668 lines
25 KiB
JSON
668 lines
25 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-08-26",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures",
|
||
|
"publish_timestamp": "1503776395",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1503776379",
|
||
|
"uuid": "59a1a900-0714-4bcc-be9f-447c02de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1a90c-8e04-4fc8-bf0e-447d02de0b81",
|
||
|
"value": "https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "59a1a91a-f438-4135-a500-ae1a02de0b81",
|
||
|
"value": "Proofpoint recently observed a targeted email campaign attempting a spearphishing attack using a Game of Thrones lure. The malicious attachment, which offered salacious spoilers and video clips, attempted to install a \u00e2\u20ac\u01539002\u00e2\u20ac\u009d remote access Trojan (RAT) historically used by state-sponsored actors. Previous attacks involving the 9002 RAT include:\r\n\r\nOperation Aurora, an attack on companies such as Google, widely attributed to the Chinese government [1,2]\r\nOperation Ephemeral Hydra, a strategic website compromise utilizing an Internet Explorer zero-day [3], which FireEye attributed to an APT actor without a country attribution\r\nAttacks on Asian countries described by Palo Alto [4]\r\nOnce installed, the 9002 RAT provides attackers with extensive data exfiltration capabilities.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59a1ce0d-af54-429a-9a56-408d02de0b81",
|
||
|
"value": "http://27.255.83.3/x/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59a1ce0d-c274-4745-8395-46ca02de0b81",
|
||
|
"value": "http://27.255.83.3/y/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59a1ce0d-f620-4573-be85-427202de0b81",
|
||
|
"value": "27.255.83.3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-c218-45cc-b7fe-415f02de0b81",
|
||
|
"value": "9e49d214e2325597b6d648780cf8980f4cc16811b21f586308e3e9866f40d1cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "%APPDATA%\\y.jpg",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-d6b8-43fd-affa-428b02de0b81",
|
||
|
"value": "5a678529aea9195b787be8c788ef4bb03e38e425ad6d0c9fafd44ed03aa46b65"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-0560-46d0-9d6a-4eb102de0b81",
|
||
|
"value": "efdb6351ac3902b18535fcd30432e98ffa2d8bc4224bdb3aba7f8ca0f44cec79"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party_photos_201612.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-2dac-490c-a7d4-459102de0b81",
|
||
|
"value": "bdd695363117ba9fb23a7cbcd484d79e7a469c11ab9a6e2ad9a50c678097f100"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "need help.docx",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-30b8-4c6d-9066-4ae002de0b81",
|
||
|
"value": "192e8925589fa9a7f64cba04817c180e6f26ad080bf0f966a63a3280766b066a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party-001.jpg.lnk",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-4ca8-4322-ad44-4f1a02de0b81",
|
||
|
"value": "774acdc37157e7560eca4a167558780e1cc2f5dfd203cbcb795ec05373d46fe0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Photos20140214.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-eef8-48eb-b77a-495702de0b81",
|
||
|
"value": "56dda2ed3cd67cadc53f4b9e493c4601e45c5112772ade5b0c36b61858ab7852"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party-pics-201304.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-f94c-4cb2-92b6-47c602de0b81",
|
||
|
"value": "83151fe6980a39eeda961c6a8f0baba13b6da853661ccbf5c7d9a97ec73d1b70"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party_Photos_Packed.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-2624-4905-896e-43a702de0b81",
|
||
|
"value": "b54d547e33b0ea6ba161ac4ce06a50076f1e55a3bc592a0fb56bbc34dc96fd43"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Photos20140215.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-7d98-42d8-b7bc-488f02de0b81",
|
||
|
"value": "db6b67704b77d271e40e0259a68ce2224504081545619d33b4909e6e6a385ec6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PartyPics.7z",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-df10-451e-94bb-40d602de0b81",
|
||
|
"value": "fb8eff8dcf41a4cfd0b5775327a607b76269b725f1b46dc5dd04b1f5e2433ee7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PhotoShow.jar",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-9e24-4465-939f-462f02de0b81",
|
||
|
"value": "559c0f2948d1d3179420eecd78b1e7c36c4960ec5d110c63bf6c853d30f1b308"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Upins_tmp.exe (dropped by PhotoShow.jar)",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59a1ce0d-b9b0-4eb2-a26a-4b9102de0b81",
|
||
|
"value": "0b7613e0f739eb63fd5ed9e99934d54a38e56c558ab8d1a4f586a7c88d37a428"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "59a1ce0d-c1d0-48d8-a50b-487b02de0b81",
|
||
|
"value": "mn1.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59a1ce0d-c3d4-44ca-9a77-4b1602de0b81",
|
||
|
"value": "mx.i26.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3e-2f44-4cd3-8e28-add202de0b81",
|
||
|
"value": "https://community.saas.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/228686#.WaBdzB9ifW8"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3e-d3f0-4f4f-aa69-add202de0b81",
|
||
|
"value": "http://www.washingtontimes.com/news/2010/mar/24/cyber-attack-on-us-firms-google-traced-to-chinese/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3e-8710-4479-8ad0-add202de0b81",
|
||
|
"value": "https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3f-7ddc-43eb-aae7-add202de0b81",
|
||
|
"value": "https://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3f-e8d8-4ba8-82e2-add202de0b81",
|
||
|
"value": "https://github.com/EmpireProject/Empire/blob/master/data/module_source/code_execution/Invoke-Shellcode.ps1"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3f-f950-4a5c-a1c6-add202de0b81",
|
||
|
"value": "http://security-is-just-an-illusion.blogspot.nl/2013/02/45-x-antivirus-software-fail-again-java.html"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776379",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce3f-8bb8-46d8-9e93-add202de0b81",
|
||
|
"value": "https://www.fireeye.com/blog/threat-research/2013/05/ready-for-summer-the-sunshop-campaign.html"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PhotoShow.jar - Xchecked via VT: 559c0f2948d1d3179420eecd78b1e7c36c4960ec5d110c63bf6c853d30f1b308",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-bbdc-4f01-ad34-4af202de0b81",
|
||
|
"value": "fb262cae70ea79b831b6b4e049d03fb27ba93b10"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PhotoShow.jar - Xchecked via VT: 559c0f2948d1d3179420eecd78b1e7c36c4960ec5d110c63bf6c853d30f1b308",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-3e08-4941-8a7c-4fe102de0b81",
|
||
|
"value": "300eb3eb70e30332cc339487f19c1123"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PhotoShow.jar - Xchecked via VT: 559c0f2948d1d3179420eecd78b1e7c36c4960ec5d110c63bf6c853d30f1b308",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-71fc-46a8-8deb-414302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/559c0f2948d1d3179420eecd78b1e7c36c4960ec5d110c63bf6c853d30f1b308/analysis/1399034900/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PartyPics.7z - Xchecked via VT: fb8eff8dcf41a4cfd0b5775327a607b76269b725f1b46dc5dd04b1f5e2433ee7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-5b34-423e-98a4-48af02de0b81",
|
||
|
"value": "6b323d58163f0feb4b3c351f00fac34df048f618"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PartyPics.7z - Xchecked via VT: fb8eff8dcf41a4cfd0b5775327a607b76269b725f1b46dc5dd04b1f5e2433ee7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-2fb8-4784-9876-490002de0b81",
|
||
|
"value": "4fa9e1ee1943edbfc1f47abec1e166a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "PartyPics.7z - Xchecked via VT: fb8eff8dcf41a4cfd0b5775327a607b76269b725f1b46dc5dd04b1f5e2433ee7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-c558-42cf-989b-4b9f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fb8eff8dcf41a4cfd0b5775327a607b76269b725f1b46dc5dd04b1f5e2433ee7/analysis/1397745647/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Photos20140215.zip - Xchecked via VT: db6b67704b77d271e40e0259a68ce2224504081545619d33b4909e6e6a385ec6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-16f0-4356-a71d-477302de0b81",
|
||
|
"value": "f6fdfc3bd51b6ddb317e6920d8bf43bb06b84e7d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Photos20140215.zip - Xchecked via VT: db6b67704b77d271e40e0259a68ce2224504081545619d33b4909e6e6a385ec6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-b4ac-4c0e-ab92-4bf302de0b81",
|
||
|
"value": "be0324f6b62794a0cc2d836ae3d3ca4d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Photos20140215.zip - Xchecked via VT: db6b67704b77d271e40e0259a68ce2224504081545619d33b4909e6e6a385ec6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-c8a8-4982-be1c-489702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/db6b67704b77d271e40e0259a68ce2224504081545619d33b4909e6e6a385ec6/analysis/1397835917/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party_Photos_Packed.zip - Xchecked via VT: b54d547e33b0ea6ba161ac4ce06a50076f1e55a3bc592a0fb56bbc34dc96fd43",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-3518-4970-b6c7-4bc002de0b81",
|
||
|
"value": "0e532e856e5d8e9ed7497a04709a69375bce52c5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party_Photos_Packed.zip - Xchecked via VT: b54d547e33b0ea6ba161ac4ce06a50076f1e55a3bc592a0fb56bbc34dc96fd43",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-3570-4889-a5ba-427702de0b81",
|
||
|
"value": "ae61b4f25bd0101d39eb925e36082802"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Party_Photos_Packed.zip - Xchecked via VT: b54d547e33b0ea6ba161ac4ce06a50076f1e55a3bc592a0fb56bbc34dc96fd43",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-1ed8-47df-a9b9-425402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b54d547e33b0ea6ba161ac4ce06a50076f1e55a3bc592a0fb56bbc34dc96fd43/analysis/1421863355/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party-pics-201304.zip - Xchecked via VT: 83151fe6980a39eeda961c6a8f0baba13b6da853661ccbf5c7d9a97ec73d1b70",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-f688-48e0-9763-4b1e02de0b81",
|
||
|
"value": "4d5c9a03af619caae4dbeb7dca0a739c2e4babb2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party-pics-201304.zip - Xchecked via VT: 83151fe6980a39eeda961c6a8f0baba13b6da853661ccbf5c7d9a97ec73d1b70",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-68f8-44db-9bb5-409e02de0b81",
|
||
|
"value": "cbbadbb5eab890d10ee48853fe9e7781"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Party-pics-201304.zip - Xchecked via VT: 83151fe6980a39eeda961c6a8f0baba13b6da853661ccbf5c7d9a97ec73d1b70",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-8e60-4246-a504-443802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/83151fe6980a39eeda961c6a8f0baba13b6da853661ccbf5c7d9a97ec73d1b70/analysis/1400689562/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Photos20140214.zip - Xchecked via VT: 56dda2ed3cd67cadc53f4b9e493c4601e45c5112772ade5b0c36b61858ab7852",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-6334-4439-bc93-44f502de0b81",
|
||
|
"value": "8c1e699ef25443cf8857b6eb4c8eb5618186377a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Photos20140214.zip - Xchecked via VT: 56dda2ed3cd67cadc53f4b9e493c4601e45c5112772ade5b0c36b61858ab7852",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-96b8-475f-be09-48c102de0b81",
|
||
|
"value": "2c77abcc72475c7e0f446f807e14b22a"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Photos20140214.zip - Xchecked via VT: 56dda2ed3cd67cadc53f4b9e493c4601e45c5112772ade5b0c36b61858ab7852",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-d6fc-416b-9324-43f502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/56dda2ed3cd67cadc53f4b9e493c4601e45c5112772ade5b0c36b61858ab7852/analysis/1397837529/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party-001.jpg.lnk - Xchecked via VT: 774acdc37157e7560eca4a167558780e1cc2f5dfd203cbcb795ec05373d46fe0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-1950-43f5-893e-4f6402de0b81",
|
||
|
"value": "c7becef454d23d2e6b77add4925fed36d38f24c8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party-001.jpg.lnk - Xchecked via VT: 774acdc37157e7560eca4a167558780e1cc2f5dfd203cbcb795ec05373d46fe0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-2eb8-4bc7-aeb6-455d02de0b81",
|
||
|
"value": "1ec3ec4af040b71eda4eb1c30116b1a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Party-001.jpg.lnk - Xchecked via VT: 774acdc37157e7560eca4a167558780e1cc2f5dfd203cbcb795ec05373d46fe0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-8008-4639-bce8-4b7a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/774acdc37157e7560eca4a167558780e1cc2f5dfd203cbcb795ec05373d46fe0/analysis/1426834440/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "need help.docx - Xchecked via VT: 192e8925589fa9a7f64cba04817c180e6f26ad080bf0f966a63a3280766b066a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-cbbc-4984-8e85-419b02de0b81",
|
||
|
"value": "34e2667c67c9ff2ca30c35b03c6acc7a6ad84471"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "need help.docx - Xchecked via VT: 192e8925589fa9a7f64cba04817c180e6f26ad080bf0f966a63a3280766b066a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-ade4-4b9c-b213-46a002de0b81",
|
||
|
"value": "325be1a107e0e20748c19bb243a26b13"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "need help.docx - Xchecked via VT: 192e8925589fa9a7f64cba04817c180e6f26ad080bf0f966a63a3280766b066a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-d288-48a4-a173-4f6002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/192e8925589fa9a7f64cba04817c180e6f26ad080bf0f966a63a3280766b066a/analysis/1503662047/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party_photos_201612.zip - Xchecked via VT: bdd695363117ba9fb23a7cbcd484d79e7a469c11ab9a6e2ad9a50c678097f100",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-b694-4d38-8305-4e0d02de0b81",
|
||
|
"value": "cfef71b39afb7b73f33f514a20b5c5b32b5f1012"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Party_photos_201612.zip - Xchecked via VT: bdd695363117ba9fb23a7cbcd484d79e7a469c11ab9a6e2ad9a50c678097f100",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-48bc-4081-9523-41a602de0b81",
|
||
|
"value": "5b3733bfa52e6af1520ad53f93789737"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Party_photos_201612.zip - Xchecked via VT: bdd695363117ba9fb23a7cbcd484d79e7a469c11ab9a6e2ad9a50c678097f100",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-624c-408b-8fb8-42e902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bdd695363117ba9fb23a7cbcd484d79e7a469c11ab9a6e2ad9a50c678097f100/analysis/1499332325/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 9e49d214e2325597b6d648780cf8980f4cc16811b21f586308e3e9866f40d1cd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59a1ce7c-cc38-4ce4-a3c9-471702de0b81",
|
||
|
"value": "644a3b395f8d7baaa4aae65e80363bf955698a79"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 9e49d214e2325597b6d648780cf8980f4cc16811b21f586308e3e9866f40d1cd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59a1ce7c-d0b0-4f83-8433-4dfe02de0b81",
|
||
|
"value": "7e8bc04a964d33a375c2c970f0697908"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 9e49d214e2325597b6d648780cf8980f4cc16811b21f586308e3e9866f40d1cd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1503776380",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59a1ce7c-b7b8-474b-bd23-455c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9e49d214e2325597b6d648780cf8980f4cc16811b21f586308e3e9866f40d1cd/analysis/1499333974/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|