2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2017-03-08" ,
"extends_uuid" : "" ,
"info" : "OSINT - Crypt0l0cker (TorrentLocker): Old Dog, New Tricks" ,
"publish_timestamp" : "1489006212" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1489005961" ,
"uuid" : "58c06aeb-ea6c-48ee-a973-489502de0b81" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"TorrentLocker\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#006c6c" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ecsirt:malicious-code=\"ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#2c4f00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#420053" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ms-caro-malware:malware-type=\"Ransom\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#39b300" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "enisa:nefarious-activity-abuse=\"ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "58c06b14-0c18-4c7f-ae01-47f202de0b81" ,
"value" : "Ransomware continues to be a plague on the internet and still sets itself as the fastest growing malware family we have seen in the last number of years. In this post we describe the technical details about a newly observed campaign of the notorious Crypt0l0cker (aka TorrentLocker or Teerac) ransomware. Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analysed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks. This post will also give you insights about the level of sophistication this malware has reached."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06b20-74a4-4016-9f7c-492802de0b81" ,
"value" : "http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b55-b7f4-486d-9aa2-e28002de0b81" ,
"value" : "7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b56-2794-4453-b3cf-e28002de0b81" ,
"value" : "e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b57-8a7c-4a8c-aa10-e28002de0b81" ,
"value" : "2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b58-d010-4ed4-9a5d-e28002de0b81" ,
"value" : "197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b59-a3b8-4117-a180-e28002de0b81" ,
"value" : "899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5a-60e0-4346-81d4-e28002de0b81" ,
"value" : "e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5b-d0c8-4404-8646-e28002de0b81" ,
"value" : "0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5c-5108-4829-8d0c-e28002de0b81" ,
"value" : "744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5d-c9b8-46d9-b503-e28002de0b81" ,
"value" : "f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5e-47ec-441d-b8d3-e28002de0b81" ,
"value" : "3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5f-4254-4ebd-ade2-e28002de0b81" ,
"value" : "ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b5f-c644-46ed-b501-e28002de0b81" ,
"value" : "1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b60-1b2c-46b9-85d5-e28002de0b81" ,
"value" : "cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b61-f9a4-4a88-86e1-e28002de0b81" ,
"value" : "de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b62-1f4c-4224-a913-e28002de0b81" ,
"value" : "9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b63-c7ac-499e-84f0-e28002de0b81" ,
"value" : "87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b64-4304-4ad4-ba85-e28002de0b81" ,
"value" : "bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b65-9978-4e50-8c5a-e28002de0b81" ,
"value" : "ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b66-86f8-40d2-89ff-e28002de0b81" ,
"value" : "076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06b67-390c-4ad5-a857-e28002de0b81" ,
"value" : "76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bbe-0ab4-45cb-8478-467702de0b81" ,
"value" : "http://directory.submitlocally.com/res.jnb"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bbf-b2f4-46f9-a27d-400c02de0b81" ,
"value" : "http://fanrp.com/test.bhu"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bc0-331c-4f02-be39-4f1002de0b81" ,
"value" : "http://ileriteknikservis.com/wp-log.bnm"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bc1-c228-4a01-ac76-4c2602de0b81" ,
"value" : "http://nji.fileserver4390.org/file/bord.vcx"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bc2-a958-429e-bcbc-467502de0b81" ,
"value" : "http://prorubim.com/led.poi"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bc3-4558-4715-aaa4-413502de0b81" ,
"value" : "http://quatang.thackhoi.com/system.ohp"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bc4-2470-483e-8f68-413f02de0b81" ,
"value" : "http://rubbishinteriors.com/401.hji"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from the JS sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06bc5-2a8c-4eb9-a2bc-498a02de0b81" ,
"value" : "http://saudail-alpin.no/point.gkp"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c14-bdec-4bfa-a58b-486e02de0b81" ,
"value" : "http://humannecessityfoundation.com/php.oiw"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c15-914c-45fd-912f-484802de0b81" ,
"value" : "http://ltmp.joymes.pl/file/bon.ijn"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c16-c2e4-45bf-8a75-4a0202de0b81" ,
"value" : "http://staracer.com.br/robots.ckl"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c17-09d4-434b-add2-47c802de0b81" ,
"value" : "http://fms-uchet.ru/multi.rty"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c18-5940-443f-acdd-4f7d02de0b81" ,
"value" : "http://gidrostroy-nn.ru/wp-includes/feed.gtb"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c19-b5c0-4560-a2a2-444702de0b81" ,
"value" : "http://ltmp.applepice.pl/file/set.rte"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c1a-5b2c-4094-8b83-446302de0b81" ,
"value" : "http://ltmp.joymes.pl/file/vet.bnm"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c1b-45d8-4d2a-8804-4fae02de0b81" ,
"value" : "http://arkatechknowledges.com/wp-admin/link.rew"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c1c-3ce8-45a8-9f71-4e6602de0b81" ,
"value" : "http://blisunn.com/test.gtr"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c1d-d7b0-4d04-85e1-4c7a02de0b81" ,
"value" : "http://iuhd873.omniheart.pl/file/set.rte"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c1e-f844-40ea-8596-4e0302de0b81" ,
"value" : "http://saunabau.sk/index.pjk"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c1f-8cac-4c9f-a18c-4ccc02de0b81" ,
"value" : "http://ltmp.joymes.pl/file/nib.vcb"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c20-5484-4a1a-b322-411e02de0b81" ,
"value" : "http://cyjt.com/left.lop"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c21-232c-4f86-870a-45b202de0b81" ,
"value" : "http://48f4339.js2-order.pl/file/set.rte"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c22-4950-4a79-9b2a-40cc02de0b81" ,
"value" : "http://4839.js2-order.pl/file/set.rte"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c22-b848-422c-b973-487702de0b81" ,
"value" : "http://drjacobberger.com/fav.vcb"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c23-9c68-40e7-b4a9-47bf02de0b81" ,
"value" : "http://biotechclinical.com/leet.tjr"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c24-97e4-4192-ac72-469602de0b81" ,
"value" : "http://partylimobusnj.com/wp-conf.tyu"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c25-3930-449f-aeb5-400702de0b81" ,
"value" : "http://glutenfreeworks.com/lftAd.vfd"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c26-6d30-435b-960c-462202de0b81" ,
"value" : "http://mayaastro.com/wp-conf.bgt"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c26-df44-43dc-a718-494e02de0b81" ,
"value" : "http://ansagoldcoast.com/pols.vfr"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c27-7dd4-4e21-b2f5-4e3502de0b81" ,
"value" : "http://www.mmgmarketing.com/wu.vbn"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c28-6a10-49e0-83d8-411702de0b81" ,
"value" : "http://flyanairliner.com/tire.bnm"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c29-f9dc-4e41-a73e-444702de0b81" ,
"value" : "http://activmedia.net/license.ttx"
} ,
{
"category" : "Network activity" ,
"comment" : "URL from our telemetry" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58c06c29-0b04-4269-ac80-436002de0b81" ,
"value" : "http://www.girokonto.club/wp-conf.ghj"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Incognito.dll" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c5f-67d0-4ec8-87d2-467602de0b81" ,
"value" : "78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Crytp0l0cker.exe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c60-64e8-4554-87df-4bb602de0b81" ,
"value" : "07dab1e46585e90dd9fc1d82b572d454102e09e25e50fc634145dd999b440ee7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Crytp0l0cker.dll" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c61-cacc-47c9-a986-453202de0b81" ,
"value" : "ace22efeff8824d0297d7ecd7430ca1f89bf49f394185ec6208e754d0bf505bc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Crytp0l0cker.Upack.dll" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c62-12a4-4de3-a380-4baa02de0b81" ,
"value" : "5bd73eb812173508fc8dc2d8d23f50ea219dc94211a64d5840655ba3e6b0d889"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c78-f468-416f-9a38-e28002de0b81" ,
"value" : "c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c79-cb28-4447-9952-e28002de0b81" ,
"value" : "3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58c06c7a-c908-4307-925b-e28002de0b81" ,
"value" : "c11762004e8a1f31e5e45c21c7af2db2fb304952f0d02e467bc55a8fc0194e8c"
} ,
{
"category" : "Network activity" ,
"comment" : "Tor addresses found in the sample:" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06ccf-2768-4486-a4ea-46e002de0b81" ,
"value" : "xiodc6dmizahhijj.onion"
} ,
{
"category" : "Network activity" ,
"comment" : "Tor addresses found in the sample:" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cd0-4348-4431-8f21-405102de0b81" ,
"value" : "w7yr6b5oktcjo2jj.onion"
} ,
{
"category" : "Network activity" ,
"comment" : "Tor addresses found in the sample:" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cd1-1e20-4ea4-a12b-40cf02de0b81" ,
"value" : "kghynzmoq7kvdzis.onion"
} ,
{
"category" : "Network activity" ,
"comment" : "Tor addresses found in the sample:" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cd2-7c74-455e-90a3-455d02de0b81" ,
"value" : "syhkhuiml35mt5qh.onion"
} ,
{
"category" : "Network activity" ,
"comment" : "Tor addresses found in the sample:" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cd3-5f70-4ff9-8e95-42e002de0b81" ,
"value" : "x5sbb5gesp6kzwsh.onion"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cf5-56b4-4bf0-875b-4b5802de0b81" ,
"value" : "ajysivilaz.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cf6-09e0-476a-b808-417102de0b81" ,
"value" : "ecpficy.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cf7-79b0-4faf-98e5-4f4d02de0b81" ,
"value" : "eruhec.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cf8-7878-4641-b779-47d002de0b81" ,
"value" : "hjaqvd.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cf9-29a8-47c3-8245-4bbc02de0b81" ,
"value" : "ivejuciwazu.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cfa-c5c4-4ad9-908f-4b4d02de0b81" ,
"value" : "jzawocenigy.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cfb-2e04-422a-8885-4e0902de0b81" ,
"value" : "ogalysupuho.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cfc-fe60-4cb7-a5bc-4d3602de0b81" ,
"value" : "otuk.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cfd-dee4-4181-a4ee-4fb902de0b81" ,
"value" : "udyrhxu.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cfe-b16c-4708-ba32-4cd302de0b81" ,
"value" : "ujihyjyredi.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06cff-eb24-49e8-8700-423b02de0b81" ,
"value" : "uqaxu.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "Domains from initial sample" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "hostname" ,
"uuid" : "58c06d00-6c24-459f-ae56-4eb302de0b81" ,
"value" : "uryk.giftbests.com"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "58c06d1b-dedc-4ce5-ab95-485902de0b81" ,
"value" : ".sharptok.org"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489005961" ,
"to_ids" : true ,
"type" : "domain" ,
"uuid" : "58c06d1c-a634-485a-95db-4d8402de0b81" ,
"value" : ".divamind.org"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample - Xchecked via VT: 3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006043" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06ddb-da58-44d7-a64a-43b202de0b81" ,
"value" : "c24ea0b7bd3008a3eed7ddd1b27d14e5f45207a0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample - Xchecked via VT: 3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006044" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06ddc-a904-4cb4-aeba-439702de0b81" ,
"value" : "bc95e03baffdb157918149cce3d8d344"
} ,
{
"category" : "External analysis" ,
"comment" : "AMP sample - Xchecked via VT: 3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006045" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06ddd-8100-44c6-881f-49f702de0b81" ,
"value" : "https://www.virustotal.com/file/3c413bf58186282a6ecfec8e6a3f7a6b931b15cd404961accfc7665ad8372a92/analysis/1486988187/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample - Xchecked via VT: c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006046" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06dde-73e8-4337-b76f-495c02de0b81" ,
"value" : "b1fdce07107fb9aef8b11663b0284139e67e3c27"
} ,
{
"category" : "Payload delivery" ,
"comment" : "AMP sample - Xchecked via VT: c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006047" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06ddf-9eac-489d-8e6e-4b3902de0b81" ,
"value" : "4368cbb153a94d77bc7aa525e560b905"
} ,
{
"category" : "External analysis" ,
"comment" : "AMP sample - Xchecked via VT: c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006048" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06de0-f2c4-463e-bd4b-4b6602de0b81" ,
"value" : "https://www.virustotal.com/file/c326b820c6184521b18fef27741fadb628414839ace202352db29608f17f995d/analysis/1488429363/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Incognito.dll - Xchecked via VT: 78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006049" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06de1-a264-46e8-9a4f-40a302de0b81" ,
"value" : "999fbe88a99a933fbf930651982a674c6f54f2ac"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Incognito.dll - Xchecked via VT: 78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006050" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06de2-0e34-42b4-8300-4dd502de0b81" ,
"value" : "c484d2f873621855d7885cec6cf63020"
} ,
{
"category" : "External analysis" ,
"comment" : "Incognito.dll - Xchecked via VT: 78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006051" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06de3-f73c-48e8-b7f5-49fc02de0b81" ,
"value" : "https://www.virustotal.com/file/78f720f09a6ad23a0332c6531c4792a74d554d66d36f007d1e94bdd9c4fb2d1a/analysis/1487770143/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006052" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06de4-f324-443a-b0a0-4a1702de0b81" ,
"value" : "7707e33e284eb0981ccbe0e8af4ecb136e2a8709"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006053" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06de5-feb0-47ea-a3bf-40ca02de0b81" ,
"value" : "9a8ddb3d089e47015372cc359a574893"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006054" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06de6-6a70-4128-bbd3-469202de0b81" ,
"value" : "https://www.virustotal.com/file/76f3828bfc53aa3d2f3057521c913797c1e3a7cb8331112bb1771ec6d4241e66/analysis/1487718199/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006055" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06de7-ca18-4cc3-8cc4-448c02de0b81" ,
"value" : "c4c05fda1bf66ee3af794df4ef17d09c62f7e205"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006056" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06de8-eddc-4456-9551-49f202de0b81" ,
"value" : "9c52c1cbd3382065fcc0fc567e6ce892"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006057" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06de9-ec3c-493e-85e1-42df02de0b81" ,
"value" : "https://www.virustotal.com/file/076bb85648f5a5e09c85dbf5997b58e7580031e64e5555a58ac0c3bce62a857b/analysis/1487484510/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006058" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06dea-6524-45e0-82e2-466102de0b81" ,
"value" : "9a188d94c1f15da3b31ee5b5758ccfa736a9fe37"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006059" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06deb-b528-4ea4-8011-453502de0b81" ,
"value" : "da6f362e59a354f1e9aba6e3459c64c0"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006060" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06dec-f788-4467-8ad3-4d8e02de0b81" ,
"value" : "https://www.virustotal.com/file/ccb3eba9526df1d9eb983bb5259c47e552efb4fdf8cd95e6a6b6856351114b8f/analysis/1488023624/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006061" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06ded-51b0-45d0-a7cf-4a9502de0b81" ,
"value" : "941247fbe437170b1f8aa63a64cb32b96fdb7149"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006062" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06dee-1c1c-4b3f-bdff-495702de0b81" ,
"value" : "ee9715fe05cf675d93b1a7d62b9f91d8"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006063" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06def-4e14-4ea8-a34b-43dd02de0b81" ,
"value" : "https://www.virustotal.com/file/bcd94a7c4a24645948c46afb2616720e2bb166bc327e63dfe2b8c3135accb548/analysis/1488187298/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006064" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06df0-e57c-4451-9041-459802de0b81" ,
"value" : "c2b058909484e9a53a39b7674fd8200553d36c19"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006065" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06df1-c6fc-4e2f-b850-491102de0b81" ,
"value" : "12e334231ecbfb1fc74b22b1cbfb053f"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006066" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06df2-8984-42bc-998b-47e702de0b81" ,
"value" : "https://www.virustotal.com/file/87fce23e17a86775b210c81089013ca7c058c03cd1b83b79b73413bd380efced/analysis/1488803940/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006067" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06df3-02a0-47f7-9a0f-4fb202de0b81" ,
"value" : "a6e5ab9a89e803bb48793c545ca7ef547ef2b155"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006068" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06df4-847c-4764-b379-495902de0b81" ,
"value" : "3cab16b7faa3407d6a08c15eb478ea97"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006069" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06df5-2fb0-434f-a58e-453402de0b81" ,
"value" : "https://www.virustotal.com/file/9e0ee793008c69494627383251098e1d500212a77fd025f6645c47ffabf015eb/analysis/1488429222/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006070" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06df6-f840-4a31-a275-45ba02de0b81" ,
"value" : "c3ac47eab687009097f593e01c83baf80bdd03ca"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006071" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06df7-d8cc-4c8e-a378-41ce02de0b81" ,
"value" : "f73c357b554d3759a81f9c351db09911"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006072" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06df8-1eb0-49bd-9759-482802de0b81" ,
"value" : "https://www.virustotal.com/file/de183a7886c3dedbbb1d9260934f0d6e7d4abca72fb942c573dc74ac449c4bfc/analysis/1488189016/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006073" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06df9-d908-483a-ae3c-466902de0b81" ,
"value" : "ec419d1bfb435d5dd132f76b7218b0acf01b792c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006074" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06dfa-e798-48e5-8ac8-4b4102de0b81" ,
"value" : "b88e5f37bc137b5892fcd399ff49e924"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006075" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06dfb-f924-4551-91e2-47c402de0b81" ,
"value" : "https://www.virustotal.com/file/cb9050f37dfc7e19b59d3ef4e332efcf2bc04c5707f41b43453f6c50d3740bc4/analysis/1487887735/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006076" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06dfc-d37c-48f9-bc48-4e1502de0b81" ,
"value" : "08dc3de9ed98cb37cc45fdf3232acd9b128d10fd"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006077" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06dfd-8b04-4bbd-9022-458802de0b81" ,
"value" : "ef55d0d85d324cebdd42eca5b826a1c0"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006078" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06dfe-dad0-4012-adfe-41ac02de0b81" ,
"value" : "https://www.virustotal.com/file/1e2cb0cf9b5b7e7b825fda20a37e5c6e1bb9c548eb89cc457026e4cbee35cd23/analysis/1487791753/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006079" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06dff-0be8-464a-af76-4a3d02de0b81" ,
"value" : "adad50138fc9a2939430093a365c804047cc0f9b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006080" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e00-ba54-45ff-93af-487102de0b81" ,
"value" : "57ee7e54cd4c17a66535c0b18d3fca6e"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006081" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e01-0e04-4b57-b2c6-4f6502de0b81" ,
"value" : "https://www.virustotal.com/file/ea1f0f1ff85130dc4634019d9e305d35097483d38e37c8aa4dc6c81b7aed1418/analysis/1488180723/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006082" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e02-e4e8-4837-83dc-45c102de0b81" ,
"value" : "6ff7d641a87e90bbe0353b2cf8f3d30f350eca2b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006083" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e03-d97c-4a5a-bbc5-459b02de0b81" ,
"value" : "fd9677589ae986955fa84fddedff95a7"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006083" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e03-1618-4095-bb9d-470902de0b81" ,
"value" : "https://www.virustotal.com/file/3745e6e8419a2090130473cb0b8197031fee9c07a824395d1ab261257def3100/analysis/1488452522/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006084" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e04-4064-4b07-8c4d-494902de0b81" ,
"value" : "17847e340239bf3fd112c29b259a9fbab3b2cf66"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006085" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e05-7b90-4e41-9653-48e902de0b81" ,
"value" : "cfe3be97137aeda22f71504320c01bce"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006086" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e06-7170-4253-abcb-490902de0b81" ,
"value" : "https://www.virustotal.com/file/f893dbf5891995984e564c44878dd5c8dea94812c3df7b995d79159bca051f79/analysis/1488187294/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006087" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e07-38ac-4bcc-b8f6-436102de0b81" ,
"value" : "7f3d264e8095a4ca8cf3e3e69bdcb79cdb6b66d3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006087" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e07-99f8-4a46-abe3-46dc02de0b81" ,
"value" : "b6a3f25c51cabc1383ae60071e093b66"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006088" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e08-6200-423a-9bd1-405202de0b81" ,
"value" : "https://www.virustotal.com/file/744b169cc40871e9c39409dbd89879c499433625f9fed1adfc700edcf293b1b0/analysis/1488203443/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006089" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e09-0e4c-470e-ad21-4a2802de0b81" ,
"value" : "63e3eeef3506527b5e9aa5ba98d7caf75d536641"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006090" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e0a-1694-4884-8622-454802de0b81" ,
"value" : "60e43530b64e1183628a66fb39fe1392"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006091" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e0b-f190-4c0f-b624-4fcb02de0b81" ,
"value" : "https://www.virustotal.com/file/0044e8a82a234674a070e9695f80f418ab72d351a4123b528e51b2b9eb2e44eb/analysis/1488452270/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006091" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e0b-0024-4842-8d4b-469902de0b81" ,
"value" : "9236ea3e97b358729188e16dc285fd4987250ba8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006092" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e0c-4d5c-4cb2-905c-432602de0b81" ,
"value" : "51b99671029d548f9e8efe1117d82292"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006093" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e0d-a608-47d2-9d93-43fe02de0b81" ,
"value" : "https://www.virustotal.com/file/e32cbfce6291382a188d2dae50c4b3c2a173097f2b4fc17904daceac9b2f3396/analysis/1488129622/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006094" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e0e-f99c-4619-842a-4d7e02de0b81" ,
"value" : "f0baeab465f247b66a6037655766ca06b5ae7362"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006094" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e0e-8cf0-4148-a86d-4aaf02de0b81" ,
"value" : "ce59571268952173487c507951899424"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006095" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e0f-a220-4c43-b708-459b02de0b81" ,
"value" : "https://www.virustotal.com/file/899c4eb640f97c3b198970e9d25d0464361f3bf5f8839b16f1e10493a82c5382/analysis/1487771117/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006096" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e10-a6d0-49f9-96e1-480802de0b81" ,
"value" : "eec3c6580175784d68aed941de45326c0e85eee9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006097" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e11-0720-4ccf-ac51-456902de0b81" ,
"value" : "1b21501a12733c0450e96643edb8f5f9"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006098" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e12-3e50-4b82-bedb-43e102de0b81" ,
"value" : "https://www.virustotal.com/file/197aa2490e81362e651af2ab8e4ae2c41a5da1a2812e4377719596a2eb2b8c8f/analysis/1488658947/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006098" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e12-e04c-4550-a1e6-422e02de0b81" ,
"value" : "98943ea8f56edfd7bf5a09e54aaf2548bc7ff225"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006099" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e13-c134-43a3-b86b-475e02de0b81" ,
"value" : "1a2aae516a2985af8b19438764eab690"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006100" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e14-dbf4-41d0-94a3-4ce202de0b81" ,
"value" : "https://www.virustotal.com/file/2c8c0d8e1d74a02c44b92e1ee90a1f192e3ea3f65b29bcbba8fe6fc860e8dc6b/analysis/1488348430/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006101" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e15-aaec-4489-8f5b-416202de0b81" ,
"value" : "a71998700fa4abf1aa0c30d85f32862f5589a2e2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006102" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e16-692c-4594-9be5-4d0902de0b81" ,
"value" : "358ca9784fb2f5ccfb34acc4998833f2"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006103" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e17-7398-4a16-b593-43e702de0b81" ,
"value" : "https://www.virustotal.com/file/e3166a14289b69956beba9fe0ac91aaeeff4c50fc9eb6a15a22864575fcc22fc/analysis/1488974143/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006104" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58c06e18-f534-4169-bd53-478602de0b81" ,
"value" : "df93630beb56a6ed0dba7c0969431ccb0d64e5d7"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Italian spam JS - Xchecked via VT: 7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006105" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58c06e19-f164-4cca-b673-409002de0b81" ,
"value" : "fef70ba52555fa58ad714e30a7288de9"
} ,
{
"category" : "External analysis" ,
"comment" : "Italian spam JS - Xchecked via VT: 7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1489006106" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58c06e1a-bbf8-4b6d-8747-42ee02de0b81" ,
"value" : "https://www.virustotal.com/file/7505f9a8c2092b255f9f41571fba2c09143b69c7ab9505c28188c88d4c80c5a7/analysis/1488963532/"
}
]
}
}