1107 lines
47 KiB
JSON
1107 lines
47 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2015-04-27",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT Enterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak by Trend Micro",
|
||
|
"publish_timestamp": "1447449859",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1447449579",
|
||
|
"uuid": "553ead98-1fb4-4ee6-a8ea-ad6d950d210b",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171109",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "553eade5-793c-4a21-bc6e-069f950d210b",
|
||
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/enterprises-hit-by-bartalex-macro-malware-in-recent-spam-outbreak/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171117",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "553eaded-4b28-4e7d-9de9-7df5950d210b",
|
||
|
"value": "Bartalex"
|
||
|
},
|
||
|
{
|
||
|
"category": "Antivirus detection",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171150",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "553eae0e-b2a0-4f0c-a87f-ad6d950d210b",
|
||
|
"value": "W2KM_BARTALEX.SMA"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "W2KM_BARTALEX.SMA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171196",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae22-047c-47ae-ad12-7df5950d210b",
|
||
|
"value": "61a7cc6ed45657fa1330e922aea33254b189ef61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "W2KM_BARTALEX.SMA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171196",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae23-93d4-4d15-bac4-7df5950d210b",
|
||
|
"value": "6f252485dee0b854f72cc8b64601f6f19d01c02c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "W2KM_BARTALEX.SMA",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171196",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae23-dd90-4b93-9027-7df5950d210b",
|
||
|
"value": "85e10382b06801770a4477505ed5d8c75fb37135"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "TSPY_DYRE.YUYCC",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171215",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae4f-f320-4b97-a4c7-7df5950d210b",
|
||
|
"value": "5e392950fa295a98219e1fc9cce7a7048792845e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171239",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae67-20b8-4592-b5ef-7dfa950d210b",
|
||
|
"value": "0163fbb29c18e3d358ec5d5a5e4eb3c93f19a961"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171239",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae67-e224-4269-89c7-7dfa950d210b",
|
||
|
"value": "02358bcc501793454a6613f96e8f8210b2a27b88"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171239",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae67-580c-405e-92ed-7dfa950d210b",
|
||
|
"value": "05fe7c71ae5d902bb9ef4d4e43e3ddd1e45f6d0c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171239",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae67-bdac-494c-9833-7dfa950d210b",
|
||
|
"value": "11d6e9bf38553900939ea100be70be95d094248b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171239",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae67-45d4-45e3-8497-7dfa950d210b",
|
||
|
"value": "19aed57e1d211764618adc2399296d8b01d04d19"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171240",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae68-74cc-4173-986d-7dfa950d210b",
|
||
|
"value": "559a03a549acc497b8ec57790969bd980d7190f4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171240",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae68-5274-4783-afb2-7dfa950d210b",
|
||
|
"value": "c0ca5686219e336171016a8c73b81be856e47bbc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171240",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae68-51b8-4346-afba-7dfa950d210b",
|
||
|
"value": "d047decf0179a79fd4de03f0d154f4a2f9d18da4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171240",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae68-ce6c-4cf8-892d-7dfa950d210b",
|
||
|
"value": "d3bf440f3c4e63b9c7165c1295c11f71f60b5f8c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Malicious .doc file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430171240",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "553eae68-1e20-4ee6-a27e-7dfa950d210b",
|
||
|
"value": "ec7a2e7c1dce4a37da99a8f20a5d4674f5c80a1f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675767",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466137-aa1c-41b4-817d-4ad5950d210b",
|
||
|
"value": "037cebf49a412bcabd7d3b896382af53eaecabed"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-42d4-49fe-a270-4d53950d210b",
|
||
|
"value": "0b4100e124507a174f147c3bf0121769ab209104"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-d72c-41d7-9b87-4d42950d210b",
|
||
|
"value": "0fad05ba34d91de15047052c4a6166d92aa5e3ac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-f89c-43a3-99d6-43dd950d210b",
|
||
|
"value": "1363b79fc25467ea01842c5cbfa90c90bd7e7790"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-b32c-4fae-a112-456f950d210b",
|
||
|
"value": "164929155ab6f78a3ff46753b0a321e8dbd13e8a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-3b68-4f43-a2a1-4e8c950d210b",
|
||
|
"value": "18df8417fce6f9e24c8369a2897eaf29b1ec11c4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-a018-49e4-8ccb-40f4950d210b",
|
||
|
"value": "21bc3485810e258b425e4b38e46d944f7be81c50"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-a6e4-413b-afc3-4a75950d210b",
|
||
|
"value": "23f9777f17f86c9c8cbf25672e2e783ab0acc58c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675768",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466138-7fe0-48a2-8eeb-4f55950d210b",
|
||
|
"value": "25cbbcc94782b2f1efd46179f28c517af44637fb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-e940-4f03-9311-4904950d210b",
|
||
|
"value": "29e4f4013c07dfcb0aae20c806b157ed7f023e9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-e27c-4680-b590-43b4950d210b",
|
||
|
"value": "2b01eb798d31d91cc03221b82c3f3fe04f4eb40a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-7880-481e-9460-4dcf950d210b",
|
||
|
"value": "2b8c9af6d0c372f3343ae76e26d48f8c9eed37c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-7de4-41b6-b690-4259950d210b",
|
||
|
"value": "31dcc204661eee13920fda7ec582aaa1ec48f821"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-bde4-4863-82cf-49f4950d210b",
|
||
|
"value": "31e2a2152a974f69e98c235c0dd3cddc1984b8da"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-6eac-4bf2-b24a-4bba950d210b",
|
||
|
"value": "3338db3553bc2ef8b7587f5b331c2a3ecbbbcd6c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-5148-4b4e-a64b-4815950d210b",
|
||
|
"value": "339543194c2e64c27d746572d235dba37a332eeb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675769",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "55466139-8ae4-4702-adcc-468a950d210b",
|
||
|
"value": "33c73dfd66f9fb0e8bc30b53b150e202e7fc3055"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675770",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5546613a-65b8-4b22-bbb4-4f58950d210b",
|
||
|
"value": "350a922a008078c6fdbee9f566363f553ea55394"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675770",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5546613a-f670-4fac-91f6-4a21950d210b",
|
||
|
"value": "3916a8150fa10d4b4999f6bd97b7e7464bea13d1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675770",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5546613a-2780-4cca-a850-48d2950d210b",
|
||
|
"value": "3cdde0489afab5c5fd9098c408c7419b44d2bc46"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675804",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5546615c-f99c-4629-b4cd-4483950d210b",
|
||
|
"value": "61a7cc6ed45657fa1330e922aea33254b189ef61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675805",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5546615d-96e0-45d6-9dcd-4ada950d210b",
|
||
|
"value": "6f252485dee0b854f72cc8b64601f6f19d01c02c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675805",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5546615d-3608-4a5a-8cea-47b8950d210b",
|
||
|
"value": "85e10382b06801770a4477505ed5d8c75fb37135"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1430675866",
|
||
|
"to_ids": false,
|
||
|
"type": "comment",
|
||
|
"uuid": "5546619a-8b20-4c44-819b-4b94950d210b",
|
||
|
"value": "Update as of May 1, 2015, 11:00 PM (GMT+8) \r\nThe list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed."
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 85e10382b06801770a4477505ed5d8c75fb37135",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449579",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653eb-6c0c-46ae-bd9e-48b6950d210b",
|
||
|
"value": "4962bd87d1a7ef48a1eb67d1793f0f7cccbbf7aaffd58ab37e578476f80ec4d2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 85e10382b06801770a4477505ed5d8c75fb37135",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449579",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653eb-a23c-472c-ba92-4cfe950d210b",
|
||
|
"value": "a5cfe37d8ecfc22a60954f8462273e3f"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449580",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653ec-e944-4759-9825-41a5950d210b",
|
||
|
"value": "https://www.virustotal.com/file/4962bd87d1a7ef48a1eb67d1793f0f7cccbbf7aaffd58ab37e578476f80ec4d2/analysis/1430810167/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 6f252485dee0b854f72cc8b64601f6f19d01c02c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449580",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653ec-e414-4f2b-af71-49ac950d210b",
|
||
|
"value": "5c85a8f0ce0e1a31fe07fd964e5c87e2394d542b8113f5d9dcfc47391dfbab95"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 6f252485dee0b854f72cc8b64601f6f19d01c02c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449581",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653ed-3afc-4fc5-8a56-416a950d210b",
|
||
|
"value": "91207439790ffe5f0d177c27cf4d68ac"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449581",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653ed-1c88-4a60-a1f3-4918950d210b",
|
||
|
"value": "https://www.virustotal.com/file/5c85a8f0ce0e1a31fe07fd964e5c87e2394d542b8113f5d9dcfc47391dfbab95/analysis/1430418843/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 61a7cc6ed45657fa1330e922aea33254b189ef61",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449582",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653ee-aa3c-49b2-96d7-4df5950d210b",
|
||
|
"value": "7b3a6e7708fc7795a437fe62c954f780132fe0a41d9b679039011bc1a6cb4593"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 61a7cc6ed45657fa1330e922aea33254b189ef61",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449582",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653ee-d81c-49f4-9f33-4a2e950d210b",
|
||
|
"value": "05be09f648bf2b62ebf9cd79ccfd0087"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449583",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653ef-fc04-407f-bcf9-4343950d210b",
|
||
|
"value": "https://www.virustotal.com/file/7b3a6e7708fc7795a437fe62c954f780132fe0a41d9b679039011bc1a6cb4593/analysis/1430810886/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 3cdde0489afab5c5fd9098c408c7419b44d2bc46",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449583",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653ef-3464-497e-a5b6-4828950d210b",
|
||
|
"value": "1fa6eabce6d6f3290bd57ed7e52d49079d1a2340f2901130e084da4a75de29ec"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 3cdde0489afab5c5fd9098c408c7419b44d2bc46",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449583",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653ef-24b0-465e-aa3c-41e7950d210b",
|
||
|
"value": "abc718998731a961f9110e5b6cc07f3b"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449584",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f0-d6ac-4dd8-b0f5-42c2950d210b",
|
||
|
"value": "https://www.virustotal.com/file/1fa6eabce6d6f3290bd57ed7e52d49079d1a2340f2901130e084da4a75de29ec/analysis/1430809411/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 350a922a008078c6fdbee9f566363f553ea55394",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449584",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f0-6b44-455e-85a3-4cd0950d210b",
|
||
|
"value": "6b048ac41c1e58773c00858e9644cb88bf2fae37af5b4b02d090f6bd310c03b4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 350a922a008078c6fdbee9f566363f553ea55394",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449585",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f1-a040-41ce-8946-49e5950d210b",
|
||
|
"value": "cf6ac741c96d163c9f0fbf8538facd19"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449585",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f1-e77c-439d-9622-410f950d210b",
|
||
|
"value": "https://www.virustotal.com/file/6b048ac41c1e58773c00858e9644cb88bf2fae37af5b4b02d090f6bd310c03b4/analysis/1429800798/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 33c73dfd66f9fb0e8bc30b53b150e202e7fc3055",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449585",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f1-7694-4f52-aff0-4dba950d210b",
|
||
|
"value": "f0cefa8f94e2d5fe0ac01a4f012a92c111946f8d1be9fd3708d3b642ca7ad16f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 33c73dfd66f9fb0e8bc30b53b150e202e7fc3055",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449586",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f2-ab38-4009-a63d-4c07950d210b",
|
||
|
"value": "b49643e6a02b73b97f3c7896194f662d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449586",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f2-d5c8-4922-bc41-4c1e950d210b",
|
||
|
"value": "https://www.virustotal.com/file/f0cefa8f94e2d5fe0ac01a4f012a92c111946f8d1be9fd3708d3b642ca7ad16f/analysis/1430490974/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 339543194c2e64c27d746572d235dba37a332eeb",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449586",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f2-2c58-4ef4-98f6-4a39950d210b",
|
||
|
"value": "8e1ab2fd5b7fbd74ba61dae69719a5eb11f9396030bd8f6dfe82704bf0f5ff00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 339543194c2e64c27d746572d235dba37a332eeb",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449587",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f3-d0e0-4bd0-958e-4233950d210b",
|
||
|
"value": "28aaa2613173586b8b31eef7dc4fcdce"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449587",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f3-8650-4f8c-b4d1-477b950d210b",
|
||
|
"value": "https://www.virustotal.com/file/8e1ab2fd5b7fbd74ba61dae69719a5eb11f9396030bd8f6dfe82704bf0f5ff00/analysis/1430896749/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31e2a2152a974f69e98c235c0dd3cddc1984b8da",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449588",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f4-29dc-43b0-9334-4839950d210b",
|
||
|
"value": "9290501fd626add6de2a10733e2a9ebf19ca9a71bb068a2cb8717d8d6d59a0cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31e2a2152a974f69e98c235c0dd3cddc1984b8da",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449588",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f4-d934-482c-a980-4a6e950d210b",
|
||
|
"value": "386d736cdffa5812850e53494a66793a"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449588",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f4-a240-4e68-adb5-4221950d210b",
|
||
|
"value": "https://www.virustotal.com/file/9290501fd626add6de2a10733e2a9ebf19ca9a71bb068a2cb8717d8d6d59a0cd/analysis/1430753558/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31dcc204661eee13920fda7ec582aaa1ec48f821",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449589",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f5-4fd8-4e0e-9fbd-4607950d210b",
|
||
|
"value": "441e48ed561cc3322bf02f14723bc6549d08e59c00b4c443b5efbf9d374a5303"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31dcc204661eee13920fda7ec582aaa1ec48f821",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449589",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f5-db4c-4003-a928-488b950d210b",
|
||
|
"value": "2813ae3302a4c2892c947144ab289872"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449590",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f6-f07c-46d1-a618-4248950d210b",
|
||
|
"value": "https://www.virustotal.com/file/441e48ed561cc3322bf02f14723bc6549d08e59c00b4c443b5efbf9d374a5303/analysis/1429789168/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 2b01eb798d31d91cc03221b82c3f3fe04f4eb40a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449590",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f6-4b1c-403a-a2d9-4610950d210b",
|
||
|
"value": "a393243694bc7b536240da7605cb812d23879e41495efc89f032259c65dbb220"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 2b01eb798d31d91cc03221b82c3f3fe04f4eb40a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449590",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f6-a338-4490-92bc-47e7950d210b",
|
||
|
"value": "593c5fea01fb19a14dbe161fe754108a"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449591",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f7-298c-4c97-806b-4d9b950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a393243694bc7b536240da7605cb812d23879e41495efc89f032259c65dbb220/analysis/1430753559/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 29e4f4013c07dfcb0aae20c806b157ed7f023e9c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449591",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f7-1ea8-4c79-af8f-4331950d210b",
|
||
|
"value": "a1c02381fa46138aaa84c2cf19b6a2d26b815cc31f73b84a207fa419474a0bbb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 29e4f4013c07dfcb0aae20c806b157ed7f023e9c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449592",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f8-e2bc-440c-a599-45db950d210b",
|
||
|
"value": "86e58db678dc48aa869c8f8fd5592055"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449592",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f8-ef50-488d-bc19-4be1950d210b",
|
||
|
"value": "https://www.virustotal.com/file/a1c02381fa46138aaa84c2cf19b6a2d26b815cc31f73b84a207fa419474a0bbb/analysis/1430809349/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 25cbbcc94782b2f1efd46179f28c517af44637fb",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449592",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653f8-5f9c-453e-a967-4dba950d210b",
|
||
|
"value": "ff352e51858dcab7ef9a69f15a8dd3b7d262d174d819c649f774ab0705703585"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 25cbbcc94782b2f1efd46179f28c517af44637fb",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449593",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653f9-ba60-4773-a625-48e7950d210b",
|
||
|
"value": "e132ac28cc6163c1004ae0c84b908849"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449593",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653f9-66c0-4633-b4b5-4bec950d210b",
|
||
|
"value": "https://www.virustotal.com/file/ff352e51858dcab7ef9a69f15a8dd3b7d262d174d819c649f774ab0705703585/analysis/1429801974/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 23f9777f17f86c9c8cbf25672e2e783ab0acc58c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449594",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653fa-3c30-4d50-bdfd-449b950d210b",
|
||
|
"value": "7c63e1d82468998677b314a071264b0f6ca67c6b4a22f6fa6c22c468a594bd2a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 23f9777f17f86c9c8cbf25672e2e783ab0acc58c",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449594",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653fa-dbbc-4c0f-bf03-4c8e950d210b",
|
||
|
"value": "47a2eabeed5e3edd8382f9a52d99a3cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449594",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653fa-56d8-4689-a5d3-465d950d210b",
|
||
|
"value": "https://www.virustotal.com/file/7c63e1d82468998677b314a071264b0f6ca67c6b4a22f6fa6c22c468a594bd2a/analysis/1430809477/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 18df8417fce6f9e24c8369a2897eaf29b1ec11c4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449595",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653fb-7dd8-451e-a86f-49e3950d210b",
|
||
|
"value": "8a7534b23f0133de3027f0bb0aa04b3b8ea61af275f2128a9dead90f3264ab5d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 18df8417fce6f9e24c8369a2897eaf29b1ec11c4",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449595",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653fb-e2f8-4fc2-9393-4435950d210b",
|
||
|
"value": "b504965c00c94aa93d093fb72035d200"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449596",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653fc-f88c-474c-8131-47e8950d210b",
|
||
|
"value": "https://www.virustotal.com/file/8a7534b23f0133de3027f0bb0aa04b3b8ea61af275f2128a9dead90f3264ab5d/analysis/1430810981/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 1363b79fc25467ea01842c5cbfa90c90bd7e7790",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449596",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653fc-b6ac-4956-adf3-4087950d210b",
|
||
|
"value": "e024d802b7fc976ed43a863f697658cb4aeacdcb905c1a7df951355b086d41e2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 1363b79fc25467ea01842c5cbfa90c90bd7e7790",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449596",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653fc-6b28-4e08-a03d-4df4950d210b",
|
||
|
"value": "78eb5aaf0b7b133af9666dc8e99909fb"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449597",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653fd-4b88-427b-a592-4a9d950d210b",
|
||
|
"value": "https://www.virustotal.com/file/e024d802b7fc976ed43a863f697658cb4aeacdcb905c1a7df951355b086d41e2/analysis/1430753556/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0fad05ba34d91de15047052c4a6166d92aa5e3ac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449597",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653fd-d208-4dc4-bbb5-4c0f950d210b",
|
||
|
"value": "f695413819c0e10de4d016bda25741759b997269784cbc37ceb45de1c84c39d6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0fad05ba34d91de15047052c4a6166d92aa5e3ac",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449598",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653fe-1c5c-43a8-812d-41ae950d210b",
|
||
|
"value": "b8d31cfd80a4c0b4db7eba82710f30ea"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449598",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653fe-1cb4-4208-abe1-4e7d950d210b",
|
||
|
"value": "https://www.virustotal.com/file/f695413819c0e10de4d016bda25741759b997269784cbc37ceb45de1c84c39d6/analysis/1430753555/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0b4100e124507a174f147c3bf0121769ab209104",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449598",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "564653fe-1a18-48c1-a0e2-45de950d210b",
|
||
|
"value": "c34c76f2f74dfa2fb1b588fd9940ace900da6e1aa411b1a4af51e151a809d8c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0b4100e124507a174f147c3bf0121769ab209104",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449599",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "564653ff-5ebc-4304-b1db-4ba3950d210b",
|
||
|
"value": "694ef544a592a13ba701b73b7613cda6"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449599",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "564653ff-8738-42bd-9f6a-4763950d210b",
|
||
|
"value": "https://www.virustotal.com/file/c34c76f2f74dfa2fb1b588fd9940ace900da6e1aa411b1a4af51e151a809d8c7/analysis/1430810856/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 037cebf49a412bcabd7d3b896382af53eaecabed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449600",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56465400-6bf8-4ad5-9239-4ea3950d210b",
|
||
|
"value": "ef9643c0986331477b6eff730b299b9a4b844b38a52ee36d2b672b03e31f3c4a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 037cebf49a412bcabd7d3b896382af53eaecabed",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449600",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56465400-44d0-4f4c-a739-4fc7950d210b",
|
||
|
"value": "c5ad2537409683eaa71c36c66ab2f05e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449600",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56465400-6c14-4580-9f6a-4445950d210b",
|
||
|
"value": "https://www.virustotal.com/file/ef9643c0986331477b6eff730b299b9a4b844b38a52ee36d2b672b03e31f3c4a/analysis/1439140579/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "TSPY_DYRE.YUYCC - Xchecked via VT: 5e392950fa295a98219e1fc9cce7a7048792845e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449601",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56465401-6a40-413e-b65e-4df0950d210b",
|
||
|
"value": "ec05df2a8f7a7bc2ae5b3c153c9ec450e3611b2343572d0aa8d84a8b1d23ee8d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "TSPY_DYRE.YUYCC - Xchecked via VT: 5e392950fa295a98219e1fc9cce7a7048792845e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449601",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "56465401-cc6c-4e48-833a-44b0950d210b",
|
||
|
"value": "22a7aafe5190a5cdcc92bfd304a21f7d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1447449602",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56465402-e55c-4de8-b766-47da950d210b",
|
||
|
"value": "https://www.virustotal.com/file/ec05df2a8f7a7bc2ae5b3c153c9ec450e3611b2343572d0aa8d84a8b1d23ee8d/analysis/1446494503/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|