+CFiMRisVwuNzI2NjM1ZRhGKpUqFAo2fj7f0MjYyJD/on6NYZiKigqlUvmi19DQ2MiIz9etbisrK1MoFAzD6G+rJ5PJFEqlXCZjn2Q+n29gYFDp7njsMPZaL54TY2N+tbVCUqlUqVTK5XIi4vF4BgZ8IyPDmm9AWVpayr4TbGxs9HuFQqFKpTIwMLC0tNTvLSoq4nK5BgYGFhYW2u1yuUIul6tUSpVKxeVy2bsw4PGqj6SiQqpQyJVKJYfD4XA4hkZGRoaGvKqPqqiQKpUKdrc+DofL5xvw+YZs1aFKpRKLxdqRq9VqiUSiUqlKSkqISKVWl4vFYrFYoVAQkZGxsamJic752Tcn+4bncrns687VW7uqGuKysju3b4eEBLMvh1hc/uz5c4FAYGmlm8AiIk8Pd08Pd/Yxu6MoAAAA1BLsQggAAFC77ty+ferECWtr2759+3h6eLzq4QqF4sbN2999v3bkyDE2NjYCgcDW1vbdd4d/v3bd4ydPVSqVzvgff/rZ1tZ22vSPsnNy0zMy1m/c3Cexv62trUAg6NU78ceft+Tk5hGRSqV68vTpipWru3XvyfYm9u3785Ztefn5OidcvXqNra3tiBGjCwoKFArF/oO/TXp/CnuIra3tmPfGHzx0uKSkVOeob/63VCAQLPziS6FQ9OTp06+/+dbXN8DOzi43N1d7mFwuP5t07pulywcMGGz7h0nvT9n805b8/AL9jMDns+YIBIIvl3wjlckePHz0zdLl7dsnsMGMGDlqz9794vJyIlIolPdTUmfPmR8X147tHTVqzN79ByWSCp0Tvj95qkAgsLOz07mWXC7fsOmnyZOnsbdpa2s7bvzEVd+t1X+BpFLp4SPHPvr4s+bNW7GDx42fePjIMZlMVtVrWlYmXvPDhvETJgkEAoFA0LpV7Ceffn70+Em1Ws3jvfyzmUql6ty5O3stUZnubn0SiSQ6uplAIOjbt7/+sQUFBXZ2dr
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "58aafbc7-9d18-43b7-b027-4018950d210f" ,
"value" : "schema.png" ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe." ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600858" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58aafc38-87f4-4f3e-b6b7-457c950d210f" ,
"value" : "889e320cf66520485e1a0475107d7419"
} ,
{
"category" : "Payload delivery" ,
"comment" : "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600865" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58aafce1-a080-4233-ab2e-41c002de0b81" ,
"value" : "6c1d8c4afbc7f85f05fb2e4d17e5553255b0195a0b56ba5309e362e2156debfc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600865" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58aafce1-0978-4c1f-a438-485d02de0b81" ,
"value" : "7260340b7d7b08b7a9c7e27d9226e17b7170a436"
} ,
{
"category" : "External analysis" ,
"comment" : "srservice.dll - Xchecked via VT: e29fe3c181ac9ddbb242688b151f3310" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600866" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58aafce2-9380-439a-9174-4bcd02de0b81" ,
"value" : "https://www.virustotal.com/file/6c1d8c4afbc7f85f05fb2e4d17e5553255b0195a0b56ba5309e362e2156debfc/analysis/1487239802/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600867" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58aafce3-0740-4625-91da-452f02de0b81" ,
"value" : "cd10ffb7a88f0d2ec69326e7a13f00b9ed211a3a719f89a755a29494ff1142e6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600868" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58aafce4-cf48-49f6-86f7-45b902de0b81" ,
"value" : "fa4f2e3f7c56210d1e380ec6d74a0b6dd776994b"
} ,
{
"category" : "External analysis" ,
"comment" : "fdsvc.exe - Xchecked via VT: 9914075cc687bdc352ee136ac6579707" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600868" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58aafce4-a3dc-4f76-b51e-4a8a02de0b81" ,
"value" : "https://www.virustotal.com/file/cd10ffb7a88f0d2ec69326e7a13f00b9ed211a3a719f89a755a29494ff1142e6/analysis/1487564884/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600869" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58aafce5-02c4-4787-aac4-499f02de0b81" ,
"value" : "752b8e93a8f6803b265dd3a7cd39df86997cf99900426635b1b97dd665bd7f9f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600870" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58aafce6-bfe4-42e1-9581-498702de0b81" ,
"value" : "11568dffd6325ade217fbe49ce56a3ee5001cbcc"
} ,
{
"category" : "External analysis" ,
"comment" : "fdsvc.dll - Xchecked via VT: 9cc6854bc5e217104734043c89dc4ff8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600871" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58aafce7-bfa4-433b-a122-40b702de0b81" ,
"value" : "https://www.virustotal.com/file/752b8e93a8f6803b265dd3a7cd39df86997cf99900426635b1b97dd665bd7f9f/analysis/1487229167/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58aafce7-0964-457a-bfd5-4fdc02de0b81" ,
"value" : "c1b29afcfddb79cfd57545b8600922150843ae2b170fff9aeacdeaa17adbf792"
} ,
{
"category" : "Payload delivery" ,
"comment" : "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600872" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58aafce8-a700-4de1-9e84-475f02de0b81" ,
"value" : "ba5a2230ff2068b7fb22de3b83031457d18c3298"
} ,
{
"category" : "External analysis" ,
"comment" : "cambio.swf - Xchecked via VT: 6dffcfa68433f886b2e88fd984b4995a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600873" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58aafce9-8adc-4463-8c5a-467a02de0b81" ,
"value" : "https://www.virustotal.com/file/c1b29afcfddb79cfd57545b8600922150843ae2b170fff9aeacdeaa17adbf792/analysis/1487563770/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600874" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58aafcea-8700-4a01-99c5-4ed902de0b81" ,
"value" : "8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600874" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58aafcea-c968-4940-9c36-44d902de0b81" ,
"value" : "f5fc9d893ae99f97e43adcef49801782daced2d7"
} ,
{
"category" : "External analysis" ,
"comment" : "The file fdsvc.dll is an encrypted file, successfully decrypted into a valid DLL (MD5: 889e320cf66520485e1a0475107d7419) by the aforementioned executable fdsvc.exe. - Xchecked via VT: 889e320cf66520485e1a0475107d7419" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600875" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58aafceb-7740-4c6c-97b2-4bce02de0b81" ,
"value" : "https://www.virustotal.com/file/8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1/analysis/1487179033/"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600922" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "58aafd1a-be48-4ca5-af2e-482f950d210f" ,
"value" : "cambio.xap"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600922" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "58aafd1a-e8e8-4275-a0b3-4ceb950d210f" ,
"value" : "mark180789172360.ico"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600923" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "58aafd1b-7ca8-4258-a429-4787950d210f" ,
"value" : "meml102783047891.dat"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600924" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "58aafd1c-cc98-4a0c-9c3c-40b0950d210f" ,
"value" : "back283671047171.dat"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600957" ,
"to_ids" : false ,
"type" : "pattern-in-traffic" ,
"uuid" : "58aafd3d-a418-4a76-9462-4dcb950d210f" ,
"value" : "view.jsp?pagenum=1"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1487600958" ,
"to_ids" : false ,
"type" : "pattern-in-traffic" ,
"uuid" : "58aafd3e-eb98-4596-96f1-4b43950d210f" ,
"value" : "view.jsp?uid="
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}
