725 lines
26 KiB
JSON
725 lines
26 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-04-04",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - High-Volume Dridex Campaigns Return, First to Hit Millions Since June 2016",
|
||
|
"publish_timestamp": "1491560139",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1491560019",
|
||
|
"uuid": "58e73aab-3530-44d8-94b7-4cbf950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0da700",
|
||
|
"name": "misp-galaxy:tool=\"Dridex\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "VBS Downloader Example",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73b5f-bd3c-4749-b338-4683950d210f",
|
||
|
"value": "84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Document",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73b60-9508-41a5-b5d4-4076950d210f",
|
||
|
"value": "1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Document",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73b61-5820-4259-bf31-47ad950d210f",
|
||
|
"value": "743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559995",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e73b73-775c-4c97-a655-4120950d210f",
|
||
|
"value": "https://www.proofpoint.com/us/threat-insight/post/high-volume-dridex-campaigns-return",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cbd-d934-4c4f-9673-4aed950d210f",
|
||
|
"value": "http://meyermuehltal.de/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cbe-0a68-4d90-9596-450a950d210f",
|
||
|
"value": "http://technologyservice.eu/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cbf-c770-4e6d-97b8-4004950d210f",
|
||
|
"value": "http://tspars.com/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cc0-08cc-4ade-84b3-44fa950d210f",
|
||
|
"value": "http://thaipowertools.com/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cc1-ce74-4efe-b509-483d950d210f",
|
||
|
"value": "http://www.movimentodiesel.gr/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cc2-0044-43f2-8a9f-4cd3950d210f",
|
||
|
"value": "http://lhgarden.org/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Document Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73cc3-5ad8-48e1-ae5e-4e5f950d210f",
|
||
|
"value": "http://www.soulcube.com/0h656jk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "VBS Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73d58-13c4-4a30-8f9b-4072950d210f",
|
||
|
"value": "http://roylgrafix.com/76gbce?"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "VBS Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73d59-2f14-4f5d-8b44-4275950d210f",
|
||
|
"value": "http://signwaves.net/76gbce?"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "VBS Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73d5a-3b5c-4902-a0c9-4608950d210f",
|
||
|
"value": "http://testsite.prosun.com/76gbce?"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "VBS Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73d5b-aab0-4ab1-85b4-4007950d210f",
|
||
|
"value": "http://omurongen.com/76gbce?"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Smoke Loader Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73da3-cf44-49cc-9c82-4fd1950d210f",
|
||
|
"value": "http://pastasmolinero.es/76gf33"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Quant Loader Payload",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73da4-a844-4319-851a-491c950d210f",
|
||
|
"value": "http://nzhat.net/9jgtyft6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7500 Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73de0-26d0-4e32-b380-47e4950d210f",
|
||
|
"value": "dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7500 Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73de1-26f8-4352-862a-4204950d210f",
|
||
|
"value": "20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Smoke Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73de2-9c50-4fe6-99d3-431e950d210f",
|
||
|
"value": "4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73de3-cee8-4425-9217-43c2950d210f",
|
||
|
"value": "379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73de5-d9c8-48b4-91ce-40cf950d210f",
|
||
|
"value": "6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Quant Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58e73de6-1c44-421f-b169-465c950d210f",
|
||
|
"value": "ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": false,
|
||
|
"type": "other",
|
||
|
"uuid": "58e73e57-0c84-41fe-a209-491d950d210f",
|
||
|
"value": "5054518c52e70f86a6e42641b094e9b64df96bd65C&C9ab0d21e810dcf14c87b5|SHA256|Dridex Botnet 7200 Loader"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fc0-6d00-4fcd-9200-4af8950d210f",
|
||
|
"value": "8.8.247.36|443"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fc2-fbf8-4eb2-b55e-47f9950d210f",
|
||
|
"value": "81.12.229.190|8043"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fc4-5f60-4ad3-b30c-42bf950d210f",
|
||
|
"value": "107.170.0.14|8043"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fc6-f0a0-4574-89c8-4dee950d210f",
|
||
|
"value": "37.120.172.171|4143"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fc8-4d50-453a-af40-4238950d210f",
|
||
|
"value": "91.219.28.55|443"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fca-7608-49de-8ecf-4130950d210f",
|
||
|
"value": "178.32.255.130|44343"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fcc-4910-4c8e-817e-4be1950d210f",
|
||
|
"value": "217.197.39.1|8443"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "58e73fce-f480-4d25-be75-4505950d210f",
|
||
|
"value": "195.88.209.221|4413"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Smoke Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73ff3-8c9c-4cd0-b98b-4e5d950d210f",
|
||
|
"value": "http://justjohnwilhertthet.ws/m/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Quant Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73ff4-ecfc-48fd-9970-4075950d210f",
|
||
|
"value": "http://jusevengwassresbet.ws/q/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Quant Loader C&C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491559977",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58e73ff5-1f6c-4567-bb07-4a94950d210f",
|
||
|
"value": "http://sinmanarattot.ws/q/index.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560020",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e76654-0f90-4af3-9d77-499302de0b81",
|
||
|
"value": "155863bcd4ea677986beb13b1e519f3f71cf2183"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560021",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e76655-1eb0-46f4-b791-413602de0b81",
|
||
|
"value": "3ede7214e1fe848aefd67e8d11beec00"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560022",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e76656-b394-4f3d-8498-40ac02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1/analysis/1491538426/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560023",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e76657-0cf8-48f2-9e77-45eb02de0b81",
|
||
|
"value": "694266450ffedf4008f0cf0e5573c63c56f2e5d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560024",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e76658-8684-4696-9e23-4c7402de0b81",
|
||
|
"value": "f4e11acef79702561dea6070d4dbba45"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560025",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e76659-b41c-4a12-afdf-41af02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd/analysis/1491294800/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560026",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e7665a-89dc-48f5-a69e-4d3b02de0b81",
|
||
|
"value": "44bbd62533c8b1257a02f11756b39ebca77eda78"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560027",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e7665b-d364-4005-b2c2-406902de0b81",
|
||
|
"value": "0243c9bb903d6f89d7eeadae882cf591"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560028",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e7665c-5394-4250-9d8c-49f302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22/analysis/1491192423/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560029",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e7665d-3844-4f1f-9fa8-40e202de0b81",
|
||
|
"value": "a6cc5c3aedf9eba6ff3f18b76430e3f8efb90f57"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560030",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e7665e-9778-483d-9712-4e2202de0b81",
|
||
|
"value": "c738746c751e3f4465cdf20959ed7115"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560031",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e7665f-c77c-4b35-acd9-4f0302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02/analysis/1491540064/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560032",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e76660-f4ec-4ac7-96c6-4e9202de0b81",
|
||
|
"value": "6812c5b94ea2452b794e8e735428eddd415e1bb6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560032",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e76660-28a0-4837-b925-405202de0b81",
|
||
|
"value": "e50522bf1817a8f5698b740e5225c34f"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560033",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e76661-edf0-4e21-945d-4df102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81/analysis/1491282981/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560034",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e76662-6f30-4eeb-987b-441602de0b81",
|
||
|
"value": "7eb1ab6a19b3ab9fc8dd96f73e5a696571a72400"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560035",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e76663-b798-454f-887a-460502de0b81",
|
||
|
"value": "41a5b1d50947452adb663abcb6ecb829"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560036",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e76664-e204-4ed7-8ab0-439c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a/analysis/1491188391/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560037",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e76665-f120-4ccd-a42c-4e7502de0b81",
|
||
|
"value": "f40791fd456f4e9429cbcc231e5550bfe8fcb906"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560038",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e76666-87b4-420b-92f6-433c02de0b81",
|
||
|
"value": "130b76fcf04f44433fa075c3cc596d03"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560039",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e76667-b1b0-43d3-bacd-413102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20/analysis/1491287540/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560040",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e76668-dbac-41b1-84c0-41fc02de0b81",
|
||
|
"value": "49858617e73d5a56894140d90f0d75fe59496b1e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560041",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e76669-a3c0-454b-8635-43ea02de0b81",
|
||
|
"value": "6c8104146ba1bb6e1a4c3b8b6f6a1fa9"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560042",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e7666a-9bb8-40ac-a37a-4e9402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8/analysis/1491436931/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560043",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58e7666b-5a48-4cf6-a3f5-4cb502de0b81",
|
||
|
"value": "71792564c59392c6f875c18bb62b7f501ba48a5d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560044",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58e7666c-7810-4fa4-9361-4e4d02de0b81",
|
||
|
"value": "1cdecc032262cc06375296dd7d907968"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1491560045",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58e7666d-4628-4053-a1a9-4bb602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69/analysis/1491200234/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|