2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2017-11-28" ,
"extends_uuid" : "" ,
"info" : "OSINT - ROKRAT Reloaded" ,
"publish_timestamp" : "1511941714" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1511941670" ,
"uuid" : "5a1e6038-a088-46ac-95ef-ad9e950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#004646" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:rat=\"rokrat\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a1e604b-d290-4404-a793-7e40950d210f" ,
"value" : "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html" ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5a1e606f-95f0-465c-a739-7e43950d210f" ,
"value" : "Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We named this case \"Evil New Years\". The second one was about the analysis and discovery of the ROKRAT malware.\r\n\r\nThis month, Talos discovered a new ROKRAT version. This version contains technical elements that link the two previous articles. This new sample contains code from the two publications earlier this year:\r\n\r\n It contains the same reconnaissance code used;\r\n Similar PDB pattern that the \"Evil New Years\" samples used;\r\n it contains the same cloud features and similar copy-paste methods that ROKRAT used;\r\n It uses cloud platform as C&C but not exactly the same. This version uses pcloud, box, dropbox and yandex." ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a1e60c1-6e50-4137-bd1c-ac4e950d210f" ,
"value" : "BIN0001.OLE"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Path" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5a1e60c1-0c24-4ec1-b1e0-ac4e950d210f" ,
"value" : "%ALLUSERSPROFILE%\\HncModuleUpdate.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MalDoc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a1e60c1-4574-482c-9c2b-ac4e950d210f" ,
"value" : "171e26822421f7ed2e34cc092eaeba8a504b5d576c7fd54aa6975c2e2db0f824"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #1" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a1e60c1-efbc-4f55-958d-ac4e950d210f" ,
"value" : "a29b07a6fe5d7ce3147dd7ef1d7d18df16e347f37282c43139d53cce25ae7037"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a1e60c1-d4ac-47cb-8344-ac4e950d210f" ,
"value" : "eb6d25e08b2b32a736b57f8df22db6d03dc82f16da554f4e8bb67120eacb1d14"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #3" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a1e60c1-9c24-4de8-ad40-ac4e950d210f" ,
"value" : "9b383ebc1c592d5556fec9d513223d4f99a5061591671db560faf742dd68493f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "ROKRAT" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a1e60c1-347c-4331-b888-ac4e950d210f" ,
"value" : "b3de3f9309b2f320738772353eb724a0782a1fc2c912483c036c303389307e2e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Freenki" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5a1e60c1-afd0-4b33-af92-ac4e950d210f" ,
"value" : "99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5"
} ,
{
"category" : "External analysis" ,
"comment" : "malicious HWP document" ,
"data" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A u M A A A R V C A I A A A C Y X F m h A A A A A 3 N C S V Q I C A j b 4 U / g A A A A X 3 p U W H R S Y X c g c H J v Z m l s Z S B 0 e X B l I E F Q U D E A A A i Z 40 p P z U s t y k x W K C j K T 8 v M S e V S A A N j E y 4 T S x N L o 0 Q D A w M L A w g w N D A w N g S S R k C 2 O V Q o 0 Q A F m J i b p Q G h u V m y m S m I z w U A T 7 o V a B s t 2 I w A A C A A S U R B V H i c 7 L 0 / i + t K m / Y r H R 6 Y O f E w M C w W m 0 Z W N H A 4 w Y G G s 4 / c A w 5 k f 4 A O 5 B U 5 M l h x I y c O H Y x E x z J 0 5 G h Z Q X 8 A 24 F h t 8 X m p e O Z J 7 K F a R Y r G S a c 2 C e o d x e 1 q 6 R S q S T b W m t f v 6 h b L a n + q K r u q + 66 q 9 o 8 n 8 + G G v / 1 X //1X//1X//6r/+qeD8AAAAAAMff//73f/7nf/7nf/5nxfv/j4vmBgAAAACgDlAqAAAAAGgvUCoAAAAAaC9QKgAAAABoL1AqAAAAAGgvUCoAAAAAaC9QKgAAAABoL1AqAAAAAGgvUCoAAAAAaC9QKgAAAABoL1AqAAAAAGgvUCoAAAAAaC9QKgAAAABoL1AqAAAAAGgvUCoAAAAAaC9/++2339Tv9n3/P//zPy+XGwAAAAD89Pz9739Xv9k8n88V7jar3Q8AAAAAUIe2rP74vp8kSe6foiiKokjlYpsZDAZpmt46FxVoYYazLLNtu9Ijtm1nWVY/6SRJfN9X/BPNZ5qmg8GgkVSKaKqAEjSqXYR28Kp1UictdapW46Wr3TRNo6GaB+AnQFOppGlqlsHauSiKxBuqjiaKGWt2HPR9n8u2xJbYtk1vUxFSSZJIKlBeP1mWiTmplFuNDCuSmzcVBoNBaVtiyW1XennOTVqvFEUUfW6JNdLQLpKEGv/QjSDPbSOfILed/MWrHYAfCE2l4jjOmeF4PBqGcTwe2YuO49D7gyA4/5l+v39/f99MIS5DlmWmad7d3XE5v7u7yzWHpmmOx2N62263UxnsJpPJuQDP8yQPuq4bx7F2bjUynDvc5w7ElmU9PDxoDM3r9Vqsh36/X3S/2K6qpsiy3++5t7E1zEFrYzgcLhaLUuNnGIbneWyhaHKHw6FOtnMJw7CoXQVBwN3MClYWvaRpzSjOGdhq4VitVvKE1NsYVyFkyGoc9WonHZbATvwukSsAfnSaWf3xfT8Mw+fnZ8X7syw7HA6WZdH+uVgs2BvYCe50Op1Op/TXS7uOKa+vr6vVShzWgyAIw5AbIqMoCsOQvXm9XmdZVrqAQo2ciOTZwWCw3W61c6ud4aKBOAxD7k7P806n063Wj2j7uZBBMhiRtFqtqNyspDm+fft2obxV5XA4iN+00+lovCpJkpeXF/IGy7KadUr9TFiWRWqp3+9/+vSpTp0D8NPTgFIZDAa9Xi8IgoeHB0UZ8fz8PJ/PDcOgw+JkMmFvyJ1bE9brdf08N85ut3t8fOQu9nq9Umsk8amwTimWJEl6vZ5lWTfJsDpxHI9Go0Ze9enTp0r30/bTzqGfhDi8vb3dOiPNM5vNqIaO43i73daM57i7u2sgWy2GzNnIz4hKASCXWkqFzFxnsxmZmnueN5vNSt0eZH4vX9qgaPiiN5tNkZeikj/m8fFxOByK3gjf96fTqei9uBrL5VIUGe3Mreu6em4VxYhFcUFKIy1FqPer/qt835/NZlmWiWVsKhXWDclxOT8HKQ6roV3XfX9/v1Byp9PpQm/Wpma115x+APCzoqlUyML2aDSiU38ytpL4ldFoVDTa+r5/Op3I8j+7Usut/tC/0rX8/X4vXxAhcAE0dfwxxD17Op1EW3gW4iF6vd7r6yt3cbfblcbiSFZ/coc2unBWJ7d1MlyJh4eHr1+/1nwJW97j8UjKRW28uCBlMIEXDa7+UO8Xd/3j44NmhiQqd+T4vt/r9RzHieNYvLMolUpIIj/O0uCbmnz//p3zCtzd3X18fGi/UP5slmW73U775Y2jUe3s7p4syxpUwwD8TGgqFbKwXeQXoT2WvUgC4x8eHmiPpSu1Z2H1xzAM3/dXqxVdAXEcZ7/fkzWjaxLHMS2LZMQJgmA6nbIujcFgYFmWfJLEDW0GsxxWlJBoDDRyq53hqnz+/Ln+Zk42+KPT6ZByyfNJAy+usPqz2+02mw35mSQqkUfEV0RcXJZlqejvIi3buGuE2xPLloIKxDr79YbDoWma3W6XXimK5KXQGDWxzRPJfolgZMJ1qv319bXX65Gf39/fqexuMAkAfgKucZ4KiWx/e3uTiBuRw+HA3ew4DjUJBuNobTxsM3cANf68FEVgB9Dz+bzb7eifRqPRJSavYhyJXm71Mlzk3J5Op0WPqNsS9oXH47HT6bBXrhBJ3e12xaKV7hXfbDaTyUTFhA8GA9d1Wcce0d/dbrdIz0mm6bkfq9T2FzUGEVbkUYGo3n9FVqvV+Xze7/f0Sm4kr/FnvU4QW9Hz8/N4PB6Px4rbf7imK5ewV6v2l5cXupL79vYmruoCAAzD+JvGM7Zt584aTcFp2el0DocDWZHRyZ0UbutKUa5ESK4kN2hP1NRXl6rWIf318+fP3A11ppWVlsOCIGAr3FQ7sFg9SLD0bbnmnEy72Sul3zcXvUjt19fXyWTy5cuX0WhUasVzk6jZO7iSNuVj0POEffr0icvA6XR6eHhoJEssaZouFgtSb6ZpPj4+yn1sXNOtTyPVniSJ67o051mWIU4FgFx0fCq5M6FccjuwOP+IoiiOY26gd12Xm6emaSo5WqNmrkTUjw/RQDu3ojG4Qm61+fbt20UHX/E8FfXvW58sy6bT6dPTk+M4rutWqmTxe9m27XmexpRdVBX1G4NlWRrVSL41m5/tdnuJY5O63S49amW/319oje/S1T4cDunnjqKoqY1yAPx86K/+aJxnT0JVlsslZ1pIHCh389PT03A4pCs7aZp2u93ZbFaaRFMLyblWkCAeH0LQO4E+d1wrutmyrNx9MRq51c6wOm9vb1++fKn0iMYJ4hqnpzeStOu6q9WKmOc4jqfTqWI2TNM8nU7cZ1oul2bxYhN3rCIl10jrNYZGmM/nruuSn33fZ30GRXCCwPhzj+AGGRJoH4Yhndg4jhOGYa504NBoJ5erdtu2qdjKsuzl5aXOyhoAPzdX/b8/s9nseDyKx4TEcSyeTkbibWnoQLfbPRcfMXIJJDMkSVhGEev1Wsw8kW7iaEgCGItG1dFoJG7baTa3RRmuyna7bfCTaUz0c/dJaSB6O4gZZq3L8XgcDoel9pKcuSf6ThzHOR6PpVpchcYbgzqe543HY5JWlmUqoVoS/6Jo4H3fn0wm3FIOOd6wzhSlkXZSqdrZODzXdZfLZc3UAfiJact/KCyCHbaun3qlI8k1eHt7o5NyFsuyVqtV0clgnuflbs68XG71gnajKPqJx984jjkzTLR1S0IN1BsD/XadTofu8aForBtS18IlDmlcr9dFm+/acCakXh8kwXzyN5PDq5rOLwA/BjoRtdrM5/NOp7Pf77lu6fs+jY/7S/Hw8DAcDu/v7znzlmXZcDiU/NOT9Xo9GAyuNjRrhCyQRaVr+sB+FIIgME2TnipEIeub8v90cwlK+92l/1czUGE2m202mzRN0afAX5BaPhXJgYy56/1k7x89F45C/q9enZywSM5Sq7rTtWoBjYKdrkWpkwrhtuOapkk2hcrXrWezGefu1sht1QwrkmXZfD7XduSIM3uW3MAaclZHLpUWBeRJN2Wzz3/850gWco5i0UcXGwmhaL+bXmP46anaTtpT7Y7jdDodyBTw10Rpo2kLIU7pGx5pD0ApaZrO5/M2rErUIcsy13Wb2lFVqU70urnv+w8PDz9BgCpb80QetWRtEYAr86MqFQAAAAD8FWh7RC0AAAAA/spAqQAAAACgvUCpAAAAAKC9QKkAAAAAoL1AqQAAAACgvUCpAAAAAKC9QKkAAAAAoL1AqQAAAACgvUCpAAAAAKC9QKkAAAAAoL1AqQAAAACgvUCpAAAAAKC9QKkAAAAAoL1AqQAAAACgvUCpAAAAAKC9QKkAAAAAoL1AqQAAAACgvUCpAAAAAKC9QKkAAAAAoL1AqQAAAACgvUCpAAAAAKC9QKkAAA
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5a1e6121-04f0-4644-a9d9-ad77950d210f" ,
"value" : "malicious HWP document.png"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Freenki - Xchecked via VT: 99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a1e6613-1044-4d30-820a-ad0902de0b81" ,
"value" : "f7fcadc8c71752ce5d47af1e8069069cc70e6e27"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Freenki - Xchecked via VT: 99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a1e6613-2f20-433d-94cb-ad0902de0b81" ,
"value" : "6c668fd6a98f0659abc54d88c1db209e"
} ,
{
"category" : "External analysis" ,
"comment" : "Freenki - Xchecked via VT: 99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a1e6613-55a8-4765-a515-ad0902de0b81" ,
"value" : "https://www.virustotal.com/file/99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5/analysis/1511910425/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #3 - Xchecked via VT: 9b383ebc1c592d5556fec9d513223d4f99a5061591671db560faf742dd68493f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a1e6613-72d0-4ce7-ab5e-ad0902de0b81" ,
"value" : "6b79d3519b09d6162a1d3ec55fed3ee7a4adf436"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #3 - Xchecked via VT: 9b383ebc1c592d5556fec9d513223d4f99a5061591671db560faf742dd68493f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a1e6613-65a4-4371-a044-ad0902de0b81" ,
"value" : "b441d9a75c60b222e3c9fd50c0d14c5b"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper #3 - Xchecked via VT: 9b383ebc1c592d5556fec9d513223d4f99a5061591671db560faf742dd68493f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a1e6613-2e08-41a8-83e8-ad0902de0b81" ,
"value" : "https://www.virustotal.com/file/9b383ebc1c592d5556fec9d513223d4f99a5061591671db560faf742dd68493f/analysis/1511903258/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #2 - Xchecked via VT: eb6d25e08b2b32a736b57f8df22db6d03dc82f16da554f4e8bb67120eacb1d14" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a1e6613-84c0-4417-8a0b-ad0902de0b81" ,
"value" : "bd97943835cb3749ce2b1dc6ba89961555d92c38"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #2 - Xchecked via VT: eb6d25e08b2b32a736b57f8df22db6d03dc82f16da554f4e8bb67120eacb1d14" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a1e6613-6328-43f1-8e68-ad0902de0b81" ,
"value" : "bdbabe7d5605c00d24d15e3fac6eda1e"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper #2 - Xchecked via VT: eb6d25e08b2b32a736b57f8df22db6d03dc82f16da554f4e8bb67120eacb1d14" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a1e6613-f690-455a-aa14-ad0902de0b81" ,
"value" : "https://www.virustotal.com/file/eb6d25e08b2b32a736b57f8df22db6d03dc82f16da554f4e8bb67120eacb1d14/analysis/1511903362/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #1 - Xchecked via VT: a29b07a6fe5d7ce3147dd7ef1d7d18df16e347f37282c43139d53cce25ae7037" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a1e6613-1638-444b-8524-ad0902de0b81" ,
"value" : "96d8142c72942a84f6e45f5ec9f2a8f8e97bf28e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper #1 - Xchecked via VT: a29b07a6fe5d7ce3147dd7ef1d7d18df16e347f37282c43139d53cce25ae7037" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a1e6613-cba4-48ef-a655-ad0902de0b81" ,
"value" : "9cf931c33319f2a23d0b49cb805a4a34"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper #1 - Xchecked via VT: a29b07a6fe5d7ce3147dd7ef1d7d18df16e347f37282c43139d53cce25ae7037" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a1e6613-9fb8-4216-8710-ad0902de0b81" ,
"value" : "https://www.virustotal.com/file/a29b07a6fe5d7ce3147dd7ef1d7d18df16e347f37282c43139d53cce25ae7037/analysis/1511903459/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MalDoc - Xchecked via VT: 171e26822421f7ed2e34cc092eaeba8a504b5d576c7fd54aa6975c2e2db0f824" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5a1e6613-aab8-4af7-ba7b-ad0902de0b81" ,
"value" : "359c953832b9c71363b87f66638d8b573214cb6f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MalDoc - Xchecked via VT: 171e26822421f7ed2e34cc092eaeba8a504b5d576c7fd54aa6975c2e2db0f824" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5a1e6613-1860-4197-bee8-ad0902de0b81" ,
"value" : "7ca1e08fc07166a440576d1af0a15bb1"
} ,
{
"category" : "External analysis" ,
"comment" : "MalDoc - Xchecked via VT: 171e26822421f7ed2e34cc092eaeba8a504b5d576c7fd54aa6975c2e2db0f824" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1511941651" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5a1e6613-db8c-4aec-8523-ad0902de0b81" ,
"value" : "https://www.virustotal.com/file/171e26822421f7ed2e34cc092eaeba8a504b5d576c7fd54aa6975c2e2db0f824/analysis/1511881919/"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}