274 lines
205 KiB
JSON
274 lines
205 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2017-01-27",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Malspam targeting github users",
|
||
|
"publish_timestamp": "1485530194",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1485530168",
|
||
|
"uuid": "588b3db6-d5d4-4e46-86d6-42b9950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "sent by mail",
|
||
|
"data": "UEsDBBQACQAIAGVkO0rMGPetjAkBAJYJAQAgABwAYzFhNzM1YTAyOWM5ZDY0ZjZkMTJmYmVhNmRhNjI5ZmRVVAkAA30+i1h9PotYdXgLAAEEIQAAAAQhAAAALnJbW6/FhgQCPI34qaSjdvs5/0Y/bTvNek6e3mlicvbY9jl5vQJZ9lKj3PIIr/WgJsKQTi1rg3kFRxDKkDo1J0n+gFaKeVDuthP7YdyJzA7kz5rHWelZSrKn+fyVf2Pa4CgACWDNTAXwRALhw+Yi53q2FwqT1o2/Cj+EFrYComGec01OagXJEs3MH0r269L+V6tEvU3GMK/Yb++GamjqwD/r4lG0upxDNkyl6QVIaS6LeiLYNIn/63/SIxZVXxKDzuBNZwnPCn5cEN3FjFGdtqqfx5h0vYebGDExVyhGBSWnu48jwE+ztKsTplgl7hG50V3EkhPQmOz6qjfeBTjXkcIjtiCfOVK7fyVY3QpezdB9RbsphH+UfOasjYLGWe+Mg2JcVZbwvthgC8KVEDGDX1jdQer+TlqgwGeVM7YfDtNPPc7pWf28GhrVYOkSC2aKHNv9ysi7IRm3p1Q2tJRWrbSfzyK6FMsfaFedqr2O+kqJFdG4F2Z2JxCoEm5LXO09uLBbciClq6cFOJPlKP3muxf6PYjrYYep5tRel5mopRnXB+N+T1QMzDHWTcnHmG4TDTNKS12UO+OrG99rr1/zBm/mXhkHD0pWbi6INgOh8+PNCIb3cPBZB4Vt3pPbNZphPucF1LBwj/1k9HUA0lfH1BFdCiR2L9NQYp135n0olBZe+DgUMiLGKlstrCNKpqijhuJp0fbILvcGD3ukOjM+drdT3l9bk18PqOT/9UcSyiRNfRRPhM0L82zDwDKJA+K91kNPrPc0afHlE3Kne0uvPsKNevuk65N/w4qbCX7obiDv73dy4CHajg3duxPjPY65g8RWrLd2Iy3AKVBomTMpnk5+q5XH8ktFuslBigg3kFRkz4zrRja3sjlGDac07uubVLYxMczZC0HtiTib/Wn8N3MX51yUp83PiG60l0BbHoAIxjbJtc61XV7YhSAlbSPxcZH+UwR52MbNJ833iZAt4xMa/qGHrLVh/UEE24S4TynXbNH9FBm1rA82W5rTb4hpDs5LyW3TNW39MIntsFSLgdAntL4objD5Sw6xiShaXOoSm8qT5/mINA+Jb07HxEFYtdwhXTSzpXCnmk/JW3uXdx4ztakBhUMz/NpEnAZ+XZK2I1knt4/6b43DBQVKETsJ2Dzt743VZhyTRZa6upDHZiu6717meJvBFuseB0NlLYgaWNwbb2DyZ3pQZBI8/3VcTY6gkvzU396aFd1mczskOkJyRy1BzdNhBdCceQxSp3/Yegnx+rXZF4uRSQ8LzJIlPhcFMkvi3wbfB2tGDmlEhkf0FlCY3fh3eJ4EUZjn81DTS8rxpT78zERxd8L15v+Q46PDJfXZh+kcuNfqUZmBwPIi04VlEtPiQS4S4mcr4e8TLH5+aGLJuJmfWyiaWX9jKp+S2fsyAauyjvedSSb6r6dTYEhh1Wp60Q2xJ/YFVeGufPLicJVmt98fcxC8uadvyncitYoX+oCDMnDH16nHJPs+AGfzZNsyGKlhcnnqvREsYmKwKGcBB3EpN1y79keS1t2g8U9S22ied8uGvjICxFuqcIPLSijd3MxoZhCYrc38mgF1UzIAIxKvzyHScw5AGvX8w9glUwnANcZklRfkBhZEVcoMDGboD7hTjhABjtgxtUkUsZ4K1aQTrOe7JIbCEfmkmlSiVgf/oe/KYPfp0OJgqkH8e9Px+//ET0FSQ+d9We74eks9wmuxcCK0TUg1t580UZ9F3CRARIpD/MfQPEWgAT6GFy7oieNCzA8kowbX+G3mBSjGhHqsw9tV6f58T/jsMspcB48dP6aj2WIaLHi6hUfKPr3ejl+yFOAkLxkJjR/t4Z+/b2EvxswUo1xNhFNiy/RF5OOQOZ/4rjX71KSQbPJOmXXzCQiI5zi0WtMhHTDwtY7dQ69GE/hohzcU4yYnpPfCZcQ6PQ1NsMjO2nezQbw6MTHtO4Nmv16A6d467P8YyQLHhHh0tE3nA4Gg4zdStW6yNl+FshPDIZCh4jaQKlwBmfxIB4zQGNHFmkvyDl2p/DrqlDqoTCT/KheFDIM6t25vUpQJxDYNmZG3sxfWoUFjfGdotsRXXp2i64PcOD7qYhGJsxD9c6DNCyI7G52Zd+K2/LetFaGgEPEw8R3iD9dxZ2g5Vfam/6JfbLISi0XR5S7Bn2rr/SId4N94CVAYEaM3h9DBIn67Ae9iF0U26wjzIuOFuMloRJzXTAw0zqbKc8ONuZsMc0Ws52wWw5+sv8H6zzUMKtlHfFTV+ECrg+flsLW2ioWe15Q/z2VnQ4ZBMpqOVBGLxv2WBpfYiKDXCP7PKtCT+2ZLEzIfTNLOA8ByTnPoin+qNnZXIVzbLKeBTWqvqcga1Vh5ghyiW8yBMxSlO7/GOTTv1j5trU33haA670nkYiBgdWo3fCAlf5nCi+cDSj9tSnH7gPh/pCYm9c2PzFi/DvQhSp+S6h5JDrOss96+gZHF1WXJYRUgPpSFbwvV3i263xiPiSLXEsm2wmKa0+fhdu7ww0nGKXCo6vwItkroLCVe7xihOHPK+jwjBWQEw6v+MgzByuxQlER5dBcRex8Vt9/1a1aLJYWgBFsYNtExaTtpvHZQNXjACUIFF3iSFq/BaG4NHbgBasK52dFEckxY2L/JFua9ZO2ZMXVsk4WTfMG4cmhlDlRt0yNkybd98pP9o/vxmFjciie6mNnQGkvFvXz/Jec/Ywzmu8xXTtretkH/frvMlOkCm2CKqRvDw8GuN2nWj2jDRNcyZe8CXwJyjcZpzXHSfXJzYzvFP1s2Lj4dPLG0Luot8QwjnohKGvHZ49IGhgqHG3jO0eoUfnAmoJuh3VnciDhk1fVqcBBc8GXEqKPDRqP+0ZG/Zt4lwITUc9T0qInNwCV/o4NjBFK+U5hXRHhQZG19YRzfm/FtpmsAjVw7BID/sDdZu/9/wsdA5k2VgJkzIVLQLyV0VhulzWGfMB3zngJZcm4pZ9d4NJONkCYfk2ay51Yk+k0Cz9kEbTAQOmS5jlucSs9DT2uIcHi6hQDusD6C6Sc1dHlA+5+u0oM08lihaXVe4XSwyWLb5shkMsMJWnozBycolelTr2xvgVp+vJzgn5w0ZJBKwvsBM4VvokogGtKxrK7zEkRbohgKhQjBNYOGOjDCyK8aF9+QkaaNP11hFIyjd4h1gprwPWJae1WiIcpkgHJQt9q9euQFnYbWUiW8YVoaViG8OoTPwUP6gXTcRfQwnKt2uOixFClA0yQXOkZh3QwzInVM9fqntqUk5vsLHbSJidd/WJLfuiUFlqYldi+HupyrU69uDD00qDFdRQOJ+gRaG5E7zxIcpYFcYLtK2QPTkBxwLiZZjSNRMbrT+8EZRqS8CITXnGrxwJdB+XwGqkh7g1M5wn3b8yhqloI7UlbsJQNuXcmXTfGdP2S/9ZlPNOiywLuBaxZG1gWD+/LjWAUfb0b5161475s+Nr1cFE70UgiEN1/xOdn9kwcWp4s63CS83zgu9KbA83eltvbXfXg/Tm6A6rfjr5T2ebn9+nXZG/E3a46gZGi+fu3WlbtFuYtlJLTPit23y82PxG6PGg1TyOzPCQMjq8X6+eD8qFIcJhayfBhPjnJgkrmLWXxNIQWSbNBJmKDU3Egi0M5YPuJtVKWnmDHtl7Y+70ACWWKTyQvWXuDtn0rT7gafaV4CyE1URmnRR3UKCeN7CS5RqqJth2bEnqefzEvmVYwCHXvgY/3/6R5hugkFlZY7+81Veq90N4GnZuOZCRsZGmwDeIK1CRDuLx8pF2tsAGnGak+dC1hHT0fr+4Be9zxlQ8lz6rgYiU9kZ4KTHJO+RkRcx7DckmM21kTKqocIy5TjJgm8j6AkT3pNrUlVttSXSqZ2Rln4DcgVR0gcdAu7Gk5dPKbaZlP5ypRKaDveZ0EvP1/Xpr2+XzC8wu4dGYceE9nX6bkLffyV6XkW8LX0SNmokHxGuW
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485520509",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "588b3e7d-c100-485d-b7d8-4876950d210f",
|
||
|
"value": "2701.zip|c1a735a029c9d64f6d12fbea6da629fd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "sent by mail",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485520510",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha1",
|
||
|
"uuid": "588b3e7e-d0e4-4724-9d6e-484a950d210f",
|
||
|
"value": "2701.zip|4ec4258cb17ab4e297f72d6bcb27399a3f5786e8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "sent by mail",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485520512",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "588b3e80-d658-4a16-a265-4dbf950d210f",
|
||
|
"value": "2701.zip|2690dc4ebde17e460aa9fb7c96fdaedba0702cc9737186af6efa66d1c92974ad"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "text received by mail",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485520639",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "588b3eff-5b28-48b6-a288-41c1950d210f",
|
||
|
"value": "Hello,\r\n \r\nMy name is Adam Buchbinder, I saw your GitHub repo and i'm pretty amazed.\r\nThe point is that i have an open position in my company and looks like you\r\nare a good fit.\r\n \r\nPlease take a look into attachment to find details about company and job.\r\nDont hesitate to contact me directly via email highlighted in the document below.\r\n \r\n\r\nThanks and regards,\r\nAdam."
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485521128",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "588b40e8-8714-4e31-84ff-4bc8950d210f",
|
||
|
"value": "gw.yugo-star.ru"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "probably spoofed github user",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485526612",
|
||
|
"to_ids": false,
|
||
|
"type": "email-src-display-name",
|
||
|
"uuid": "588b5654-1e48-407b-ba73-4e1f950d210f",
|
||
|
"value": "alec@cpan.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485526682",
|
||
|
"to_ids": false,
|
||
|
"type": "email-subject",
|
||
|
"uuid": "588b569b-534c-48ca-9d73-1a2e950d210f",
|
||
|
"value": "Hello"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485526732",
|
||
|
"to_ids": false,
|
||
|
"type": "email-attachment",
|
||
|
"uuid": "588b56cc-0a08-4a34-b192-45a8950d210f",
|
||
|
"value": "2701.zip"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485526807",
|
||
|
"to_ids": false,
|
||
|
"type": "email-reply-to",
|
||
|
"uuid": "588b5717-a878-4208-90b2-43f9950d210f",
|
||
|
"value": "AdamBuchbinder@tutanota.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485526894",
|
||
|
"to_ids": false,
|
||
|
"type": "email-message-id",
|
||
|
"uuid": "588b576f-efe0-4377-8fb9-4e4e950d210f",
|
||
|
"value": "619BD3AF4490BE5D8184CD7A6E724E86@xpox"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Received: from lrjr (unknown [185.39.170.74])",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485527094",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-src",
|
||
|
"uuid": "588b5836-b6e8-4be5-9cb1-4b0e950d210f",
|
||
|
"value": "185.39.170.74"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485527210",
|
||
|
"to_ids": false,
|
||
|
"type": "email-x-mailer",
|
||
|
"uuid": "588b58aa-9374-4f37-a5f6-4da9950d210f",
|
||
|
"value": "X-Mailer: Microsoft Windows Live Mail 16.4.3528.331"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485527277",
|
||
|
"to_ids": false,
|
||
|
"type": "email-mime-boundary",
|
||
|
"uuid": "588b58ed-7448-4511-8da9-48f9950d210f",
|
||
|
"value": "\"----=_NextPart_001_1F9B_01D27892.CB6A37E0\""
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "extracted from 2701.zip",
|
||
|
"data": "UEsDBBQACQAIAP1zO0qv5ypOKg4BAAA4AgAgABwAMmZlY2JlODg0OGJhYzQwMDFiNjkyZjYzYjMzMzU0ZDNVVAkAA95Zi1jeWYtYdXgLAAEEIQAAAAQhAAAA5aBzdp0Lb5SIanijE7zecpISZGGH+tnb3GZflvKJxL9QANkttjRxIrwYn4rnISsVnpItxZfArBCpHds30Szg+VWmJROvfjoa29y5RpYVQmUo91HWBGwCNfqf4mgO+ufbNmvW6AiNYweVedGfMyB0J0jiEI1xym4s/ErnJtanBN8sCz9wT2dgWllqWsgrvQULFj47xz4wiLXSq7hBzZGY2yMV+KzBmLmCJ2G5w2Sny6kIbmS+wRyYEzz0bczxcLt+0wAhXkKhJSQDxc9iErUAEEhIf+s3NrbWJnn/6IM4AsYBtcHmwSC+sKNjjHhsmYB23kh7Ne3XXMGXtvXoBJWCWmtH0lumQjg7oXE9BkX6lB1hRUvSzlQuI0pyG8h6cHf6wYfjgzuVnpVW+hxoCwRe10ZHvvrlTLXixReB2F/OLdgKsjf0Hh+sm5L1tZq+4TWEwyn0Mej9oQm3G0rvZPUCVLnRAIg/yLbEXC+F/Einne4oVmQLW/oYeP7WdTGiJvxsdk1UH7BPC01yL8RE7trrDugj+8VETO9RhHfhCWKJ3HmRTLpK8Px2Bm/pREamtboxezLMii3PjA5TTja2KP2XOlmMDCezXZCi3P4LFXaRJFTNj3OBiewcEb/8w7+F4Vd+GeWqG3T8Uzgi+apaSVNxmF52LwF6Y8JIpCHGcopp586zJkdMqy4YOsvxyOkVSgu8lwFW7geXum2tKxRAnEHM3LJI6T+JjXZ2JBhX0xfaUjyxpeA8S1Pj02OXAVm1I/KIMTqrg3SkJ/xxC6oZbgmEaVuGTn1MZS9j3z5pgzBz2V1GxkHtsBDawzEtve+rnZykZEzdY4bE3jfr8l0u4RMDabStNf83mx7RmlM1F12yG/l6lXQX6H0xrChM4u8RcrCkST0mcGpm5vVpHB87Zn49CUp2z6CdlbJPrdRlADWR9E/7IFxUoywY3WAhdkT+8iysXi89yKUHsfPndwFiPJMABpCeJKMsppV5jHiwQKm/pc+Q/1ZMrZVS+Xr1LfPMx6hroVxgW7onLVTIyvRUG9RBEwMjtWaJVQaxx0My+QLC72mmnJF7Q5yPw1zhFJDYpTFLUnfDlGCBU+P17rnYdOKEtahv8r8TBcWJhc/6l63ssgwIYhQqzNed1UrHlHx6VaGQ7TLaUlJXs7feJ2M4yjU5wBwnPqoGcqKQcqtUOh4AJ6ld6QRbI8IBZ1lEUfKNPJFBeBm8LRBOAJv3uXD11RldMD0oQ944/dPXd0jqtufJ1dJpo7flLvckq7req5W1OX1o3HlheElZ/GpCr+u8lgkohpVC+059USwaYr2Qhr+FNHxDAa2zWXcW/e+hCs5pP+/O5Tv0/uyigYDQE13rDSeCne9ci9ehyZtSWaHA4H+qhh+Tk8itFUoFyL8GlXaaJeRGIscXIUIEyhHFIt8mLv3xCaSh+5JZJADq3q2os1PHEszLu8jSPLXE6LIe0VUAMG0hqWRPNXnadrgECTZAbNDGIXamB1avYR3hxAvH2bF7ff7ZHbOabr068L9B3snreUXgNvt52R7fJH7hblfXd/7fiNYJweayHKkURdASFsrUdnea3xvJT7SxDl/U7E7Kyj0iUtaQoCQ7U3qSZalXHgNigqGRRBH0cNrR4JlHTKMc7l/4L7zU9GDo0YEM8DhSSSGQtoZ7imKfI/igeHpf6F0VZe8gWXKhU3gLY43vzGRDMR7koJubenrL6q8SX0wMg2DpwCOipoVb5SAdKq9HNtTjsL9tbm4riXnngkyx4AcK/2qc7EayrVH9eb+WjVx+Q8GMTwl7c/F5l5Pt6qB4a5wRiqV93h6IUKij6kxTmIz1XM833Zd+KvRe5DljlDtyoGhgdTJIT20++ArfzAoBtXKyZ5dZqd+y6w/O6MvNwtkW/7BkC6kq3YCTjLGgdxLVTP4522m1JTSGusUszB722k+f5hqcXU40Qj8qYwN8PeIisMhhDKhYO9fNcNiWrPb9kfMoO16fOM0TSAltXvPzGo7M/Woq+jVgTTywio8i55QvvUf0mtIgWHq1NjPt+t2OWGgPGDqGKTTpme5Mm1glGIjxbGDkewtq31rs8xOT53An9DEihPFFJgTBLFMDl45zheT+qizZ3j3qFbLfA9stdKQ/wBTO2aj9QtP6R19GCqhEVwDN7gM+H17liY78KVgIOcnsjna99AcWaf5GrCSHh9NoXQ2YJ+oYNACJcTelu99URXvTEJz0lswbRwryRvq96SMfBnAFLCZANbAA65hIPU4kcy6NwQtKuu33yGB9IaX+8bpt/Yeju/Ye14tg+M4iw8XSEUT5WY8RuXbCGeiXwtf7VLD15QVicWWXxu6faJx84jFd4Y+e4tMKMtHymZO/1b/Q4GOr7c8oE5VRLmD1YHHGNlSQqTf5CpCrjonaqarN4q8fTds1ZqzDUZK7AFghKB5i3UhWopL9lb+iuZw8LG9XQTyrEWzisqdaj1Gl/DPEF7kgndHf6ZApu5ikc77R437fuzjvIA1zPRMTqqQeoSjf+9CPUWO+FIuWK9/EunPU+KOWWkR166LWuubFvBoBruZmOH8ys7Ymk+nQHT1o1dB8APfaiFsTyTvPmdE2BtIWdBh3qkgfP4B0ndZ/EX879kJG25UG1up9CKeWAuRcqCNartFvPBx7VMezg7idoiCCjDAYEhOC4tnGE/dwLdORc+iqCBDhyj9vd3YFc/NQs4qcdR6k3Wr5NnOrRdPllFg28PoNc/aqOohuMpnKCXwsM8zijZQX2MUKtRqau5ZN23YxOwUP636mrfP74ILAlS6VqVgV9HnY+IXMw0N24dOmUVhwX0rMmZO7t0Rsq5ZSOLZ0B4B9/HK3pnR8ALbPRWGk8mY3z0hXn9TipjJLul7Ajh/dIVHJPrnI1fdyK7RcpttWrwBJVEvbKqwKXGcYV5Y5rh18KlvuesTT8BX2MjCnm8awdxOtpyhZHVL9PGiDaSGPChsUqzILFCpfsWG7/xUyyoZ4rvs7UiMIO9m1qZ4zbdghdITeOl4k24077bnoWI8e4rOtS7A3crHYcu/esJ+7e7D4LKC+qKSGWtSbKD0cTCIwFomZAOHVQGPOfivlXo5/4nM1YzFNF0zMq11MzrgkTlEcIqUjHUJHvTufntYAU0LlR7K/xPrRz2pN54mlO9T7tGpvR8wf9Uyiq31Vff2Dc2WCJ+z991iNGRZQCNFxzjmO+SXc9lLbs4VRutpbaik7ymvehc/67L7N1IdUT+u6IKvoFj7DDKWGGZJoKN1RFIFk2Z9mTt5706/3A+p3H88MYLGioZg8OVJHz25CqCQDw8SHXgW+IBxuAtZF/FPWbpq7Yy4D8T3QnkA32eRMuPj1sd28bRBASTLPdQNe+ylMqoyd8KF6SV1kg/MH4V+R3qqTlJ2BKT0GsRc/rWZODv/Mu/EFOnVL0x8EUYsrpT2RfVCTlsMVyRX6wlNUZAhMc8jHp21Vfrig419kuJ5Os1G7/XlKHPegUqdrjKe5hl7luU7Fp5DfevkWVtGpo2OBeHaGdtNmvzDEVYVmdInpihj5upRWMHsIjnrIpKyfiSxTjqzzSaE+TJOGfKJBev6hQWtSFyDjdrI1n2QcFF2SlNjCN7ePCgEv+4iVP1OWbE/6narw2EiYEqSgYpSGK3vy+JvcF+8RjmC8/KjHPzhgwQnKNbPW7rguVN7pKaGLzQLALqKo8+3yPsrlIhNabljmnmMLvnTczT00XZxqN0vwkFE44lpzDg0RlHn8YExHrDQDhiY2snzRmvDS952a+czx3DmFe/pJ5ga6lUhjAiQNlQdfnV2EgWZyVOnLbYTO6AGe+J4DJ7Wu8jUrOpP/VUTnqc8hTPIXb8zaItYlWTGbzPnKDKccXmfh4E5bN9K+Z3GXbxJEayfGNn+HfX/5LCVJaqdqivZt3LwhfAuO9KZB/quQn715pi/Fq+CmSY1QQ5fyKdIZ2kRpB00xgh
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485527518",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "588b59de-1b14-4cff-90b5-0ab5950d210f",
|
||
|
"value": "2701.doc|2fecbe8848bac4001b692f63b33354d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "extracted from 2701.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485527519",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha1",
|
||
|
"uuid": "588b59df-0b1c-4030-987e-0ab5950d210f",
|
||
|
"value": "2701.doc|80ac1d4ae82a4f9a3f0068c79b96483fb7a7c16d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "extracted from 2701.zip",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485527521",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "588b59e1-3c4c-40a6-8828-0ab5950d210f",
|
||
|
"value": "2701.doc|6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Extracted from 2701.doc",
|
||
|
"data": "UEsDBBQACQAIAJd2O0q0l5P3Cy0AAPeeAAAgABwAYTQwZWZlOGE4NTEwZmVjYmMyMTJkMDg1MThjY2U1MTBVVAkAA71ei1i9XotYdXgLAAEEIQAAAAQhAAAAxWMJ1SpFI0KWdCdQN3IxFaurfRCRQAdc0ZCNyue1XY+KVWutlW9KCmcQ43HZv/07cArJYLbkZX5gfD9kyu6racv1pWKnMJ2bPOyG2TCKIjC1JuNr18GYmiQ1qafbdUNy2+rkn/EFpJvDkRME3h/oh1nIFpeNiQEQTrVeNtHhn5hf/miJXl4VzpbnruoUAmjgRpVS+/uayZ4pXBoWIBtSX1gaBRYJt1Ypusxaxhqh5SPGAeWSUb25DUyDNP0G1WovtwTi4KtSRcjm6xfyXdIIo9S3IHUYFZ2NyjfX8adBdca4LK13jpTXN0+jEIkq0YI96gtxqoS03nx1+fePV+F5A+Tuc7TnB4WKLKiDYpUe/z7tPQ7xQYZ3r3V/5CYrxw3fL0yOz7aE1qtLILfmer95BLvvZcMLV8GV5dgoh92sM5P28cTYYm94V8QzQC/YzaoSytv5wtxEbrbYprwAiHX1xXHU5Hb+WL05ug99eVwyc4Euesis8iabp+A/lwZrm58xC1aAac/F3v3w2HaSADzqd9eI1bbwAs0kpv6DuX7DXVkB73YRw5J26MkDq00kUOd7dbGd+cC68DEckz5xJAz8yTWNp6vXi5+sEW6nrjFD6eqesHzp2vkWW0e+MkDzV5CaW1R0i9FGKcz6yjMCVHKpzzcT3XjOvfPbsio3P+AUQIrx6zHqVjqe2XOU0ewSuyu6WPjpDPazFghrAZDX111WXqhXQaT+oRB38OASAK8uBJ/fT+ScLpQ7rHIgWoZGnDr66PBFbZMGNOSEscH+FQ27lMDoqkxTgS6ylJkqb9Xd/+3m7Dp+N4/YADkR2GGEuOO5AGmmqT3KfiZorUTshJE3eI78QW9Z5ZAnf9qEdrDcFOfGbbczlLQ1JG8ZEZXkR8davx7eYsE/9Ri6yqVFOJGBf4mgskjLysG2Nnp6YZnDmlJ1h7p85ax2yXQnt+u5Zytwbsera1z9KOHakXFQKy7Q2IIj5TDn1CeR2cNytBIvZtRkz+5ZdeMx+b7DBm2IBBO1Llnaihqc764sQ4zznC/lV+iVX7Mi8NCAGAJzuzLE2m/lXC4qHir03Xi6G7ALGmy8c4LKxE76xKVDy85kfsXT0gdpMJhKJ1TzsEWnmKhtDnemF4+j0ppVSsKc9IOq2NsSG5+xlD6zpvjIwxFV0/YPltvJOCBdks5hGLx7Ub8SxTtTPTzY8bkn5oAnaD2pGEhKg8VP6jLQ1AlVRzaewxfR3Io8lFDbIU2QCIINwX+8jLwLAWECMU12vILRfZxDGkLlrJzD5W8TDS6TUWuCuFOXxo5dTbfTjc/eVHA3A0Brbt0M+ik6+rRjblweBLtN0HHjJxZTq/WloNu55sd8OPUz3avxRn9k4hTDb0JeJbPbGI9TGGDwSgD4r8G1Doe/dV4mEci4sv9pLwuIdcE8Lrn+oFzAXgu2PEvpUEjrwjCiHsKBromEpNlP/7jyjLQMnxV2NBk8SPIlgEoZRVhLDpXsg2MamWtodHrY4ZQ4hmt37LITWoQ717057/2Xu+5HmxXxuEeXieyvXZ09+TEz4QQpJPq5W03ykVQ28muglhzAKxeS08Q5ZLTrMpRUXJq3E/h9st6viWEjZ9pktwtBXIGQeBqrLduwhKa3E5eXZPWTg26edFIKx1Hj4CrU8XcR3q0lm31vW1qMI9lm4nHBBEdcvN0Nuhh02lJJPpu5i6BRFb2w8duEyyf7dcqO3M5HmShYRjoeMuxUTutV7DS+Gd41sa9kF7QnWhuXRUC2fDpdsT8YXUZmA4/BTUY4juuIUffNLBaQzIdflSywENcoSWgGQQHUYkDoGnL3BfeB0ZWHe+9eNaTvfpzHndCFR4gim7mJk0SZf5fj/uv4/yV/Yt3HKsZ/bNP0WLu5gCPrESDTvhvNvLG0cYFpO/o/vl/40U3ipsIlifq/K3DPpHcLPlJz4qNQ2s9UJmug2q9Z1xGP68gJ48eXF2v8ZrXhDcCgpOSiOufXCynuayGxbtn/4481OyWxxXw6swZjb+rY37ORJEhbUUTZ/Exe/jimy+ekSw2GoeeB2EzsN2aHm0igzJqgS3TZWsUYPSuNz9fRH/l8LQ6cKNqUbbvpgDes0XBDq8arGB13ejjN0GOg1/sSuByMc/KMpim1Fr5vjdx0sewKSsrFHRsZ1AmN/D7wVMUf5lhhK217Re1zxu1XvA9oIpAHzy/BiHfy6h62anIuw4qPZRpNiPxdhk0UrUMbiMJFvNV++NRHQcGzpTIYSSUyy444ToFT4ULCfVlsrZwcglzcIXMSgL5Ow4m5wVPLYTOvdP3UVX20EhHldv+C7iNFX7Fcn3yPxRVwBEP6o9uJ1pVHf0/0/LWlox52zIt3IFjE13Up06uLujcx2s+bLXcAma56lMv4YxkNu9//meoeSKdtMULh6PZIUU1r0JAQK/elb0t8ymvYp1ZyWT9FGRrhEsH1FfvZPp9PsmK/f97yxxHbj7ErnT3R/QjI2mFkPWJHXno110ufs93CYQuqspgeugUTW4rd/8JXcxjPmsE8Qs2BuzV10SYf9OMwzdSdelhODK6ojjBxx0OUAc0bOO1U5vUtgUe8YdjB9/j1KkimCSFBYv2YnoG21z+JFwNAFrCCPyjrn8XyayRcORe+D/DCIBcgzdOm1ApqMsXSubyVj61vPEMjU/LnmLLDyW2duU5nfjEJi7CA9mFEwfTEh5GQQmOhCUUEryY5D1KUJ2kmte3gveg3AcDGvMg+QJowkfnhP7TN3DhykcMDSJM5pDVvTsUDMPMyEwRjPVuY3UCdlFyzYq31p0XK/NswrkD6KRwgCIQeTDIblvUVFnfHhk0zrSOYt+8JfzzatYTX/PaW6uSm3mejCY6LOVbQrOLTxiv8A6X4l7LUIOzGQkmmLeMdVty6gLNADPS1s76k3iOGiWGks8Lv3BpnRoIVLHM/WtHPQCTfK7/LJ6aQAm4m5Vsj8Ej3jNg4nW3EiPn86gj5d5HbNZ+0TtAkZ3tZpfBplC+Is/1Iu3UchvpRZw1trPskoNDFDBv8tx4HL/P5sm8+yJPdy38QYV2dDxWDcDfTEjuzYWLuILnE6lVN87XyfKuUstsMhErAfQ38io0ekSXAFBGV4zoX8NoJWheJX1v011kc1Jh4jdzybyee5ydzh8/h/rbh3AkXJbTtKwjc+mz85AK5fS6ScMYT3rfVo+geALWJgrybIO3NczAAmbk8yo7ElfI3NjptAdYjPh3w1SpPpvSB+RVgjrlJe6MtBNa4i+7Oo26QU/aK8oHeW2YE/VQuioyi6iEuW2In2gyQcza37wOvKj06+X7o/mGMxgJzofzlAYLcWHidPPGeW8Tsobd+8mAqPVaFnvZ8wNuwDd1eMsJqmpbhFARvzSPIoYMtm09Klmur0ayk6HgP+pvZEiwDHoyR6mJgC00tdHVGwIEt/2OWFpxI3hkthRR4hSoZ79pue855Qy7WMxyblzYgjAwAI2RYw7nYmM/uTnq8VuCE9ZJbG+8xVV303/qlfMQrgijo8t+c4UXeKqGlCEzM4e+fOqF31kdusKy6RkteN0ll2S5FdYqsO7jR2jKFv48csfHtSmWLKlStjBDmeUhZPazQ+CpHnGPSbBLo1wxEtNgcPRVdumuXEcRgvvOhJ7Redcpt49cW88p/Ngx+oQeXvAb5r4bBNfjFqVyYpWTHvcMnLiSHbSG7EI3bSS06zu+NuulvrlsTTKYcJ8SiNpMzZPlm4UWFT5OeBukMdnymjRZ8A1RZWANvTTgnD4STBhHx/+pK7gq3DA6nYeqgliCAJ5riOVJDatY7NdF2VKDiKsYElOXljhsDeFdFS6hBiR3FQYPduhgIar9VcenFyIbKHz6igXje1xf2a+fp9H46+J4s26D2ofouc5/EVmNL7AcaCBFd5QJhtxrsIepLapIEIruJgpbNKURCQh4IUxPpOtFfg5ulnZA/nxgs5d/Xj5
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485528765",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "588b5ebd-d448-48c8-ba48-4f21950d210f",
|
||
|
"value": "vba.txt|a40efe8a8510fecbc212d08518cce510"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Extracted from 2701.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485528766",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha1",
|
||
|
"uuid": "588b5ebe-4340-43d3-bea0-4bfe950d210f",
|
||
|
"value": "vba.txt|724919041f87beeff2b68421cd2bf6b00399af2a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Extracted from 2701.doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485528768",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "588b5ec0-59cc-440c-8b67-49c7950d210f",
|
||
|
"value": "vba.txt|bae5d104f1c18d59a4a92b4d0269a85cd00c8a8e3c67a7daa15dc01ad89157bd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "sent by mail - Xchecked via VT: 2690dc4ebde17e460aa9fb7c96fdaedba0702cc9737186af6efa66d1c92974ad",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485530138",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "588b641a-8b54-47fb-80d8-1a2e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2690dc4ebde17e460aa9fb7c96fdaedba0702cc9737186af6efa66d1c92974ad/analysis/1485526438/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "extracted from 2701.zip - Xchecked via VT: 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485530139",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "588b641b-72d8-4430-9107-1a2e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e/analysis/1485529768/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Enriched via the dns module",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1485530167",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-src",
|
||
|
"uuid": "588b6437-e6d4-4736-9459-452d950d210f",
|
||
|
"value": "62.213.71.141"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|