799 lines
25 KiB
JSON
799 lines
25 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2014-11-12",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT Korplug military targeted attacks: Afghanistan & Tajikistan blog post from ESET",
|
||
|
"publish_timestamp": "1456151931",
|
||
|
"published": true,
|
||
|
"threat_level_id": "2",
|
||
|
"timestamp": "1415914547",
|
||
|
"uuid": "54651e3e-3934-4d34-9396-956a950d210b",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#33FF00",
|
||
|
"name": "tlp:green"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913424",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "54651fd0-3988-45ca-8816-9a37950d210b",
|
||
|
"value": "http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913440",
|
||
|
"to_ids": false,
|
||
|
"type": "comment",
|
||
|
"uuid": "54651fe0-6ad0-4955-ad1a-4960950d210b",
|
||
|
"value": "Data entered by David Andr\u00c3\u00a9"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913478",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54652006-ed94-4a90-8907-9a22950d210b",
|
||
|
"value": "Korplug"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913478",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54652006-32ac-4819-abb7-9a22950d210b",
|
||
|
"value": "PlugX"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913518",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5465202e-7418-4999-bb7e-4767950d210b",
|
||
|
"value": "www.notebookhk.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913531",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5465203b-92c4-46ea-bb24-9a39950d210b",
|
||
|
"value": "notebookhk.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913653",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "546520b5-18ac-4f42-a306-956a950d210b",
|
||
|
"value": "www.dicemention.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913653",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "546520b5-659c-43c0-9b37-956a950d210b",
|
||
|
"value": "www.abudlrasul.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913670",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "546520c6-31a4-4603-9ec4-93c7950d210b",
|
||
|
"value": "dicemention.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913671",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "546520c7-0f04-463c-879c-93c7950d210b",
|
||
|
"value": "abudlrasul.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Attribution",
|
||
|
"comment": "Registrant",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913751",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54652117-1e68-455f-b492-9a39950d210b",
|
||
|
"value": "stanlee@gmail.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Attribution",
|
||
|
"comment": "Registrant",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913751",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54652117-f490-4062-9d03-9a39950d210b",
|
||
|
"value": "123@123.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Attribution",
|
||
|
"comment": "Registrant",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415913751",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "54652117-4e70-4163-a7bd-9a39950d210b",
|
||
|
"value": "woffg89@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-0940-4a89-8115-d85b950d210b",
|
||
|
"value": "36119221826d0290bc23371b55a8c0e6a84718dd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-83f0-4e58-ad78-d85b950d210b",
|
||
|
"value": "a6642bc9f3425f0ab93d462002456be231bb5646"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-0f44-4060-bba3-d85b950d210b",
|
||
|
"value": "51cdc273b5638e06906bcb700335e288807744b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-5dd8-4054-a92e-d85b950d210b",
|
||
|
"value": "ea6ee9eab546fb9f93b75dcb650af22a95486391"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-bc40-4ed7-983c-d85b950d210b",
|
||
|
"value": "d297dc7d29e42e8d37c951b0b11629051eebe9c0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-46c4-48dd-9b2c-d85b950d210b",
|
||
|
"value": "8e5e19ebe719ebf7f8be4290931ffa173e658cb8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-c30c-4fd1-84ed-d85b950d210b",
|
||
|
"value": "1f726e94b90034e7abd148fe31eba08774d1506f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-57dc-44bf-9ed1-d85b950d210b",
|
||
|
"value": "a9c627aa09b8cc50a83ff2728a3978492aeb79d8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914316",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465234c-001c-495c-b61c-d85b950d210b",
|
||
|
"value": "e32081c56f39ea14dfd1e449c28219d264d80b2f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914370",
|
||
|
"to_ids": false,
|
||
|
"type": "vulnerability",
|
||
|
"uuid": "54652382-8914-451f-b266-956a950d210b",
|
||
|
"value": "CVE-2012-0158"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914370",
|
||
|
"to_ids": false,
|
||
|
"type": "vulnerability",
|
||
|
"uuid": "54652382-58a0-48df-b92b-956a950d210b",
|
||
|
"value": "CVE-2014-1761"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914433",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c1-e814-42dd-aa3f-c0c0950d210b",
|
||
|
"value": "5dfa79eb89b3a8ddbc55252bd330d04d285f9189"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914433",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c1-52d0-4d19-88d5-c0c0950d210b",
|
||
|
"value": "095550e3f0e5d24a59add9390e6e17120039355e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914433",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c1-77cc-41e3-899b-c0c0950d210b",
|
||
|
"value": "5d760403108bdcdce5c22403387e89edc2694860"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914433",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c1-0bf0-4d16-b80a-c0c0950d210b",
|
||
|
"value": "05bfe122f207df7806eb5e4ce69d3aec26d74190"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-f568-45e6-914a-c0c0950d210b",
|
||
|
"value": "548577598a670ffd7770f01b8c8eeff853c222c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-0038-4c87-98fb-c0c0950d210b",
|
||
|
"value": "530d26a9beedcced0c36c54c1bf3cda28d2b6e62"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-6b20-4c51-a75a-c0c0950d210b",
|
||
|
"value": "f6cb6db20aa8f17769095042790aeb60eecd58b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-acd0-4e34-877a-c0c0950d210b",
|
||
|
"value": "ef17b7ec3111949cbdbdeb5e0e15bd2c6e90358f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-aebc-4b25-b287-c0c0950d210b",
|
||
|
"value": "17ca3bbddef164e6493f32c952002e34c55a74f2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-0f80-462b-a405-c0c0950d210b",
|
||
|
"value": "973ea910ea3734e45fde304f20ab6cf067456551"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-4098-49d6-9d70-c0c0950d210b",
|
||
|
"value": "47d78fbfb2efc3ab9ddc653a0f03d560d972bf67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-8fac-49e7-8751-c0c0950d210b",
|
||
|
"value": "0b5a7e49987ef2c320864cf205b7048f7032300d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-e534-4aaa-bfbd-c0c0950d210b",
|
||
|
"value": "e81e0f416752b336396294d24e639ae86d9c6baa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Korplug",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914434",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "546523c2-1e68-4f24-b7b8-c0c0950d210b",
|
||
|
"value": "e930d3a2e6b2ffdc7052d7e18f51bd5a765bdb90"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914506",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240a-ff00-4d83-877e-9a37950d210b",
|
||
|
"value": "fdd41eb3cbb631f38ac415347e25926e3e3f09b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914507",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240b-f640-47a2-9f11-9a37950d210b",
|
||
|
"value": "457f4ffa2fe1cacfea53f8f5ff72c3fa61939ccd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914507",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240b-1604-4b57-81ac-9a37950d210b",
|
||
|
"value": "5b6d654eb16fc84a212acf7d5a05a8e8a642ce20"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914507",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240b-3c64-4dbb-9adc-9a37950d210b",
|
||
|
"value": "7d59b19bd56e1d2c742c39a2aba9ac34f6bc58d4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914507",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240b-d1e0-4bc2-8505-9a37950d210b",
|
||
|
"value": "d7d130b8cc9bea51143f28820f08068521763494"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914507",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240b-3924-4b91-b38f-9a37950d210b",
|
||
|
"value": "01b4b92d5839ecf3130f5c69652295fe4f2da0c5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914507",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5465240b-d138-402c-ae8f-9a37950d210b",
|
||
|
"value": "02c38ec1c67098e1f6854d1125d3aed6268540de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914547",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652433-5664-4cae-ba8b-9a39950d210b",
|
||
|
"value": "3a7fb6e819eec52111693219e604239bd25629e9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914547",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652433-218c-4ba7-9fc0-9a39950d210b",
|
||
|
"value": "bf77d0ba7f3e60b45bd0801979b12bea703b227b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914547",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652433-d50c-4a22-96c2-9a39950d210b",
|
||
|
"value": "55ef67afa2ec2f260b046a901868c48a76bc7b72"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914547",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652433-0384-4c5e-95b6-9a39950d210b",
|
||
|
"value": "a29f64cd7b78e51d0c9fdfbdcbc57ced43a157b2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-8b2c-4d61-b247-9a39950d210b",
|
||
|
"value": "34754e8b410c9480e1adfb31a4aa72419056b622"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-1f48-484a-bf2a-9a39950d210b",
|
||
|
"value": "17a2f18c9ccaaa714fd31be2de0bc62b2c310d8f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-95d0-4bc5-8232-9a39950d210b",
|
||
|
"value": "6d99acea8323b8797560f7284607db08eca616d8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-91a4-40ac-bb34-9a39950d210b",
|
||
|
"value": "1884a05409c7ef877e0e1aaaec6bb9d59e065d7c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-dbb4-4417-9505-9a39950d210b",
|
||
|
"value": "1fc6fb0d35dcd0517c82adaef1a85ffe2afab4ee"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-c010-43b5-8ff4-9a39950d210b",
|
||
|
"value": "5860c99e5065a414c91f51b9e8b779d10f40adc4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Alternative Malware #2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1415914548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "54652434-93d0-42fe-8bbe-9a39950d210b",
|
||
|
"value": "7950d5b57fa651ca6fa9180e39b6e8cc1e65b746"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834419",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c64533-4454-42f6-bcbb-59a3950d210f",
|
||
|
"value": "b948c6616215ba79bc152e7eccc21044"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834421",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c64535-5680-4596-8cec-59a2950d210f",
|
||
|
"value": "d4c0390698f5332cc6e0f3fe611d1d38"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834424",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c64538-d5a4-494e-bd85-4a96950d210f",
|
||
|
"value": "66c411a966f01575c0ab39f197638e73"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834426",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c6453a-ab4c-49b9-bafc-599c950d210f",
|
||
|
"value": "4c184b9f897999b4daa4fbe2b023292e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834428",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c6453c-16fc-4833-b304-469e950d210f",
|
||
|
"value": "18d7adcdade1942efd572ed5256a0d2e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834431",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c6453f-b078-46b4-a427-59a0950d210f",
|
||
|
"value": "6f6eeade8fac2509b677a33c5c6b2628"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834435",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56c64543-2df0-4f2a-ab13-59a0950d210f",
|
||
|
"value": "273e3694afb362d836fdeafa03921a19"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 973ea910ea3734e45fde304f20ab6cf067456551)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834420",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c64534-da74-4d4c-adb7-5ca1950d210f",
|
||
|
"value": "baf81d98dcdd218ee1dd89610ec44cbfcc75667b11efb52987011b4f15202fb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via fdd41eb3cbb631f38ac415347e25926e3e3f09b6)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834422",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c64536-cbb0-42f1-9383-c653950d210f",
|
||
|
"value": "a623949b9624e1410fdb22e490d014cad175b98b758d786f50ed9edb2549607a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 5b6d654eb16fc84a212acf7d5a05a8e8a642ce20)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834424",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c64538-e3dc-4ff0-8208-c651950d210f",
|
||
|
"value": "38fea14bf5c8c6cd82b8f46a83389f2eab28ca6c007e887e14e9c37f688df762"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 01b4b92d5839ecf3130f5c69652295fe4f2da0c5)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834427",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c6453b-8654-4926-b86a-59a0950d210f",
|
||
|
"value": "0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 3a7fb6e819eec52111693219e604239bd25629e9)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834429",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c6453d-cb18-4837-976b-59a3950d210f",
|
||
|
"value": "3c4d6ddfc047fccb21ae5e4294a195920bb35a21cf8cb795928c55d94233e7e9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Automatically added (via 5860c99e5065a414c91f51b9e8b779d10f40adc4)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834432",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c64540-35b8-40fe-972a-59a1950d210f",
|
||
|
"value": "d685fc5a95189c6cecfbdec160de75401161a959d8e98f00a75d3b89465ddd4e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Automatically added (via e32081c56f39ea14dfd1e449c28219d264d80b2f)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1455834436",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56c64544-bb7c-4291-ae52-c651950d210f",
|
||
|
"value": "97ada78fe46d46d9d640b34c2d66bd55ff5c543d99efe951ec489de7d5b3de1c"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|