{ "Event": { "analysis": "2", "date": "2016-07-12", "extends_uuid": "", "info": "OSINT - NetTraveler APT Targets Russian, European Interests", "publish_timestamp": "1468333038", "published": true, "threat_level_id": "2", "timestamp": "1468332991", "uuid": "5784f9df-02ac-4e17-92bc-7e4502de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1468332586", "to_ids": false, "type": "link", "uuid": "5784fa2a-8458-4a0c-a95c-810502de0b81", "value": "https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1468332600", "to_ids": false, "type": "comment", "uuid": "5784fa38-74cc-477f-bd43-7e5002de0b81", "value": "Throughout 2016, Proofpoint researchers tracked a cyber-espionage campaign targeting victims in Russia and neighboring countries. The actor utilizes spear phishing campaigns to deliver NetTraveler, also known as TravNet. First observed as early as 2004, NetTraveler is a Trojan used widely in targeted attacks. We believe that this attacker operates out of China. In addition to Russia, targeted regions include neighboring countries such as Mongolia, Belarus, and other European countries. The spear-phishing campaigns we detected use links to RAR-compressed executables and Microsoft Word attachments that exploit the CVE-2012-0158 vulnerability.\r\n\r\nThis particular APT is targeting organizations that include weapons manufacturers, human rights activists, and pro-democracy groups, among others." }, { "category": "Network activity", "comment": "NetTraveler C&C and payload hosting site", "deleted": false, "disable_correlation": false, "timestamp": "1468332665", "to_ids": true, "type": "hostname", "uuid": "5784fa79-d184-473b-a5ae-810902de0b81", "value": "www.interfaxru.com" }, { "category": "Network activity", "comment": "NetTraveler C&C and payload hosting site", "deleted": false, "disable_correlation": false, "timestamp": "1468332665", "to_ids": true, "type": "hostname", "uuid": "5784fa79-21b8-4987-be1e-810902de0b81", "value": "www.info-spb.com" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332666", "to_ids": true, "type": "hostname", "uuid": "5784fa7a-60b8-45c9-a1e5-810902de0b81", "value": "www.tassnews.net" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332666", "to_ids": true, "type": "hostname", "uuid": "5784fa7a-84a0-4486-ac75-810902de0b81", "value": "www.riaru.net" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332666", "to_ids": true, "type": "hostname", "uuid": "5784fa7a-a708-4990-b0b2-810902de0b81", "value": "www.voennovosti.com" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332666", "to_ids": true, "type": "hostname", "uuid": "5784fa7a-cda4-48c9-979b-810902de0b81", "value": "www.mogoogle.com" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332666", "to_ids": true, "type": "ip-dst", "uuid": "5784fa7a-9d6c-445a-b764-810902de0b81", "value": "103.231.184.164" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332667", "to_ids": true, "type": "ip-dst", "uuid": "5784fa7b-5d80-4866-a6ab-810902de0b81", "value": "103.231.184.163" }, { "category": "Network activity", "comment": "NetTraveler C&C", "deleted": false, "disable_correlation": false, "timestamp": "1468332667", "to_ids": true, "type": "ip-dst", "uuid": "5784fa7b-ea18-4c8e-a69c-810902de0b81", "value": "98.126.38.107" }, { "category": "Network activity", "comment": "NetTraveler payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1468332720", "to_ids": true, "type": "url", "uuid": "5784fab0-412c-417b-be07-4f2802de0b81", "value": "http://www.interfaxru.com/html/rostechnologii/20160420.rar" }, { "category": "Network activity", "comment": "NetTraveler payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1468332720", "to_ids": true, "type": "url", "uuid": "5784fab0-dda0-445d-ae25-465902de0b81", "value": "http://www.info-spb.com/analiz/voennye_kommentaria/n148584.rar" }, { "category": "Network activity", "comment": "NetTraveler payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1468332720", "to_ids": true, "type": "url", "uuid": "5784fab0-4e48-4ce6-812d-472602de0b81", "value": "http://www.info-spb.com//worldnews/almaz-antey/no.15.02.2016.rar" }, { "category": "Network activity", "comment": "NetTraveler payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1468332721", "to_ids": true, "type": "url", "uuid": "5784fab1-fd54-4eb4-88e7-4d2802de0b81", "value": "http://www.info-spb.com/worldnews/mfa/ua/2016-02-16.zip" }, { "category": "Network activity", "comment": "NetTraveler payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1468332721", "to_ids": true, "type": "url", "uuid": "5784fab1-b3f8-4eef-ba14-4c9d02de0b81", "value": "http://www.info-spb.com/worldnews/mfa/uz/03.02.2016.rar" }, { "category": "Payload delivery", "comment": "20160420.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332941", "to_ids": true, "type": "sha256", "uuid": "5784fb8d-2db8-494b-ba32-810b02de0b81", "value": "5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de" }, { "category": "Payload delivery", "comment": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332941", "to_ids": true, "type": "sha256", "uuid": "5784fb8d-1060-456c-8e3f-810b02de0b81", "value": "67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d" }, { "category": "Payload delivery", "comment": "20160330.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332941", "to_ids": true, "type": "sha256", "uuid": "5784fb8d-dd64-4930-b8b6-810b02de0b81", "value": "f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6" }, { "category": "Payload delivery", "comment": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332942", "to_ids": true, "type": "sha256", "uuid": "5784fb8e-2738-4a94-8c2d-810b02de0b81", "value": "69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf" }, { "category": "Payload delivery", "comment": "13_11.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332942", "to_ids": true, "type": "sha256", "uuid": "5784fb8e-f0c8-4566-a390-810b02de0b81", "value": "8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4" }, { "category": "Payload delivery", "comment": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332942", "to_ids": true, "type": "sha256", "uuid": "5784fb8e-d22c-457f-9847-810b02de0b81", "value": "1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599" }, { "category": "Payload delivery", "comment": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332942", "to_ids": true, "type": "sha256", "uuid": "5784fb8e-da98-44f7-881c-810b02de0b81", "value": "409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1" }, { "category": "Payload delivery", "comment": "n148584.rar", "deleted": false, "disable_correlation": false, "timestamp": "1468332942", "to_ids": true, "type": "sha256", "uuid": "5784fb8e-ca60-4b4d-9e2a-810b02de0b81", "value": "3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1" }, { "category": "Payload delivery", "comment": "20160623.doc", "deleted": false, "disable_correlation": false, "timestamp": "1468332943", "to_ids": true, "type": "sha256", "uuid": "5784fb8f-bc08-4eaa-afff-810b02de0b81", "value": "80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692" }, { "category": "Payload delivery", "comment": "20160607.doc", "deleted": false, "disable_correlation": false, "timestamp": "1468332943", "to_ids": true, "type": "sha256", "uuid": "5784fb8f-9bb8-47b7-9915-810b02de0b81", "value": "60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe" }, { "category": "Payload delivery", "comment": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc", "deleted": false, "disable_correlation": false, "timestamp": "1468332943", "to_ids": true, "type": "sha256", "uuid": "5784fb8f-701c-4f5b-b8c5-810b02de0b81", "value": "b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a" }, { "category": "Payload delivery", "comment": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a", "deleted": false, "disable_correlation": false, "timestamp": "1468332991", "to_ids": true, "type": "sha1", "uuid": "5784fbbf-7edc-492c-9f2b-897902de0b81", "value": "c64ac1fed412c4abaf7b65342441db01a53d497e" }, { "category": "Payload delivery", "comment": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a", "deleted": false, "disable_correlation": false, "timestamp": "1468332991", "to_ids": true, "type": "md5", "uuid": "5784fbbf-6c38-4ec2-a5d0-897902de0b81", "value": "e7f1589362f77d770063922b068e47aa" }, { "category": "External analysis", "comment": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a", "deleted": false, "disable_correlation": false, "timestamp": "1468332991", "to_ids": false, "type": "link", "uuid": "5784fbbf-51b0-4f31-a3af-897902de0b81", "value": "https://www.virustotal.com/file/b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a/analysis/1453440894/" }, { "category": "Payload delivery", "comment": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe", "deleted": false, "disable_correlation": false, "timestamp": "1468332991", "to_ids": true, "type": "sha1", "uuid": "5784fbbf-9694-43fd-8d94-897902de0b81", "value": "65335358fab48ab899c29dc488a47aeb97ce607c" }, { "category": "Payload delivery", "comment": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe", "deleted": false, "disable_correlation": false, "timestamp": "1468332992", "to_ids": true, "type": "md5", "uuid": "5784fbc0-3ef8-4c30-854a-897902de0b81", "value": "aa5a1cd27c964bc229156a521fbd6a4b" }, { "category": "External analysis", "comment": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe", "deleted": false, "disable_correlation": false, "timestamp": "1468332992", "to_ids": false, "type": "link", "uuid": "5784fbc0-5880-40f8-99d8-897902de0b81", "value": "https://www.virustotal.com/file/60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe/analysis/1468011599/" }, { "category": "Payload delivery", "comment": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692", "deleted": false, "disable_correlation": false, "timestamp": "1468332992", "to_ids": true, "type": "sha1", "uuid": "5784fbc0-961c-4588-89ba-897902de0b81", "value": "a617e7da200fff238fcb0e61409ef18e6888f189" }, { "category": "Payload delivery", "comment": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692", "deleted": false, "disable_correlation": false, "timestamp": "1468332992", "to_ids": true, "type": "md5", "uuid": "5784fbc0-d858-4ebf-a529-897902de0b81", "value": "45782441c73fa949495ffafdb8f9bb62" }, { "category": "External analysis", "comment": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692", "deleted": false, "disable_correlation": false, "timestamp": "1468332992", "to_ids": false, "type": "link", "uuid": "5784fbc0-a28c-48a2-b05a-897902de0b81", "value": "https://www.virustotal.com/file/80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692/analysis/1468011596/" }, { "category": "Payload delivery", "comment": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1", "deleted": false, "disable_correlation": false, "timestamp": "1468332993", "to_ids": true, "type": "sha1", "uuid": "5784fbc1-d30c-4ceb-8366-897902de0b81", "value": "68507a30c659d2b3f165b9450b6776c58c8f3a23" }, { "category": "Payload delivery", "comment": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1", "deleted": false, "disable_correlation": false, "timestamp": "1468332993", "to_ids": true, "type": "md5", "uuid": "5784fbc1-1264-47ad-950a-897902de0b81", "value": "31413f6a097a9e07722d122ecdb62f79" }, { "category": "External analysis", "comment": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1", "deleted": false, "disable_correlation": false, "timestamp": "1468332993", "to_ids": false, "type": "link", "uuid": "5784fbc1-7b7c-4c2f-94cb-897902de0b81", "value": "https://www.virustotal.com/file/3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1/analysis/1468011596/" }, { "category": "Payload delivery", "comment": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1", "deleted": false, "disable_correlation": false, "timestamp": "1468332993", "to_ids": true, "type": "sha1", "uuid": "5784fbc1-5c88-4863-a24a-897902de0b81", "value": "135e0e646a8ca2aa08283f85690d0fae654c085f" }, { "category": "Payload delivery", "comment": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1", "deleted": false, "disable_correlation": false, "timestamp": "1468332993", "to_ids": true, "type": "md5", "uuid": "5784fbc1-5928-4195-840d-897902de0b81", "value": "a4571b830569d85c0f7d07297219bde9" }, { "category": "External analysis", "comment": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1", "deleted": false, "disable_correlation": false, "timestamp": "1468332994", "to_ids": false, "type": "link", "uuid": "5784fbc2-2194-4940-aa90-897902de0b81", "value": "https://www.virustotal.com/file/409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1/analysis/1457504808/" }, { "category": "Payload delivery", "comment": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599", "deleted": false, "disable_correlation": false, "timestamp": "1468332994", "to_ids": true, "type": "sha1", "uuid": "5784fbc2-07c4-46d6-b2bd-897902de0b81", "value": "a047912dfb7c811d9f0c72d662eb081206fad322" }, { "category": "Payload delivery", "comment": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599", "deleted": false, "disable_correlation": false, "timestamp": "1468332994", "to_ids": true, "type": "md5", "uuid": "5784fbc2-4718-443f-bc6e-897902de0b81", "value": "af8a9d91f30566b2ed77617a045761ba" }, { "category": "External analysis", "comment": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599", "deleted": false, "disable_correlation": false, "timestamp": "1468332994", "to_ids": false, "type": "link", "uuid": "5784fbc2-fb6c-4d07-b42f-897902de0b81", "value": "https://www.virustotal.com/file/1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599/analysis/1468011597/" }, { "category": "Payload delivery", "comment": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4", "deleted": false, "disable_correlation": false, "timestamp": "1468332995", "to_ids": true, "type": "sha1", "uuid": "5784fbc3-5210-4c19-b102-897902de0b81", "value": "6a5082d6b5eb17b832be4a71284a4e1efc7054e1" }, { "category": "Payload delivery", "comment": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4", "deleted": false, "disable_correlation": false, "timestamp": "1468332995", "to_ids": true, "type": "md5", "uuid": "5784fbc3-319c-4095-9990-897902de0b81", "value": "024baaaa8247f1d06a6f803a2226efc4" }, { "category": "External analysis", "comment": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4", "deleted": false, "disable_correlation": false, "timestamp": "1468332995", "to_ids": false, "type": "link", "uuid": "5784fbc3-e1a4-475f-89b7-897902de0b81", "value": "https://www.virustotal.com/file/8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4/analysis/1468011598/" }, { "category": "Payload delivery", "comment": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf", "deleted": false, "disable_correlation": false, "timestamp": "1468332995", "to_ids": true, "type": "sha1", "uuid": "5784fbc3-4c24-43c1-b5d5-897902de0b81", "value": "24cd712a744b4b290341417fe2fcde0bdbacd18a" }, { "category": "Payload delivery", "comment": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf", "deleted": false, "disable_correlation": false, "timestamp": "1468332995", "to_ids": true, "type": "md5", "uuid": "5784fbc3-4960-474d-b472-897902de0b81", "value": "a93c47161adc1645e2018e5d03cbd104" }, { "category": "External analysis", "comment": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf", "deleted": false, "disable_correlation": false, "timestamp": "1468332996", "to_ids": false, "type": "link", "uuid": "5784fbc4-fbc0-4c27-8494-897902de0b81", "value": "https://www.virustotal.com/file/69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf/analysis/1468011598/" }, { "category": "Payload delivery", "comment": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6", "deleted": false, "disable_correlation": false, "timestamp": "1468332996", "to_ids": true, "type": "sha1", "uuid": "5784fbc4-b124-4199-ae5f-897902de0b81", "value": "5cb432180a440b67f0493654514e8378014baad9" }, { "category": "Payload delivery", "comment": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6", "deleted": false, "disable_correlation": false, "timestamp": "1468332996", "to_ids": true, "type": "md5", "uuid": "5784fbc4-3b24-448e-9ad8-897902de0b81", "value": "1b3cafb71e8e1ccd13bcbe79e3d5c05c" }, { "category": "External analysis", "comment": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6", "deleted": false, "disable_correlation": false, "timestamp": "1468332996", "to_ids": false, "type": "link", "uuid": "5784fbc4-88d8-4785-816b-897902de0b81", "value": "https://www.virustotal.com/file/f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6/analysis/1468011597/" }, { "category": "Payload delivery", "comment": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d", "deleted": false, "disable_correlation": false, "timestamp": "1468332997", "to_ids": true, "type": "sha1", "uuid": "5784fbc5-f5b8-4f27-91bd-897902de0b81", "value": "13df492660de3497d11808e1160463437c20c7c4" }, { "category": "Payload delivery", "comment": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d", "deleted": false, "disable_correlation": false, "timestamp": "1468332997", "to_ids": true, "type": "md5", "uuid": "5784fbc5-f5a8-4fa8-ab4e-897902de0b81", "value": "a6777d7632039897a4a7abebb887cba0" }, { "category": "External analysis", "comment": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d", "deleted": false, "disable_correlation": false, "timestamp": "1468332997", "to_ids": false, "type": "link", "uuid": "5784fbc5-f4fc-485d-8226-897902de0b81", "value": "https://www.virustotal.com/file/67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d/analysis/1467988434/" }, { "category": "Payload delivery", "comment": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de", "deleted": false, "disable_correlation": false, "timestamp": "1468332997", "to_ids": true, "type": "sha1", "uuid": "5784fbc5-bd04-447a-a61d-897902de0b81", "value": "d8137dce31b5e05d8a855fcd1217a1853c05794d" }, { "category": "Payload delivery", "comment": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de", "deleted": false, "disable_correlation": false, "timestamp": "1468332997", "to_ids": true, "type": "md5", "uuid": "5784fbc5-572c-41b3-88f3-897902de0b81", "value": "3de759a545bc530f0ca846a141201597" }, { "category": "External analysis", "comment": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de", "deleted": false, "disable_correlation": false, "timestamp": "1468332998", "to_ids": false, "type": "link", "uuid": "5784fbc6-c44c-42ed-8ce6-897902de0b81", "value": "https://www.virustotal.com/file/5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de/analysis/1468011596/" } ] } }