2317 lines
84 KiB
JSON
2317 lines
84 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2016-03-29",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - In the Shadows: Vawtrak Aims to Get Stealthier by adding New Data Cloaking",
|
||
|
"publish_timestamp": "1484165608",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1468658470",
|
||
|
"uuid": "56fad784-e8ec-4dcf-9384-47bf02de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279758",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fad78e-f4dc-4624-9a38-4bad02de0b81",
|
||
|
"value": "https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279797",
|
||
|
"to_ids": false,
|
||
|
"type": "comment",
|
||
|
"uuid": "56fad7b5-b8c0-498c-a4ee-466c02de0b81",
|
||
|
"value": "In what is likely to be a short-lived cessation in Dridex campaigns while the criminal proponents behind that malware scramble to find a new delivery channel, it appears as though other malware purveyors may be positioning themselves to take additional market share of the lucrative crimeware arena. One recent development saw Vawtrak, previously a second-tier banking and information stealing trojan, emerge with new capabilities -- most notably new methods for data encoding and changes to C2 communication that appear to be an attempt to improve on the malware\u00e2\u20ac\u2122s detection evasion. - See more at: https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows#sthash.fy3M4b8M.dpuf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279868",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fc-0fe4-47fb-8930-475e02de0b81",
|
||
|
"value": "26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279868",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fc-5214-4f97-91d5-4d4d02de0b81",
|
||
|
"value": "93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279868",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fc-8424-4fa3-a912-42b002de0b81",
|
||
|
"value": "120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279869",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fd-9094-446e-8d0f-42bb02de0b81",
|
||
|
"value": "b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279869",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fd-ca20-4fbb-883c-444e02de0b81",
|
||
|
"value": "6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279869",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fd-428c-4fb4-9568-436202de0b81",
|
||
|
"value": "7683afa68bf176249dfc61c5e3bf455dabc9d8b0696d6f8952d72ebb5500a798"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279869",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fd-83e4-4b75-98cb-4c2302de0b81",
|
||
|
"value": "78ceb2dbbd39831f84c6fe50742a778cb4610fb02c06072de02e798692279ae4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279870",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fe-bdb8-46e1-a5b3-45e702de0b81",
|
||
|
"value": "9337b6c7f6f4f300ebd11813dc6fe5a9646f394541139c96af27f45e1bb7eec2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279870",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fe-20dc-490f-854e-4b0902de0b81",
|
||
|
"value": "1eaac96f675fd29b06beed67cb89d5862183659a071062ca9440c46dc69b5a58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279870",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7fe-fcb0-4657-a00b-425e02de0b81",
|
||
|
"value": "0b9b361aaab7baa0ae49c0234d78bcb7cfbd0e529eeda1b126ef08a3b3e0ae89"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279871",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7ff-b354-49da-a6d9-459e02de0b81",
|
||
|
"value": "2f87d666915cc345ae8ac57c5b975163828c2923cdfabc3cf436ebca50346eb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279871",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7ff-cd64-496b-939b-407102de0b81",
|
||
|
"value": "b5681046f8a571f4fde991e349356e078498f1afb3d2a31a549df65b01ba6de7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279871",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad7ff-6498-4eb8-9baa-402002de0b81",
|
||
|
"value": "eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279872",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad800-897c-4dab-9c2b-4dc102de0b81",
|
||
|
"value": "606a489df381a8cc3fb43b8ca3b763c61ff91328aa39fa9be167c428d587c1bc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279872",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad800-33f8-4697-9f36-4ed102de0b81",
|
||
|
"value": "3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459279872",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad800-d30c-4671-af6f-46f302de0b81",
|
||
|
"value": "3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280014",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad88e-a73c-4a9c-bffb-495002de0b81",
|
||
|
"value": "http://pomona.pl/wp-content/plugins/wp-db-backup-made/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280014",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad88e-3480-481e-9d7c-481b02de0b81",
|
||
|
"value": "http://funsockfriday.com/wp-content/cache/db/000000/all/cd0/2a7/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280014",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad88e-1ea8-4e0f-8f62-4bf802de0b81",
|
||
|
"value": "http://pomona.pl/wp-content/plugins/wp-db-backup-made/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280015",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad88f-4bd4-49ea-ac66-49d902de0b81",
|
||
|
"value": "http://funsockfriday.com/wp-content/cache/db/000000/all/cd0/2a7/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280015",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad88f-f24c-4449-bd33-4e1102de0b81",
|
||
|
"value": "http://admtorg.ru/wp-includes/js/tinymce/plugins/compat3x/css/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280016",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad890-659c-4804-9a2f-4e6702de0b81",
|
||
|
"value": "http://ozgencfutbolokulu.com/wp-content/plugins/wp-db-backup-made/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280016",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad890-980c-4ab4-9099-4c5502de0b81",
|
||
|
"value": "http://admtorg.ru/wp-includes/js/tinymce/plugins/compat3x/css/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280016",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad890-8d90-41eb-918a-416b02de0b81",
|
||
|
"value": "http://ozgencfutbolokulu.com/wp-content/plugins/wp-db-backup-made/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280017",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad891-6114-441a-a00d-4e7902de0b81",
|
||
|
"value": "http://unmaskedman.com/wp-content/themes/unmaskedman/assets/sass/layouts/pages/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280017",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad891-bb9c-429d-9cbe-488b02de0b81",
|
||
|
"value": "http://ssgc.co/wp-content/uploads/cache/remote/www-abc-net-au/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280017",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad891-d4c4-4ea8-84cf-451802de0b81",
|
||
|
"value": "http://unmaskedman.com/wp-content/themes/unmaskedman/assets/sass/layouts/pages/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280018",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad892-a8ec-4165-a23c-408602de0b81",
|
||
|
"value": "http://ssgc.co/wp-content/uploads/cache/remote/www-abc-net-au/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280018",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad892-4c9c-469a-b3bb-479302de0b81",
|
||
|
"value": "http://shaliniandamar.com/wp-content/tfuse_bk_just-married-parent_2015-04-20/theme_config/extensions/slider/designs/round/static/images/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280019",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad893-1f90-4717-bd1e-499b02de0b81",
|
||
|
"value": "http://kingmanmobile.com/wp-content/plugins/essential-grid/admin/assets/js/mode/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280019",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad893-1e8c-4df7-9b84-46ec02de0b81",
|
||
|
"value": "http://shaliniandamar.com/wp-content/tfuse_bk_just-married-parent_2015-04-20/theme_config/extensions/slider/designs/round/static/images/pipi/txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280019",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad893-90a0-4247-b05b-46f602de0b81",
|
||
|
"value": "http://kingmanmobile.com/wp-content/plugins/essential-grid/admin/assets/js/mode/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280020",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad894-120c-4c24-9aa1-484d02de0b81",
|
||
|
"value": "http://dillardvideo.com/wp-admin/network/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280020",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad894-0660-49c9-9699-4b0a02de0b81",
|
||
|
"value": "http://diputacion.ardinova.com/wp-admin/images/screenshots/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280020",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad894-8ca8-4dee-a8fe-47cd02de0b81",
|
||
|
"value": "http://dillardvideo.com/wp-admin/network/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280021",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad895-38f8-4a02-9088-401d02de0b81",
|
||
|
"value": "http://diputacion.ardinova.com/wp-admin/images/screenshots/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280021",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad895-0e40-4e61-b04f-4a8102de0b81",
|
||
|
"value": "http://diy-router.com/wp-includes/css/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280022",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad896-0440-4793-9755-4b8e02de0b81",
|
||
|
"value": "http://depositionstream.com/scripts/img/5716367236.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280022",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad896-83ec-4a91-8513-4b2202de0b81",
|
||
|
"value": "http://diy-router.com/wp-includes/css/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Xbagging/Bartalex additional code downloads:",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280022",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad896-2038-4856-bf77-445702de0b81",
|
||
|
"value": "http://depositionstream.com/scripts/img/pipi.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280066",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad8c2-dbf0-413a-87e0-442b02de0b81",
|
||
|
"value": "http://freshbox.pl/przypomnienie_lss/WEFiles/Client/jQuery/Plugins/s1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280067",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad8c3-1a38-44fe-bbfe-4a0b02de0b81",
|
||
|
"value": "http://petalsbythechesapeake.com/wp-content/themes/x/framework/scss/site/stacks/integrity/inc/s1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280067",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad8c3-d27c-453e-8277-4df702de0b81",
|
||
|
"value": "http://longcroftcarehome.com/wp-content/themes/Impreza/s1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280067",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad8c3-d4bc-4847-9f1b-4b3202de0b81",
|
||
|
"value": "http://glovestix.com/wp-content/plugins/woocommerce-subscriptions/lib/action-scheduler/tests/phpunit/jobstore/s1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280068",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad8c4-0500-4c40-9613-4ae002de0b81",
|
||
|
"value": "http://datanetsolution.com/ujksew1/templates/s1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280068",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad8c4-4cd8-48b4-b8fa-447802de0b81",
|
||
|
"value": "http://dominamarketingporinternet.com/wp-admin/user/s1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280104",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8e8-00b8-4273-8d8b-4df202de0b81",
|
||
|
"value": "3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280104",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8e8-5bf8-4036-97c6-493902de0b81",
|
||
|
"value": "cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280105",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8e9-4124-4dac-81bd-412a02de0b81",
|
||
|
"value": "c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280105",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8e9-9440-445b-b3f7-4a1002de0b81",
|
||
|
"value": "a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280105",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8e9-8c08-4ee4-8cd6-4d6102de0b81",
|
||
|
"value": "6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280106",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8ea-0914-4496-8be8-495d02de0b81",
|
||
|
"value": "a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280106",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad8ea-74d4-427a-b7be-478402de0b81",
|
||
|
"value": "3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280159",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad91f-6720-469f-9670-4e3302de0b81",
|
||
|
"value": "http://dicalburep.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280159",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad91f-c63c-4cd7-9946-4dd102de0b81",
|
||
|
"value": "http://toldwassmause.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280160",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad920-510c-4bf1-b67e-405d02de0b81",
|
||
|
"value": "http://uthatinuse.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280160",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad920-d788-494e-86f5-4c5902de0b81",
|
||
|
"value": "http://paughesdidn.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280160",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad920-86e8-4b6e-8278-4e8102de0b81",
|
||
|
"value": "http://rectalrenlo.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280160",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad920-f6dc-4d46-88e2-41a402de0b81",
|
||
|
"value": "http://ritoftwithhers.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280161",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad921-342c-4a7b-8d57-48a402de0b81",
|
||
|
"value": "http://rindititred.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280161",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad921-87cc-49b7-ab38-4c4e02de0b81",
|
||
|
"value": "http://wassfethefa.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280161",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad921-b43c-468b-a684-47b102de0b81",
|
||
|
"value": "http://kerehiled.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280162",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad922-0d64-47bb-80f6-4d7002de0b81",
|
||
|
"value": "http://ropaketsed.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280162",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad922-c700-4e5e-b5bf-43f202de0b81",
|
||
|
"value": "http://utrewserat.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280162",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad922-6ecc-4361-97ff-4f2602de0b81",
|
||
|
"value": "http://joorrolwas.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280163",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad923-b310-4bcf-9a00-403102de0b81",
|
||
|
"value": "http://fortthenranled.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280163",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad923-c3a8-45fa-8046-469702de0b81",
|
||
|
"value": "http://harlosion.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280163",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad923-cdf4-4f7c-bdb7-4d5802de0b81",
|
||
|
"value": "http://onerophegre.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280163",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad923-0980-4781-9e7b-4b2a02de0b81",
|
||
|
"value": "http://duorgoho.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280164",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad924-ee4c-422b-ad75-48fe02de0b81",
|
||
|
"value": "http://idwigalitt.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280164",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad924-a72c-4a42-9102-419202de0b81",
|
||
|
"value": "http://robbetotso.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280164",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad924-bd7c-45de-b570-483e02de0b81",
|
||
|
"value": "http://ledrewharte.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280165",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad925-ed28-43c8-a5bf-426602de0b81",
|
||
|
"value": "http://dotindintres.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Pony Gates",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280165",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad925-cfdc-4314-9b47-45db02de0b81",
|
||
|
"value": "http://tetotgane.ru/gate.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280202",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94a-50f8-4dbb-95ea-4cc302de0b81",
|
||
|
"value": "http://oka-dentalshop.com/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280202",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94a-e8bc-4240-aa85-437902de0b81",
|
||
|
"value": "http://9.rent-shops.ru/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280202",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94a-1a18-4f0a-8b60-41d802de0b81",
|
||
|
"value": "http://hubsportsmed.com/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280203",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94b-2aec-48ec-aee3-44ab02de0b81",
|
||
|
"value": "http://xn--80aa8argd0e.xn--80aswg/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280203",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94b-cdcc-422d-bf53-417c02de0b81",
|
||
|
"value": "http://www.brindesgama.com.br/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280203",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94b-da98-4feb-b199-4c6a02de0b81",
|
||
|
"value": "http://mysocceruniforms.com/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280203",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94b-f5a4-4420-b0c0-490202de0b81",
|
||
|
"value": "http://worldhealthsupply.com/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280204",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94c-003c-4e67-b96a-4dba02de0b81",
|
||
|
"value": "http://errors-seeds.cz/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280204",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94c-8a18-4321-a97d-477a02de0b81",
|
||
|
"value": "http://bloomgifts4u.com/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280205",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94d-354c-48d3-8741-458f02de0b81",
|
||
|
"value": "http://plan.computer-repair.org.ua/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280205",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94d-cdc8-452b-8791-47ef02de0b81",
|
||
|
"value": "http://wildcardzwincanton.bricks-and-clicks.co.uk/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280205",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94d-a930-4335-bdca-45f302de0b81",
|
||
|
"value": "http://kosikyhana.sk/system/logs/k1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280206",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94e-6920-4753-8e4c-47fc02de0b81",
|
||
|
"value": "http://electro-cablaj.ro/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280206",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94e-ff4c-4051-99ec-49cb02de0b81",
|
||
|
"value": "http://juuze.demowebsite.net/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280206",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94e-a17c-409d-b786-471202de0b81",
|
||
|
"value": "http://wierdensewijnhandel.nl/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280207",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94f-1bd0-4da7-aab2-435702de0b81",
|
||
|
"value": "http://globalshow.com.ua/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280207",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad94f-b8b4-4a13-b104-494b02de0b81",
|
||
|
"value": "http://chackochacko.com/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280208",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad950-541c-4a62-a9d4-43dc02de0b81",
|
||
|
"value": "http://es.healthyliverplus.com/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280208",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad950-f474-464e-8be9-43e502de0b81",
|
||
|
"value": "http://boxx96.com.br/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280208",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad950-ba74-4315-bcd0-43e702de0b81",
|
||
|
"value": "http://store.lumos.my/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280209",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad951-5024-4770-be02-4dc402de0b81",
|
||
|
"value": "http://pudore.com.my/system/logs/m1.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280242",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad972-c574-41c6-b432-401402de0b81",
|
||
|
"value": "a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280242",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad972-9910-4296-b15b-462e02de0b81",
|
||
|
"value": "afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280242",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad972-d46c-4acc-bdb5-442502de0b81",
|
||
|
"value": "4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280243",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad973-143c-466a-a6fa-4a2602de0b81",
|
||
|
"value": "d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280243",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad973-1cf0-459f-a4e4-4aea02de0b81",
|
||
|
"value": "caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280243",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad973-e568-4a9c-a3f0-480e02de0b81",
|
||
|
"value": "5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280244",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad974-3260-465a-9a9b-44df02de0b81",
|
||
|
"value": "2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from Angler EK chain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280271",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad98f-1888-4b21-9662-446102de0b81",
|
||
|
"value": "75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak c2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280294",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9a6-39e4-4423-8a88-460402de0b81",
|
||
|
"value": "http://ninthclub.com/Work/new/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak c2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280295",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9a7-7ef0-4421-b767-4d5802de0b81",
|
||
|
"value": "http://camelcap.com/Work/new/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak c2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280295",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9a7-6d5c-4fde-9c19-49ed02de0b81",
|
||
|
"value": "http://ideagreens.com/Work/new/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak c2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280295",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9a7-5ea8-4ee9-86a4-4b5d02de0b81",
|
||
|
"value": "http://guesstrade.com/Work/new/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak c2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280296",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9a8-b5f4-48df-af20-4e5002de0b81",
|
||
|
"value": "http://castuning.ru/Work/new/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak c2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280296",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9a8-c3c4-4133-aeb2-4bac02de0b81",
|
||
|
"value": "http://mgsmedia.ru/Work/new/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak module downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280322",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9c2-a9dc-411d-9c25-408202de0b81",
|
||
|
"value": "http://185.66.10.57/module/9f3359a7b12ceea791a4afc21a971152"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak module downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280323",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9c3-3688-4f25-9f81-43e102de0b81",
|
||
|
"value": "http://185.66.10.57/module/4c06c7a4c2bc6fb51cd998e9bbcf5846"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak module downloads",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280323",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9c3-4fc0-4373-bd20-4d1902de0b81",
|
||
|
"value": "http://185.66.10.57/module/221680f17a95443c798c701eff36cbe6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak update",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280351",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9df-58a8-4337-88a0-423602de0b81",
|
||
|
"value": "http://185.66.10.57/upd/2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak update",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280351",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9df-d1c0-4c0a-bc4e-4c3c02de0b81",
|
||
|
"value": "http://185.66.10.57/upd/3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak update",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280351",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9df-017c-4477-b015-4c7702de0b81",
|
||
|
"value": "http://185.66.10.57/upd/4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Vawtrak update",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280352",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "56fad9e0-0c6c-4ef5-a5e3-4fc402de0b81",
|
||
|
"value": "http://185.66.10.57/upd/5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280376",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad9f8-ef64-4987-b637-479802de0b81",
|
||
|
"value": "6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280376",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad9f8-1d4c-4de2-878c-4e4802de0b81",
|
||
|
"value": "592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280377",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad9f9-7e1c-4044-8b5e-422202de0b81",
|
||
|
"value": "75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280377",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fad9f9-3ab0-49c3-8dbe-461402de0b81",
|
||
|
"value": "b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Analyzed Vawtrak Dropper",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280427",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fada2b-5598-45ff-a783-479b02de0b81",
|
||
|
"value": "7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Analyzed unpacked Vawtrak x86 DLL",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280450",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56fada42-bf7c-4d09-b3dc-4b9602de0b81",
|
||
|
"value": "1818967235b1e86f9b5e956ab55e1fb47ea44c6579c91e9a48d8bd428f14f165"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Analyzed Vawtrak Dropper - Xchecked via VT: 7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280528",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada90-b3a8-4c77-80b6-4e9f02de0b81",
|
||
|
"value": "7a479295549330798bed66599e22b5cf5580194c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Analyzed Vawtrak Dropper - Xchecked via VT: 7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280528",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada90-bf28-498c-8a15-46b102de0b81",
|
||
|
"value": "9724934a3ed3a92b38b89fe7a2e9b6fd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280528",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada90-a1c0-4a27-96f5-473a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be/analysis/1459258992/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280529",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada91-1920-4ff8-8830-4e6002de0b81",
|
||
|
"value": "b2673c2918dbad83b3ad7776d5d5d21454157c1e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280529",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada91-87fc-4aa8-8f71-4dd402de0b81",
|
||
|
"value": "bb2214f714cf9ed142f3b300694a415c"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280529",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada91-dd70-447b-8036-4cc402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904/analysis/1447017715/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: 75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280530",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada92-a9f4-4107-988d-467602de0b81",
|
||
|
"value": "c56a16353874c4f0dd1fe77befee07da49b3608e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: 75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280530",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada92-be64-4b44-acb3-4f3102de0b81",
|
||
|
"value": "94f86b4abfd82cf0f1cf79a39cad9c40"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280530",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada92-6b08-4dcf-b88c-4a9402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09/analysis/1447015700/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: 592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280530",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada92-bce4-4be5-b40e-4f8f02de0b81",
|
||
|
"value": "c809f2b2e4bd18094695247a1fb3193acb320bb5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: 592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280531",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada93-4b6c-439f-94fa-4ffd02de0b81",
|
||
|
"value": "40447357439539454d710b3adf107876"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280531",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada93-a774-4758-8163-4cb602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04/analysis/1456316110/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: 6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280531",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada93-0430-4c23-8f47-417b02de0b81",
|
||
|
"value": "fd6c52d3a54ffa0bb174a1fe42456c10807f58a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak updates, decoded (respectively) - Xchecked via VT: 6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280532",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada94-76d4-478e-922d-439c02de0b81",
|
||
|
"value": "54ee09199c34e368575c10f01c114550"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280532",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada94-78bc-40ca-95ea-467502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda/analysis/1447013707/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from Angler EK chain - Xchecked via VT: 75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280532",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada94-979c-49f7-83a9-447102de0b81",
|
||
|
"value": "367a8ebae82f56594ee9d5ddd2a50dd5539c1a8f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from Angler EK chain - Xchecked via VT: 75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280533",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada95-558c-4f4b-b20b-48ea02de0b81",
|
||
|
"value": "ce165288ed5a19ac7aa74ddb93164486"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280533",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada95-0d04-4b57-aef3-4bce02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d/analysis/1443198520/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: 2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280533",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada95-5e84-4a14-a272-4f5502de0b81",
|
||
|
"value": "754d5d168e90a5335cafa280f637cf6804b2f6e5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: 2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280534",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada96-c6e0-4c32-86bb-489602de0b81",
|
||
|
"value": "887121e6227d640d2775460a2104e733"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280534",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada96-6c24-456f-838b-418802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e/analysis/1457382241/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: 5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280534",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada96-2ddc-4677-857d-43d602de0b81",
|
||
|
"value": "c0fb3a4ac6b3af441b002066337bdcec330b319c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: 5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280534",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada96-ad28-4832-8cdd-4a1202de0b81",
|
||
|
"value": "54845ebfcfc257eacd0d6aeb8087d810"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280535",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada97-1ddc-4afb-9699-4dec02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a/analysis/1446111848/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280535",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada97-6b88-453f-8f23-4d0302de0b81",
|
||
|
"value": "94469cb576386f3a4ab8a1c2e994b6d42e89797f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280535",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada97-2f6c-4deb-b0cd-42f002de0b81",
|
||
|
"value": "f04dfcdf6ebd65abc4ac02835b63680b"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280536",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada98-7ffc-4449-8f1a-463602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9/analysis/1446750400/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280536",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada98-2908-496b-a5af-430802de0b81",
|
||
|
"value": "e59a254648157f27350d0d1de1841697c663b81f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280536",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada98-9914-4cf2-9278-4cdd02de0b81",
|
||
|
"value": "631a5ef483f1e12b732f9827e213f5b5"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280537",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada99-9c48-4414-89a7-4aae02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511/analysis/1457484405/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: 4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280537",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada99-224c-467d-b09d-498f02de0b81",
|
||
|
"value": "ddc86574dda8f072aeceaf48f01507f7095ded50"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: 4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280537",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada99-a3f0-4427-a1fb-4a0202de0b81",
|
||
|
"value": "9f2273b3ff941ecebe9b04b7ce0a88a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280537",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada99-211c-48ff-985c-484502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584/analysis/1448877301/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280538",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9a-2ce0-48e1-841e-4f7102de0b81",
|
||
|
"value": "fb403947858d896b435c03bf00f26874ab181b14"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280538",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada9a-0318-45ec-a1d5-462f02de0b81",
|
||
|
"value": "e2919b930e31e138185c6df14feff5ae"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280538",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada9a-0130-4c13-96e2-47eb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a/analysis/1444567214/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280539",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9b-9400-4a9d-ab10-428c02de0b81",
|
||
|
"value": "8b3e6cfac110e602cb5e1a826c504c5bec13a646"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Vawtrak hashes from email - Xchecked via VT: a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280539",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada9b-0560-4c84-be1b-4b3f02de0b81",
|
||
|
"value": "286ff1d9bf02d7355244cde6cbcd0f2e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280539",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada9b-71b4-4f72-886d-476802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158/analysis/1444225480/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: 3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280540",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9c-9728-4797-a228-4e7702de0b81",
|
||
|
"value": "8adb023e542b197d8da1a736cc043c3e1c80734a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: 3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280540",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada9c-7a6c-4620-bc4d-498a02de0b81",
|
||
|
"value": "c9daac91d4ca3a66ff890d6a6774b161"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280540",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada9c-001c-43ba-b312-483c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82/analysis/1457571672/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280540",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9c-35c8-4681-96f0-48f302de0b81",
|
||
|
"value": "316feac35d1e448449beff96132589afc636e23f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280541",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada9d-e094-4a29-80b3-4b9302de0b81",
|
||
|
"value": "4ec46b5f4a90a49641efcf8a69a63e9f"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280541",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada9d-8810-45a9-9188-48d002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8/analysis/1446111688/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: 6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280541",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9d-0f70-4730-882e-4a3c02de0b81",
|
||
|
"value": "2cf017acdbec6cb714a33b111fb72d7262236b39"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: 6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280542",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada9e-0e5c-4899-a849-41d002de0b81",
|
||
|
"value": "509f565adcf837bc3620a660e6ed0f3e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280542",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada9e-83b8-4221-a9d6-462502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9/analysis/1446748194/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280542",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9e-82e8-4714-ac51-40ba02de0b81",
|
||
|
"value": "9cf409ee8e4cd30d10c6012b2eb7f836048ea5dc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280543",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fada9f-ad6c-4d37-9077-46c402de0b81",
|
||
|
"value": "720336f6320859841694470efa4c6da3"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280543",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fada9f-29d8-4bab-aaa5-4b9c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece/analysis/1444665100/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280543",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fada9f-547c-4538-99a1-426f02de0b81",
|
||
|
"value": "3f2f3d1956c78a86062b367d298a154e4d755487"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280544",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa0-1074-45e5-926f-4eb702de0b81",
|
||
|
"value": "6740944268a22221d0068dc44980dfcb"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280544",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa0-cd60-4d62-b54b-4ea302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd/analysis/1454060061/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280544",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa0-7fd8-45d6-abb7-4d4102de0b81",
|
||
|
"value": "6cb4c15371ca9cf7e358ef3d2fc29b08835b3b92"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280544",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa0-f448-47ec-9c62-46f302de0b81",
|
||
|
"value": "1629f6ea046aabf00dac4c75186d671f"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280545",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa1-f2b8-48de-a5f3-42e402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00/analysis/1450259323/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: 3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280545",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa1-1b48-4e77-a8b3-4a9802de0b81",
|
||
|
"value": "4cf3b9bcbbf2c16105458d8d43c19ceb064c7819"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Pony hashes - Xchecked via VT: 3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280545",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa1-6594-41b6-81fb-49ae02de0b81",
|
||
|
"value": "ff7fdc89eda550667dabf0e7b65ace8e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280546",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa2-b540-4079-a037-456a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740/analysis/1456864199/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280546",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa2-dc2c-402e-9c09-47c902de0b81",
|
||
|
"value": "cb7bfd893cfed468efcd7d45bb4cac5fee7c3e08"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280546",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa2-5390-40a9-a501-456602de0b81",
|
||
|
"value": "19b7de57b42837b0132b5f6a838aa941"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280546",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa2-67c0-4b0a-ac2a-4e3f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df/analysis/1456254787/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280547",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa3-2bf8-47ce-b2e7-4e8502de0b81",
|
||
|
"value": "22ac448b705ba712f2c16ba94e4546322843c191"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280547",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa3-6188-4896-895d-40b202de0b81",
|
||
|
"value": "6b8b03f00d17b0af721dc81fbecb3468"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280547",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa3-5b88-4573-983b-499f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b/analysis/1446904476/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280548",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa4-f920-47b4-9b70-4e2002de0b81",
|
||
|
"value": "7374a3e1871a384eb36967c274919fa4a39231af"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280548",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa4-cda8-45e8-99dd-4f2602de0b81",
|
||
|
"value": "23f2b10030a51206c7998bb1405cbae6"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280548",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa4-83f0-4c6e-95df-4b9602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011/analysis/1454652374/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280549",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa5-9b8c-4e3e-ae06-46e902de0b81",
|
||
|
"value": "af284c7039e6ca81afb9699d0aa706ab53b8c38f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280549",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa5-3424-43ad-9339-409f02de0b81",
|
||
|
"value": "b37353c047b71952d0f46cebdf7422cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280549",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa5-28a4-45d6-a54a-44c002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d/analysis/1455757412/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280550",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa6-84dc-4971-8d0d-4d3702de0b81",
|
||
|
"value": "a512ad9c1a364e8b7070268dfc6d3dbed82391ad"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280550",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa6-d00c-4e29-94e9-4bb202de0b81",
|
||
|
"value": "02642d77b53373dc01babe77e339cfbd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280550",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa6-9ddc-4b7f-b5be-43cd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec/analysis/1456249367/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280551",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa7-ec0c-42b9-acf7-476d02de0b81",
|
||
|
"value": "7888f662d9b16b480f5e65bdbdbf4e94e1afbe4a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280551",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa7-967c-44ba-b5e9-4f1002de0b81",
|
||
|
"value": "facec082a3cffddc43e668a3080487f5"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280551",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa7-cd88-4455-8649-403502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb/analysis/1456247097/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280552",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa8-d9c8-4c71-bd22-49c402de0b81",
|
||
|
"value": "7226e64f011436880062d905b5582ebcfb7b7b76"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280552",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa8-21a8-4b3a-95a8-41e602de0b81",
|
||
|
"value": "35badc0da0825261189f79aded5ba9ca"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280552",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa8-14d8-4bd7-97dc-422902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b/analysis/1456248544/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280552",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56fadaa8-8f50-4e9b-a887-491802de0b81",
|
||
|
"value": "a911b713b63fca165730e86619331b07195f6b95"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Office documents leading to Vawtrak: - Xchecked via VT: 26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280553",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56fadaa9-61cc-400a-ad2f-465902de0b81",
|
||
|
"value": "86a5b6dda0dfcab5317e52f7ffd51aca"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1459280553",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56fadaa9-01f8-4868-8d15-402302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169/analysis/1457575329/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|