1254 lines
48 KiB
JSON
1254 lines
48 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-01-05",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - MM Core In-Memory Backdoor Returns as \"BigBoss\" and \"SillyGoose\"",
|
||
|
"publish_timestamp": "1483874295",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1483873066",
|
||
|
"uuid": "58720d9e-8b54-40a9-9d80-42e7950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"MM Core\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#006262",
|
||
|
"name": "ecsirt:malicious-code=\"malware\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483869612",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58720dac-52b8-4003-a6c3-4836950d210f",
|
||
|
"value": "https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483869659",
|
||
|
"to_ids": false,
|
||
|
"type": "comment",
|
||
|
"uuid": "58720ddb-b720-488b-a2bf-43c2950d210f",
|
||
|
"value": "In October 2016 Forcepoint Security Labs\u00e2\u201e\u00a2 discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number \u00e2\u20ac\u01532.0-LNK\u00e2\u20ac\u009d where it used the tag \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d in its command-and-control (C2) network request. A second version \u00e2\u20ac\u01532.1-LNK\u00e2\u20ac\u009d with the network tag \u00e2\u20ac\u0153StrangeLove\u00e2\u20ac\u009d was discovered shortly after.\r\n\r\nIn this blog we will detail our discovery of the next two versions of MM Core, namely \u00e2\u20ac\u0153BigBoss\u00e2\u20ac\u009d (2.2-LNK) and \u00e2\u20ac\u0153SillyGoose\u00e2\u20ac\u009d (2.3-LNK). Attacks using \"BigBoss\" appear likely to have occurred since mid-2015, whereas \"SillyGoose\" appears to have been distributed since September 2016. Both versions still appear to be active."
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Gratem Second Stage Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872236",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "587217ec-4e98-42bf-b74a-424b950d210f",
|
||
|
"value": "http://adnetwork33.redirectme.net/wp-content/themes/booswrap/layers.png"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Gratem Second Stage Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872236",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "587217ec-c724-4dcf-932a-4f85950d210f",
|
||
|
"value": "http://network-resources.net/wp-content/themes/booswrap/layers.png"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Gratem Second Stage Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872237",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "587217ed-cfd4-4326-997a-417a950d210f",
|
||
|
"value": "http://adworks.webhop.me/wp-content/themes/bmw/s6.png"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Gratem Second Stage Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872238",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "587217ee-116c-47fa-9494-43ad950d210f",
|
||
|
"value": "http://adrev22.ddns.net/network/superads/logo.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Gratem Second Stage Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872238",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "587217ee-18bc-4247-9bca-43da950d210f",
|
||
|
"value": "http://davidjone.net/network/superads/logo.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core C2s",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872266",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5872180a-6d30-4ddc-b39f-4ee3950d210f",
|
||
|
"value": "http://presspublishing24.net/plugins/cc/mik.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core C2s",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872266",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5872180a-39ac-43e5-9fcc-4ca4950d210f",
|
||
|
"value": "http://presspublishing24.net/plugins/slm/log.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core C2s",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872267",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5872180b-eb54-473f-b2a7-4e36950d210f",
|
||
|
"value": "http://presspublishing24.net/plugins/xim/trail.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872309",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721835-9658-4fa8-a5f7-4337950d210f",
|
||
|
"value": "http://mockingbird.no-ip.org/plugins/xim/top.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872310",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721836-b8e8-4eaf-8b19-4c34950d210f",
|
||
|
"value": "http://presspublishing24.net/plugins/xim/top.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872310",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721836-1084-43fc-8c42-45b9950d210f",
|
||
|
"value": "http://ichoose.zapto.org/plugins/cc/me.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872311",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721837-2fbc-460a-9f83-4899950d210f",
|
||
|
"value": "http://presspublishing24.net/plugins/cc/me.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872312",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721838-2b78-40e9-b9c9-4b77950d210f",
|
||
|
"value": "http://waterlily.ddns.net/plugins/slm/pogo.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872312",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721838-f638-4bba-9e22-497b950d210f",
|
||
|
"value": "http://presspublishing24.net/plugins/slm/pogo.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721839-a2b4-4163-a22b-45a1950d210f",
|
||
|
"value": "http://nayanew1.no-ip.org/plugins/xim/top.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5872183a-f23c-4ff6-9b56-46f8950d210f",
|
||
|
"value": "http://davidjone.net/plugins/xim/top.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5872183a-3db8-4a61-a3a2-4175950d210f",
|
||
|
"value": "http://hawahawa123.no-ip.org/plugins/xim/logo.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "MM Core Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872315",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5872183b-f2a4-4a22-8227-4e18950d210f",
|
||
|
"value": "http://davidjone.net/plugins/xim/logo.jpg"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Dropper/Downloader Payload Locations",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872340",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58721854-dbb0-4266-8413-407b950d210f",
|
||
|
"value": "http://davidjone.net/huan/normaldot.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Related Gratem Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872362",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872186a-99b0-411a-b17c-44c8950d210f",
|
||
|
"value": "673f315388d9c3e47adc280da1ff8b85a0893525"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Related Gratem Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872363",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872186b-b6b8-4a62-b94b-4268950d210f",
|
||
|
"value": "f7372222ec3e56d384e7ca2650eb39c0f420bc88"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872524",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872190c-2478-489c-bd2a-443a950d210f",
|
||
|
"value": "f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872525",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872190d-7000-425a-a1b5-4f13950d210f",
|
||
|
"value": "ef59b4ffc8a92a5a49308ba98cb38949f74774f1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872525",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872190d-e9c8-44e3-8919-407d950d210f",
|
||
|
"value": "1cf86d87140f13bf88ede74654e01853bae2413c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872526",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872190e-9338-4dba-8635-4fa9950d210f",
|
||
|
"value": "415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872527",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872190f-fb0c-430d-bf45-4450950d210f",
|
||
|
"value": "e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872527",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872190f-935c-4383-a9a9-479d950d210f",
|
||
|
"value": "83e7b2d6ea775c8eb1f6cfefb32df754609a8129"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872528",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721910-04ec-4145-8714-4d34950d210f",
|
||
|
"value": "b931d3988eb37491506504990cae3081208e1a66"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872529",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721911-bfa4-42ff-9b08-4f4c950d210f",
|
||
|
"value": "7031f4be6ced5241ae0dd4315d66a261f654dbd6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872529",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721911-9064-4f63-899c-4398950d210f",
|
||
|
"value": "ab53485990ac503fb9c440ab469771fac661f3cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872530",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721912-becc-4f40-8b4f-4d88950d210f",
|
||
|
"value": "b8e6f570e02d105df2d78698de12ae80d66c54a2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872531",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721913-5370-4f55-b6ca-48c1950d210f",
|
||
|
"value": "188776d098f61fa2c3b482b2ace202caee18b411"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872532",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721914-6ba8-4b62-b14f-4ea1950d210f",
|
||
|
"value": "e0ed40ec0196543814b00fd0aac7218f23de5ec5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872532",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721914-0e18-483c-b7e4-43fa950d210f",
|
||
|
"value": "5498bb49083289dfc2557a7c205aed7f8b97b2a8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872533",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721915-cddc-495b-859f-45fe950d210f",
|
||
|
"value": "ce18064f675348dd327569bd50528286929bc37a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872534",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721916-8cfc-4327-8fee-4e0d950d210f",
|
||
|
"value": "3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872534",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721916-6d98-4bbf-992e-4280950d210f",
|
||
|
"value": "21c1904477ceb8d4d26ac9306e844b4ba0af1b43"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872535",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721917-2178-42c3-b843-4066950d210f",
|
||
|
"value": "f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872569",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721939-3100-4117-8ed9-4e58950d210f",
|
||
|
"value": "13b25ba2b139b9f45e21697ae00cf1b452eeeff5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872569",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58721939-0f00-4a6d-966b-4703950d210f",
|
||
|
"value": "c58aac5567df7676c2b08e1235cd70daec3023e8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872570",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872193a-b494-417b-9429-462d950d210f",
|
||
|
"value": "4372bb675827922280e8de87a78bf61a6a3e7e4d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872571",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872193b-d864-4ff3-a9e6-457e950d210f",
|
||
|
"value": "08bfdefef8a1fb1ea6f292b1ed7d709fbbc2c602"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "US pak track ii naval dialogues.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872602",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5872195a-2fc8-46ba-af9b-4376950d210f",
|
||
|
"value": "d336b8424a65f5c0b83328aa89089c2e4ddbcf72"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872784",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a10-f288-42b4-9702-4e1402de0b81",
|
||
|
"value": "72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872785",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a11-170c-44ad-97eb-4f2c02de0b81",
|
||
|
"value": "c4cee8d6f30127938681c93dd19f2af4"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872786",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a12-9fc8-496e-9634-49f702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631/analysis/1483862088/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872787",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a13-eba0-47a2-b999-4a2b02de0b81",
|
||
|
"value": "0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872787",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a13-f348-436e-a7cc-445202de0b81",
|
||
|
"value": "060d13afdb2212a717666b251feda1d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872788",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a14-4514-462c-a44e-4d1c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6/analysis/1483698678/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872789",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a15-2874-4692-b24a-47b602de0b81",
|
||
|
"value": "1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872790",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a16-79ec-4e62-9d31-475c02de0b81",
|
||
|
"value": "bddb10729acb2dfe28a7017b261d63db"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872790",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a16-b100-4e55-a771-4bc202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233/analysis/1483633479/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872791",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a17-7564-4a40-9826-4caa02de0b81",
|
||
|
"value": "f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872792",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a18-0f84-4bc6-aa83-450d02de0b81",
|
||
|
"value": "a9c07b9fb099f44e7b8f53a74d7f71d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872792",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a18-59e0-4238-8532-45bc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5/analysis/1483633483/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872793",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a19-2abc-478e-b5fb-416102de0b81",
|
||
|
"value": "a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872794",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a1a-cb00-48df-bedc-41ef02de0b81",
|
||
|
"value": "0932b703849364ca1537305761bc3429"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872795",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a1b-d7a8-430f-ab7d-4a7702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9/analysis/1460698281/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872795",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a1b-2f2c-41ea-8f54-456402de0b81",
|
||
|
"value": "033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a1c-7550-4fb8-8efb-45cc02de0b81",
|
||
|
"value": "9e73734ac2ab5293c0f326245658b50e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a1d-6e5c-41fb-bd35-491902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb/analysis/1483633482/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872798",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a1e-a7d8-4a04-ba60-4dbe02de0b81",
|
||
|
"value": "ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872798",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a1e-efec-4012-b0be-4cb202de0b81",
|
||
|
"value": "c27da5a756569012449c479609c3b959"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872799",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a1f-2ad4-4c50-9306-44c902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795/analysis/1483633482/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872800",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a20-074c-47e6-a681-48cc02de0b81",
|
||
|
"value": "87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872801",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a21-28dc-40dd-83a8-431702de0b81",
|
||
|
"value": "6c833531eb3c6b97095b45fcc8f2a1e6"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872801",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a21-1a9c-414f-94c7-43c702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317/analysis/1458047912/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872802",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a22-d584-49ff-856c-40ab02de0b81",
|
||
|
"value": "1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872803",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a23-37fc-403c-a41a-48a902de0b81",
|
||
|
"value": "898812640c2cb691e5d9cdea96fe9599"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872803",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a23-05e8-49af-9028-4e9002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9/analysis/1483633481/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872804",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a24-bf78-4e4f-a1c9-455502de0b81",
|
||
|
"value": "4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872805",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a25-7e24-48af-8641-48b902de0b81",
|
||
|
"value": "bffc9f409be33207849207f62622db50"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872806",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a26-1990-4c1e-b4fe-4ac802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e/analysis/1483633481/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872806",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a26-2a54-4c67-8966-401402de0b81",
|
||
|
"value": "e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872807",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a27-df90-4e23-a7d8-45b602de0b81",
|
||
|
"value": "2801b537960058643dfdb3fc5199246d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872808",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a28-5f34-4997-993f-45b402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0/analysis/1483698672/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872809",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a29-513c-42cd-a8a9-414d02de0b81",
|
||
|
"value": "0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872809",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a29-5e84-4009-935f-4b3b02de0b81",
|
||
|
"value": "fe1eb07a9068c32efd032404a7472e58"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872810",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a2a-950c-48b1-9e9c-47ad02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85/analysis/1483633481/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872811",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a2b-e744-411e-b4bb-4f6202de0b81",
|
||
|
"value": "4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872812",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a2c-07b8-4db7-9de3-433602de0b81",
|
||
|
"value": "380cfac90270b45518c17c224aa8e5be"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872812",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a2c-2080-4fc2-af18-460202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479/analysis/1483633481/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872813",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a2d-c900-4abc-aeb2-4c6202de0b81",
|
||
|
"value": "86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872814",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a2e-0338-4f99-8c58-471302de0b81",
|
||
|
"value": "ee4563761247361632046c8966a4c790"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872815",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a2f-bf20-41b2-bb9a-4a3002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a/analysis/1483633481/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872815",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a2f-19b0-4b16-81dd-49a202de0b81",
|
||
|
"value": "af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872816",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a30-4acc-414f-b8e8-45a702de0b81",
|
||
|
"value": "f38ffc4bfe7b449389b05d483016625b"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872817",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a31-2a00-4bef-b78c-41eb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93/analysis/1483633480/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872817",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a31-1f84-45b4-aaf4-4ace02de0b81",
|
||
|
"value": "87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872818",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a32-8fe8-45ad-8243-4fc502de0b81",
|
||
|
"value": "50b20197c9f9f3a8ded3a42aa6cf5315"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872819",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a33-5160-4698-87dc-40ed02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca/analysis/1475469859/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872820",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a34-4718-401d-8c17-4eb802de0b81",
|
||
|
"value": "62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872820",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a34-8cac-494e-95cd-4e4802de0b81",
|
||
|
"value": "0647bac99b6a8407795134f5d67d4590"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872821",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a35-67f0-44c8-9dab-421c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829/analysis/1482068488/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872822",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a36-c628-4aa7-93d2-499f02de0b81",
|
||
|
"value": "3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872823",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a37-2c60-432a-9471-4e3402de0b81",
|
||
|
"value": "2826c9c6c25368f773c0e448572585d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872823",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a37-4c14-4040-b978-4e5c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e/analysis/1483633480/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872824",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a38-e2f4-400c-b548-478102de0b81",
|
||
|
"value": "dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872825",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a39-d50c-4ba2-b029-4c4102de0b81",
|
||
|
"value": "263b6c350cbf7354b99139be17c272d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872825",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a39-fc50-49eb-aa98-44be02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce/analysis/1483632797/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872826",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a3a-475c-44a4-8137-43f002de0b81",
|
||
|
"value": "e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872827",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a3b-8860-4374-bcd3-4e4802de0b81",
|
||
|
"value": "d692a057330361f8f58163f9aa7fc3a8"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872828",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a3c-1a08-4680-9c4f-4e5102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e/analysis/1483712714/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872828",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a3c-aa5c-46e5-9141-416202de0b81",
|
||
|
"value": "c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872829",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a3d-58ec-49c2-bb1b-424602de0b81",
|
||
|
"value": "1bbc1549b8fe1ced42e65d8375ff7010"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872830",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a3e-3fbc-42a7-85d3-47ca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873/analysis/1483633479/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872831",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58721a3f-1e9c-45e9-9f31-4a1d02de0b81",
|
||
|
"value": "a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872831",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58721a3f-eba8-4c01-9964-429002de0b81",
|
||
|
"value": "e2bc937f028602dda3fa56ad204ca726"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483872832",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58721a40-54a0-4945-b198-4a6b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf/analysis/1483697879/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|