2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2016-04-12",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Dridex (2016-04-12)",
|
|
|
|
"publish_timestamp": "1460471461",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1460470661",
|
|
|
|
"uuid": "570cf5b5-18d4-474e-b41e-41f1950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#3b7500",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "On port 4043",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467169",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "570cf5e1-1000-4e29-81e9-30f8950d210f",
|
|
|
|
"value": "210.245.92.63"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "On port 448",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467170",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "570cf5e2-5c94-4782-a27e-30f8950d210f",
|
|
|
|
"value": "210.70.242.41"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "On port 2443",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467170",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "570cf5e2-ed18-427e-b6bc-30f8950d210f",
|
|
|
|
"value": "178.33.167.120"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "On port 1943",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467171",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "570cf5e3-ea20-4f3e-92f5-30f8950d210f",
|
|
|
|
"value": "195.169.147.88"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467171",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "570cf5e3-16b4-4f7b-ae8d-30f8950d210f",
|
|
|
|
"value": "http://onlineaccess.bleutree.mobi/catalog/wp-login.php"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467171",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "570cf5e3-633c-497c-9a4b-30f8950d210f",
|
|
|
|
"value": "onlineaccess.bleutree.mobi"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467172",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "570cf5e4-8540-4a74-8742-30f8950d210f",
|
|
|
|
"value": "212.76.140.230"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"data": "UEsDBBQACQAIAIBqjEjMBlaRu0UAAADcAAAgABwAZDBhYTZiZTg4NTdmZjNiZjUwMmE3MDVhNjY0MDVlZTdVVAkAAwD2DFcA9gxXdXgLAAEEIQAAAAQhAAAA3CyeQiXwmXsTJJhErKWin8p04PMQfvsEh4PB+A+7XHdLoRDtBvc0i90b9H3JD9VbEuHJ/XijCZwIjbZgfwjIUAtYrvBlQsHGMdN5WKxFrmvxW9oEuBRib0MSh4D1Q+m+tvL68ImnwEjnfKWYqvs/64gTeskPxD1fUbWf7CU4/LS6/4YE8l4EZ+V6vSSLZ0YfIsFT3u51kLgG7Tx242Nq81UUsR5a08QQ3DYp19eScp5wfJIGY1JSsAklX6h/lYmRDucQVNAbeFxBvx/GdFxc61c8bKXK2RR5BLNs8lCT5ckKoQxtMP+0rwKdIkwEJgIbrgI/ZpOXL88bVCzo+IAXwDb5PxtQ+mJbUDHCIcVVTsU3B2Y2i2yl+02u44K1zyMUClBWsRUgeZN0NIZirWE4tCiNj4hClJTMDM8a7serTJFSmutCNgE8YEhxnGW5SzxQb3bek2b7JElUPzD0865KNcmQmJbOc9HxgxxRtaAT4SCVr8lCfh0agRfHK2h1fdLgWg8uYT9l3UXfDRMms5tFZ8xNvtndKcjBw1/i6oYpUbdV74CYWM4bk4SDdFdUYME8rzJTOTbbN7y0I2iRTt9f6BZuNl4Yx8XPWnd3RdxStCwrmAH+1lkM6N6wTAUn6Orxggpu/NcNHQ38cCJZDnw0HjdP0HgV6GgueSGDZL55knQn+62hiIqAxicHShQ7tqXR/awiwbogZGsN9MHIwpqHaoBLxX3eB9ooQwBdoQlIIKweFjdkOXeczsn1gByMrh9sxGzMf1wNTneFGLVaa5Xhj5co0nFZv4oYuCQO3xibpe2mgD220Qfj+O6UEK1c0DsTK4HYeAW6/tsvbFBZmEfIX+Dqz9Hv6k3/erEMYPzST+LbwpPIb6zEM+Y2+6zzdJYmSec6ORLVF9IgyFMuqf9aEjmsp9TSf+2V9n4I6cDWD9y5dp5NZlQzOnxVFIAhbeYCzGvB41B54YlfRvlg2ywh5gRjHrMIx/XK16LpwXPyqE/wv4UlAfJXc8iC1NfCtIR5yHK8k5fSA+0tEmba2roARwDbr6yQBLDmhuFqahey9dQ8XH9ATYHHtDcJEtyhUDwj83OZbUvMVD5zSIyN4jr9UlKBV2j569U2HoYSY3+sKv0AahJ/vQHHDHeD2xcDCsiSswh72Poje4eUk7btN9dcf9oM2euglK7Yk0fbJMJ6/Q5DfCYGpGa5WDdYQ1zFwW7d72hkCMTlkgy365ls7jnKcpVjS9aY59zApYOAQD+u6ZdMcMR3D+bWrnusG61bPrLonwd4pLMsvHE8bTVdK+Qcy4sxOxry3lh3dqEu95cGm/M+acCzx+4soPbtasC2Or9vQWs/PLdjUd1OTDM+BpY+BAw8+AZhxOzyRCO6cJqaqI7tbpws5tAwYAK9lx98llAqfz7u9CRrMEq5FNe1vfdhK8zUVrr7QxG+xvtTjsMZCm5Ztpvt9Qj6nVj2nK9AGiKxqdd7TRA0an3JbDtP5M59zf8HIb4/RO5nPotu38VwDvEK63W9XHGbUAivFIw3+qS765NkXXTxUaKuCozjOUMkVtG5l2m+OjhIJpdKE45xARDIFIQyhniUu3HLh9qht5WhksKPzb+zzOsEW3vTYlB9NMLnIour9D0j3AZ+QangUCTx5O7ITkXATrNmXa2pyVsyKj09gKpyyz/9xCu/fC/u3FIK1S9AGyz8/wCjEwg1wZBSiOABU3EgT+Wt1X0q7EBd76HkyY7IS+LigZtMGGkLzSFwueZsCFtAlSWd00+KpcuJKDK894ZTGi2vs0NxeOQdc1ncDNWZWKn6uVXm66jUTtEbMYixzqOiO70qCSHgnoGW8Qz9yWQgtOuHxV7WMB8MZpYnNATZE/KvFnMvRdL6S5oAUEyRui57nDBSq6byVyagmBlLg1KCKFcbbaXQZ/Ami+c1cX46W+0Xy81rJR6Wpn8bFCekR0YZe1LU7yjIQntRzOXZe/QuuB8F0xyc5qQbJY98bUYAUYLrlNZ6B71Km77c1sxY+3ZgXyj18drTrApkYv2971qtpgwVcQziV80kGem7jpNPPEuF/UYGssO6J8yIvLebj4XJDx0Y272nVo19OFUcFV2VacNJU61c5Q9NJEYyUS5fQeUr6LtuOVeR6vAO9jdTkrw4Y/jmCv3MCMMSJXmPZQjTxEsd8qjsTF0yq/mfVofapoQc5CcR8S30/T+62QvLbO4TQJm2OljWjbK/rTyYt4nNW2sLzQPAlP8M4LHddvbKAHMNKQLYR+dlI5XtgLmVhWFcfEj6G4C3d+wXHSc5XyUM51PR/4P3b1MgHw9/3E07q1LwqqV3mf5mqnEj7qhmVdG5w8oB545sgAWkB1Hyhc9E+5f2HTxboZMGWH29m2u/umNsRAx977/byfkwK9MOd6HS70CaG/prjNTwrOvUr1X5QTN3fA1vl6P4RQfos5hV1i6ohH41GRIFkW6zXDmNIgQrrqH4dLzfoBLOYHKgnKoQR2PKnyrT3zkQQ2ZJ0Ae8uGFIZt6lse8ogSdUr/ClWYrzu+kVpHGZO2gAmXtREfoolAdcdKK3dEib3t+b7tBeXMQIbDUT6L2KT1AObY6xqGXKAD5fRjYH5HqaZdnLjujxFytKYv67ryAF8KqWYeIiCSBuM8M9rurX3+rCSFfc+OiUV4go17nFS1Y0tiTxb23BwiichRe4e0/R6b4vj2jS3MLtDLyBeHP+NsvrW/Q1dNih2wMmbT22kPESDwGbeCxRoIUzTNtIaD72Gut9S/MydkWUkV1F3l0zaSENZNUdYNGa9xw+6QPB4B4zWaedoegug2jtv5fa5fiKXOmtM+hMXF89QvuD5sKI0m9z/FERdGIQmAJRn9QMpbjYeOE3fW+t2mIzKsiCazlzBayMbx5D2x/cYGhEXIeJiccwML9AbXsMGw2yYsIOpeWi0JAAxnR7ip+YGigvGY9WQKrWxf5WHBiVAwdKUnBxlJwHv7wiunRSAocCHR0oqmn0j2ohQ1aRyP6eVArnmSwx1elCSKdQTiRzvwa0Hccz2UfWX6qmZqdTzH/P6YXcNICrOMxDxfKf3WUxHcZDx3PI7iL7hvqscoNoJ6SN3rgxEnWGl3Yv2AX6H9Jw8JVrXrTq47Y646sd/sFpgQFzf3sI2QyB7phmuAU9yxgUn6UzaYknuzHQNnXbc5gydCFxpZ1EUMCRJMCLbHCjZuYI2BKLkLJ4DDrRiJDI2YoHOUkhYhV+7GDVHDdqc+K1bfIPFl5JVVdcRQNI+qQ55hA86x77R/ViQgbjcYR9YeaDpASB4Dqy+NNPRIFv8gC5LWSRho9XVyyzvSok4ZV2jhPjazOZfEpphrbQCG156t+Cn1lUX04qMy+ODpNB7UrXyhDTb5aHW77D1+j82u3w2z3Lggl1aoTt0vTocEUO8UzQb5UUuMAvfFE7fHuTgBW6LlJZCG3t+1ylYs/h8y2wiq0OlcDPesTbaeqiRiypd2qp16/ERbsW5iuBoFrorPbR2TpudhbnmzkOKeAkplTH4w2evgyYg/LJkv3ur9wj7nK7ihChCrJupdhLLGXLLg451vLzasvAI9TDDWliOwLIydS88x/g3UQYhJ1oC1Mt1EhQckct5g0B/MM1DH9Z/wi69WqEi61TQiUYHgZS/0XTv0PykDsH8+VfCmMn/wNd2Hd1G6e8VRLM9lUswXkvqQZV0svPGV6L4uS4nVn43n8P3BXINxq+aKK+rE4Q07LViuXtj8+FdM8YSKnIPzYj8/j8h7UNmsVsXZdaqm+sOpAFEiRAPrEPnXNCj/LPZAClAivKNzkoGEjlRkqzY/Iott6I2do47Augb1FPXTT63EwpMbN0KXDucb9865sHkSpkBP/60Lxq7+PBlIST4YFM89BQhQtIU8nrZ4rBm5PMOZMQKlv5nUtOPw7JRi5wSE96INU+8wVOGArL9FpgUqIm+xsrxweTN8Reuhvg2sH2RT
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467200",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf600-138c-438b-b5f0-30f8950d210f",
|
|
|
|
"value": "Rechnung 0202-949490.rtf|d0aa6be8857ff3bf502a705a66405ee7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467201",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf601-6170-45cf-8e9b-30f8950d210f",
|
|
|
|
"value": "Rechnung 0202-949490.rtf|0d1da7a67f322e661d23eb5ce9663ea71f5c8342"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467202",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf602-0824-4db8-b6b2-30f8950d210f",
|
|
|
|
"value": "Rechnung 0202-949490.rtf|ebc54c997d56be2906eeda60eda0e55cbd959b50b424cf807c0fc0578e3ac495"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"data": "UEsDBBQACQAIAIFqjEji8i2nQkUAAADcAAAgABwAMjVhNjM4YWRmNTFhNzIwNDk3MzAzNjg2MmM1MTA1MWNVVAkAAwL2DFcC9gxXdXgLAAEEIQAAAAQhAAAAJmk0DmXtKK1l+q81Ic/eLt5J/PpJIoYOD9aO/CR+BHLiUOkFGLu9BoWdmSsgHEqZFq1zqJz47dy/MCEtpM5itMBDjObzAuRhYmnSAgoUA8DVOiXjbe4b84EdzJfjFnOOkkutTO97Sl6ZuFd8Vgv+JojihW/Qptkk+WmGNJRGIUJ3YoQh4MQwZ3rcTQFN0MPxTqn+Lfxt1dkwi3LvFWUGfKFOC+05iRVZHRaPcJR8oiNFFzyZomOJimm4In6RRnf1JHUl2uFZu8FDUeKqvSa5wE0dEeBpqesQZeWQ12JtEyLwc2Z2TFCimfDFrUQMcCzI/yLoZHFE1rJVWjXuiJXF4919CtKkNAhDtJH08pH3NbSJjVi9wactXi1ASA/DlDEV83CbT2P3w2e749lX3CWroQWAS7XfOTSrGrtAJY9NNkjCFuyvlzVIIL6M55ZbnsgExfR7NGA1Y5R+WsfKOAAXsaAfmAXYykQ1AyIIaQ35nYr95C7ewKl3zIlTQ5Rx51SRCFXijqvldE+uSxqew0Z+8lD+cPnH9dKLWhvH3xRoZbbifyCGkHFe7jP/j3Ja2aRWSp2/srZWktDDh0zg97YxeFuhSj3bxV8lO8TUhRMMVdFXSJ7+Y5/NJYx4r1mlcuqMIpvfVtpeaJIAUd3NjpizgIGDrYGs+2etKLvExk4Bi/5JL5r1DF9LD9hA8UJYGXvQDcHZBtvzrpxmYtCRlhomW0xIVL6OwVaviwn8NcDVgVqcLxLj4YCvwxo/qZTrW76dIWy82YKX3yRPT/BQxObL1jfVlstpbiEcr6iX++njl22FcKtsn1rsic2KkFUaibNSRD8rESmOlph4MHIk/QvfUZUfY7FJdFi3RQiyXsnZH50wWTtjNo4kyu3S2GwhLYWSD/upJbxjHNMYg8ECbDNNjKoAwmAjssHsdue/nA0TXUDRGU7AuWwNR3tQIzKPf8Dp+u4w1sINrfzyYsTqkdY5QGKRwAA340p0mTPIRimYCJegSDMh9C+ShwuplcN9AEH8yhVpyU/68nRJkC/ECzYigLzK58537/veoci4kvtMEjtAa4UY/SiXVDrxBZluRqEcAtSgCNLDydwbHn58Dir5roK5/sx9aY8srdWJk2lcLpVUwhQWhHnUjQ5Oqci8tubM/wC3vkplskALOuxopo1pcFYhry7v5ZvxiU8SRC2yP+rxGBjabAlTE91BT7dDChPrpHrMzJ2jamtPcaNiQ90TspPckpxs4T+z2oVA1Xed9xPeuNmKoENMQ4Vda5GW+sHfowgd8bY0UvdnHCZan5vIk4m53+ZmlbgRQHhgbf2cXv4qBQfuqxOmQoRzLaMiThpFBKa13cOH3KcB0vODGAf3NC6+K3RDuUYTYCZQ2z/4uZuLsnZOqXGsECNeALyTIWpxezZ2KsHwK0g5O2Rq8Dw5vCB2AuMRQliuUFyEFeNsUnA6EHNzYWVsp5apwbiPY2ez7NwEqn19UvEd4OxAfz/37MYqziEU++Ws60lybtLoioB+FrxBPy+QMman7k8CUWfxydFIH5SFq6nao0FtDP45mglMeLCU5XbxirwMQrCdiPrqDtPtIId++v9I9SArXZ71N9NpnbCcou/Lz+SSHl7oaYas/EGx/4aLFVwyruapOP8hucB2I7J9fmk8uoy9K0TD+9Srhe5ACmVoHvQtbLcTN2FzrCv9LzUhXSEo+ok7rQvTEo0VJJvGIS91YdN7W0m0y0GtykUaP3HvhdZLGb2adpN1iG5Hvfq99ZUCU8m6PqZ/XK8ErhQ6XK06Ks+BIkaqatu/qq4LEjs6cY9W23bKcE3xktkWtZl1FiwUTztncePRtW129EuP81MzIRf+1AQmO1tHTL89pFurSCjzhQQX6R7/v+MMQiAUoHRfNKUX5Pz6Qcn2anTrXNt7RKP+RVedvo1wS2nG+FKVfijdqgH+YfP3p+wZ62wiNFoVyriMwqURz/T/t5ymRmqmuydZCFObJqZn449gXXVXbBNc0TR4QxTfH9EQ4I8HY3elhCY3fseHUM07d+/7Ch4BK5malriICwKSZfVHGEVyDnE35MUEhLAc5BAmDHGiFUyhKkOMNpLCDl1dRdztyX15SCEo/fB6LqmRcBfMs3AgGpmH+hl3KJadWueBJx3p1Dr3RZ+tEQH6VCWfN9LfcX8vcS3WfQLV7ph0o/A9vtVdM4NcHrgCs1cBIVtnD/4pVVENOyYW22aLwLd1hbD+//vsKlmdtMpxR+M7yyRus0GmMzqs6fCpph2yxh7dJ5bCqfXCAzwmk7R9HG7h9L8eG/a1uzbV08YL6lMVf5nnHTfMXsrjgRHuOP605wjjd+INqsdkGhkubThodODloCivVA723O2EHgcos225F4IPOm9GcJAf0MWF/FfpcBNokDnhECH9cM5oqfa+WBnTJrAqjCs+W/7y20qtdBuKERMcFi4LHy0CxR61acL9nqr/HHHBiS91kYx/2qW498Oo26BZZTkofgksAo5j6uugw8un/RNtiymqgmzRgFYlmUQDFCTMGUUANc9yG+7FpirESwFqb3z/ODyX/Gh1lSXbdSuKkAeUUckoHGoJ/rJI3xOXZaW4gpdB3Ul7RUpYI7R2igTUFRVgGJA1aFcQLg6nzjPiL0+g2JDIoGizk1XCdu7AfvKevDi/qGaBod4wsLyZH+tiPOfIgktnCQP8YUl3ujH88hWloSbEXpU78RzGKgInvBmYEqWRuoRo1mFhoULUEt/TsqDh8wo5t6cyPYY3ZHCeWT6aV3KfqyJrbiBgOqHR+j7BEsV6xvTaIrvvjuARSsRtRXUYwVToI3O7vRp3+W68gBofMJv7UeURu+fXXwZTXUeEwvgzJVpqXi3SaPFN3ET12LNJSkeZ0Gltjh/0ucBGmmKXmECR+Sz2dB1V/jYvPahZYvEmMa395N36wWzNdNeDOFmtlUZfuB6IhM005e9Vl5C6Fy5IHAG0zyIptT0TgG/edu4U2bPhd/jLpR72a8N+j6FkGaP2lYKMeQZTslrfDvAgSIoYHUnD1Tf2eIJkbmClVGcwGDCqQwcSPX2kwQYEp7VDiHvdkmU3exLZWo4ORg+FzAs9E+D39BNFZqeD0jthgpXoZKA9QehfuMTjuHq/yI2n2E2hkhKWNe290TYZKHwzczxyys73hORpprX+Eqo/7kiRrsh1HFl/zoi+UEzaI9haAppnp5RcqeX60aKF7KnJ3T+K/zrEuT5lgfEGJt+MmKvaYvS1+ZM8GtpDeDrXFSB7mXCR6J0CD9F4sh3PVuNeEY2pquWaIMtHkWu2XnO8MGf9JKh0uM2Sh125E4wIxLtDXBClVqELohXNDEDlNgX353MQFZ770CMzIND9xfp48d8lotd3ivtQG7rxCd2IMYLdDJEchZ3a9zoL/4U3zF2nIgmLkPcZc++e+ViWSZMFgny9WIGHVEUEsISADxFZLzLun01rvldBhSxVrgd9VqRFh4kpbA/SQjeu6cv5kk9asJRXA/2E9txyHukfz+g4R1H1HEPJ1F1xarMaErhlm3gZ41NmhjIIX/Qkm2a4+EIFRUud7HGBnla6s/MDiGc14fYloiPJM3eLv6QydpPJYxW6d88arnzloV1Q9f5UpGas4elw0UXmIRhcPu21TjX/QyXKq3ZSRM5XdO/M9DgpIjgDgoLwFemYYhWfdJF36XIMASJ/Zk1HCU6GUgqci+ltU7nf9NBwQn/EavmUsjL3jMW8dc4+JD1D0euKxDGVlTBkAML1UGsfz2mNK/0B4bhetEG70PWWIDVES6ZUvM/Z0me1scj+Zu9LBN5MkS8un9nmQJxsOwQFLJOmbVALGlQYKUT0xujz28l3DcnAupp+AgYOAnJjvf04f4VyDafuoO3vZoYsns/2BKZLrCwN+Ta5nR3Duvm51mMo/OXcKSqBHDXY3UK8hn5OEEh79LassIyP7iYFMa5vAHOz61G8jKndM/
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467202",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf602-132c-47d2-a53f-30f8950d210f",
|
|
|
|
"value": "Rechnung 0305-336780.rtf|25a638adf51a7204973036862c51051c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467203",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf603-5040-4818-a93a-30f8950d210f",
|
|
|
|
"value": "Rechnung 0305-336780.rtf|93d7a3540c072245ad9e03ade53220209cc5ac25"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467204",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf604-8fd8-42e4-8c30-30f8950d210f",
|
|
|
|
"value": "Rechnung 0305-336780.rtf|fb6a2e276cc42b793817c7109ee76b161d58ed0b4daf623f9686077a05351d45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"data": "UEsDBBQACQAIAIJqjEgpBhpru0UAAADcAAAgABwAM2Q3MDZkOGEyYTJiNGIwZDk2MDUwNjUwNTkxYzY1N2ZVVAkAAwT2DFcE9gxXdXgLAAEEIQAAAAQhAAAA0Od+EmoUDvngkZSc95nPtLdRtWf8F5PHK1jqGa7spVJ/urqe8OUnEN5BtN6xic9K4nZCP+Vn4CLUfBZj/Otuc1hCNDCko/wvGnYUhj6N7uGiGRtys8H/+J9ecZWPXJ+xOguSSdjBM+2VilGqqw0chsKydppJZRj33bFxnhJ+qC1OUZALbX9am5xa7jn3eQQ2vPbk9P1csLhVYbJI8/S/IyX05GB5UVW0TvCGISp5GShoK0ozwWajy/JWzJ66siLo8NGuCwHa9rezx8Zaup2NE5UDn/qjuYaCsNXmhX2tzueoT8xHPR1IsctX1OQ2FkcofLg/MYUeT2Vxf4uZvjP3G3s/Dkb36qIzOrEPMAPd92SHsZRc2kIAIrWNKHcO495LwKVN1pc4/QLuM+2yFOXlZDv3saH3AsBHraDEH00kLtcS5D7XkahYBf21yQslt082ABa30J+WFISfUgEaLVyijy5IHGVq+/xC619UE/tFVyQAAeMn3i+6OHM1guvzrLBiFKcjbUu1SixRp3kA2ViZlJ4BkF9KsYmpPZ6MwARKZO5W3tv5JcrCUXRrAsxSn6iwieke6+kBjgTe2Jw8rdh7edHGa8XlwL44kj7gMzI8ZTvZ+hwhJ7M7EBZY9HcDSLLcHCJRvL8J8lcWZL9nHZ5wVAH3Ru1MwMBBWhgGtV1dA32SbtMl9uF31X+JdKIpxcpQRVgxYab1IAK6c5bQYfC6i464mx1tTQUeG08DExLm+1fPOGBJldiHqMDz9zr20RrLcoyM2egXNViQC89oVkpmTJ2B4guTsCTVq/W7xCbPFm4l9PdsoMIKXL8C9mn1jXaknhuaggLK0K8LtTxRI+HLvnLwaeNE/mUD95Dw+GZ28WadB55kiR0z24u5V7D3tKQ8/mbIUL6yb1NRrIRG4DlMHkxvm2DoJkp81pogsRZHcqfdIkczvkk/G+V3b4/kVU+A60GReJdw3weeE3N8Rc2cmesh5jGBkBERfHXjO+aYfU/L6FxCU9s6pR39/Tzl/ogclCoOY3qa3BSnnjgHhrM58WaUhEeLHLbMO6zNW3pLH8W9yYOxk2ipMQVsSgxglZuJ4pHFfm1P7VQEPgJrih7Zsv8I4+brBMFxb0m7kXlWMwVGJmYrlBDozO/lR+Kl7zlcmJVDLkrJSdNJpSe7yA9JAc/yC7jrZrtoaSaQUjmF65hj9kn0m0HJshkRBbzoY3KUsr6+mAyN4R00idb0H+vBfksraP3FYXkfToQWl1BYlCnG3wUC0wFjmhYRvxHFfMxNVK+jZixs3qHqJfe/IH+myx4bySEPnAwryrEWZJeQ7I6ZMXe1zBE8fiUB1WfvjJ4CulNuF08IhduOmAuYBg56JtY+zKSSlggM/kysDnWw7iOFsYUV+OaDUaeDFAiXJ8YLM3zttwcXuk5YFSR1Or1KNUaPKAj8mgZQK4Tu681SIry88J1cFYYA2t0FvImf0uDgMoXoLuuBM+3NABHKJ7z7Yg2XakpvuOfAE/s/3ggHXCXOm5Avc5UWEg/XauToLofCDSeWjw8G0cBMfkXUF5R87HNQuZuyltni5bvOuPSyMcbMfTQSog3WmBSSVR1rYjOVNKIW+DUGgkrvn3r/o5UueyTEKfv91FixzoPJeb8/vJ5D72Pe9afsBSWuHSVmERoDuZ8gBbq3r8QPK6M+mIYMQexCdKXhTjBUqgRrhivMR1AvNNpY97cjnzDRS4+dPF4uoDAKd2ORSL4WsUxlq9FvWbONLex9qrIsBTTr9B4eTFf6MxDqJotm62Nb1q4wTeapRX8ZiMmNPUdyCcW6jijdqlCX361ZLPQcNdtZa3Lx5IG2KnT6O6ELi0qGyubN5vpP6l5hmltM2cPEdkolYlfrh36bBfriTsEM0tJxEI2Sn9nLxr9h+LyH1oudvrUZpGp/nNSCzXA8sXP0Om7bXFW5D6XFQ8J+7g9C9n+W0zycxPkEmHUWAs92kr8gLe3jW2Dw6wrhOVTVKuLjh4IVgncwtetRrjuvD/O/PvcFt4S6h2KfFC8q8+pUZCyr55REsnc2TfAVR8Qz+ZpWzEjTAQ7EzTy+NSFp59+MDG64jjfP5cT7uKtNSoWSipsns9AfPKdv9KR5nfDaodgVDs4/h/nsbniV5jf3CxR7pZzWYzPF1I9B9/QGBbA/s5DNkzC/cEqgVrz8g9fTkRDfmk3ShNWiw+DKu6fMkWncbE5s7Cp6+3UZaWRgQKtA01TTqutisvMHt6e2VA0lfemQuH8OBjUIdWUl7aukqRl/2Kb8kzJ7ngVkHAQqWZttT3XP4FWV9kJND4mfVxIVn9NjSkfXzY11J9JP4weRhHJsqCEHDMhovKVJN+Od7QSFAasA3I36HmexNKLdo/0Lgm3S4b6T5MVVUhNBwGM1D4AK6E/qgSskgEHy6XYrkH6AP8MxAZbIzCPrXnpnjNBf/4wkKWv2nfWZnAC8sNrBdKgpTPuekKmJxEZP2fkCSPkcpH4zXIIFrsaIeCt14mw1HcPZzZtjV02AikjVIMONexmUPknibMy0yCc9WmQQ3kFYdR9RlY8pTWTgslNl9WglCRQdCHfJ6eoSAtk1Yke+HsUdRx8x7/qKRUUjnNt0O7ElnWu/vjKfJ5v4Y4qVXp9zdcTDx6sJlhZdtU5Wkv+nJ8CJQJWZ0/CNggaYybjWhfUweO4Sucwbf19mzOPtV9Ipz+wd0lRxBB9nuw3I/iza+1AjywW7DP4mDUy3uLuS91cxITBqQZSeFzYDKpjGUSGiPSriW9RGTO7/fr1ULrBtKlRdIyOxUnAptfAWmCo1HPLY0YS9r14Avt5GECGlRJGi8uRer4KK7kon2O0+7yPo0xZ/CR4j5XGeZi0PvSB3MjUhItPEML6d1XIYjMrAISQoxPgStqITeS+CaehQcGWjklIjsZpZKGpaVMPd5bJPicI4Fe0rXat5QnJ3fJNzE6G9AY+WbGFHcJuFcUMHrN7pT+8pZ4KO7gAIvlC7yTi8ZPQ6Wf39yLeeN7I1hmRVMo+HW9hke4068GZIEGwRZXtovMZ3iQ+LUpwHr71mcZpxM5yTNQV5znLWqqkozhGFs6ENyaW5nk+A6vqRg7p1dFnPx+tQAmvuVsiLJEAFtJt/da0tDnvmNJ/WN7vxrW+m3S8yiwLHtAs+cR7idWTUQe6o0/h1xNC+Vaf2nC1ZMMLEGMJR7gSzEzxWukokSWzb8Jr8jKdZ7/wdUCMq33SYSCg5AGsRQK3SzyKNCE5IQywoZNJvgNNv9OjG0I3YW3Fft/GM4riPvSXefrE79h9v9kULveQO0Hy1VdG8ltyI8iJBgNjMavOgLsvvYX6Hqpg/3f6PbCBuI7CbE+HeV5ASK9oxwc9Kgte7BOdA/XmtO6NRZcQqQ/snaiJ+972kw458ICe1UjioDXDdejRl8YqxuQ3yI8vFCW/taCIWQQ2aj0aY/8NM0ed8pcDyi0AiuH92NW7oQ98Skfkw/q+xACnS6i/jGVdHP+3av7C76Wfd85xrFpzYiieCqAEpT/XOMuz8+WAUCbYm0y789KH1OU9u6KPWAyndvb1jEDdO+U8lhVFzvqzVf8JsXP67qXplUq0TVldwKPF4IS0g62fu24fOV/8p/A3A+yDQOKfgGsxsXxMc2nC6+msGE6NMFjr+6ZqRo+S8G4KiYE8UtbF9T8syn0f54QCf57UnC+pptBu1bP3dOMEYFW+HcxJf3VlKVWssB8vxAoQVQnKaDUXpjlzsVPprQEUV0KdoQQFNtP5l2Pf0rFaxQ9nI+4TwPbkWaF5mPKHYOrvrLlVDk4TmJnsZ1IXH5X8NwHy3FA9+lHj0yaD+7C+YrYvDNNj6oDK/sST1+lZtGUaFkj+1OeuQPkshFUSsDxPhNcVXu3+/tVFjcHBrMqLC2wf2LWqeYqZfSRyBNcI4g6SePQEVCci0HdLXwno7lAvSdLmd7edkIKEFtYbhBmKRj3
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467204",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf604-0b80-439d-a0c4-30f8950d210f",
|
|
|
|
"value": "Rechnung 0771-361573.rtf|3d706d8a2a2b4b0d96050650591c657f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467205",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf605-c02c-48dc-9852-30f8950d210f",
|
|
|
|
"value": "Rechnung 0771-361573.rtf|b0e501e5eccd15ae36b4e5f73e6f2086169c78ab"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467206",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf606-df7c-426e-bd57-30f8950d210f",
|
|
|
|
"value": "Rechnung 0771-361573.rtf|893f33957bb68433b3118ffe8f27a132b975cecccc8b40e8bdf2c9fe5b7e707b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"data": "UEsDBBQACQAIAINqjEgLooM6u0UAAADcAAAgABwANjBjZDE4MGMzYThjZDA3YzdmZDFjNWI4ZjI0ZTBkN2ZVVAkAAwb2DFcG9gxXdXgLAAEEIQAAAAQhAAAA91MgVKziZ2hullZuTx40CdjNnZ3bRZznBN6xBuG/z5zKk7iJNmALwp0T/cgw2XB68AUJ4BaDVsf4qrzE3bcm6WBCJB/7Sd7fQhWUnkllh/G7n/EHQs9G28aw2N4oenRA37SYYwJDR/0wxJOguFytmrbA3k0z8BXJzJ8w6T64zdgdLN3PHOPk0s8f24Ii2/jAlWMD5yDUDR2UQ0AlP1qTqPl7tGn/eHAJCV4YnfY6jDCoa/VYVhK4RKBlDdkIaEtzyrQjoXzvTG0U2I2p0p54eAgU8lqkFm/gO9obChUAaTSr+QDmj1k/EYmgciTAXD46q4+jDMAoJVUM3ixxJMoTKmi+fSsMJDXRBkh8d9KYwx2eT+hICKfqlorJxaO2D4xtopvqfhLZTeC9Z1pzW2ECeQdHQxfmcLZTR3WBLp/tV0EYY5EQAMqpt1FQuP0/uWZzztQRZoS8G7ABNjZqIpdmxCJhohQ/3/YVB8UTjYtnqFriWSLM49e3e+s4A9kp63MuZk7in6SJPjCff+h4eRwCZjWEp7uSoS1KEQugLyo0tUwVpjm/aBcTfk2lK13FosjC5WeS6+Xafsf7Bkv4djWW7FjPscboYxB/BlDL3fzOVeVGm4IH/8CR2lP1TxseCMlMaco518RrPoDhDSwijnYYvrtqOWaYS7jgZzzrRfeZS3NDNkfT4X6rDvbz6jWr1ybicVULwcJ9ug5X4fx8sr6jPDnLxCMOyUsKa467faS02y7SjMiF0st158Ac/KHoWnnflRncNJ6S77Xt7bzKicDH17fcCzUUCDfjwcLZHc2Js97FnAi9/GvSP9p6etODSryAngaHr6d7RikiU4bahnys+IOR5rrXZzP0Uo5n3SMi17mgJsVeeCj7x6bYlKzw7V2BWA7U08LbU0nMQsv1UM8ELQ5lFVcXahevH+Pzq24zieAS4Da8s5GOSm4KnbIBSrFZR2ASnwBPis788cY5GJ/swi9h6rnraBKPEZYK6FzLi5jnDzbPmyVUw29kygby10vwUOtn5IS+jFAwVuuTQxPRTeatJHiO3a2br0Z1IQ9nYHPLjkIJlhtXQQap2yA0wuS5Hk4tg8NwuePm4DMYn+9aQLGaBXLEr9+YRW/ziRoTq76vPj/83f1Qj4efkw0DblZgIQE5uEqauVEfQHCCrM3b3HAgtwtGKjHbVOPXzRAbbvUhLMXCzxsLkaS0B4XtotWwWolIf9DxHafXqgQLFj5RaWyI5KTtp4pkVIsDQvB6ps05yu2a+pzZw+lW0+/bHFi1+DSeHwP2Erf1YhGHxihdiaSj9X5uXQgFQDBj1CT2BJgrkIQiSyaFhUvTNjr763gg8J5RKI6bGVS9CJKS0oH7snq0/h3tSeAZ6WlwngYbBO5NKVJeGaIzHpTd9sVSBpRPVIgqXFpYfZrIT9xT7oMFeG38fukYKh6xIsML7xWohIMmhuJuQEgT5IOG+kWE9+cr2ilHQn0ALxqkL/KxERzd/JwGt48pgPAy+lLVNZk3M2wKyiR6zI9gFqogdzRyfTqPhZCgkKyoqphYbBMc0mYnh73oWyDRg0Z9S6QZuuiKhccJBoBxFbt/cYgjQjcxVMWU62tBbP7agHQi7Zuy3L74hBeSq5f05+vYp9bgMbRNTIzTHBRWhUiRegY5LoyDBvGVmpTnAbeY1riwKtYq+9ZeZJrfchO4TOPScv0/OgxhBK8RdVCWMAWxibrYzgozF2L2BVZufopJNaDxEMSPPov4WFDJbW8PhdQQ5Jqth01uzUvg4yPQQea/7vXZMFDDWoh+YtRk8+IWnxAZq8SILfl+GsDURazpv+5N6TAlvV4Lrd3CH0pBGEYguy4NKVnPub9R+0DE9VwI/Q+gvOZOLWRxPrQHZntciGqB0OYH2IYCnoLc5sUpJFZAntziCQb4+CczxD8JtAO4adBkXRfTW2gFIhv6IDRHgyrUHl3pJTRAU16lTx30uLcY30m3Xnyk8NHXcgw2f7gLI+lw5HOJwdX7KcdEzWVjhMZOmqghppy6m5OQ1t/kiMRfpwrF3I1rzRmMNu7TX8y79VHj/zQyXZORjEwV9xWiJNLvPM7nVh2aoyAlE1w4DIj1N3Z3QjQ0bkIvLo+O+U9JTCGAjtDN0udcGVAkW41FDCeQlU0MTLxoRbT5qrST54plYAStz0Viu/vJ+Z10DhMOj50p5RrxIzVI9tmHU6NP9KpmWYXbZe8J0YDFSlw7mjVNAMIWnZL7Kdkf8nCbYrp1sjfODvHtbSV0z9P7qALyR8P+IJsu/OAWhNNUaV0h33NJxDP953y0+wXyrv9HJxdfhRH5z3TzETXbyrknHDthoTRRnGBkVf7wtU1fde4poJUDwQdFnucE4P3mSiFqcOFRdPRutVuOe/HlwkkIem4Hq0EFNvNcUGQQL6HOBH15ay4U5rZwUvDnnRe1K2jg7n4agyled2rCUDfw5rQBVkknu4DGXUBzJs17K7HN6XaEnaiXrBzjS4th2b1R9c5T+/z3XE5IUPLGoUX+t4Tg7ZcQ/0XkmlR9whRR3urqtUU9z3r3h0sNh1uBy7oRX72guwysRZihyfO4yIXiHvPGi2Lbh1Ax+BF7SGurEbFdoEF4HJLj4Epc5pmE3IqBgMVWw5N2ZUT/PtZUGzOraA42wGqhTJvKcHte8uZiV8WrlPXwgZjMQvdjTaRi04COQwz583VQ1qXeOE2csDwVzLjdjdtpG5JrU1MQhRJbpw8w2RSkwmFMDk+UyvsH3n+s00eEx28+y3LjUua1OPAQnIB/ZNT8hN1U4TISRr8PLXpwdqk0MyUGFZ7UNVu8rWJM2mKCGp4313pzJ8NhHvg7+gLPrN3IgTGbbwHN+PFC2iR77MdwKNPeo76kMc/QqswKBIaeK/3tgkob9Yb8B+J5F+bJ80VANt+lUZrDLlZgl6k6R68xBkE801EjQsXOLEuTi2y1UKN1tzT7u01DCCCfwwBYb5BffPDKI8tYi9N3zjMkt5uPpNIXCaoihjZXEIor7HqQBK71v+IXuZXnmM/h78xnVrO5Ghs7VIibG3zwENPgxKo4sUZsFFulCyyp/iRDEr7aNUHoAVuROq/3sZpBSGGj4PuGjjaJLNDtPGHHjOEagEImYnHllIPVw9cinf/LCQKi/nkExPRFmRvcerUDcR6R7LRrnAwfPPBwTRmVfRb7JThQbp3T3iuI4F4kMikmgmYxBiIzmEusMBfOY9zEBmcaFQU/TDO9uwA5f0+XfjWW6MQpe9ryEu803pk7kmoO5Momk2GJpAgGEiDzD93APwAbFE7SMqToBX1O+xrI7tPQFvmJbzitSYKogtPZOZXMRDmIqAO1m0a8Yf1u3WxUk6ZUww8cMqKIle4wNHJ7mQ7fsi0OjL6e/ziis47HIpIOxvQY0EG4fzOd87NjpumiiaaHpUt9Omc/yMjMB/T1jajUHHIpmWhJSBO8vku8vlkWQryp6nKt4ejJB4k+2b7ply++OWJDqZW2lln6HKiNV3ILcpoaqFD0SKfkD/n7RXgnIrfwBk/GVpDW7/HJd+h2PV9GS14hWoCsoLENuYKT5guXUDizeNfEitUUtcZeGCQyCAFB2lOm2mXFqloz/4r29ykz9xPTDY/Tv5UnkmpIqXg5eXKtot5LeDwFKJX3owHWjegL7wIiwzLQUE7JbRfVPNYhTsDl9vEfMZQIvgmqMsUJwOwlTtWLcc+5lm5hancpXp6KMi80/MXEoCzv3vatpOEppcdntsib3oDmH7Mc0LcEpwaZYtPI4v9QuG9n0iHBZQ18rHrkhulRGkXmsLK6E+2SWXI06Wqc1+94vJZ2vAWros9xOSrNqu4SlT1EB20x5hwEDAPnSm0X75eGrZ9tD6Unhms4Lm4KrwMNvYagQk4T+9IGhJsFQ+c/Qif0fmwXVz10s4eIOFAe+/UkCZKK34ILHPbWSOYDd+iAFY3wYPOJSVjthhfExN
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467206",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf606-7d18-48f2-825b-30f8950d210f",
|
|
|
|
"value": "Rechnung 1751-622554.rtf|60cd180c3a8cd07c7fd1c5b8f24e0d7f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467207",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf607-6974-473e-951d-30f8950d210f",
|
|
|
|
"value": "Rechnung 1751-622554.rtf|26046b09cffcb35f726c5ae48e8a42417f31c682"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467208",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf608-f7b4-4c5a-ac3d-30f8950d210f",
|
|
|
|
"value": "Rechnung 1751-622554.rtf|f070b108aae83371236f0e9752fdbe297cdb6c329123c4681937f104915ef253"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"data": "UEsDBBQACQAIAIVqjEjZuuQ9dUUAAADcAAAgABwANzEzZmNhODAxZWQ0NTkyMDBhZDJmMGZkMjNlYTNhNDZVVAkAAwn2DFcJ9gxXdXgLAAEEIQAAAAQhAAAAPRCK76JcCkgqm+lF/sV5RdgsIo+qvZ9V370rtruuHKZHj3Nsl6bPF1dfbVjdgkNLWcIxSw01m5mEttqcj84kowjaAUSznIWHVlNVz2D2niCW1xb1q+YtIprkhMWnfLuOLb35ogYt3/FRmz0rco47qGHniuylWL00o9AVCRoV/xYYxe24tUhdBZkmxmYmVj4203hgkEGSBL7aUc361brcRyS/lYyLqGWQmlfhMiCiU8hPALWWiwsJFqqC6OEirwPMj9G3BjNVf8vIeymiilO7FxjYeFh3nz8ifM4nFYRsEitxBtQjsyS8F64p29Hwzs8GtC53VoDNJnrma5M7dtXVDeFIG7y5tfB6p9ZJh9YpoxKjOjcqfMIVGz/6wXWs/ccj0771ac87BoVyz61jHC9MONdgFHv2KAMgmYhTZJAmy7emIZlpP1BQOkIK4dZNhsfndD1tG2v0PdfAQz3I9MuB6dnPBKBuDYDfgrN9Yzc/P2n/x4HB2DUL4FsnWmJSUaCs9tD9E+vmYEOwWfaFUgAAYn3OQAagKCyW3VIp9koXdAwcplFhNifhCw8Nt5NEOVT7F2ybaP9dSm7/4WkFindBpFta/dDbK0o6uFWllHkjjn8GChKxNiBFc9ajzaxzz3V5Ukc3wY5cEdYmdgGV1E/Ta2Ug5+6vLl2fnvmjDydYdmGP02Que/pV9nrubVvwLAb1+LTHK1wWtu+cnuQFguCl2HtmYCAA/SA06KtsbJWr0/urtSu0blPnecVY40yoIX/MMs3JjBYLZMBM4U9PcLcSLOTU5O3Ug6pMxUM7Y8C4eYfwMPFOkWKLHs0qaulLYGxvStIhuh2i/8enTWHWXFDSGM/q3Q51kQ7bvgHAO8hldaMddBW6yXq34miC/aqoPdErCSXgrBSE8FO6x0ey1ngcn0IG0kB5PfnIjZVRqRWFkeg54g2i/424YUxgPkOiM13Txn0OYV2X0pjMMXince4ksCFzgvS5t2JcY3lBc1MxLMWzU3SEj8FOroH+SNtYBq3vCq6EKXRAzNBy+3ub6m7yk6XFxr0KCSJyE1Gocz7zOxtCrng5dDhY5mEvwZKDB4QhKlVwsIqeXB9IYIbuhurXPkBkdoYU+5Hud5+IdKlF7tvDGNrNkoMsqqZgbfHqR4s/0N0GL2N7BsC9gj3QqXorit4jycmwpHxxvtUqvge+j9+5fslQfuZoDaalIn1DJeW0PNcehyo5GSFjnltck/I9mr95MZ3Z5CbBF8zKl4foYdoCvkMDF00HgfrY3ySh0zYDxVH+69GmvCczse1iYQIumOv7RnZ00NgAz1l1wZzf/+3D51Qkv1imZ5AJutpSjyI04gEJB8MfqbeZ+lL+nHzLOrPop9Ydvss7FKrZBcydkgAZxCycOKKPK/temv5LAr9GIq53M2/4TvNcvdBvRfaFWrMAJM/W03DRIpw+38dnAu+7HRBegD0yYZ6RX770BxuATITmN8VYYHG4K3O3QvQnyDQE/Gsc6joD3NeiJxoZW8jgjFRRL6eXYb4uvgzVKTFyhjBE+zHSQDV/yrM4zxB/Clf84RbijVoo5aCuLWok8gdBTxKOAc03+ZK+BmI8SU3VFUjFp+oFC5P5yqQT09G/+llRdQD7MB9L0adsqiLftk6wUWSg+6YlVmF40oqqHH/7dUOILr5WDDjxG/IQJjaYtw8XEsArH+jMp9N7z9eOvqHhAA8cPtVLx/oc0TGJA+mfKib18utmcwYHXQopDjHNgybwAgcINz3jTZT2bFGbypS6GbEBbHAsutWI6VrjGDMQQLKrNRT4e6x6RL+Q3oNi8lGS610ZowU5qJp7UsscDiaVeLooPpCMqcbRrf7wJh97N2AaUOc90hYrXS/4lW9E5DJAGYzoeYYpfvNALGph8hA04hPrlUKf0006JGUL2Pisr1nB3BVksX4vhi/r0KV43QilybZXn52qirPraHfCzms50Dd3497sNzr42RnbafCZ92ymYTFeasrYGTqgPc2hlWFSwqxHNHn0ClvU5CxhoJGmY++WxtPkZzD7ZAFxTdetLtbmXiXT4tvNZPtx5yysGEUD9Gq4DgwMjSD3/n+2QDY63Ss9xPdUFqFkrQsWpNzMdMvhfsnG4OtRQQwhlQxVbbLdANmMxk2vRrnndCZFzZ2IfCIctn3u4IMxQ5dxOlmWN2vp2xHfvARbnxRc2pOR+pch/jKsFN+P+Ng98fxjYG3G868OsFyvONKlW7IZOJSkFKn58Ce7Syy8jEFuAxKyrniIdAolMxTs/Cg6v/vCysQtyeSYXuClQYrC7v2BHarO5gCPxccXNB3tnye/Z9JWkS6CNbEFvB4uWOup8EDQDtQ10S9IyhnNqYSYRDCqYqvVfRVCLtx5X7woI8FpaPCfGLRZOHu5T4qm0zKohFNezDdiRLnscAAQB0lQkwfympTROge9cIoni0z99aGvm3W82apg+9qDkSusCPSNsZtvwKKdKLwlSmxzOfLF9kCfpKtuvy4Ze9FUE2/pr61L/zhhzrCphIdmfrWrZ5bYuBZacwQbH+uF0B+XHkusdlnCksX/OOR26qJCirPwlbTeg64w1nSFrGGcaPgB/wGVW06VLNg/Ad+KAhbMG/BQwMa4s+WCyQiPNT27N5+OBShTjpPKxElndWEVSb3H/vo0qWFALFKPsDD3d3VzI35EyMULV2l5QKEFO54jog2cLnadEdkb/lFyF1AB1QCKTA/WCIR0SNa7kEfdp4cfb5WVqVcHyPI/gZTCDc2SX8Szs90fKGDrihPHnoiH1kC3ljaIN/TvVGDrVgbValja+AE3NjoarWCWI0+KsI13dPl5MGiuXBgHyM2zBnf3HWq0BaDybzm458W72FF6jhesbYYnoP444QpBoLl47alnbojn2a+IZmk/E9zzfTN1cAOfVS4qS8V9+hlwEskHQkaTBeMHRFljLHsviQesd1jhaMnaUGRTHaXX5MFEBbFLGRANeDLWXAknJSReU++Z3XMGDZP7/vuQQ5HdDhRr3LR2aEn/jpicRA3yNSSO54hRCM6Y/x9Kv33VoROUv2GG5YqP9YknGnBPciTo9wsZ8+hSu+VITvh0fJLprZGOUi2HDnU1uz3fxLvpPuySCUgDOlLutGtbEswyEjoIeBzKdMcceRXT0m4OZ2QdKNfY0sTbqEZZ3+a3aVnBWKYWgjJWewo6CGyQoQdH2PzQQT5dLNfeMZg04Zrg+J7aDV9jCP5XVzujPZoOs2ppMEGT+ANLZmF3+XnpFE4KepdFrkXG90oVwaymRWjo9GwX808Ehg5G/aR+WkK3zhzLqzoBAjTE8R3A4+qbsCCSEoc88FFUHrpN9aGwOQwqTXUCK4kVFRXOin7TVHlWrRhJDN4/BUPD+Rp/ZZj9B5HbrngFviDz/4UQYRtY/b/dTZhSTugIOh93YH39VgVZR0GQhIfzF3x5xHeVhTr6GTLCvFIbVIx4pxw6A4Z2fzT71eqdy1S4FxBQyiMGncmXgJuqWzJDgo7dSwBfuC2VtAAEwJA4z5d9BUnTk27KKodCpvKgXidNW/+YHYq7yElm4T0nqstfRxkUgYXvWFP4/ycdIJL6AP4QoxW6aggZplovkacKGZm33YIAE/QiQhiz350B5V9yr/36S8JSmLKGcipna6EudBH1fL0TBG4ak33guBUo/Nt5+95IIcNW6vDEGipw+Bzm4LKwJVjtzMdGd1MJ2nyXtjEoYC/keU6tvh47x7xsTBEZEBcNB/uNvNwkJYK/DgNg/cw7/0B2lubM83adktfOvqXexgkOdGUcTf933pkJ+DUTAl6tDZ+9DK9M/G0jlP8Ktqf7ff+62F81p6h/UBN2oKV5RZKMhOSsXe/Vb8h13ZwZrRvuRYXiIH+Aur3quLq9jlkABlO8yHT7DxmcA83R2J1U5UJuSGvKFu9MYzFSTNMwxDVTRsywT51uSC6ZmDURHYGbaoVm+N
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467209",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf609-95a8-4ac7-a884-30f8950d210f",
|
|
|
|
"value": "Rechnung 1764-471315.rtf|713fca801ed459200ad2f0fd23ea3a46"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467209",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf609-85d8-4b81-88ed-30f8950d210f",
|
|
|
|
"value": "Rechnung 1764-471315.rtf|6c11cd275b564179de9b84dab1e7648264cebeff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467210",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf60a-5060-4248-ae3c-30f8950d210f",
|
|
|
|
"value": "Rechnung 1764-471315.rtf|88da4ff0eb25d1701755a29c595a40a479e78c56e428dd33d8b559f4166488e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"data": "UEsDBBQACQAIAIZqjEhVgM8a40QAAADcAAAgABwAYWQzYTQ5NmEyY2ExOTM1Yzc5ODgxODUxMzZkYmFhMzVVVAkAAwv2DFcL9gxXdXgLAAEEIQAAAAQhAAAAPRCK76JcCkgqm+rLs6OAae7O6p2ghceSmojfc1vy5v8QR40p2VcijhG886mvF60mZlNW2iUFZ36WfMk0t3j1rm8JwDCACCxu3z2FtGNFYOYJsUUYmPZnfMpUZfkMj+6R9SuNSVxNfXSbmE2/C7oCNMYeSMgEZqbzt21cl2aFbiMqLVdKGnRGFbr6ADdD2SjjeOxMNDEaqZgdMSXKvDHSyJlXiUDvE0mZ5DrFqwB1yMDKguG+Yx5x7SN79OJTL6nHr1BHiP7osFPZopTg5m86G2oR+KnVTeG0DfSaQafPq0dPEk+wiua5MiGT2CnhepRkFSkKnj7OW8e7ru5oHttCSUk5i4ult/Yvq47DxL+XzX6/2ZWKfsVegYZj143oQXL5or2qtP1qedUR06C9ZeieyP91o+PlspMlyd1cMdcm5hRL9QLnUGi9YscAgzBGVf+04pTGPGgfZ0/HeKSU/UKsrPCoMGx7VKyYczzcZ6/UjXblaNPRMRssYOR/fTKx9ovPnslv4A98Nu2EcZyTrTcpjW2evIobDLMev1TPOTLX2TDQ09FyaOc6Yp+0V/m0KQg2ubL3WSfGaVeyc+gxzV8G9sTV6/wSI1Ey9VGlOCpKjcdrOrWhJwR1e8b0fXd2FgmFjgd+Yfa/vBgJYtNEyory4S/lfyNDM/hlNlC+IbO0yRItpKS4+acdTrfEE0H1swRiNn5V6DT+01I+T912G1SBWz2+F/GdHvUqkbZdQ+s7JAueoIB6LURlF56hWbxE7beYSpkAkPHJnRn2rWvsktWizm/XyNWd9ZGWt+tgquh6rVFqdA4Ox103Y/x0iZb1is1WXmOgt4v0QA1zBRbhYIOT7cMCDbaQvDKbP4eX4u0PfOqKZj60bLwkMSos/ocvVTrX5puV+6XXKzj35DfVCYqaEQYbEZR31g1W3GCfpeAwLQCggL7Byzy/sgHd/SGz5W9fv0n9xFwmZog4VDksbzOSFaz63zyQ8Am5InxPpOPk1uBr3eE7KGns1SjpLat5T65TXQSIYofW13vnbKtgGo7cF6Os49N1npvNH8I2caT3hsje4vcGbLnNdDNjWB4YgYos4lvkHqF1ELMs0grTimR7v1aqDiNspfJpkctPvBIp3xYCHa+iU7XnbORg8FlKOkW+ihgRFBlgLL7mcPthrHFYUqD9ha4OGpRUk1OG8A4xOKtGx1bu0u4JpYWwBHIA8xSGLf+OhMuxGE0xS2DL+x6UyxOQJzZdlFt7czrU25yFnR2QfJsapJiXAp+NiJ0fDaA1RWlG9M3l2KBoiYIPXJH1vHqmihc1hxNgw3v7fU6XJZJHcQvhx6lf9t+LC5+F6eEQhsLWWpzNAUSB8XHAIzCb64SljhyqxNwnbqizDTzlC/4wXDWsc3WeV2AJU8RJeJiCulZ/h7IxzkaF9Few9SUtFp9UhTiG7yS6Pq4wMnCQ2+YbyseZf+Awjbl3FV3SnEO54Xqz2+fxvfq3zCq3dlw0H9semylUIG/pE+qHV+btFxa+wjeqguEiVqItFPetwD7ZTHvQRWzIdesJpyDl0xM2uNYAYmBxC7UiG8+hvndHdhN4vgoMwuRDYAWQ0xFV1D8Lr17P1ULCYaYx13OhkVWikH4gDWAnRigPzdz7/PoE6EvTs9nDavnks5qCa1M9f1suIKvCI/hzEdXT/QRwVzczqusy8y9XhFeLMM6/+gSDoE3s/QdOsPVOXCpfJjdt7MpMCmnBl7o3g+WV7Du57lq16ULvyqCzV7e/5WcDE9NRQz7DHq8jQ8fJrxZjdkYMNtmzPJoTFlDicqfzspl1V3qxoV8MZ4+rXC8JbssQvp2K2tM9P7Qsh/z4FRkUtRDIkVV4vnKvweA4kSMC2hFMfhtQXjhk/7lt8pEN+BR81AvIl6Rkp4BejNhvEvmFgzfSGERnMOLU6GSFLZJ/wZwAZdeeYmF96Ei/voUaHOYLG2vEKZK/hpFBuV2twgP5Sc5vw5Vaf4y4QCzOarLQJ5J7Qlk3cDE/KUWBBhHEObkD7AVI6Wld61nGH4V1FQSQoelh6OV6nmQSeXdV2KG8ZJWUB4XH4EaJK/Lonuz0v/rg5j5juBZVkpHzjniFGs0hQ4RjDvJPZNDvuw5gxHI/BaFdUx5OYoFg4azlCcO49g3VioTPxMMx4PO7SLd5UyV3X60ykqQqfwylQnWwfvjK63gkOv30fqWxBjy1Z8Au8BqAhQvkxfPKOPtAabLL9HgMVtdBmvDZLHjNOpRQ0tLGb73o77QXPzXJ3p7O54EMUqdeq2zt1VvWYLcAxe5dv/gpgdtlqfCYBAnB3yQz/tqV5Pc0VUvpgeGU3NDuRea/TwfLmJRIgGgAd0ktOUlp9wLroqx0T29QgPgo7NgKUrFtK+XC+bsz/mdPG5DtYNI9Cl9jFvPVH9b8MHrGzVbnV5cpJMBAh2UicQvwgl2WZ1znz53f4FCn18ptpMcr2j0Xp6xE6L1TnXsR/gN6yuRTUKFXC7M/2ijnazHwnmNOOytNdm+IPEuBpj0w7gmKT1De2ndXd3QF/DxMHiEtV0tJHYThZcYwck+SJ6Yeu/KSR0XGRsxLu0Oy4gyC4eG+ylr6GIYsc4cbHzM8SNoz3p4ML38aM9n5EJj0yI999wfL4bo7zq5uDzmoGYsGZE6FCpBM61KhByjCUTww/vJzZaXZ+TvL/ZdH8QLSdvwJ/x4m+Nhmr9SNZucWg3JHOkmUHFvQHBf0t8zdiN4u9YnM4dhFxDFexWrZxx79SoRERpNF6w0ZBcDBylKY2BpE4tn3t1cwycNbTqqj6bHwK+UrSamKTViSj/b81JKsd5T7wOGzLXdCI2lTTsoaD8nivUSWQTr2PMynC9RU+VeTj1pCuoJ0Ti8EJg9MSMd2lwjbkNUo7g9J95Frz6AaS8Pxg2HlOdC5FrxPPF3RAztwz3SCHMXwiv939LP3kWUs6oIAoU36ANVWfZYzsirwXJRCe5DGKRIeMPT3tfANJqE4XettOTWxe0ikajsIH5aNd8K/w3ycKqExvWJgcK7kit4WZ58GN7kOK9WLNlcZtr6Y9lwimPvHlVJcQbDiifOHVilMVTeOJgXWvgsYX6agiMHq6GfXiqvd+bW58WIkBbeGr5OKEGKNWeamWUycG/4y2ALcpUI8YgaXDRCPr3KlEuJatm+sEecwRHjza0ylDPq17c9nPoMuReStLNKx2p1Ygw0GC5wYFIpd6SBqY4lOL15TJdVwZGgz0fSReWmtI3V2UfU5hM9BY9uq8ERDzq1G10/SKBKT9KuZj3PT3ldcPXbLFxACRaEbXKjGggSxUV0ZKpkHxCDpUtmw363ARCg9TMtPO2FD1B/pPRNLlO1GFYaSoZssFVb0cPG1AddLfCpiWDzImkVSPHiR3shdakYA1LQQupAOm/WzNPWZDVxE370ssSNIrhPp5zotx4kYYUefGIQJzQqPpYyKZRZW2i36hVBM70I7wXO8zLqI/aVLgMLGwP9dmW4aMey0aeZSDCvuD1wdCO11gnbrkd8zz1PmrpZllrBf5yginujiTRreQ5c69gwdttH2BQP0YdzUJXpOw7uhUxDcwI2ZHu+6GXa6Lhue7xf9Ldj2WGT9o02a8lrOSf2ocowhjLJfK8xfcGyeu5XjinI6Cc8LHIpD4Z4ApMPufSMBIuSoeuV1EDi5MfgfK1W8RjLy05Sdhr5ic9oEnaY4lxaWu+0kmiDK54NF476sJLVGxyl2mKEDWIkvkONhlj7APlUmJlHSJj5NCojqrFTTE2w9aKyp6LCKdKidjdMrw20EK5fYoyvfUez8kGTYgpNtt2ViUOa6G6LhiET9qCpYxxaaye1pAklvnTEikzLXWGlrcP0Y9FEKfONhInVQnllYHTmpY9aJtbjlBMGg+ra+a6mQxU+XvxSlC5rifFN0klSx4yxkU3+irEe+WJComkFJYZoG8pk+bWUGXvJYO+QE+Ty69h
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467211",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf60b-98f8-44a6-b1c8-30f8950d210f",
|
|
|
|
"value": "Rechnung 2918-380676.rtf|ad3a496a2ca1935c7988185136dbaa35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467211",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf60b-89c8-41f9-b10a-30f8950d210f",
|
|
|
|
"value": "Rechnung 2918-380676.rtf|fafaeb92584f17cda1a6682a131f511cc61d5673"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "unique RTF",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467212",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf60c-efd0-4a60-b8ca-30f8950d210f",
|
|
|
|
"value": "Rechnung 2918-380676.rtf|6b17dc713ca28c1df380a3e65e3cfef4eaa803337ab747abd23c1d36fe29d515"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dridex 1st stage",
|
|
|
|
"data": "UEsDBBQACQAIAJNqjEhCcHjsNS4CAABgAwAgABwANDUwOWNhOGM2YzQ0YTJiOTgyNWRmZTM5MzZkY2Q5ZTNVVAkAAyX2DFcl9gxXdXgLAAEEIQAAAAQhAAAAbWRFNpsHi63C+XKVNImtNhxD42TSthXLSLwPXOQXSgTXpmN2C5UcQDkUCrDABDUbbGXA8Rt8GbRsVlAWJd5YAbidMZ8RXiyT9zWaG6xdTOusNQP+ipC4sMn3PoDUGBARsI47c1ly/B4uFG8xXD9kfJjQtoYW5KtZ3XusEU12UxDo+xMrfPwMPFthb4+3jjG3giuRd0oQ6Ll6yF/EUq/Qq3AS+2OpM9LJgBSWzIG74+Crw/TxOj0orzXuTYv43WKqYyOcv7FS13Yw9tubrdT+pKq3zIb8j2nRVXajvhag8g6ROlcK/8NsGvG45MOJkIq4FmxF4ZBkAURjThC2YR9dYcSAkO66plXzj/+bYPLxPLSUW2pFrakC6sLnUfhruusxp+T9H+4Z/412IjdwEEERKzLUnRZs70k8l+1d0G5vIFw4Dz/ZDV7MUAGkUvmqkAmUAJ0j8YOUxYFJXJ0iGLtUrRNabLLdJRbZkVVIggGor0iyK2Y5QOkkjwRdmRvUFYdlIpMcl3LyfAzPEiDBL7QWeul8GwqMj9ZTjFGVfA9QrUIOLRG6N9yt+MEhCj69bZz/0SRfwbqRCh1WhEXju/yPcAtndxKxY27u1Z+dvcu8f7fp9/JJ++nEuh7Z9Ax1jBGAt5UgXxGvJeN3sB7llSDu5Ib6HCzAkCMpV3QS6ay42hTym9zcLCzOVqvbTirGkv7vSJEZULuCTR6qFnyLUNPTprAvOtb5+4V+XcBjY8yFhKG/dheegSz+YdnhaJNEozRB79asR9twytCpwdI76218FmJJpws+brqw+eN7HkLe7kIXMp/7TDyCyaYF3hMXLBzV1EFmTUAYNGq2oW4WUKE3aJmK4j+6DRpbw4IiADIqat5f/5ijsOFN9Y6vsN3wRUTfM2GbwwsCaqrGxIpXGUXuKgqB3q6MY/O+s1Hpti65fqztWcQH/Q+m5SqRwlsA79H45IIDrCCkJomSojFq4rjDAZNhSOupvuNKtktFS0+2LZqL82bERbjcTms26qcxbEVbPLjvwmJesq0xKMW0OcVpgKvYCXPlOWiVTBVXPJnm4HI3x3zsEKwyZp/sEGXokLTFvfDfAgBStLDq+Ii26z7x+YHPHLnjH0ZXfE1sSZvgukeGxNN6/LXlnUc9svnPpe9bPnreuLvZj7uRjLazw7g4nkIzvjNOSX2RaNOvTfbYA0W2QR10KbH17fgf+bu5zJrttRJGMl4fzR0UeJCTyPfauD3Dh1TOz9NXQ7o6+WSb4PNSthrJdr1NmewfA7QvMxhNLbp2K9eOtMLUGP6RQgTHQ4C3mGD32HTE9SR1cKLPpW+SPwUvarX3wFzUkm+BM/PKI3H3XRsy/RIWzsr5IK0ixuma5o0Gm6vBNct5Vi3vwMEfoOZj6wkjcLG2K8bHbcOQmelwltNfwqlfKqboG5ErwD6tD97a9CvkhPBrQy16Sbqm1GclzX3oCnG+AOU9kTDLkHdNRURYpS43DYn0/7JTSuurYXhMzFOukBh5/l9N1M4MS6Qctmv+F976Ec2KPM0APB/E2YzMDO4qsJCTmy/wYc6usVM6DRftHq15JgAWyK4DbE2LPi/etrNeLMvq4u/GfsWkZeB9OD+kL9wcxrXXv4vs+hYjkyCJaUU7cgSM3Hi39ts6zVcvI+rNMhc4tRLYGYyrgGSPpWTW0tDW/Eex2DTFcLXcVL5DBvAvoENjvP+eeET7HAFZ8M/wFg+gQZr0OwaYiJqm2xQIUHx7l7jKLE9KrehynuAA1QYBCc8jeZiQjYkrFqTuzkfP9/yMTQVDFVsJv6fRXebIJjOsheh8GdRuf1MRaPjuP40d62CNA8+P3IU2DcfnpAJgl9yQTICpHTQivpDBG0K15VIMX2uzlGeJJT8z+kYyemAWZAzoityt3XpHmJqxhEBkMxHoY+IR8M+6DawiH2oleVMGZ0IayG5I++Kx89I7bwmp6zG7rGK8+blyvl5BCDt895qUx5mvfvK69KlOvLM7PyiAZBtST4b1jWdortQaMuaxxJRf/7GPbuRUL8jX3w0Ozdya1soF4UwEVvOufIHB3LIF8tFIQiaSs8pDcUhcsCPL89zu4QhQqPjUYFRB6FSXqmPIWr7nEawX1gnn8DhkMFzv1KFH8rWUYCERhAs+k2YOVJ02nM3MiQ15qY6ka6ZialrpxYQswPUo+ZOc1GtuN6Wk5HmE3KaqfnH+m2D1A55vuNLQg+2eX1U3RXNL3bvk71uIN8YFCiF1NDn9nprDQmsbrit82JkK6lMe7QUzSUzXGUB3T0qXiiWwBDhUDKkENkxTpgSEBMAHIWZ+zSRAp+YjWC60aTz2wXo5R8E2MxcDrD4XTemrSF2XT3xOtZzW4emUT/ZxPA4XcqTEqZR01lUI2GS9X3ZGXWm8KeM0WGArbg8QmsAIW+0TR0jVgk7ER6p7e5i+zrk3uvBZWiEBRIirnd+ejc6YdUNnFKZY21gBDjyx/ThTY9P6LF0W5byymC1PiE9RxiOXeI+JfMFeawe6bWto+Mp3yfinjvRSICP6tsplaOcrlZoLVGId75IhSEpAhCUFU5ujt0Z1lwoDtWYTvILmTJ0inAVTfZEpNuTp2WEsHu2wyGuNK2M2WCGL5NopLsssdaUlc8IzLETj7Oj6jqllCaWBj5bZlVAMSIFr2N/NJ95eXI+qgmzpvpgbBRSgV8xtkfcI0/tPB956uKWzsmddL0pyQMedF92HPb7Ml1tnLcLL72ARPi+L2wic+pYAqx3IfZRtCFBD2uD1EWmlMm3wpwX+wu76dXkTy/BmwdfKxyEGaxCCNNysbglw3qrGEfmfp83QlhBwb/+WU2YBITA2lTw56HE33nlvw2Ho0d6gPQJOoYcFtDrs5oEe28kZ8wlMrosG3Z64HfUnZ4B7znNJHU2GT1FTEJOkCZdr4c7dq2HG0wCAgRqiPVQ9PDOUBGIsYyNf8OzpD+lFeAicdoz08lKpeL0tXMqOAWFjSXrYG0XVrKEJHDUUOIQoSVpcooRk2d7dixVzIeCwtM5ZzTZSIZypkbsJawl6I/4o1+8ZpA3GY0TNJuSoWR3Ez+RCIOS5G5VVMUQwLLVRrYN7us548FRIzMfahk/ak+cCyM8trUhYsbWiePz8DvdLGKR94szuc184pHXK9EzhblsuncfjoZ93MB7IrtznUTF9vUnFvpAa7aHxvwdwMXwN6tFK1wx1Mkm8fMlzx7hx8U+eun8vgA8YPofg+I8pvzCRUiIZVZEFPpy9M9dVpxWdtkitU+2nBmuh2nm/bfXEqx4X+bWiFPavgublKpSeUgjTRP6IBPVr04u5sJRFCwnG1mZ9V2IEkBnyWwlon6OBmDWwarmoW4ahetPRNBpg6gMp+SEdCV8+JPNTPTU+CK+zBD1gnCOTuVIFOyOOb6NGC0EdOWQzuLzxQpAxeaB9ewbDBm9EHcgRFkpRrRDnmcm3/plqGbQPeBgnbZhFK+zYL9EYQVDce7+MpeL5fRuPq+V/Zz6evBaSCnbcC2ck/cC2cbd9bfI/g3Uvjz+ONIy74/bCO0f4w5qJHp8g7GIb/p0uF4bO0cqbdA+a3Dqs+1PXYd1quXmfZBXgSiFSiKNhJIMPtwKw8Cui13VqQOy5ys3bmI5nqXO5sAQ8cX/j0/6+KTG2YIxi1cVAiJ/Xn761oXAssZEiTiIFj0yWkoazAtA4SNdAfS6vOgPbXbCy6eg5m5XzO8yhC6kW93lB7f7+K6+zw7DhKFUerTQSg7xJq3nbgJmcVkCDVYc/CYYXm7HuF35fmI9a4z8+sxerOi1NEGQx5hlc7AYw8cptvNCUMeREzjEJdIxKQCskvK7rRydtrjqX6OKjnHE+EECFB33HgoMN9vLL0AU6yd9dWahSg74Ahlod/Am+OogmqbpjAnrGNGj4mG3panOzxQGjgShL+p9mzTx/nCZZQGDi+HsJh0p0eZTraxQaDoFh99eE+Y
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467237",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "malware-sample",
|
|
|
|
"uuid": "570cf625-6088-4133-9390-4c86950d210f",
|
|
|
|
"value": "crypted122med.exe|4509ca8c6c44a2b9825dfe3936dcd9e3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dridex 1st stage",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467238",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha1",
|
|
|
|
"uuid": "570cf626-9e68-4f97-ad32-4290950d210f",
|
|
|
|
"value": "crypted122med.exe|97e35fa85d8ac5cb291ae1b1e0c07729ac324d06"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Dridex 1st stage",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460467239",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|sha256",
|
|
|
|
"uuid": "570cf627-6d14-4353-b89b-4c90950d210f",
|
|
|
|
"value": "crypted122med.exe|2d3fc3a0b53212141b61f7f22019a50ec13db741669cb0851218dbd9b166a4cf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470661",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0385-d45c-4da7-9bc6-4f4102de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/2d3fc3a0b53212141b61f7f22019a50ec13db741669cb0851218dbd9b166a4cf/analysis/1460465668/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470662",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0386-3dc8-4a91-b16f-40a602de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6b17dc713ca28c1df380a3e65e3cfef4eaa803337ab747abd23c1d36fe29d515/analysis/1460470347/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470662",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0386-ced4-4455-9340-424d02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/88da4ff0eb25d1701755a29c595a40a479e78c56e428dd33d8b559f4166488e7/analysis/1460468332/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470662",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0386-14c4-43b6-9390-41c902de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/f070b108aae83371236f0e9752fdbe297cdb6c329123c4681937f104915ef253/analysis/1460469289/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470663",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0387-8634-4e1a-93f3-44e902de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/893f33957bb68433b3118ffe8f27a132b975cecccc8b40e8bdf2c9fe5b7e707b/analysis/1460469807/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470663",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0387-3388-4424-89b8-43a102de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/fb6a2e276cc42b793817c7109ee76b161d58ed0b4daf623f9686077a05351d45/analysis/1460468249/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460470664",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "570d0388-37f4-41d9-ad1d-4ff202de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/ebc54c997d56be2906eeda60eda0e55cbd959b50b424cf807c0fc0578e3ac495/analysis/1460470056/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via crypted122med.exe|97e35fa85d8ac5cb291ae1b1e0c07729ac324d06)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1460471080",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename|md5",
|
|
|
|
"uuid": "570d0528-ea94-45e7-8e73-a07a950d210f",
|
|
|
|
"value": "crypted122med.exe|4509ca8c6c44a2b9825dfe3936dcd9e3"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|