1515 lines
159 KiB
JSON
1515 lines
159 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-09-28",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Threat Actors Target Government of Belarus Using CMSTAR Trojan",
|
||
|
"publish_timestamp": "1506630336",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1506630312",
|
||
|
"uuid": "59cd5875-aac8-4787-9757-46fa02de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#075600",
|
||
|
"name": "misp-galaxy:tool=\"CMStar\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd589b-eae0-40fa-89b6-1fad02de0b81",
|
||
|
"value": "https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "59cd58c6-ec80-4dd3-8a1d-48c202de0b81",
|
||
|
"value": "Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus.\r\n\r\nWe first reported on CMSTAR in spear phishing attacks in spring of 2015 and later in 2016.\r\n\r\nIn this latest campaign. we observed a total of 20 unique emails between June and August of this year that included two new variants of the CMSTAR Downloader. We also discovered two previously unknown payloads. These payloads contained backdoors that we have named BYEBY and PYLOT respectively."
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"data": "iVBORw0KGgoAAAANSUhEUgAAA80AAAIUCAYAAAAg8M6mAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAXEgAAFxIBZ5/SUgAAQABJREFUeAHsnQecFOX9/5d2R28WmgUBRaUXNXZi+xt7YrD+TDR2jb0bC6LYe4u9R40t9hoVKzaKFBVFRFRAEZTeDvi/P+vMZVh273bvdvfudj/P6/XlKfPMU95z7MxnnjKxmJ0JmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJmIAJZEKgXiaZndcETMAETKBWEyjt169f1+XLl3erX79+W6wRrS3Y3/kVK1asxCaPHTv2LfpZVquvjBtnAiZgAiZgAiZQZwkU7MNUnb0ibrgJmIAJVIFAr169ujRs2HAwpw7CemHt6tWr1xDhTLAw3cqVK2OI5gn07hL6+eTIkSOXFWZP3SsTMAETMAETMIGaJNCwJit33SZgAiZgAtUnwOjyQATyaZT0R8RjqcRk6KLhMK2QfPrbgz5ejHhWt57APOJcSBfYfTEBEzABEzCBWkDAI8214CK4CSZgAiZQVQJ9+/bdEOF4PucfqJFllSOhjM0mvkBRpRWga0z/1g77RX/HSjyPHj36GdI84hyCsW8CJmACJmACJlBtAh5prjZCF2ACJmACNUagAYJ5H8TjPrQg/nuu6crYYwjI0aQvYcp2jTUuVxWzZlsvAlrTd70o2Jtwffze+EP79+/fYu7cuQ9PmjRpSa7qd7kmYAImYAImYALFRaDwnqaK6/q5tyZgAkVMoGfPnh3p/lYIxhaIZI0uf45dNWvWrMe+//77RYWOBoE8jz7uhpWqr3DYhBcG5zRr1mzhgAEDnvIaZ1GxMwETMAETMAETqC6Bwt0hprpkfL4JmIAJ1HICpaWlEs3rSzAjGCWaX2IU9tliEMy6NA0aNJiBF1/MrLgcHDRd/R9w2G/QoEGNf0v1vyZgAiZgAiZgAiZQdQIWzVVn5zNNwARMoEYJMKraHKHcOmwE4S/GjRv3SxgvdJ/+r3YP08sDRHMv/Et+/fXX/+vRo0dJoXNw/0zABEzABEzABHJLYLUHjtxW59JNwARMwASyRQCRrLW8DcLyCC8Pw0Xog2PlCizedVh0RjyfyWj8Pt26dYtP3y5CJu6yCZiACZiACZhAFghYNGcBooswARMwgRokUPRfQUAga2r6r9jbXIdR2Eql4TbEhjZv3vzAzp07e6q2iNiZgAmYgAmYgAlkTMCiOWNkPsEETMAETKC2EUAka5T5Rewi7Au1T8IZ686I84Vt27bd22uca9tVc3tMwARMwARMoG4QsGiuG9fJrTQBEzABE6iYAPq43pJWrVq9yFrnSxDOo8ke3ySM9M6EL+ZTVAcgnJsTtjMBEzABEzABEzCBtAlYNKeNyhlNwARMwARqMwHEcf3hw4eXjRkz5lGE81CE8xjaG1/kzLENiV/yyy+/7Oep2rX5KrptJmACJmACJlD7CFg0175r4haZgAmYgAlUj8AKhPNzFHGFpmpj8dKYpt0J8Xx269at97Rwrh5gn20CJmACJmACxUTAormYrrb7agImYALFQ2B5y5Ytn0IwD6XL2hws7hDOGyKcL2Ma90EDBgxoGqbbNwETMAETMAETMIFUBCyaU5FxugmYgAmYQJ0moKnao0ePfrSsrOxSOjIeAR3fVRvR3BXxfNHy5csHe8S5Tl9iN94ETMAETMAE8kLAojkvmF2JCZiACZhATRHo3r3706xxvhKxPEFtwI8hmtdp0KDBuUzV3tfCuaaujOs1ARMwARMwgbpBwKK5blwnt9IETMAETKCKBB5//PHl3bp1e5iR5fMQzx+Fa5wpbiPE8zA+R3WIhXMV4fo0EzABEzABEygCAhbNRXCR3UUTMAETKHYCEs5sDvYMgvlqWGiqdhwJo87rEzirTZs2nqpd7H8k7r8JmIAJmIAJpCBg0ZwCjJNNwARMwARqPwEtU1YrAz8erqjVTMf+DyPOF5BfI87h56i6Ip6HsDnYEb17925W0fk+ZgImYAImYAImUHwELJqL75q7xyZgAiZQEASYar0csbsw0L7N8NtW1jFtDvbpp58+Q74h5B8ZnKt1zl2Yqn0W6Qess846TSorx8dNwARMwARMwASKh4BFc/Fca/fUBEzABAqKAEJ3AaL3G3UKwVuCN6Bfv36bptHJFeyq/TL59B3nMVh8xJkytDnY6WusscYBHnFOg6KzmIAJmIAJmECREGhQJP10N03ABEyg4Ai0b99e04r3xlphmqL87IwZM0YXXEdTdKhZs2ZlJSUlHen71mTR1OyO2Abt2rX7kVHonxcuXLgsSNexRIvB6su11177G87fCOtEHo04rwnHAQjoZZ06dfp0+vTpKsPOBEzABEzABEygiAk0LOK+u+smYAImYAJ1mMCkSZPmMSL8IkJ3D6wnQrcZYnlXRou7MsV6+rrrrru0ku6t4Hgptm40H+evw7rnUyjr144dOz46bdq0hdHjDpuACZiACZiACRQXAYvm4rre7q0JmIAJFBKBlbNnz/5kzTXX1I7YFyCaN0A8l0pAy9LpaDAzW6P0q2TXVG0SzmHUumSDDTb413vvvTdvlQyOmIAJmIAJmIAJFA0BT88umkvtjpqACRQagWKfnq3rOXfu3LLmzZt/UVpa+i3CtwNJayKY60kEM1KsLARTOx1PYipCU7W1sdjAsrKyuYw4j/dUbWjYmYAJmIAJmEAREvBIcxFedHfZBEzABAqJANO0l/To0eM5plWPxzZHIm9L/9ZF9JYSzrSrKzhH4rsbo80llNGe+JnEx2DvZlqY85uACZiACZiACdR9AhbNdf8augcmYAImUPQEJkyYoPXLEwcMGDB58eLFLzRt2rSEEeKMvxDBuSsbNWq0fsOGDc9CMO8j0Y2/Ln7roodsACZgAiZgAiZQpAQsmov0wrvbJmACJlCIBEaOHKndrmdXs2/T+/fv/z5l7BOUk/FwdTXr9+kmYAImYAImYAK1iEDGb+FrUdvdFBMwARMwARPIFYGyXBXsck3ABEzABEzABOoWAYvmunW93FoTMAETMIE8EGA6tr7rbGcCJmACJmACJmACMYtm/xGYgAmYgAmYgAmYgAmYgAmYgAmYQAoCFs0pwDjZBEzABEzABEzABEzABEzABEzABCya/TdgAiZgAiZgAiZgAiZgAiZgAiZgAikIWDSnAONkEzABEzABEzABEzABEzABEzABE7Bo9t+ACZiACZiACZiACZiACZiACZiACaQgYNGcAoyTTcAETMAETMAETMAETMAETMAETMCi2X8DJmACJmACJmACJmACJmACJmACJpCCgEVzCjBONgETMAETMAETMAETMAETMAETMAGLZv8NmIAJmIAJmIAJmIAJmIAJmIAJmEAKAhbNKcA42QRMwARMwARMwARMwARMwARMwAQsmv03YAImYAImYAImYAImYAImYAImYAIpCFg0pwDjZBMwAROoCwRWrlxZL9LOaDiS7KAJmIAJmIAJmIAJmEBVCVg0V5WczzMBEzCBGiawAlevXr0lNGMJ4nkpVlbDTXL1JmACJmACJmACJlBwBBoWXI/cIRMwARMoEgL169efilC+E+HcGp9o/fFF0nV30wRMwARMwARMwATyRsCiOW+oXZEJmIAJZJfAmDFjJnfu3PmGsrKyehp0njZtmkad7UzABEzABEzABEzABLJIwKI5izBdlAmYgAnkmcDyKVOmLM9zna7OBEzABEzABEzABIqKgEVzUV1ud9YETKAOE2jYp0+fdkzBbrV06dJGJSUldbgruWs6o+5a5z1/+fLlMydMmDA/dzW5ZBMwARMwARMwgWIhYNFcLFfa/TQBE6irBOr16NGja6NGjTZHDP6eTmyEYG5OuK72J6ftbtiw4VLYfNegQYMPecnwTseOHT996aWXPG09p9RduAmYgAmYgAkUNgGL5sK+vu6dCZhA3SZQr2/fvlsiAk+lG39glLkJvtVyBdc0eJmwBRuj7Quv0dOnT7+uW7duz02aNGluBaf5kAmYgAmYgAmYgAmkJOBPTqVE4wMmYA
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "attachment",
|
||
|
"uuid": "59cd5900-1614-40dc-969b-1fad02de0b81",
|
||
|
"value": "CMSTAR_1.png"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-32e4-41cc-acec-48cf02de0b81",
|
||
|
"value": "http://45.77.58.49/54xfapkezW64xDE.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-ddd8-4047-af8d-41c902de0b81",
|
||
|
"value": "http://45.77.62.181/naIXl13kqeV7Y2j.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-5988-4a75-af09-473302de0b81",
|
||
|
"value": "http://45.77.58.160/9EkCWYA3OtDbz1l.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-d814-4385-b195-430302de0b81",
|
||
|
"value": "http://45.77.58.160/8h5NPYB5fAn301E.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-9afc-49b9-b64b-49a602de0b81",
|
||
|
"value": "http://45.77.60.138/3kK24dXFYRgM6Ac.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-1e54-469e-8d2b-4a8c02de0b81",
|
||
|
"value": "http://45.77.60.138/ezD19AweVIj5NaH.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-ed74-47e9-a1ab-4a9d02de0b81",
|
||
|
"value": "http://45.77.60.138/VFdSKlgCAZD7mmp.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-cb6c-4371-a524-43ec02de0b81",
|
||
|
"value": "http://45.77.60.138/HJDBvnJ7wc4S5qZ.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-aa6c-4b7b-b99a-4dff02de0b81",
|
||
|
"value": "http://45.77.60.138/jVJlw3wp379neaJ.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-e23c-45fd-be51-44c602de0b81",
|
||
|
"value": "http://45.77.60.138/YXza9HkKWzqtXlt.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-e238-4923-b667-411402de0b81",
|
||
|
"value": "http://45.77.60.138/UScHrzGWbXb01gv.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.C Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd591d-b540-487a-a31a-4d5302de0b81",
|
||
|
"value": "http://45.77.60.138/WsEeRyHEhLO1kUm.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-2998-4ff5-b971-435c02de0b81",
|
||
|
"value": "85e06a2beaa4469f13ca58d5d09fec672d3d8962a7adad3c3cb74f3f9ef1fed4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-63fc-465b-a3fb-4c6c02de0b81",
|
||
|
"value": "b8ef93227b59e6c8d3a1494b4860d15be819fae17b57fd56bfff9a51b7972ff0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-28a4-4622-9219-453902de0b81",
|
||
|
"value": "9e6fdbbc2371ac8bc6db3b878475ed0b0af8950d50a4652df688e778beb87397"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-4304-4197-9cb4-423d02de0b81",
|
||
|
"value": "4e38e627ae21f1a85aa963ca990a66cf75789b450605fdca2f31ee6f0f8ab8f2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-7a70-495c-9a6f-440302de0b81",
|
||
|
"value": "f4ff0ca7f2ea2a011a2a4615d9b488b7806ff5dd61577a9e3a9860f2980e7fc0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-e25c-4e14-846b-4c7402de0b81",
|
||
|
"value": "8de3fa2614b1767cfd12936c5adf4423ef25ea60800fa170752266e0ca063274"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-0650-4fcd-8ab5-483502de0b81",
|
||
|
"value": "38197abde967326568e101b65203c2efa75500e5f3c084b6dd08fd1ba1430726"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-db70-43ad-851e-421102de0b81",
|
||
|
"value": "726df91a395827d11dc433854b3f19b3e28eac4feff329e0bdad93890b03af84"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-4378-4cde-8554-4d0102de0b81",
|
||
|
"value": "5703565ec64d72eb693b9fafcba5951e937c8ee38829948e9518b7d226f81c10"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-285c-4e1f-ba5b-47ef02de0b81",
|
||
|
"value": "d0544a3e6d1b34b8b4e976c7fc62d4500f28f617e2f549d9a3e590b71b1f9cc5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-9e08-4069-aa27-4fa202de0b81",
|
||
|
"value": "2a8e5551b9905e907da7268aba50fcbc526cfd0549ff2e352f9f4d1d71bf32a7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-59a0-40f8-928e-487502de0b81",
|
||
|
"value": "d7cd6f367a84f6d5cf5ffb3c2537dd3f48297bd45a8f5a4c50190f683b7c9e90"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-29ec-43b6-9e48-439602de0b81",
|
||
|
"value": "8f7294072a470b886791a7a32eedf0f0505aaecec154626c6334d986957086e4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5937-3bfc-41d9-9d23-4d9f02de0b81",
|
||
|
"value": "6419255d017b217fe984d3439694eb96806d06c7ea41a422298650969028c08c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-cdf0-42d9-86de-4c1d02de0b81",
|
||
|
"value": "http://108.61.175.110/tlhXVFeBvT64LC9.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-0358-4440-b66b-490b02de0b81",
|
||
|
"value": "http://104.238.188.211/gl7xljvn3fqGt3u.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-0dfc-4f69-b951-440802de0b81",
|
||
|
"value": "http://45.77.60.138/c2KoCT5OHcVwGi7.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-0a34-4123-8753-486f02de0b81",
|
||
|
"value": "http://108.61.175.110/gkMmqVvZ7gGGxpY.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-f988-46ea-a6fd-482e02de0b81",
|
||
|
"value": "http://108.61.175.110/z_gaDZyeZXvScQ6.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-9d9c-4141-8cc9-436e02de0b81",
|
||
|
"value": "http://108.61.175.110/bDtzGVtqgiJU9PI.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-350c-4264-9592-4eee02de0b81",
|
||
|
"value": "http://45.77.60.138/liW0ecpxEWCfIgU.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-1034-45ec-944d-48ce02de0b81",
|
||
|
"value": "http://45.77.60.138/JUmoT4Pbw6U2xcj.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5956-1c30-4896-b874-4f7502de0b81",
|
||
|
"value": "http://108.61.175.110/oiUfxZfej29MAbF.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5957-c770-451f-bbd7-4f9902de0b81",
|
||
|
"value": "http://108.61.103.123/jvZfZ0gdTWtr46y.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5957-6670-4ea8-b893-4b1d02de0b81",
|
||
|
"value": "http://108.61.103.123/06JcD5jz5dSHVAy.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5957-0f34-40a9-8fe9-41eb02de0b81",
|
||
|
"value": "http://108.61.103.123/nj3dsMMpyQQDBF3.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5957-38e0-4c35-bb77-477102de0b81",
|
||
|
"value": "http://108.61.103.123/fHZvWtBGlFvs2Nr.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR.B Download Location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd5957-40f4-48e5-b0b0-441702de0b81",
|
||
|
"value": "http://45.77.60.138/w57E8dktKb9UQyV.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-e658-4de3-991f-43b402de0b81",
|
||
|
"value": "8609360b43498e296e14237d318c96c58dce3e91b7a1c608cd146496703a7fac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-79c4-4c49-8b2a-45d002de0b81",
|
||
|
"value": "f0f2215457200bb3003eecb277bf7e3888d16edcf132d88203b27966407c7dc3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-4e30-495a-80ab-4b9202de0b81",
|
||
|
"value": "aecf53a3a52662b441703e56555d06c9d3c61bddf4d3b23d9da02abbe390c609"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-e474-4714-a266-448102de0b81",
|
||
|
"value": "960a17797738dc0bc5623c74b6f8a5d74375f6d18d20ba18775f26a43898bae6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-073c-4960-8f26-4f6602de0b81",
|
||
|
"value": "e37c045418259ecdc07874b85e7b688ba53f5a7dc989db19d7e8c440300bd574"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-2a68-445e-9d50-4f5c02de0b81",
|
||
|
"value": "75ea6e8dfaf56fb35f35cb043bd77aef9e2c7d46f3e2a0454dff0952a09c134f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-e1c4-480a-a813-4faa02de0b81",
|
||
|
"value": "a65e01412610e5ed8fde12cb78e6265a18ef78d2fd3c8c14ed8a3d1cef17c91d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-b478-42c9-8030-444d02de0b81",
|
||
|
"value": "7170b104367530ae837daed466035a8be719fdb17423fc01da9c0ded74ca6ad1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-5658-4804-b7eb-43aa02de0b81",
|
||
|
"value": "13acddf9b7c2daafd815cbfa75fbb778a7074a6f90277e858040275ae61a252b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-f194-41b8-91ff-4e0b02de0b81",
|
||
|
"value": "625ed818a25c63d8b2c264d0f5bd96ba5ad1c702702d8ffaa4e0e93e5f411fac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-4108-4d89-8fac-4a7902de0b81",
|
||
|
"value": "a56cd758608034c90e81e4d4f1fe383982247d6aeffd74a1dd98d84e9b56afdf"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-f738-4e94-ad00-4dfd02de0b81",
|
||
|
"value": "a4b969b93f7882ed2d15fd10970c4720961e42f3ae3fced501c0a1ffa3896ff5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-e418-4ba7-8757-4f0802de0b81",
|
||
|
"value": "e833bbb79ca8ea1dbeb408520b97fb5a1b691d5a5f9c4f9deabecb3787b47f73"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd599e-dc4c-45c3-8450-409602de0b81",
|
||
|
"value": "8e9136d6dc7419469c959241bc8745af7ba51c7b02a12d04fec0bc4d3f7dcdf0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "BYEBY C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "59cd59ac-2c54-41ec-a3e3-484602de0b81",
|
||
|
"value": "oeiowidfla22.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "BYEBY",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd59b9-748c-4cc2-a601-47ff02de0b81",
|
||
|
"value": "383a2d8f421ad2f243cbc142e9715c78f867a114b037626c2097cb3e070f67d6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PYLOT C2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59cd59c6-39b0-4666-990e-4fbf02de0b81",
|
||
|
"value": "wait.waisttoomuchmind.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "PYLOT",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd59d9-c854-4446-88c9-4cfb02de0b81",
|
||
|
"value": "7e2c9e4acd05bc8ca45263b196e80e919ff60890a872bdc0576735a566369c46"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR Download Locations in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd59f7-7a04-47ea-87ea-49b202de0b81",
|
||
|
"value": "http://45.77.60.138/mePVDjnAZsYCw5j.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR Download Locations in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd59f7-350c-4409-b8bd-416302de0b81",
|
||
|
"value": "http://45.76.80.32/tYD7jzfVNZqMfye.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "CMSTAR Download Locations in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59cd59f7-1aa0-4337-ad04-497202de0b81",
|
||
|
"value": "http://45.77.60.138/cw1PlY308OpfVeZ.dat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-10b8-4ba5-8f77-48f902de0b81",
|
||
|
"value": "65d5ef9aa617e7060779bc217a42372e99d59dc88f8ea2f3b9f45aacf3ba7209"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-a44c-43e0-a018-450a02de0b81",
|
||
|
"value": "2a0169c72c84e6d3fa49af701fd46ee7aaf1d1d9e107798d93a6ca8df5d25957"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-450c-4c3d-b3d9-4c5802de0b81",
|
||
|
"value": "4da6ce5921b0dfff9045ada7e775c1755e6ea44eab55da7ccc362f2a70ce26a6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-2f3c-4f88-ba4a-495202de0b81",
|
||
|
"value": "2008ec82cec0b62bdb4d2cea64ff5a159a4327a058dfd867f877536389a72fb6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-1638-4e5f-8d8b-403402de0b81",
|
||
|
"value": "cecd72851c265f885ff02c60cbc3e6cbf1a40b298274761f623dfa44782a01f8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-de50-4e0a-9e92-45e302de0b81",
|
||
|
"value": "d8c0f8ecdeceba83396c98370f8f458ea7f7a935aabbcc3d41b80d4e85746357"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-a29c-4d38-b7e1-4d8c02de0b81",
|
||
|
"value": "2c8267192b196bf8a92c8b72d52096e46e307fa4d4dafdc030d3e0f5b4145e9e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-1bd4-4a45-ab2a-4b6f02de0b81",
|
||
|
"value": "2debf12b1cb1291cbd096b24897856948734fa62fd61a1f24d379b4224bda212"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-2fe0-484b-b9cb-4d5f02de0b81",
|
||
|
"value": "79b30634075896084135b9891c42fca8a59db1c0c731e445940671efab9a0b61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-2380-41e1-a9be-492102de0b81",
|
||
|
"value": "b0065fc16ae785834908f024fb3ddd4d9d62b29675859a8e737e3b949e85327a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-b190-4e86-8362-4e1902de0b81",
|
||
|
"value": "16697c95db5add6c1c23b2591b9d8eec5ed96074d057b9411f0b57a54af298d5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-bff8-4b26-9d53-466a02de0b81",
|
||
|
"value": "6843d183b41b6b22976fc8d85e448dcc4d2e0bd2c159e6d966bfd4afa1cd9221"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630313",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-b9a4-46f7-82fc-48a702de0b81",
|
||
|
"value": "3c3efa89d1dd39e1112558af38ba656e048be842a3bedb7933cdd4210025f791"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-a17c-47d6-b461-4f0602de0b81",
|
||
|
"value": "b2bebb381bc3722304ab1a21a21e082583bf6b88b84e7f65c4fdda48971c20a2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-3c18-4dc6-8184-4cde02de0b81",
|
||
|
"value": "09890dc8898b99647cdc1cceb97e764b6a88d55b5a520c8d0ea3bfd8f75ed83b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59cd5a0e-b370-4168-9699-437b02de0b81",
|
||
|
"value": "fd22973451b88a4d10d9f485baef7f5e7a6f2cb9ce0826953571bd8f5d866c2a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "email-subject",
|
||
|
"uuid": "59cd5a81-5dac-4c17-8ec7-433d02de0b81",
|
||
|
"value": "Fwd:\u00d0\u0178\u00d0\u00be\u00d0\u00b4\u00d0\u00b3\u00d0\u00be\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d0\u00ba\u00d0\u00b0 \u00d0\u00ba \u00d0\u2014\u00d0\u00b0\u00d0\u00bf\u00d0\u00b0\u00d0\u00b4-2017"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "email-subject",
|
||
|
"uuid": "59cd5a81-14d0-4a71-9760-441902de0b81",
|
||
|
"value": "\u00d0\u00b2\u00d1\u2039\u00d0\u00bf\u00d1\u0192\u00d1\u0081\u00d0\u00ba \u00d0\u00b2\u00d0\u00be\u00d1\u0081\u00d0\u00bf\u00d0\u00b8\u00d1\u201a\u00d0\u00b0\u00d0\u00bd\u00d0\u00bd\u00d0\u00b8\u00d0\u00ba\u00d0\u00be\u00d0\u00b2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "email-subject",
|
||
|
"uuid": "59cd5a81-0fbc-4c71-9f86-4edd02de0b81",
|
||
|
"value": "\u00d0\u0161 \u00d0\u2014\u00d0\u00b0\u00d0\u00bf\u00d0\u00b0\u00d0\u00b4-2017"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630312",
|
||
|
"to_ids": true,
|
||
|
"type": "email-subject",
|
||
|
"uuid": "59cd5a81-0f44-4b69-9b6f-44b702de0b81",
|
||
|
"value": "\u00d0\u2014\u00d0\u00b0\u00d0\u00bf\u00d0\u00b0\u00d0\u00b4-2017"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: b8ef93227b59e6c8d3a1494b4860d15be819fae17b57fd56bfff9a51b7972ff0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-7f80-48b7-ae88-4a4902de0b81",
|
||
|
"value": "b9aa08bc99b2d026310cd315d552356798f4c77c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: b8ef93227b59e6c8d3a1494b4860d15be819fae17b57fd56bfff9a51b7972ff0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-7a34-4cca-9859-4cdb02de0b81",
|
||
|
"value": "b1764f1d5a5c92b44a7f493ed5179058"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: b8ef93227b59e6c8d3a1494b4860d15be819fae17b57fd56bfff9a51b7972ff0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-2944-4caf-ab24-424802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b8ef93227b59e6c8d3a1494b4860d15be819fae17b57fd56bfff9a51b7972ff0/analysis/1502600585/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 9e6fdbbc2371ac8bc6db3b878475ed0b0af8950d50a4652df688e778beb87397",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-2b64-42cc-9f63-4a7902de0b81",
|
||
|
"value": "0c497f4a7166ae36b2099a544a8f2b6c6a800c87"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 9e6fdbbc2371ac8bc6db3b878475ed0b0af8950d50a4652df688e778beb87397",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-c9a8-4041-9259-4ba402de0b81",
|
||
|
"value": "26a7865464b54a907babe93d058c05b9"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 9e6fdbbc2371ac8bc6db3b878475ed0b0af8950d50a4652df688e778beb87397",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-6920-4fc6-a94d-469a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9e6fdbbc2371ac8bc6db3b878475ed0b0af8950d50a4652df688e778beb87397/analysis/1502165419/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 4e38e627ae21f1a85aa963ca990a66cf75789b450605fdca2f31ee6f0f8ab8f2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-e1e4-4ab5-aea3-498602de0b81",
|
||
|
"value": "46c8ed5fda81e65d013f14e35b3b4380b33352da"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 4e38e627ae21f1a85aa963ca990a66cf75789b450605fdca2f31ee6f0f8ab8f2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-c164-4dda-a35d-4e0802de0b81",
|
||
|
"value": "6ad1bf20ca0ec27f4e75d850b4af27fa"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 4e38e627ae21f1a85aa963ca990a66cf75789b450605fdca2f31ee6f0f8ab8f2",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-5260-4bf6-9a18-4f2a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4e38e627ae21f1a85aa963ca990a66cf75789b450605fdca2f31ee6f0f8ab8f2/analysis/1502175386/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: f4ff0ca7f2ea2a011a2a4615d9b488b7806ff5dd61577a9e3a9860f2980e7fc0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-7a08-4b9b-bbc5-4e5102de0b81",
|
||
|
"value": "bffae549464897294bafba21f11f7e80f056416d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: f4ff0ca7f2ea2a011a2a4615d9b488b7806ff5dd61577a9e3a9860f2980e7fc0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-8a00-4ab6-91ae-49c802de0b81",
|
||
|
"value": "3180732e32e812db57f41954f203883d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: f4ff0ca7f2ea2a011a2a4615d9b488b7806ff5dd61577a9e3a9860f2980e7fc0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-2244-43b5-831b-487802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f4ff0ca7f2ea2a011a2a4615d9b488b7806ff5dd61577a9e3a9860f2980e7fc0/analysis/1503504356/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 8de3fa2614b1767cfd12936c5adf4423ef25ea60800fa170752266e0ca063274",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-2da0-4814-b1b3-445902de0b81",
|
||
|
"value": "5ab5b24f583087f5ec45e5e97bac1a531fe48e5b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 8de3fa2614b1767cfd12936c5adf4423ef25ea60800fa170752266e0ca063274",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-4754-4690-b55d-4deb02de0b81",
|
||
|
"value": "aecb2b9ca69306d3420c072a0f23b24a"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.C - Xchecked via VT: 8de3fa2614b1767cfd12936c5adf4423ef25ea60800fa170752266e0ca063274",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-f44c-4b06-be90-4e0002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8de3fa2614b1767cfd12936c5adf4423ef25ea60800fa170752266e0ca063274/analysis/1503503490/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 8609360b43498e296e14237d318c96c58dce3e91b7a1c608cd146496703a7fac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-14c8-4ae1-97f0-4fb802de0b81",
|
||
|
"value": "2cbd574f7772081eeb10c58d5a0e413ec8881102"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 8609360b43498e296e14237d318c96c58dce3e91b7a1c608cd146496703a7fac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-f254-4143-9b45-418702de0b81",
|
||
|
"value": "34ac15b78f9184c40502d26112317855"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 8609360b43498e296e14237d318c96c58dce3e91b7a1c608cd146496703a7fac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-1aa0-4b5f-ac1e-454d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8609360b43498e296e14237d318c96c58dce3e91b7a1c608cd146496703a7fac/analysis/1500244944/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: f0f2215457200bb3003eecb277bf7e3888d16edcf132d88203b27966407c7dc3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-4e5c-4bbb-a598-43e102de0b81",
|
||
|
"value": "931d429bd2a450edc660739fe0643f63e7104bc7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: f0f2215457200bb3003eecb277bf7e3888d16edcf132d88203b27966407c7dc3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-1f68-4422-afb5-42fa02de0b81",
|
||
|
"value": "cef57a0ff13db32d9330be26d3a53b0e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: f0f2215457200bb3003eecb277bf7e3888d16edcf132d88203b27966407c7dc3",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-775c-4881-ba23-4a8102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f0f2215457200bb3003eecb277bf7e3888d16edcf132d88203b27966407c7dc3/analysis/1505187113/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: aecf53a3a52662b441703e56555d06c9d3c61bddf4d3b23d9da02abbe390c609",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-c47c-45da-8fdc-4aa302de0b81",
|
||
|
"value": "86f011e17d127165beedf9554028fc2b103ea8fe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: aecf53a3a52662b441703e56555d06c9d3c61bddf4d3b23d9da02abbe390c609",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-98a8-4fa2-9a7c-4c2602de0b81",
|
||
|
"value": "f9267cde7ac77e4798db7922a2f45faf"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: aecf53a3a52662b441703e56555d06c9d3c61bddf4d3b23d9da02abbe390c609",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-08d4-4c7b-8d0e-4b1102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/aecf53a3a52662b441703e56555d06c9d3c61bddf4d3b23d9da02abbe390c609/analysis/1505191764/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 960a17797738dc0bc5623c74b6f8a5d74375f6d18d20ba18775f26a43898bae6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-f664-45ee-a4ba-4c5802de0b81",
|
||
|
"value": "89667e2ac107b8718b32881c5af465ad9985b128"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 960a17797738dc0bc5623c74b6f8a5d74375f6d18d20ba18775f26a43898bae6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-f0d8-42cc-8c90-47fe02de0b81",
|
||
|
"value": "0dee4f09fe7997a1296525c3ea84ccc9"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 960a17797738dc0bc5623c74b6f8a5d74375f6d18d20ba18775f26a43898bae6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-1a2c-436b-bade-476002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/960a17797738dc0bc5623c74b6f8a5d74375f6d18d20ba18775f26a43898bae6/analysis/1505186035/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: e37c045418259ecdc07874b85e7b688ba53f5a7dc989db19d7e8c440300bd574",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-9b24-4869-93bf-43b402de0b81",
|
||
|
"value": "2c8a9d95afae9cb299483feeb38f8fa492738af6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: e37c045418259ecdc07874b85e7b688ba53f5a7dc989db19d7e8c440300bd574",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-04ec-454a-9019-47db02de0b81",
|
||
|
"value": "216ee49d2ce0be6942e0c73f139d2bcb"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: e37c045418259ecdc07874b85e7b688ba53f5a7dc989db19d7e8c440300bd574",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-b0f8-43c9-bfc3-4aed02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e37c045418259ecdc07874b85e7b688ba53f5a7dc989db19d7e8c440300bd574/analysis/1502001804/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 75ea6e8dfaf56fb35f35cb043bd77aef9e2c7d46f3e2a0454dff0952a09c134f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-77f8-4ea7-b364-454602de0b81",
|
||
|
"value": "ec7bc272a6c465db803f257789cfc651890b4d41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 75ea6e8dfaf56fb35f35cb043bd77aef9e2c7d46f3e2a0454dff0952a09c134f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-f394-461a-ab1c-42c302de0b81",
|
||
|
"value": "d57b026809125ec561f6be1889f2f2df"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 75ea6e8dfaf56fb35f35cb043bd77aef9e2c7d46f3e2a0454dff0952a09c134f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-d9e4-4ecd-8024-454702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/75ea6e8dfaf56fb35f35cb043bd77aef9e2c7d46f3e2a0454dff0952a09c134f/analysis/1502001795/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: a65e01412610e5ed8fde12cb78e6265a18ef78d2fd3c8c14ed8a3d1cef17c91d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-3a78-40d2-b291-444e02de0b81",
|
||
|
"value": "16eccb74112a19237cc669117df78efe526c23fd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: a65e01412610e5ed8fde12cb78e6265a18ef78d2fd3c8c14ed8a3d1cef17c91d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-6930-4d2f-9249-474d02de0b81",
|
||
|
"value": "067ce30468fa03a81db393577edfccc4"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: a65e01412610e5ed8fde12cb78e6265a18ef78d2fd3c8c14ed8a3d1cef17c91d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-21f8-4502-a31c-4ada02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a65e01412610e5ed8fde12cb78e6265a18ef78d2fd3c8c14ed8a3d1cef17c91d/analysis/1503289876/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 7170b104367530ae837daed466035a8be719fdb17423fc01da9c0ded74ca6ad1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-4d98-40e8-85f1-442c02de0b81",
|
||
|
"value": "e920cd34437fd8c4eee85bc89ead11eef55b6cf2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 7170b104367530ae837daed466035a8be719fdb17423fc01da9c0ded74ca6ad1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-cf4c-42d3-a630-476202de0b81",
|
||
|
"value": "7ac3e28d45a592501d4fc83446266614"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 7170b104367530ae837daed466035a8be719fdb17423fc01da9c0ded74ca6ad1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-7ae8-4a80-ad92-48a902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7170b104367530ae837daed466035a8be719fdb17423fc01da9c0ded74ca6ad1/analysis/1502001747/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 13acddf9b7c2daafd815cbfa75fbb778a7074a6f90277e858040275ae61a252b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-83ac-428e-a543-4ceb02de0b81",
|
||
|
"value": "0dd2b59679daf1e6896be04e08b7ca0128ae878a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 13acddf9b7c2daafd815cbfa75fbb778a7074a6f90277e858040275ae61a252b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-58bc-425c-a3c8-45c402de0b81",
|
||
|
"value": "891cd799cca447b1e476437972d56fb0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 13acddf9b7c2daafd815cbfa75fbb778a7074a6f90277e858040275ae61a252b",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-e480-4f5a-8e6e-447f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/13acddf9b7c2daafd815cbfa75fbb778a7074a6f90277e858040275ae61a252b/analysis/1502001782/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 625ed818a25c63d8b2c264d0f5bd96ba5ad1c702702d8ffaa4e0e93e5f411fac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aaa-4824-46a9-8c87-4c6402de0b81",
|
||
|
"value": "272f42f450017cb5e845e7d9c34a598571a8e39d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 625ed818a25c63d8b2c264d0f5bd96ba5ad1c702702d8ffaa4e0e93e5f411fac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aaa-3464-40d2-be01-4aa802de0b81",
|
||
|
"value": "8f5a4ad5b92212b1117b594f3fbb2fac"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR.B - Xchecked via VT: 625ed818a25c63d8b2c264d0f5bd96ba5ad1c702702d8ffaa4e0e93e5f411fac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aaa-4110-4d6b-b99b-4d5602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/625ed818a25c63d8b2c264d0f5bd96ba5ad1c702702d8ffaa4e0e93e5f411fac/analysis/1504095692/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "BYEBY - Xchecked via VT: 383a2d8f421ad2f243cbc142e9715c78f867a114b037626c2097cb3e070f67d6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630314",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aab-6784-429f-adce-4eaf02de0b81",
|
||
|
"value": "7a63fc9db2bc1e9b1ef793723d5877e6b4c566b8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "BYEBY - Xchecked via VT: 383a2d8f421ad2f243cbc142e9715c78f867a114b037626c2097cb3e070f67d6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630315",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aab-dcbc-4b9c-b1e6-4ef702de0b81",
|
||
|
"value": "bffc3e2b7382d093fb7440cabbd7b1ba"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "BYEBY - Xchecked via VT: 383a2d8f421ad2f243cbc142e9715c78f867a114b037626c2097cb3e070f67d6",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630315",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aab-cc1c-4183-bf29-486302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/383a2d8f421ad2f243cbc142e9715c78f867a114b037626c2097cb3e070f67d6/analysis/1505726945/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign - Xchecked via VT: 6843d183b41b6b22976fc8d85e448dcc4d2e0bd2c159e6d966bfd4afa1cd9221",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630315",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59cd5aab-91cc-4b18-a096-4e5202de0b81",
|
||
|
"value": "87f46a25c043af38af0eebe5fa46b316e89e4100"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign - Xchecked via VT: 6843d183b41b6b22976fc8d85e448dcc4d2e0bd2c159e6d966bfd4afa1cd9221",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630315",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59cd5aab-d014-47b3-a85f-4e3e02de0b81",
|
||
|
"value": "0eef54c97f445914bc88a65026e8ee32"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "CMSTAR Variants Identified in Phishing Campaign - Xchecked via VT: 6843d183b41b6b22976fc8d85e448dcc4d2e0bd2c159e6d966bfd4afa1cd9221",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1506630315",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59cd5aab-7e78-4e36-b002-433502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6843d183b41b6b22976fc8d85e448dcc4d2e0bd2c159e6d966bfd4afa1cd9221/analysis/1504537807/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|