{ "Event": { "analysis": "2", "date": "2016-03-11", "extends_uuid": "", "info": "OSINT - PowerSniff Malware Used in Macro-based Attacks", "publish_timestamp": "1457732590", "published": true, "threat_level_id": "2", "timestamp": "1457732556", "uuid": "56e33b31-a500-454f-8256-435a950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732431", "to_ids": false, "type": "link", "uuid": "56e33b4f-7b8c-4453-b571-659a950d210f", "value": "http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732447", "to_ids": false, "type": "comment", "uuid": "56e33b5f-eb08-4f7e-9b64-4be1950d210f", "value": "The concept of file-less malware is not a new one. Families like Poweliks, which abuse Microsoft\u00e2\u20ac\u2122s PowerShell, have emerged in recent years and have garnered extensive attention due to their ability to compromise a system while leaving little or no trace of their presence to traditional forensic techniques.\r\nSystem administrators have lauded the power and versatility of PowerShell since version 2.0\u00e2\u20ac\u2122s integration into Windows 7. Unfortunately, with such versatility comes the opportunity for abuse, specifically surrounding the capability to write directly into memory of the host OS.\r\nTypically, file-less malware has been observed in the context of Exploit Kits such as Angler. Palo Alto Networks has observed a recent high-threat spam campaign that is serving malicious macro documents used to execute PowerShell scripts which injects malware similar to the Ursnif family directly into memory. We call the malware PowerSniff." }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732479", "to_ids": true, "type": "domain", "uuid": "56e33b7f-be28-4eff-8293-438f950d210f", "value": "supratimewest.com" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732479", "to_ids": true, "type": "domain", "uuid": "56e33b7f-559c-4411-8457-4064950d210f", "value": "letterinklandoix.net" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732479", "to_ids": true, "type": "domain", "uuid": "56e33b7f-9b74-4a2e-a169-4f9b950d210f", "value": "supratimewest.biz" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732479", "to_ids": true, "type": "domain", "uuid": "56e33b7f-66b0-4835-b94d-41a8950d210f", "value": "starwoodhotels.pw" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732480", "to_ids": true, "type": "domain", "uuid": "56e33b80-3edc-451d-918f-4aa1950d210f", "value": "oklinjgreirestacks.biz" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732480", "to_ids": true, "type": "hostname", "uuid": "56e33b80-dff4-479c-a8a1-4dfd950d210f", "value": "www.starwoodhotels.pw" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1457732480", "to_ids": true, "type": "domain", "uuid": "56e33b80-3858-43ad-9bd1-493f950d210f", "value": "brookmensoklinherz.org" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732499", "to_ids": true, "type": "sha256", "uuid": "56e33b93-8f9c-4dad-886d-4d2f950d210f", "value": "a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732499", "to_ids": true, "type": "sha256", "uuid": "56e33b93-6738-49c4-b5b8-477e950d210f", "value": "30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732499", "to_ids": true, "type": "sha256", "uuid": "56e33b93-8524-41d1-9a61-4006950d210f", "value": "0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732499", "to_ids": true, "type": "sha256", "uuid": "56e33b93-5830-4fc4-acf7-4087950d210f", "value": "f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732500", "to_ids": true, "type": "sha256", "uuid": "56e33b94-58e8-4bcf-b8f2-456f950d210f", "value": "7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732500", "to_ids": true, "type": "sha256", "uuid": "56e33b94-97b0-42a4-85a3-4b37950d210f", "value": "f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732500", "to_ids": true, "type": "sha256", "uuid": "56e33b94-2ae4-4d89-aa93-4a39950d210f", "value": "1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732501", "to_ids": true, "type": "sha256", "uuid": "56e33b95-0dd4-4252-994a-42d0950d210f", "value": "340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732501", "to_ids": true, "type": "sha256", "uuid": "56e33b95-8470-4ce5-a963-4a24950d210f", "value": "815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732501", "to_ids": true, "type": "sha256", "uuid": "56e33b95-6eb0-4ba8-a200-4484950d210f", "value": "a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732501", "to_ids": true, "type": "sha256", "uuid": "56e33b95-74d8-4fa5-ae74-45e4950d210f", "value": "83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732502", "to_ids": true, "type": "sha256", "uuid": "56e33b96-bd28-44df-bace-4631950d210f", "value": "74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732502", "to_ids": true, "type": "sha256", "uuid": "56e33b96-3764-4e74-9972-4810950d210f", "value": "90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732502", "to_ids": true, "type": "sha256", "uuid": "56e33b96-b1e0-47d3-9b24-4861950d210f", "value": "2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732502", "to_ids": true, "type": "sha256", "uuid": "56e33b96-96c0-4cf1-97bb-456a950d210f", "value": "247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732503", "to_ids": true, "type": "sha256", "uuid": "56e33b97-d6ac-48b7-b596-4cf9950d210f", "value": "708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732503", "to_ids": true, "type": "sha256", "uuid": "56e33b97-8244-45dd-ae15-4916950d210f", "value": "136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732503", "to_ids": true, "type": "sha256", "uuid": "56e33b97-8ed4-48de-b8dd-419c950d210f", "value": "5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8", "deleted": false, "disable_correlation": false, "timestamp": "1457732556", "to_ids": true, "type": "sha1", "uuid": "56e33bcc-13d8-49c2-b134-48bd02de0b81", "value": "7f7f97a72fdb58289d8a432195f0c9697fd7ab3f" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8", "deleted": false, "disable_correlation": false, "timestamp": "1457732556", "to_ids": true, "type": "md5", "uuid": "56e33bcc-0504-472b-961e-458202de0b81", "value": "727ea9ce8cb583c450a3771cd0fabd23" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732556", "to_ids": false, "type": "link", "uuid": "56e33bcc-6054-4187-8628-42d502de0b81", "value": "https://www.virustotal.com/file/5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8/analysis/1457561699/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6", "deleted": false, "disable_correlation": false, "timestamp": "1457732557", "to_ids": true, "type": "sha1", "uuid": "56e33bcd-6eb0-4c20-887d-480702de0b81", "value": "2d29404de2f8ec13407bf5688a22466ff38f8a85" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6", "deleted": false, "disable_correlation": false, "timestamp": "1457732557", "to_ids": true, "type": "md5", "uuid": "56e33bcd-d0e4-4f3a-ab1f-40b602de0b81", "value": "256f96d2b31a781888b43f5f68b10b83" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732557", "to_ids": false, "type": "link", "uuid": "56e33bcd-9360-4ee5-bf66-4abf02de0b81", "value": "https://www.virustotal.com/file/136379754edd05c20d5162aed7e10774a95657f69d4f9a5de17a8059c9018aa6/analysis/1457567038/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782", "deleted": false, "disable_correlation": false, "timestamp": "1457732558", "to_ids": true, "type": "sha1", "uuid": "56e33bce-9918-4ecd-a3b7-4d4302de0b81", "value": "c5695bf806b99626aa1447fca10bc69d7feabe1e" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782", "deleted": false, "disable_correlation": false, "timestamp": "1457732558", "to_ids": true, "type": "md5", "uuid": "56e33bce-f7e8-4825-a5f0-422602de0b81", "value": "d31055bf1b227b4e715272138dfeec12" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732558", "to_ids": false, "type": "link", "uuid": "56e33bce-f8b0-4302-9c0e-4aa202de0b81", "value": "https://www.virustotal.com/file/708374a4dfaaa8e44ee217ca5946511cacec55da5eabb0feb1df321753258782/analysis/1457605003/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018", "deleted": false, "disable_correlation": false, "timestamp": "1457732559", "to_ids": true, "type": "sha1", "uuid": "56e33bcf-f7e0-4b7d-949d-453502de0b81", "value": "1ded5a01f4585d7b7c1a3f4739587b0bd57ec579" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018", "deleted": false, "disable_correlation": false, "timestamp": "1457732559", "to_ids": true, "type": "md5", "uuid": "56e33bcf-6af0-4f19-b2bd-47e602de0b81", "value": "62967bf585eef49f065bac233b506b36" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732559", "to_ids": false, "type": "link", "uuid": "56e33bcf-0e40-44b8-8253-42d002de0b81", "value": "https://www.virustotal.com/file/247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018/analysis/1457720794/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc", "deleted": false, "disable_correlation": false, "timestamp": "1457732559", "to_ids": true, "type": "sha1", "uuid": "56e33bcf-0b2c-4aa9-bb0f-473902de0b81", "value": "176554e8c0beca2a44ce8c1dbda904eaf93edb25" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc", "deleted": false, "disable_correlation": false, "timestamp": "1457732560", "to_ids": true, "type": "md5", "uuid": "56e33bd0-54b4-4541-ba2e-4c7402de0b81", "value": "f0483b9cfb8deb7ff97962b30fc779ad" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732560", "to_ids": false, "type": "link", "uuid": "56e33bd0-50cc-4a43-b974-488a02de0b81", "value": "https://www.virustotal.com/file/2c21dafcb4f50cae47d0d4314810226cba3ee4e61811f5c778353c8eac9ba7dc/analysis/1457724250/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77", "deleted": false, "disable_correlation": false, "timestamp": "1457732560", "to_ids": true, "type": "sha1", "uuid": "56e33bd0-f5e8-4462-8fc8-417f02de0b81", "value": "2d01b2bdbbdc5f721d88e1ed1169858c5c5805ce" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77", "deleted": false, "disable_correlation": false, "timestamp": "1457732561", "to_ids": true, "type": "md5", "uuid": "56e33bd1-76b8-493e-bbef-4f0302de0b81", "value": "667f2bffa3723d003ff7fffa0d6fc5d2" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732561", "to_ids": false, "type": "link", "uuid": "56e33bd1-4c5c-4e40-b038-4b5402de0b81", "value": "https://www.virustotal.com/file/90a7951683a5a77a21d4a544b76e2e6ee04e357d2f5bfcff01cd6924906adf77/analysis/1457729711/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d", "deleted": false, "disable_correlation": false, "timestamp": "1457732561", "to_ids": true, "type": "sha1", "uuid": "56e33bd1-cfc0-495a-896c-4d7202de0b81", "value": "5d1f7ecbd36b10e03362c820826e271a01660242" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d", "deleted": false, "disable_correlation": false, "timestamp": "1457732562", "to_ids": true, "type": "md5", "uuid": "56e33bd2-9068-436a-b0d0-4a0a02de0b81", "value": "fba6b329876533f28d317e60fe53c8d3" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732562", "to_ids": false, "type": "link", "uuid": "56e33bd2-c3fc-4ec0-9a99-42a302de0b81", "value": "https://www.virustotal.com/file/74ec24b5d08266d86c59718a4a476cfa5d220b7b3c8cc594d4b9efc03e8bee0d/analysis/1457619249/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a", "deleted": false, "disable_correlation": false, "timestamp": "1457732562", "to_ids": true, "type": "sha1", "uuid": "56e33bd2-1f3c-4537-954d-4b1702de0b81", "value": "ee5e313b6c6f40ff13101d7c69843b0a693cd101" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a", "deleted": false, "disable_correlation": false, "timestamp": "1457732562", "to_ids": true, "type": "md5", "uuid": "56e33bd2-1af4-46f4-945d-45bb02de0b81", "value": "88506544fc62464cf92a0ae2b12557e5" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732563", "to_ids": false, "type": "link", "uuid": "56e33bd3-326c-45c3-accd-443202de0b81", "value": "https://www.virustotal.com/file/83e305724e9cd020b8f80535c5dd897b2057cee7d2bb48461614a37941e78e3a/analysis/1457715410/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33", "deleted": false, "disable_correlation": false, "timestamp": "1457732563", "to_ids": true, "type": "sha1", "uuid": "56e33bd3-93ac-43ce-a9db-4ac502de0b81", "value": "5b833bcafed4fb90518aa3e77e4cfb5f6ebfd567" }, { "category": "Payload installation", "comment": "- Xchecked via VT: a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33", "deleted": false, "disable_correlation": false, "timestamp": "1457732563", "to_ids": true, "type": "md5", "uuid": "56e33bd3-ab28-4c39-9848-47d502de0b81", "value": "654948fda9ce97a5b9fd42af1c1f2434" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732564", "to_ids": false, "type": "link", "uuid": "56e33bd4-bc94-4522-b620-43ee02de0b81", "value": "https://www.virustotal.com/file/a1770a7671679f13601e75a7cb841fea90c7add78436a0bea875ce50b92afc33/analysis/1457719230/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e", "deleted": false, "disable_correlation": false, "timestamp": "1457732564", "to_ids": true, "type": "sha1", "uuid": "56e33bd4-88b8-49f5-96c0-4f7302de0b81", "value": "bb9e57c9f1a75c95d46f7879b65ba0484854cc12" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e", "deleted": false, "disable_correlation": false, "timestamp": "1457732564", "to_ids": true, "type": "md5", "uuid": "56e33bd4-93d0-458c-a120-4de302de0b81", "value": "dabbe915b785db82d3276d47feac0180" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732564", "to_ids": false, "type": "link", "uuid": "56e33bd4-4cbc-44dc-9f8c-466402de0b81", "value": "https://www.virustotal.com/file/815bd46e66f1d330ed49c6f4a4e570da2ec89bcd665cedf025028a94d7b0cc1e/analysis/1457721069/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f", "deleted": false, "disable_correlation": false, "timestamp": "1457732565", "to_ids": true, "type": "sha1", "uuid": "56e33bd5-7044-4f5d-a1e3-42dd02de0b81", "value": "1ff3f591e07b2bfc51b3a51b07bc9ed41b11459e" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f", "deleted": false, "disable_correlation": false, "timestamp": "1457732565", "to_ids": true, "type": "md5", "uuid": "56e33bd5-98e8-4569-ae38-48e502de0b81", "value": "54e5be141a385f40505c99212bcb361e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732565", "to_ids": false, "type": "link", "uuid": "56e33bd5-00b0-40a3-b315-42fd02de0b81", "value": "https://www.virustotal.com/file/340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f/analysis/1457728626/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083", "deleted": false, "disable_correlation": false, "timestamp": "1457732565", "to_ids": true, "type": "sha1", "uuid": "56e33bd5-41e0-4b5b-a8e3-467802de0b81", "value": "d9382f4562ab67f65279407f482369366bb10079" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083", "deleted": false, "disable_correlation": false, "timestamp": "1457732566", "to_ids": true, "type": "md5", "uuid": "56e33bd6-0400-460c-a56c-4a4102de0b81", "value": "12dadc25957270ac3717a9b8afc268b6" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732566", "to_ids": false, "type": "link", "uuid": "56e33bd6-f7d8-47f9-aeed-48c902de0b81", "value": "https://www.virustotal.com/file/1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083/analysis/1457729262/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709", "deleted": false, "disable_correlation": false, "timestamp": "1457732566", "to_ids": true, "type": "sha1", "uuid": "56e33bd6-a914-4956-9458-408f02de0b81", "value": "b00be07b9e4c1577ddb999616268b2a43ac438db" }, { "category": "Payload installation", "comment": "- Xchecked via VT: f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709", "deleted": false, "disable_correlation": false, "timestamp": "1457732567", "to_ids": true, "type": "md5", "uuid": "56e33bd7-d3e4-401d-ab9d-4cee02de0b81", "value": "2f021e0ee94d7d21df12968fffd7ea51" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732567", "to_ids": false, "type": "link", "uuid": "56e33bd7-7334-4aef-9571-42e902de0b81", "value": "https://www.virustotal.com/file/f45bf212c43d1d30cc00f64b3dcae5c35d4a85cacd9350646f7918a30af1b709/analysis/1457708110/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3", "deleted": false, "disable_correlation": false, "timestamp": "1457732567", "to_ids": true, "type": "sha1", "uuid": "56e33bd7-f8ec-456a-8a0d-489502de0b81", "value": "853beb83895202312e5befe4c0c783fe923f1059" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3", "deleted": false, "disable_correlation": false, "timestamp": "1457732568", "to_ids": true, "type": "md5", "uuid": "56e33bd8-89c4-44a5-a501-475302de0b81", "value": "9e85fee4dd9fbc26878f5c43aee23b0e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732568", "to_ids": false, "type": "link", "uuid": "56e33bd8-686c-476a-a03e-4cc902de0b81", "value": "https://www.virustotal.com/file/7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3/analysis/1457711295/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2", "deleted": false, "disable_correlation": false, "timestamp": "1457732568", "to_ids": true, "type": "sha1", "uuid": "56e33bd8-7b4c-482e-8900-40dc02de0b81", "value": "5690f3a0dbf44c24e8a37bf108af931501882440" }, { "category": "Payload installation", "comment": "- Xchecked via VT: f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2", "deleted": false, "disable_correlation": false, "timestamp": "1457732568", "to_ids": true, "type": "md5", "uuid": "56e33bd8-e440-4449-a1ca-499d02de0b81", "value": "7b90942b853c1e39814c40accc6d4ccc" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732569", "to_ids": false, "type": "link", "uuid": "56e33bd9-0fbc-42ef-810b-4cea02de0b81", "value": "https://www.virustotal.com/file/f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2/analysis/1457725859/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147", "deleted": false, "disable_correlation": false, "timestamp": "1457732569", "to_ids": true, "type": "sha1", "uuid": "56e33bd9-0530-44bb-a77e-4edf02de0b81", "value": "1b277e4104d3a7b865b5ce2a756ea89b61e8f0f0" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147", "deleted": false, "disable_correlation": false, "timestamp": "1457732569", "to_ids": true, "type": "md5", "uuid": "56e33bd9-b848-485b-adb8-4e4b02de0b81", "value": "212522417b4c4009708c08dd0f62f15c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732569", "to_ids": false, "type": "link", "uuid": "56e33bda-3964-42c9-b6ee-4c0702de0b81", "value": "https://www.virustotal.com/file/0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147/analysis/1457721291/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73", "deleted": false, "disable_correlation": false, "timestamp": "1457732570", "to_ids": true, "type": "sha1", "uuid": "56e33bda-8a04-4d7b-bfcf-470302de0b81", "value": "ab41e6c634c601d22183d2bd8a88fa0456a42a30" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73", "deleted": false, "disable_correlation": false, "timestamp": "1457732570", "to_ids": true, "type": "md5", "uuid": "56e33bda-233c-43f3-b94f-4ed702de0b81", "value": "c52ec3aba54aaf48e144035e83d99938" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732570", "to_ids": false, "type": "link", "uuid": "56e33bda-9fdc-46df-b022-496d02de0b81", "value": "https://www.virustotal.com/file/30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73/analysis/1457730528/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3", "deleted": false, "disable_correlation": false, "timestamp": "1457732571", "to_ids": true, "type": "sha1", "uuid": "56e33bdb-36ac-4b35-a031-425502de0b81", "value": "ba65f229bf9f7ec3cb8cd9dbb8416ae22df518b0" }, { "category": "Payload installation", "comment": "- Xchecked via VT: a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3", "deleted": false, "disable_correlation": false, "timestamp": "1457732571", "to_ids": true, "type": "md5", "uuid": "56e33bdb-3398-4d4e-819c-456602de0b81", "value": "881fcbf71e02d46f90b5e359ac93ca8f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1457732571", "to_ids": false, "type": "link", "uuid": "56e33bdb-c97c-44ee-bf29-4f1b02de0b81", "value": "https://www.virustotal.com/file/a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3/analysis/1457725715/" } ] } }