1365 lines
49 KiB
JSON
1365 lines
49 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-08-23",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Votiro Labs exposed a new hacking campaign targeting Vietnamese organisations using weaponized Word documents",
|
||
|
"publish_timestamp": "1504871101",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1504870956",
|
||
|
"uuid": "59b23be2-f440-4083-85d5-4e35950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b23c1c-ab7c-4add-8969-46f3950d210f",
|
||
|
"value": "https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-campaign-targeting-Vietnamese-organisations-using-a-weaponized-Word-documents",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": false,
|
||
|
"type": "comment",
|
||
|
"uuid": "59b23c2a-9474-463b-8006-4e80950d210f",
|
||
|
"value": "Over the last few weeks, we collaborated with ClearSky and uncovered several indicators that were researched and found to be related to a new hacking campaign targeting large Vietnamese organisations. This campaign was found to be connected to the same party which previously targeted Vietnam Airlines and some other high profile targets possibly led by the Chinese 1937CN group. In this post we will review the research results of Votiro Labs and ClearSky, the weaponized documents and campaign infrastructure.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23cc0-d194-41aa-b82e-4fe5950d210f",
|
||
|
"value": "2017_08_03_Th\u00c3\u00b4ng b\u00c3\u00a1o t\u00e1\u00bb\u2022 ch\u00e1\u00bb\u00a9c thi \u00c4\u2018\u00e1\u00ba\u00a5u m\u00c3\u00b4n Tennis v\u00c3\u00a0 b\u00c3\u00b3ng b\u00c3\u00a0n gi\u00e1\u00ba\u00a3i C\u00c4\u0090TTTT.doc|58c4d4e0aaefe4c5493243c877bbbe74"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23cc0-42e0-4478-ac9e-41ae950d210f",
|
||
|
"value": "517_CV-DU 10.8 sao gui CV 950-CV-BTCTW 18.5 sao g\u00e1\u00bb\u00adi v\u00c4\u0192n b\u00e1\u00ba\u00a3n x\u00c3\u00a1c \u00c4\u2018\u00e1\u00bb\u2039nh t\u00c6\u00b0\u00c6\u00a1ng \u00c4\u2018\u00c6\u00b0\u00c6\u00a1ng tr\u00c3\u00acnh \u00c4\u2018\u00e1\u00bb\u2122 cao c\u00e1\u00ba\u00a5p l\u00c3\u00bd lu\u00e1\u00ba\u00adn ch\u00c3\u00adnh tr\u00e1\u00bb\u2039.doc|b147314203f74fdda266805cf6f84876"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23cc0-eb50-4ea4-9e20-48d8950d210f",
|
||
|
"value": "Goopdate.dll|c3e9c9e99ed1b1116aaa9f93a36824ff"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b23ce7-0250-47c5-808e-475c950d210f",
|
||
|
"value": "https://www.virustotal.com/en/file/9cebae97a067cd7c2be50d7fd8afe5e9cf935c11914a1ab5ff59e91c1e7e5fc4/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-16a4-4ad7-8b42-4426950d210f",
|
||
|
"value": "hanoi.danang.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-f6f8-4296-bef9-469c950d210f",
|
||
|
"value": "dalat.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "59b23d33-2590-4f0d-af24-4c89950d210f",
|
||
|
"value": "hanoi.dulichovietnam.net\u00d7\u201c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-da18-447d-9a6a-4d5c950d210f",
|
||
|
"value": "danang.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-f7f4-4253-9cda-4f4e950d210f",
|
||
|
"value": "dalat.hanoi.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-99fc-4437-9681-4dc2950d210f",
|
||
|
"value": "hanoi.hanoi.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-0468-4ef9-bb77-490f950d210f",
|
||
|
"value": "danang.danang.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-d5a4-4540-a35f-4145950d210f",
|
||
|
"value": "danang.dalat.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-80a8-4743-8f36-47f8950d210f",
|
||
|
"value": "danang.hanoi.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-2f94-486f-810b-4f94950d210f",
|
||
|
"value": "dalat.dalat.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23d33-9f9c-458e-bd02-40c8950d210f",
|
||
|
"value": "hanoi.dalat.dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dulichovietnam.net subdomain",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "59b23d33-8874-482d-ba15-42ad950d210f",
|
||
|
"value": "dulichovietnam.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59b23daf-d7b0-4780-9824-4f09950d210f",
|
||
|
"value": "209.58.179.202"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59b23db0-3ae8-449a-ad09-4755950d210f",
|
||
|
"value": "209.58.176.46"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59b23db0-361c-4b3d-b79f-44b5950d210f",
|
||
|
"value": "188.42.254.112"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59b23db0-8298-4fad-b3a0-455a950d210f",
|
||
|
"value": "66.154.125.145"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59b23db0-f87c-463e-8e92-4142950d210f",
|
||
|
"value": "176.223.165.165"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59b23db0-2e50-4c4b-be11-449b950d210f",
|
||
|
"value": "60.251.29.40"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-a6b0-4af8-bc8f-42e1950d210f",
|
||
|
"value": "anh.phimhainhat.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-76b0-45b6-8bea-413d950d210f",
|
||
|
"value": "data.dcsvn.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-c388-48b7-8b7d-4431950d210f",
|
||
|
"value": "data.phimnoi.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-516c-48b3-9a7a-4364950d210f",
|
||
|
"value": "dav.thanhnlen.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-4264-46bc-a7c3-4f25950d210f",
|
||
|
"value": "home.phimnoi.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-704c-48b0-8f60-4d80950d210f",
|
||
|
"value": "home.vietnamplos.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-51a4-47ce-bae3-4bb7950d210f",
|
||
|
"value": "login.phimhainhat.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-b254-48bf-ad72-4028950d210f",
|
||
|
"value": "login.phimnoi.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-8af0-44cf-81af-4f24950d210f",
|
||
|
"value": "my.phimhainhat.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-2570-4f52-8905-4528950d210f",
|
||
|
"value": "news.phapluats.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-83c8-4e79-8a9c-41ea950d210f",
|
||
|
"value": "news.vietnannet.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59b23dbd-3298-4bf1-b083-4a9f950d210f",
|
||
|
"value": "vietnam.phimhainhat.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "59b23dd3-90f8-407d-ad0f-4ee2950d210f",
|
||
|
"value": "dcsvn.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2c-b950-4e65-87c1-4c8b950d210f",
|
||
|
"value": "17_CV-DU 10.8 sao gui CV 950-CV-BTCTW 18.5 sao g\u00e1\u00bb\u00adi v\u00c4\u0192n b\u00e1\u00ba\u00a3n x\u00c3\u00a1c \u00c4\u2018\u00e1\u00bb\u2039nh t\u00c6\u00b0\u00c6\u00a1ng \u00c4\u2018\u00c6\u00b0\u00c6\u00a1ng tr\u00c3\u00acnh \u00c4\u2018\u00e1\u00bb\u2122 cao c\u00e1\u00ba\u00a5p l\u00c3\u00bd lu\u00e1\u00ba\u00adn ch\u00c3\u00adnh tr\u00e1\u00bb\u2039.doc|b147314203f74fdda266805cf6f84876"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-c0b8-4fa9-bb9c-4b47950d210f",
|
||
|
"value": "2017_08_03_Thng bo t chc thi u mn Tennis v bng bn gii CTTTT.doc|58c4d4e0aaefe4c5493243c877bbbe74"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-6360-49ba-8f4d-40f3950d210f",
|
||
|
"value": "Kim Jong Un lm Bc Kinh mt n, mt ng .doc|3975c3ae679aff3e0d0db5622b6c31a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-6358-4119-a390-4a8a950d210f",
|
||
|
"value": "KS_ATTT_2017.doc|a64264e872f551b0b0140603293c24c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-d888-4146-a8bd-4f3e950d210f",
|
||
|
"value": "nhatdoinhatlo(TOAN VAN).doc|4965b96bef1353006008d55e178e72b0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-d240-42bb-8c43-48ec950d210f",
|
||
|
"value": "K hoch kim tra kho st Quyt nh 221 - BBT.doc|2cb51010abee4dee8aec5e16f2982e8f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-207c-4334-83ad-40de950d210f",
|
||
|
"value": "XY DNG PHONG CCH NGI CNG AN NHN DN.doc, BC.doc|b5e473936d325b79d463e9f46602254b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-3eec-457a-affd-4a73950d210f",
|
||
|
"value": "Biu mu kim tra, gim st- nm 2017(s dng ti cc chi b).doc|e58c41231eeba4952c03038d585ecca3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-8ad0-4ca6-ab40-4cb0950d210f",
|
||
|
"value": "Tai Liu Phong Chng DBHB.doc|9fab515721ce1123e065497e6c854fd3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-0e90-4e06-9ec1-417d950d210f",
|
||
|
"value": "m bo an ton APEC 2017.doc|0f1d8c43863231a3fe86c62894aa48e4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-982c-43a4-858d-4e83950d210f",
|
||
|
"value": "Gii thiu cng ty Huawei.doc|cd718baf0ec7284769c8f65dadde8bae"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-89f0-49b0-9161-4fe4950d210f",
|
||
|
"value": "Gioi Thieu Alibaba Group in VN Dec 2016.doc|7a618059557654214a1ba2370a48b887"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-1dd8-427d-850d-4bef950d210f",
|
||
|
"value": "De tai cuong quoc bien TQ.doc|6b44a8f4dcd0802a2cb6275d97362fb2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-d5f0-4df2-8add-4e02950d210f",
|
||
|
"value": "Bo co cho cuc gp tng b th thng 1 nm 2017.doc|7a95abdf426144aa5305f1a59247f9aa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-9b50-48ac-ae5c-4bb2950d210f",
|
||
|
"value": "Yu cu gi bi v bnh chn bi vit hay.doc|850172afad42dcfeb87af969f65759a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-0214-41cb-b9f3-44c1950d210f",
|
||
|
"value": "Chuyn giao quyn i din ch s hu vn nh nc v SCIC.doc|e27e1759081284db15da140132bbd79f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-b87c-4856-a19c-473c950d210f",
|
||
|
"value": "Gop y phieu ghi y kien.doc|e27026fdaa4c118b9dac9592a0ea2003"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-1c78-4200-b9c8-4ec5950d210f",
|
||
|
"value": "K hoch tng lng, ngh Tt nm 2017.doc|4e78b1b95056c188753a8f79b2a41f0f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-a20c-4827-8553-4b48950d210f",
|
||
|
"value": "Danh sch ngi Vit ti h s Panama.doc|f1a8aadb10a3c5c192b6d06d9699c276"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870950",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|md5",
|
||
|
"uuid": "59b23f2d-2564-41dd-b2b7-49fc950d210f",
|
||
|
"value": "danh sch ban CT.doc|46c522cba5ce9d837f983206441bbd5b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 46c522cba5ce9d837f983206441bbd5b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-1bd0-4a00-9eb7-4e3a02de0b81",
|
||
|
"value": "c5042912272a2977577ee41c5d5d747cbc39b68df4dfe44fbf79c6184ab11896"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 46c522cba5ce9d837f983206441bbd5b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-64fc-42f7-8dd9-48d702de0b81",
|
||
|
"value": "7c2ac162878f05e5c49f2c4d9cc34ad945803d7d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 46c522cba5ce9d837f983206441bbd5b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-3894-4a03-b7c1-49f902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c5042912272a2977577ee41c5d5d747cbc39b68df4dfe44fbf79c6184ab11896/analysis/1503607934/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: f1a8aadb10a3c5c192b6d06d9699c276",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-c578-4a2e-a9ee-4c6c02de0b81",
|
||
|
"value": "52638a6f90084dc547c8b701bb0cbf7b7e7bb0bf3fecdb1809e37e45b4af8c37"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: f1a8aadb10a3c5c192b6d06d9699c276",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-bd24-40d1-97a3-44f102de0b81",
|
||
|
"value": "9b5be449e9191c079a78cef33c1f6cd2802b9895"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: f1a8aadb10a3c5c192b6d06d9699c276",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-d85c-4929-92e8-41ec02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/52638a6f90084dc547c8b701bb0cbf7b7e7bb0bf3fecdb1809e37e45b4af8c37/analysis/1503607934/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 4e78b1b95056c188753a8f79b2a41f0f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-49a8-4e88-87cf-4acc02de0b81",
|
||
|
"value": "9eee7f6ab649d60485eaaf042a4830ba19a8fc6731b3c2b58f7ac94dc7f5d150"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 4e78b1b95056c188753a8f79b2a41f0f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-c7d8-4de1-8e6a-440202de0b81",
|
||
|
"value": "95ee6071cf8dde4861e68e28d05acf444491e66e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 4e78b1b95056c188753a8f79b2a41f0f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-ca2c-4ff9-b544-4fd602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9eee7f6ab649d60485eaaf042a4830ba19a8fc6731b3c2b58f7ac94dc7f5d150/analysis/1503607934/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: e27026fdaa4c118b9dac9592a0ea2003",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-489c-49df-9311-417502de0b81",
|
||
|
"value": "54285d3db6cee82ee40f512ff123661b158e2f621e08707320619413f1b69cec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: e27026fdaa4c118b9dac9592a0ea2003",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-b640-4636-aff3-413e02de0b81",
|
||
|
"value": "ab479fbd7e25b32f4e04b262816a5886be3f5cd7"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: e27026fdaa4c118b9dac9592a0ea2003",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-88d0-403f-a374-4c0f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/54285d3db6cee82ee40f512ff123661b158e2f621e08707320619413f1b69cec/analysis/1503607933/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: e27e1759081284db15da140132bbd79f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-2dac-4768-97cc-4d7802de0b81",
|
||
|
"value": "4d1d2b2df13c47cd0dddfee035191ec31a87e9e1e203290da47aa5d945c158d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: e27e1759081284db15da140132bbd79f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-77e8-4ca0-8f2f-4a1c02de0b81",
|
||
|
"value": "b5b9bcebb4fd64572b96714a16dae67d80d2dc19"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: e27e1759081284db15da140132bbd79f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-3ec0-432d-b0cf-418602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d1d2b2df13c47cd0dddfee035191ec31a87e9e1e203290da47aa5d945c158d0/analysis/1503607933/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 850172afad42dcfeb87af969f65759a6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-7768-4ca9-9b7c-48c002de0b81",
|
||
|
"value": "f830b1331f1f49dea56fc1198115b779bc8e24d883e3fb2caa080e80601d0211"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 850172afad42dcfeb87af969f65759a6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-83c8-4ad8-adfa-4eec02de0b81",
|
||
|
"value": "93e5aa15d65b39bd4ba1c52d9d5e47df35a56015"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 850172afad42dcfeb87af969f65759a6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-7b10-41f9-a474-4fa702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f830b1331f1f49dea56fc1198115b779bc8e24d883e3fb2caa080e80601d0211/analysis/1503607933/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 7a95abdf426144aa5305f1a59247f9aa",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-c7a4-4116-a5c1-4a7a02de0b81",
|
||
|
"value": "efb14d8b1f30b4e9969cffb289929ed84b8e9208ce832d5945ad59ea4d8f3ae3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 7a95abdf426144aa5305f1a59247f9aa",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-b5b0-41da-bccb-450c02de0b81",
|
||
|
"value": "c31b516aaadf2bc5c82f339ba9979c45c3256217"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 7a95abdf426144aa5305f1a59247f9aa",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-51f4-4740-b91f-487d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/efb14d8b1f30b4e9969cffb289929ed84b8e9208ce832d5945ad59ea4d8f3ae3/analysis/1503607932/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 6b44a8f4dcd0802a2cb6275d97362fb2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-d790-4e24-9d0f-498102de0b81",
|
||
|
"value": "e8181f199706e0f1c2158b1a0d16d2a899a1e5caf012554fbd9a7a6faca0dff6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 6b44a8f4dcd0802a2cb6275d97362fb2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-2e70-4d38-baf7-4f8202de0b81",
|
||
|
"value": "3613b7e444986f07c38116d2e610b54c85863ffe"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 6b44a8f4dcd0802a2cb6275d97362fb2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-87e8-491e-b205-4cad02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e8181f199706e0f1c2158b1a0d16d2a899a1e5caf012554fbd9a7a6faca0dff6/analysis/1503607932/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 7a618059557654214a1ba2370a48b887",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-4728-4062-942d-4bca02de0b81",
|
||
|
"value": "862e8a52d07df75f75a21785999bc2a2ad4b6816cadb0bb853dba0415903726c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 7a618059557654214a1ba2370a48b887",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-b2d8-4694-90d6-4fbe02de0b81",
|
||
|
"value": "8614940ee0d7ae2cc11eaccb6eafe380b598c409"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 7a618059557654214a1ba2370a48b887",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-b768-469b-aaca-4aac02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/862e8a52d07df75f75a21785999bc2a2ad4b6816cadb0bb853dba0415903726c/analysis/1494033988/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: cd718baf0ec7284769c8f65dadde8bae",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-0c0c-4ac0-9351-409402de0b81",
|
||
|
"value": "1e072e0153fe964a3699b6f8f183d70a33774199af0ff1f971a5f1dc0008bcba"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: cd718baf0ec7284769c8f65dadde8bae",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-790c-41f5-8b37-430a02de0b81",
|
||
|
"value": "d0df24da6237009c8c10ba6a9b77d82fb30a8eeb"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: cd718baf0ec7284769c8f65dadde8bae",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-487c-43b5-be94-4bcb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1e072e0153fe964a3699b6f8f183d70a33774199af0ff1f971a5f1dc0008bcba/analysis/1503607932/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 0f1d8c43863231a3fe86c62894aa48e4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-ebec-453b-b977-489502de0b81",
|
||
|
"value": "099627735a52b6998d820fa89adfb110d30dd586b3bafff55be2a4fce6f7d5ee"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 0f1d8c43863231a3fe86c62894aa48e4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-4b1c-41de-a994-4c9302de0b81",
|
||
|
"value": "79d6b55f271f1d38ec3d9074295afa9b41f2154d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 0f1d8c43863231a3fe86c62894aa48e4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-8ae8-406a-b60b-449a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/099627735a52b6998d820fa89adfb110d30dd586b3bafff55be2a4fce6f7d5ee/analysis/1492670051/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 9fab515721ce1123e065497e6c854fd3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-91f4-4f14-bffa-461402de0b81",
|
||
|
"value": "2c531ed13fb12dbd649dcfbf56a41a7e530040943b69322c7f15cec4ddab78df"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 9fab515721ce1123e065497e6c854fd3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-5d7c-45ac-ad95-458602de0b81",
|
||
|
"value": "d7589920f5f88ab49568b06e796059979176b6bd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 9fab515721ce1123e065497e6c854fd3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-d698-423d-967e-4ce802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2c531ed13fb12dbd649dcfbf56a41a7e530040943b69322c7f15cec4ddab78df/analysis/1493601780/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: e58c41231eeba4952c03038d585ecca3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-07d4-4785-a161-474b02de0b81",
|
||
|
"value": "9587fc6d04090991402e4ebdecc78326c982fd2535012afa5539fa1568b8f7a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: e58c41231eeba4952c03038d585ecca3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-13f4-495f-9729-4fb002de0b81",
|
||
|
"value": "2b27ca2365a67fa35e5888c472105280081edcab"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: e58c41231eeba4952c03038d585ecca3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-7e38-45b2-a53a-4bfa02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9587fc6d04090991402e4ebdecc78326c982fd2535012afa5539fa1568b8f7a0/analysis/1493429244/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: b5e473936d325b79d463e9f46602254b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-bf14-4971-93b1-4c9302de0b81",
|
||
|
"value": "a502b4ad425feabc0d68a994628956ae235cc6be2de86446137dfcc13ec8ab6a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: b5e473936d325b79d463e9f46602254b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-99fc-46ee-bf42-457c02de0b81",
|
||
|
"value": "02227ab65f98be405407273cbb291480630c090e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: b5e473936d325b79d463e9f46602254b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-09b8-47a3-a5b4-4a8302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a502b4ad425feabc0d68a994628956ae235cc6be2de86446137dfcc13ec8ab6a/analysis/1493429421/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 2cb51010abee4dee8aec5e16f2982e8f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-564c-4ffa-9632-40d302de0b81",
|
||
|
"value": "2718e266802959ff3930188e4796ae4661cbb79c5249691d2a8ffbbf9e2c7e2a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 2cb51010abee4dee8aec5e16f2982e8f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-7dc4-4847-bb7a-46a402de0b81",
|
||
|
"value": "943b771e002a2431a160ece7afd559ad000aa679"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 2cb51010abee4dee8aec5e16f2982e8f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-3178-480a-a988-421502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2718e266802959ff3930188e4796ae4661cbb79c5249691d2a8ffbbf9e2c7e2a/analysis/1494376965/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 4965b96bef1353006008d55e178e72b0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-989c-4a09-8a50-451602de0b81",
|
||
|
"value": "f5c0c928eeea0ab0f5d33b91e5b81e1ea1ea04bb1abd9a0d213c67763dcbdc4c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 4965b96bef1353006008d55e178e72b0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-087c-4552-8b1e-4a6402de0b81",
|
||
|
"value": "940b7e7f2a0da6a94d991239d2116b4fea5cb0be"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 4965b96bef1353006008d55e178e72b0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-5830-4260-801c-415f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f5c0c928eeea0ab0f5d33b91e5b81e1ea1ea04bb1abd9a0d213c67763dcbdc4c/analysis/1495848754/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: a64264e872f551b0b0140603293c24c7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-b91c-4a4e-b633-419a02de0b81",
|
||
|
"value": "4fe949b7834e2ed7abdda6583b9dd97c232aeb5cc403ec9d0beb576f7ca3cec8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: a64264e872f551b0b0140603293c24c7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-eee4-467f-89d8-4f3e02de0b81",
|
||
|
"value": "ffeff0b7fa768d28fd4f8f740fb5bae1f327e20b"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: a64264e872f551b0b0140603293c24c7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-b35c-426d-8612-45aa02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4fe949b7834e2ed7abdda6583b9dd97c232aeb5cc403ec9d0beb576f7ca3cec8/analysis/1497498716/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 3975c3ae679aff3e0d0db5622b6c31a5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-191c-4bca-aa92-469502de0b81",
|
||
|
"value": "6ebdd1bc7c99fd0a123618f008aa49f766da9d2fd239033995e34a21a82753f7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 3975c3ae679aff3e0d0db5622b6c31a5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-21ac-4633-9e1a-4cdb02de0b81",
|
||
|
"value": "2a573176724b918ba073cae197b5e08a28f80507"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 3975c3ae679aff3e0d0db5622b6c31a5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-3d24-49fd-ad90-4db002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6ebdd1bc7c99fd0a123618f008aa49f766da9d2fd239033995e34a21a82753f7/analysis/1495206672/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 58c4d4e0aaefe4c5493243c877bbbe74",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-51bc-4037-a99c-465302de0b81",
|
||
|
"value": "f6a4bab7d5664d7802f1007daa04ae71e0e2b829cd06faa9b93a465546837eb4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: 58c4d4e0aaefe4c5493243c877bbbe74",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-c578-42ee-bf7f-44ac02de0b81",
|
||
|
"value": "0ef1f16d230ea2f5908948f852e81812faa66383"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 58c4d4e0aaefe4c5493243c877bbbe74",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-1650-419b-9f6a-4d7302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f6a4bab7d5664d7802f1007daa04ae71e0e2b829cd06faa9b93a465546837eb4/analysis/1504774170/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: b147314203f74fdda266805cf6f84876",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-e21c-4b0a-aa16-42c402de0b81",
|
||
|
"value": "5bdbf536e12c9150d15ae4af2d825ff2ec432d5147b0c3404c5d24655d9ebe52"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: b147314203f74fdda266805cf6f84876",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-6624-4757-8f2e-4c1602de0b81",
|
||
|
"value": "71307676b576e674e0a1f02d2366b1722b02a018"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: b147314203f74fdda266805cf6f84876",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-c3c4-4814-9b0a-40ef02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5bdbf536e12c9150d15ae4af2d825ff2ec432d5147b0c3404c5d24655d9ebe52/analysis/1504774081/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: c3e9c9e99ed1b1116aaa9f93a36824ff",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59b28227-0224-4874-9d84-450502de0b81",
|
||
|
"value": "9cebae97a067cd7c2be50d7fd8afe5e9cf935c11914a1ab5ff59e91c1e7e5fc4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: c3e9c9e99ed1b1116aaa9f93a36824ff",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59b28227-7ff0-45e2-a605-4ed802de0b81",
|
||
|
"value": "e37fe6d35dbe6b3a3a381e10db880a6048ef0c0d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: c3e9c9e99ed1b1116aaa9f93a36824ff",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1504870951",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59b28227-0e64-4103-8bac-42ae02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9cebae97a067cd7c2be50d7fd8afe5e9cf935c11914a1ab5ff59e91c1e7e5fc4/analysis/1504741754/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|