844 lines
31 KiB
JSON
844 lines
31 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-09-05",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Jimmy Nukebot: from Neutrino with love",
|
||
|
"publish_timestamp": "1504639812",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1504639796",
|
||
|
"uuid": "59aefa78-008c-4e61-a035-4bfb02de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:exploit-kit=\"Neutrino\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "59aefa8d-42cc-4b1c-925c-bc9b02de0b81",
|
||
|
"value": "In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy.\r\n\r\nNeutrinoPOS vs Jimmy\r\n\r\nThe authors seriously rewrote the Trojan \u00e2\u20ac\u201c the main body was restructured, the functions were moved to the modules. One small difference that immediately stands out is in the calculation of checksums from the names of API functions/libraries and strings. In the first case, the checksums are used to find the necessary API calls; in the second case, for a comparison of strings (commands, process names). This approach makes static analysis much more complicated: for example, to identify which detected process halts the Trojan operation, it\u00e2\u20ac\u2122s necessary to calculate the checksums from a huge list of strings, or to bruteforce the symbols in a certain length range. NeutrinoPOS uses two different algorithms to calculate checksums for the names of API calls, libraries and for the strings.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefa9a-7fd8-4bfa-9b89-4f4202de0b81",
|
||
|
"value": "https://securelist.com/jimmy-nukebot-from-neutrino-with-love/81667/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefac1-0418-4cf1-ba15-bc1402de0b81",
|
||
|
"value": "c989d501460a8e8e381b81b807ccbe90"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefac1-60d8-463c-8703-bc1402de0b81",
|
||
|
"value": "e584c6e999a509ac21583d9543492ef4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefac1-d820-4dce-b2ec-bc1402de0b81",
|
||
|
"value": "2e55bd0d409bf9658887e02a7c578019"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefac1-76e4-46fe-a4a9-bc1402de0b81",
|
||
|
"value": "bccd77cf0269da7dc914885cda626c6c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefac1-cb14-4f72-b2e3-bc1402de0b81",
|
||
|
"value": "86d7d3b50e4dc4181c28ccbaafb89ab3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Main body",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aeface-5ad4-4fbb-ad9a-bc1402de0b81",
|
||
|
"value": "174256b5f1ee80be1b847d428c5180e2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Main body",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aeface-f0dc-4785-8983-bc1402de0b81",
|
||
|
"value": "336841d91c37b07134adba135828e66e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Main body",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aeface-6eac-4664-8f32-bc1402de0b81",
|
||
|
"value": "fe9a46cefdb41095f10d459bb9943682"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-95a4-46ec-88d6-0eb902de0b81",
|
||
|
"value": "380356b8297893b4fc9273d42f15e9db"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-7e54-4fd7-9636-0eb902de0b81",
|
||
|
"value": "2fa18456e14bea53ec0d7c898d94043b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-fe10-437d-b10e-0eb902de0b81",
|
||
|
"value": "7040b5ac432064780a17024ab0a3792a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-b494-4300-a6e4-0eb902de0b81",
|
||
|
"value": "629a4d2b79abe48fb21afd625f674354"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-d43c-47b2-a88d-0eb902de0b81",
|
||
|
"value": "05846839daa851006b119a2b4f9687bf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-ee08-4615-b5e0-0eb902de0b81",
|
||
|
"value": "2362e3bebad1089ddfe40c8996b0bf45"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-fb68-4da9-ad03-0eb902de0b81",
|
||
|
"value": "4042c27f082f48e253be66528938640c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-7740-49c4-aaf3-0eb902de0b81",
|
||
|
"value": "443831a3057e9a62455d4bd3c7e04144"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-ee68-4fb9-ba64-0eb902de0b81",
|
||
|
"value": "4762b90c0305a2681ce42b9d05b9e741"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-5eec-4ff1-8252-0eb902de0b81",
|
||
|
"value": "cb01e3a0799d4c318f74e439cce0413f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-ccb4-4dc4-984c-0eb902de0b81",
|
||
|
"value": "d9f58167a9a22bd1fa9aa0f991aeaf11"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639796",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59aefae2-d99c-4ec2-a3fe-0eb902de0b81",
|
||
|
"value": "e991936e09697de8495d05b484f3a3e2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: e991936e09697de8495d05b484f3a3e2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-f0d4-4a0a-8314-4de602de0b81",
|
||
|
"value": "7a16129c5f35e9f4accaa1f37416a9447310139022b5eb2de4e5661baf236368"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: e991936e09697de8495d05b484f3a3e2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-fb00-47a9-b316-4f3d02de0b81",
|
||
|
"value": "acc4258962bc3a79fe323006e233b3d842d5a51c"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: e991936e09697de8495d05b484f3a3e2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-8cb8-43f2-89c6-40a302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7a16129c5f35e9f4accaa1f37416a9447310139022b5eb2de4e5661baf236368/analysis/1503475408/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: d9f58167a9a22bd1fa9aa0f991aeaf11",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-ee00-4a8b-9215-4d7902de0b81",
|
||
|
"value": "0e7cdb0ecbe4003cf3ebc95ff442c3a54e9c40459d678d47a0da057f78b0d113"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: d9f58167a9a22bd1fa9aa0f991aeaf11",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-f3bc-4103-b389-45e202de0b81",
|
||
|
"value": "8ee7c3c754dc5780ae8203abd2658190819ba379"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: d9f58167a9a22bd1fa9aa0f991aeaf11",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-a25c-416f-92e3-49be02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0e7cdb0ecbe4003cf3ebc95ff442c3a54e9c40459d678d47a0da057f78b0d113/analysis/1504014536/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: cb01e3a0799d4c318f74e439cce0413f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-9644-402a-a8e1-485b02de0b81",
|
||
|
"value": "a7af1cf95f4578da0c29bfcacabaa7df3bc621021bfb2dee8a58a5d239a943c6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: cb01e3a0799d4c318f74e439cce0413f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-9d50-42d9-9efe-42d702de0b81",
|
||
|
"value": "060dbc37943ddc01f542018d71a99a3a6da324fd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: cb01e3a0799d4c318f74e439cce0413f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-e3e4-4e5c-9243-4acd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a7af1cf95f4578da0c29bfcacabaa7df3bc621021bfb2dee8a58a5d239a943c6/analysis/1504014536/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 4762b90c0305a2681ce42b9d05b9e741",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-2970-40be-8c32-4f4d02de0b81",
|
||
|
"value": "8f4d621b6abfd26401615a46f8feb0d04ca9bdcc126eb5bdde943c1d968e39f2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 4762b90c0305a2681ce42b9d05b9e741",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-866c-484a-9825-4f5102de0b81",
|
||
|
"value": "868fe05d78ecfede53fdbbc9fb0a30bef84a30b4"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 4762b90c0305a2681ce42b9d05b9e741",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-4e0c-493e-9988-46c602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8f4d621b6abfd26401615a46f8feb0d04ca9bdcc126eb5bdde943c1d968e39f2/analysis/1504320295/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 443831a3057e9a62455d4bd3c7e04144",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-d6c8-4a6e-9059-45eb02de0b81",
|
||
|
"value": "b147e3debbe54d11c9ac2c642006dc9dafa0d0036728168b4e173e43aafeade7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 443831a3057e9a62455d4bd3c7e04144",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-67dc-4417-99a3-4e4402de0b81",
|
||
|
"value": "b2f6649f634714eb5fec05749b1769ab2867d3a8"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 443831a3057e9a62455d4bd3c7e04144",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-f828-4e71-b3f8-4dd902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b147e3debbe54d11c9ac2c642006dc9dafa0d0036728168b4e173e43aafeade7/analysis/1504014536/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 4042c27f082f48e253be66528938640c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-d4a0-46f6-bf0e-4d8d02de0b81",
|
||
|
"value": "8098926bf0da54a981e4e85f8b691bf2acb2dcc1edaab5d83d3efd92738fa80c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 4042c27f082f48e253be66528938640c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-b17c-4ed8-9f9c-4c3502de0b81",
|
||
|
"value": "bca0ab998214e62b9d15bf75015de666b0d82c70"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 4042c27f082f48e253be66528938640c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-d468-4d3e-9a07-401602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8098926bf0da54a981e4e85f8b691bf2acb2dcc1edaab5d83d3efd92738fa80c/analysis/1504014536/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 2362e3bebad1089ddfe40c8996b0bf45",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-1568-459f-86d0-4ab602de0b81",
|
||
|
"value": "f79093f65778e5d558a2a5291f93e623bfacfc00389b8a69b7ec8619380aa499"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 2362e3bebad1089ddfe40c8996b0bf45",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-b9a0-424c-a9db-406902de0b81",
|
||
|
"value": "3c50550c5eaa030b61fcdca1c78b26b42bb47b09"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 2362e3bebad1089ddfe40c8996b0bf45",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-b770-4ded-8d14-489b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f79093f65778e5d558a2a5291f93e623bfacfc00389b8a69b7ec8619380aa499/analysis/1504014535/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 05846839daa851006b119a2b4f9687bf",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-2e58-4c10-ad26-404302de0b81",
|
||
|
"value": "40c51de912ebe1f1ceccb3aeff18cb07d584a93228a47f006400c1b695e1eca1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 05846839daa851006b119a2b4f9687bf",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-633c-4b9b-a246-4d4102de0b81",
|
||
|
"value": "e3104fd17c31ac835e3b3d1216e208ed64d26d93"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 05846839daa851006b119a2b4f9687bf",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-2098-4f71-81d3-408902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/40c51de912ebe1f1ceccb3aeff18cb07d584a93228a47f006400c1b695e1eca1/analysis/1504014535/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 629a4d2b79abe48fb21afd625f674354",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-2b4c-4e36-9392-411502de0b81",
|
||
|
"value": "87f3441f1007279756478cbc5bbf4178df1d1bc455210f43180e5131735203f8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 629a4d2b79abe48fb21afd625f674354",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-e4c0-44df-baa3-479a02de0b81",
|
||
|
"value": "dc0d140b4a8e823176c4896c1168156356a41865"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 629a4d2b79abe48fb21afd625f674354",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-8f5c-4d62-a369-45a002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/87f3441f1007279756478cbc5bbf4178df1d1bc455210f43180e5131735203f8/analysis/1504014535/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 7040b5ac432064780a17024ab0a3792a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-d318-43b2-b91a-483702de0b81",
|
||
|
"value": "377c3fe07774a907ad759062845b2848ce39395661e9931d6f838d4c6614d552"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 7040b5ac432064780a17024ab0a3792a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-25ac-49de-b616-4f0902de0b81",
|
||
|
"value": "714e45d0ed4cd5e9684b325fad49eb00b5757221"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 7040b5ac432064780a17024ab0a3792a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-8524-4252-8631-419002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/377c3fe07774a907ad759062845b2848ce39395661e9931d6f838d4c6614d552/analysis/1504014535/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 2fa18456e14bea53ec0d7c898d94043b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-3064-49fc-978b-47e702de0b81",
|
||
|
"value": "70221154c553623d38f701d42bf5d595db6e3a8784d9f32cf6bb28171df8bf3b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 2fa18456e14bea53ec0d7c898d94043b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-9554-42b7-b084-4ad102de0b81",
|
||
|
"value": "a932be7bc82ad4f9b1e7d4274d028c807b50c92c"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 2fa18456e14bea53ec0d7c898d94043b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-a38c-4351-afa1-476002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/70221154c553623d38f701d42bf5d595db6e3a8784d9f32cf6bb28171df8bf3b/analysis/1504014535/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 380356b8297893b4fc9273d42f15e9db",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-1f24-471d-ba7f-4d5f02de0b81",
|
||
|
"value": "5716fa21b2ab01d8d4ef8be1928e3c356926c04e00774158c04f75b30a1e1bfd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Modules - Xchecked via VT: 380356b8297893b4fc9273d42f15e9db",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-194c-42ac-8750-428a02de0b81",
|
||
|
"value": "1939c496b0e207e028e84f4e85b6db40dd27200c"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Modules - Xchecked via VT: 380356b8297893b4fc9273d42f15e9db",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-b550-4d64-a3e3-4cf202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5716fa21b2ab01d8d4ef8be1928e3c356926c04e00774158c04f75b30a1e1bfd/analysis/1504014535/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Main body - Xchecked via VT: fe9a46cefdb41095f10d459bb9943682",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-9d80-4b44-8f1b-4bfc02de0b81",
|
||
|
"value": "19dbf37c77a28c86add5339ac4e8ed93e51651f338fe6fec4e90d5c0b161359c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Main body - Xchecked via VT: fe9a46cefdb41095f10d459bb9943682",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-d7b8-4eac-b31f-425202de0b81",
|
||
|
"value": "1dd977c83f6e9e82690136be0f32c9a000c4330a"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Main body - Xchecked via VT: fe9a46cefdb41095f10d459bb9943682",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-be2c-41c2-9009-460202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/19dbf37c77a28c86add5339ac4e8ed93e51651f338fe6fec4e90d5c0b161359c/analysis/1503388862/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: 86d7d3b50e4dc4181c28ccbaafb89ab3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-41d4-436f-abe2-45b902de0b81",
|
||
|
"value": "29aae4417fc8cccaeb4617c6ac4e981a2c9f182e6b57f6dd23f05f665408de3f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: 86d7d3b50e4dc4181c28ccbaafb89ab3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-5240-4f5e-a3e8-4e6502de0b81",
|
||
|
"value": "c32a11cb28627eee2eba0c100d0e9c72fed90259"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Droppers - Xchecked via VT: 86d7d3b50e4dc4181c28ccbaafb89ab3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-9cd8-473d-8d44-4c5202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/29aae4417fc8cccaeb4617c6ac4e981a2c9f182e6b57f6dd23f05f665408de3f/analysis/1504523159/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: bccd77cf0269da7dc914885cda626c6c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-54fc-4ac9-a599-4cb202de0b81",
|
||
|
"value": "bdd7aa8f4e33c4b3c3c137ed782824f271a947bf60fc0dba8a2fb2c65da5e08e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: bccd77cf0269da7dc914885cda626c6c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-2194-4a15-8703-404b02de0b81",
|
||
|
"value": "5af94b0339ab19c928868bab4cadb37a1a31dee8"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Droppers - Xchecked via VT: bccd77cf0269da7dc914885cda626c6c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-9ee0-4375-bfb6-4f9402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bdd7aa8f4e33c4b3c3c137ed782824f271a947bf60fc0dba8a2fb2c65da5e08e/analysis/1504014534/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: e584c6e999a509ac21583d9543492ef4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-7e9c-4fb7-b002-441702de0b81",
|
||
|
"value": "af075c48c9f08ac213428391eb114bdff3728d6dbc80a4b7c716a7d07e307f36"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: e584c6e999a509ac21583d9543492ef4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-8ec8-4dba-8952-4b3402de0b81",
|
||
|
"value": "a571d02432fb580424f19ed4ed908eb43e0b11ff"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Droppers - Xchecked via VT: e584c6e999a509ac21583d9543492ef4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-0e6c-4abc-95be-451a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/af075c48c9f08ac213428391eb114bdff3728d6dbc80a4b7c716a7d07e307f36/analysis/1499844684/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: c989d501460a8e8e381b81b807ccbe90",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59aefb35-c074-4f61-9f9a-428702de0b81",
|
||
|
"value": "a57c77e5484ad669c30b9b10bb2880fd6dfa7a6b13a51d40625df935648ab35d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Droppers - Xchecked via VT: c989d501460a8e8e381b81b807ccbe90",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59aefb35-36b8-4391-8943-466c02de0b81",
|
||
|
"value": "4db730976f7f1d28644214e6a2850be28110b1d5"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Droppers - Xchecked via VT: c989d501460a8e8e381b81b807ccbe90",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504639797",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59aefb35-d790-42c4-8efd-4b7402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a57c77e5484ad669c30b9b10bb2880fd6dfa7a6b13a51d40625df935648ab35d/analysis/1500747149/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|