{ "Event": { "analysis": "2", "date": "2015-08-10", "extends_uuid": "", "info": "OSINT The Italian Connection: An analysis of exploit supply chains and digital quartermasters by Shadowserver", "publish_timestamp": "1439284620", "published": true, "threat_level_id": "2", "timestamp": "1439277902", "uuid": "55c98ff2-f2fc-4284-8a34-f483950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439272971", "to_ids": false, "type": "link", "uuid": "55c9900b-ff40-479f-b25c-783f950d210b", "value": "http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277199", "to_ids": false, "type": "link", "uuid": "55c9a090-4bdc-4b6e-a267-354c950d210b", "value": "https://drive.google.com/file/d/0Bw35r_AUUldgRUZfeVBjZVJWWXM/view?usp=sharing" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277200", "to_ids": false, "type": "link", "uuid": "55c9a090-328c-4dc1-a05d-354c950d210b", "value": "https://docs.google.com/spreadsheets/d/1qEG16_zIYYfdxBPfT9cscR5rHG1OphI0Cdof_WlJjOg/pub?output=xlsx" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277334", "to_ids": true, "type": "md5", "uuid": "55c9a116-dc18-4aeb-87e5-354c950d210b", "value": "dceae0d1a680bc098bae9da466e12610" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277334", "to_ids": true, "type": "md5", "uuid": "55c9a116-ad48-4953-b203-354c950d210b", "value": "5392f1399a49935817669d22e5e644ea" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277334", "to_ids": true, "type": "md5", "uuid": "55c9a116-5ac0-4a82-821c-354c950d210b", "value": "da6c98d8f37290a10119fbca33eec58a" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277334", "to_ids": true, "type": "md5", "uuid": "55c9a116-ecc4-48a3-ba45-354c950d210b", "value": "878d13b8ceb49cfe9ff1b063bffeb9a9" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277335", "to_ids": true, "type": "md5", "uuid": "55c9a117-4b28-46c5-9795-354c950d210b", "value": "079a440bee0f86d8a59ebc5c4b523a07" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277335", "to_ids": true, "type": "md5", "uuid": "55c9a117-6fc4-4db7-9ab9-354c950d210b", "value": "2c6126e9f308d1be11553978e8a97621" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277335", "to_ids": true, "type": "md5", "uuid": "55c9a117-7848-47f5-9194-354c950d210b", "value": "75dc1e22e16c39e3532673f75fd41b93" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277335", "to_ids": true, "type": "md5", "uuid": "55c9a117-aaa4-487b-aec2-354c950d210b", "value": "00591821f328911380277272164d08cd" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277335", "to_ids": true, "type": "md5", "uuid": "55c9a117-50d4-45f8-8f86-354c950d210b", "value": "0b3a047d31461e20887bb1d32b4e472f" }, { "category": "Payload delivery", "comment": "HT_Exploit CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277336", "to_ids": true, "type": "md5", "uuid": "55c9a118-0c54-4981-a542-354c950d210b", "value": "f46019f795bd721262dc69988d7e53bc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277346", "to_ids": true, "type": "md5", "uuid": "55c9a122-d848-46a7-8344-354c950d210b", "value": "557f8d4c6f8b386c32001def807dc715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277346", "to_ids": true, "type": "md5", "uuid": "55c9a122-b950-4cc1-99c1-354c950d210b", "value": "e9a57f70f739cb26dc053238b0a97425" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277372", "to_ids": true, "type": "md5", "uuid": "55c9a13c-1894-49b2-b6f8-3121950d210b", "value": "ceda2299257c96e60ead75fce414c68d" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277372", "to_ids": true, "type": "md5", "uuid": "55c9a13c-de70-4ef4-aea0-3121950d210b", "value": "726bd0bd6cca8d481cf6165c95528caa" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277372", "to_ids": true, "type": "md5", "uuid": "55c9a13c-e8ec-4c72-b7ec-3121950d210b", "value": "b65076f4cb6e74429dd02fcacda0bec3" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277372", "to_ids": true, "type": "md5", "uuid": "55c9a13c-8d24-4c6b-b494-3121950d210b", "value": "8a8e9bbf1ca2a926f0a5d06217eeea55" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277373", "to_ids": true, "type": "md5", "uuid": "55c9a13d-0bc8-4048-940f-3121950d210b", "value": "054d9852de6983116bd3d521e8d73296" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277373", "to_ids": true, "type": "md5", "uuid": "55c9a13d-94a8-4d4a-84d0-3121950d210b", "value": "15112a53fcecc4c666a82ca84a853716" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277373", "to_ids": true, "type": "md5", "uuid": "55c9a13d-3410-4df8-899f-3121950d210b", "value": "727dd4a7aae56a8202c5aa7758ea5d46" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277373", "to_ids": true, "type": "md5", "uuid": "55c9a13d-c3c4-45e0-b04b-3121950d210b", "value": "e33cf5b9f3991a8ee4e71f4380dd7eb1" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277373", "to_ids": true, "type": "md5", "uuid": "55c9a13d-81f4-4bb0-a6c2-3121950d210b", "value": "451c52652ddb28e9071078f214a327a7" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277374", "to_ids": true, "type": "md5", "uuid": "55c9a13e-9d40-4436-a60f-3121950d210b", "value": "b1238ccbb10af3e81110d3afacd98161" }, { "category": "Payload delivery", "comment": "flash_exploit_002 CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277374", "to_ids": true, "type": "md5", "uuid": "55c9a13e-4ac8-4b90-a0a7-3121950d210b", "value": "b7d39c5833e5896b7f5849966095a4bf" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277401", "to_ids": true, "type": "md5", "uuid": "55c9a159-5edc-4e68-8e5d-3108950d210b", "value": "c101d289d36558c6fbe388d32bd32ab4" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277401", "to_ids": true, "type": "md5", "uuid": "55c9a159-7fb8-400e-81f0-3108950d210b", "value": "9bf3e6a95a261a449be02ac03d4f0523" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277402", "to_ids": true, "type": "md5", "uuid": "55c9a15a-f528-45d4-befb-3108950d210b", "value": "42b091f63548fccbbd87f8c06b632dda" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277402", "to_ids": true, "type": "md5", "uuid": "55c9a15a-af9c-4e34-bfe6-3108950d210b", "value": "dccb71a74f719aa23e8bbb51ec037f56" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277402", "to_ids": true, "type": "md5", "uuid": "55c9a15a-1f1c-40f9-b65e-3108950d210b", "value": "e15fb188c0c50d62657c7fd368a9a4ab" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277402", "to_ids": true, "type": "md5", "uuid": "55c9a15a-6068-4428-b3bc-3108950d210b", "value": "53473af71d40568d25da87fc41dfe500" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277402", "to_ids": true, "type": "md5", "uuid": "55c9a15a-7448-4381-8db0-3108950d210b", "value": "5beb4504fe22e859a2b09cd5a654b23e" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277403", "to_ids": true, "type": "md5", "uuid": "55c9a15b-1fd4-4933-829f-3108950d210b", "value": "9647626a70f006b49bc35d110aaadf8a" }, { "category": "Payload delivery", "comment": "exp1_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277403", "to_ids": true, "type": "md5", "uuid": "55c9a15b-4478-45ec-ab95-3108950d210b", "value": "4dd21fd277c772bcf8b9d1d72bf68de8" }, { "category": "Payload delivery", "comment": "exp2_fla/MainTimeline CVE-2015-5122", "deleted": false, "disable_correlation": false, "timestamp": "1439277437", "to_ids": true, "type": "md5", "uuid": "55c9a17d-f79c-46f9-b7b6-354d950d210b", "value": "195bdc84f114c282e61f206dc88cd26d" }, { "category": "Payload delivery", "comment": "movie_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277457", "to_ids": true, "type": "md5", "uuid": "55c9a191-a2bc-44cb-8d61-354d950d210b", "value": "edcd313791506c623d8a2a88b9b0e84c" }, { "category": "Payload delivery", "comment": "movie_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277457", "to_ids": true, "type": "md5", "uuid": "55c9a191-14c8-4eff-a7d1-354d950d210b", "value": "83388058055d325a2fa5288182a41e89" }, { "category": "Payload delivery", "comment": "movie_fla/MainTimeline CVE-2015-5119", "deleted": false, "disable_correlation": false, "timestamp": "1439277457", "to_ids": true, "type": "md5", "uuid": "55c9a191-cd64-4f31-bcd1-354d950d210b", "value": "aa9eded1eb95f026aaf84919cc27ad32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277478", "to_ids": false, "type": "vulnerability", "uuid": "55c9a1a6-b068-4506-8cd9-354c950d210b", "value": "CVE-2015-5119" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277478", "to_ids": false, "type": "vulnerability", "uuid": "55c9a1a6-c83c-47df-a513-354c950d210b", "value": "CVE-2015-5122" }, { "category": "Payload delivery", "comment": "HT_exploit.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277540", "to_ids": true, "type": "md5", "uuid": "55c9a1e4-3e3c-4991-8f5e-3108950d210b", "value": "55bc2ac6bfcaaf9364a67cbd837aa66e" }, { "category": "Payload delivery", "comment": "MyClass.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277555", "to_ids": true, "type": "md5", "uuid": "55c9a1f3-a97c-46fc-8db7-2128950d210b", "value": "3652a267b318b13c99c1a817416406ee" }, { "category": "Payload delivery", "comment": "MyClass1.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277569", "to_ids": true, "type": "md5", "uuid": "55c9a201-0080-471f-815e-28c3950d210b", "value": "4b705980ed1b07becd76f47e007b5b3a" }, { "category": "Payload delivery", "comment": "MyClass2.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277581", "to_ids": true, "type": "md5", "uuid": "55c9a20d-85c4-4d66-8e65-355a950d210b", "value": "955de95974a6228846cea327772815fe" }, { "category": "Payload delivery", "comment": "MyUtils.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277602", "to_ids": true, "type": "md5", "uuid": "55c9a222-ae44-4435-be83-80e8950d210b", "value": "23489ab7e77f7c69db3e2c6fd791bddb" }, { "category": "Payload delivery", "comment": "ShellWin32.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277611", "to_ids": true, "type": "md5", "uuid": "55c9a22b-8db0-4e34-be09-80e8950d210b", "value": "2d34c498fa0a65a59fd724d1d5466fbc" }, { "category": "Payload delivery", "comment": "\u00c2\u00a7bin_bin$cdc90048eba972f1f617b202a379b8d8-1052822192\u00c2\u00a7.as", "deleted": false, "disable_correlation": false, "timestamp": "1439277627", "to_ids": true, "type": "md5", "uuid": "55c9a23b-9188-4952-baa5-354d950d210b", "value": "b5847d4f60ecba8a09a019d8826a6a18" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277749", "to_ids": true, "type": "md5", "uuid": "55c9a2b5-d574-4464-9a0e-28c3950d210b", "value": "00bdfdbc00dd1faa7896926b99444e2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277749", "to_ids": true, "type": "md5", "uuid": "55c9a2b5-1410-441e-9b5b-28c3950d210b", "value": "026cb3d736b6cd7d3529e04e72d35923" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277749", "to_ids": true, "type": "md5", "uuid": "55c9a2b5-1b4c-44df-8643-28c3950d210b", "value": "033ec22cedaaf87f35024104ec4ec7a6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277750", "to_ids": true, "type": "md5", "uuid": "55c9a2b6-a6f0-4e67-9f96-28c3950d210b", "value": "058fe24b7de10d915737ede604b3954e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277750", "to_ids": true, "type": "md5", "uuid": "55c9a2b6-c8ec-4cd5-a3ec-28c3950d210b", "value": "0a28f677465fdf76689ca2fcabc68d53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277750", "to_ids": true, "type": "md5", "uuid": "55c9a2b6-f6d0-427a-b92b-28c3950d210b", "value": "12aba18ebd49f917c42e08aed6a2d48a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277750", "to_ids": true, "type": "md5", "uuid": "55c9a2b6-7988-4893-9c65-28c3950d210b", "value": "13943e2d51bc32daa8199dfe4473b620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277750", "to_ids": true, "type": "md5", "uuid": "55c9a2b6-25fc-4b1c-9f47-28c3950d210b", "value": "16664601808c8aa59ecd11c37042b81f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277751", "to_ids": true, "type": "md5", "uuid": "55c9a2b7-5c54-4ec1-a1e6-28c3950d210b", "value": "1b127227d6228ce32b93d197756b6708" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277751", "to_ids": true, "type": "md5", "uuid": "55c9a2b7-b0fc-40d1-8ffa-28c3950d210b", "value": "1cb92899533679ebc17fd81c3d4059a7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277751", "to_ids": true, "type": "md5", "uuid": "55c9a2b7-e334-4a52-a747-28c3950d210b", "value": "1ed9c8e84f55c337584869a25b06f453" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277751", "to_ids": true, "type": "md5", "uuid": "55c9a2b7-5794-4486-8293-28c3950d210b", "value": "21feb2974475a85b2cdf9cc196064796" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277751", "to_ids": true, "type": "md5", "uuid": "55c9a2b7-7940-4797-8904-28c3950d210b", "value": "29c555ab97f74d957dce14c961d07eff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277752", "to_ids": true, "type": "md5", "uuid": "55c9a2b8-ddd0-46c0-b45f-28c3950d210b", "value": "2ad0335cc530ebfe59901e4d3b31db7b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277752", "to_ids": true, "type": "md5", "uuid": "55c9a2b8-e2ac-44e6-97b0-28c3950d210b", "value": "34b614df1e57f2ce95997f85078de2f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277752", "to_ids": true, "type": "md5", "uuid": "55c9a2b8-2bb8-48b4-8d35-28c3950d210b", "value": "3614e902f822b6c30e024b80e7f1487b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277752", "to_ids": true, "type": "md5", "uuid": "55c9a2b8-29c0-4acb-b92e-28c3950d210b", "value": "36f87c500445e056005beec62f6684b1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277752", "to_ids": true, "type": "md5", "uuid": "55c9a2b8-6ba0-4c86-adbf-28c3950d210b", "value": "37862fa22c69e945ba6ec5492e518558" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277753", "to_ids": true, "type": "md5", "uuid": "55c9a2b9-3640-4156-a0a3-28c3950d210b", "value": "3e7f8f4f2fdd7c587d0212ad38c10805" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277753", "to_ids": true, "type": "md5", "uuid": "55c9a2b9-6068-41f1-898a-28c3950d210b", "value": "3fa797e193ff815afc9378c3a025bcde" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277753", "to_ids": true, "type": "md5", "uuid": "55c9a2b9-2900-4a97-8388-28c3950d210b", "value": "46997daab86bef5a7eaaa705924c1e2a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277753", "to_ids": true, "type": "md5", "uuid": "55c9a2b9-111c-49aa-8cc6-28c3950d210b", "value": "4cfeff03580ef09b8dc7cf098bb057e3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277753", "to_ids": true, "type": "md5", "uuid": "55c9a2b9-c878-44df-9b1e-28c3950d210b", "value": "4de5d537bd29289703bf7bf5a54f6c8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277754", "to_ids": true, "type": "md5", "uuid": "55c9a2ba-103c-4c54-b5ef-28c3950d210b", "value": "4eaa236e48598bce7e9b67edb143ca79" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277754", "to_ids": true, "type": "md5", "uuid": "55c9a2ba-1c10-4356-a3ce-28c3950d210b", "value": "504eedb7ed01bc7748d2bdaf7f0e48cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277754", "to_ids": true, "type": "md5", "uuid": "55c9a2ba-2c78-4e91-872d-28c3950d210b", "value": "522eed25db0776b18e3a0385ff1f2f74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277754", "to_ids": true, "type": "md5", "uuid": "55c9a2ba-cffc-465a-a34b-28c3950d210b", "value": "535f6f7b3a21d53b4b316b322d238ada" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277754", "to_ids": true, "type": "md5", "uuid": "55c9a2ba-955c-42ee-afd7-28c3950d210b", "value": "541f6853cef8144574d8fcdb89aef9e1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277755", "to_ids": true, "type": "md5", "uuid": "55c9a2bb-fa9c-44af-b7a9-28c3950d210b", "value": "57fab79d1f3836561c5da600c8ed2773" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277755", "to_ids": true, "type": "md5", "uuid": "55c9a2bb-0cbc-45eb-98a8-28c3950d210b", "value": "6302d1026fb32fe7ca579cb503c77234" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277755", "to_ids": true, "type": "md5", "uuid": "55c9a2bb-8304-4cd3-8722-28c3950d210b", "value": "6d8d6121af6ba6a8679b876faeb59c01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277755", "to_ids": true, "type": "md5", "uuid": "55c9a2bb-a368-4587-b9df-28c3950d210b", "value": "76bbf9cfe6d6870d3e35cf038c39234c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277755", "to_ids": true, "type": "md5", "uuid": "55c9a2bb-a8b0-4b42-bb5d-28c3950d210b", "value": "784045c9663a0ac2c3e7509692e32919" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277756", "to_ids": true, "type": "md5", "uuid": "55c9a2bc-fba4-4dcd-bc12-28c3950d210b", "value": "785e8af0535717183f547b6d876513f0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277756", "to_ids": true, "type": "md5", "uuid": "55c9a2bc-c4bc-45ac-8b37-28c3950d210b", "value": "7d2e309c07099aaa2cf99d4075d77975" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277756", "to_ids": true, "type": "md5", "uuid": "55c9a2bc-d7a8-4543-90de-28c3950d210b", "value": "80512010e667756f7d611f5cc6a6f9bb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277756", "to_ids": true, "type": "md5", "uuid": "55c9a2bc-3130-46f9-b964-28c3950d210b", "value": "85fda4eca55c317752eeabfcba3579a9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277756", "to_ids": true, "type": "md5", "uuid": "55c9a2bc-27cc-4d62-b3e7-28c3950d210b", "value": "8afb5ce6428615b8bf8c3246bbf964ad" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277757", "to_ids": true, "type": "md5", "uuid": "55c9a2bd-c844-47e3-9f90-28c3950d210b", "value": "8e52606b6c31f27b5984ac086f8c0b0f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277757", "to_ids": true, "type": "md5", "uuid": "55c9a2bd-3de8-4da8-9734-28c3950d210b", "value": "94dc2df0886a9b4be8c00336b3b5da5e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277757", "to_ids": true, "type": "md5", "uuid": "55c9a2bd-d8f4-45ed-91f5-28c3950d210b", "value": "aaa62d5f0e348f0e890ad9d3f71e448d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277757", "to_ids": true, "type": "md5", "uuid": "55c9a2bd-3a00-49f2-b353-28c3950d210b", "value": "abf00336a309976e60909e08008836f8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277757", "to_ids": true, "type": "md5", "uuid": "55c9a2bd-1480-496d-9390-28c3950d210b", "value": "acf3b75887d85dcc046792fd83664ef6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277758", "to_ids": true, "type": "md5", "uuid": "55c9a2be-6f04-4aba-ade6-28c3950d210b", "value": "b067468484fa4fc1bb27a1a4dcead881" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277758", "to_ids": true, "type": "md5", "uuid": "55c9a2be-7b58-4952-a1ed-28c3950d210b", "value": "b1bbf35ca05af9486bdfbcbc00961eb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277758", "to_ids": true, "type": "md5", "uuid": "55c9a2be-30e0-4dce-aad2-28c3950d210b", "value": "b45bec70393db70c3c7c6d5f643cdd64" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277758", "to_ids": true, "type": "md5", "uuid": "55c9a2be-0c54-4b37-827e-28c3950d210b", "value": "b55e7fd5b60ddd9e19feb8a839f4e6e6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277758", "to_ids": true, "type": "md5", "uuid": "55c9a2be-f6d0-41cc-a733-28c3950d210b", "value": "b7fb0e9c99b9d4acf0b27b3cd42ae15d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277759", "to_ids": true, "type": "md5", "uuid": "55c9a2bf-a7f0-49fb-82d1-28c3950d210b", "value": "bbf32eeb560a42a3a69beaed645e7777" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277759", "to_ids": true, "type": "md5", "uuid": "55c9a2bf-59f8-4a6c-b747-28c3950d210b", "value": "c15fb58e768f7625393a8dbbf01c9c26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277759", "to_ids": true, "type": "md5", "uuid": "55c9a2bf-9544-4543-8eb5-28c3950d210b", "value": "cb713b544dce5a2505e393f6587aaa47" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277759", "to_ids": true, "type": "md5", "uuid": "55c9a2bf-9b10-4c81-9b3e-28c3950d210b", "value": "d5288a98aa9a5f101b9608962d165fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277759", "to_ids": true, "type": "md5", "uuid": "55c9a2bf-df64-44dc-9e17-28c3950d210b", "value": "d536c4b71d131848e965c4524780a8aa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277760", "to_ids": true, "type": "md5", "uuid": "55c9a2c0-c6e0-4910-9757-28c3950d210b", "value": "d5e55bf308d670d68e1ad610e1d2efe3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277760", "to_ids": true, "type": "md5", "uuid": "55c9a2c0-dfe4-4211-9b15-28c3950d210b", "value": "e1cd6400f115f60213764347f927f7e6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277760", "to_ids": true, "type": "md5", "uuid": "55c9a2c0-e71c-4dbf-ab0f-28c3950d210b", "value": "e78376c3ea222d46509900be990fba66" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277760", "to_ids": true, "type": "md5", "uuid": "55c9a2c0-f070-44e2-9bf9-28c3950d210b", "value": "fa9142065d6550d729168b5977f2cf14" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1439277760", "to_ids": true, "type": "md5", "uuid": "55c9a2c0-4ccc-4eeb-bf79-28c3950d210b", "value": "ff989967416d02ede7a2a44667c02ff2" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277895", "to_ids": true, "type": "ip-dst", "uuid": "55c9a347-9518-48bf-a0a2-354b950d210b", "value": "172.246.109.27" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277895", "to_ids": true, "type": "ip-dst", "uuid": "55c9a347-eb94-4dd2-838d-354b950d210b", "value": "202.183.129.155" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277895", "to_ids": true, "type": "ip-dst", "uuid": "55c9a347-f500-4af1-a77e-354b950d210b", "value": "203.249.88.243" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277896", "to_ids": true, "type": "ip-dst", "uuid": "55c9a348-67a0-4b6f-a48d-354b950d210b", "value": "211.226.71.4" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277896", "to_ids": true, "type": "ip-dst", "uuid": "55c9a348-c888-4d27-87bf-354b950d210b", "value": "213.186.164.211" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277896", "to_ids": true, "type": "ip-dst", "uuid": "55c9a348-2e50-435a-8b69-354b950d210b", "value": "220.134.9.49" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277896", "to_ids": true, "type": "ip-dst", "uuid": "55c9a348-3d70-4668-aebb-354b950d210b", "value": "223.25.233.248" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277896", "to_ids": true, "type": "ip-dst", "uuid": "55c9a349-5ddc-4dcf-b471-354b950d210b", "value": "70.90.107.245" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277897", "to_ids": true, "type": "ip-dst", "uuid": "55c9a349-4f68-4d69-b66c-354b950d210b", "value": "95.110.210.31" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277897", "to_ids": true, "type": "hostname", "uuid": "55c9a349-d340-4cc9-a6a0-354b950d210b", "value": "amxil.opmuert.org" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277897", "to_ids": true, "type": "domain", "uuid": "55c9a349-bbd0-48d4-8ef7-354b950d210b", "value": "appeal.ml" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277897", "to_ids": true, "type": "hostname", "uuid": "55c9a349-8f6c-48b7-8a80-354b950d210b", "value": "bluecoat.isasecret.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277897", "to_ids": true, "type": "hostname", "uuid": "55c9a349-aae8-4a4d-af64-354b950d210b", "value": "cdn.sanecat.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277898", "to_ids": true, "type": "hostname", "uuid": "55c9a34a-7854-42c3-a7f6-354b950d210b", "value": "dns.snakesearch.info" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277898", "to_ids": true, "type": "url", "uuid": "55c9a34a-0ff4-45a5-859f-354b950d210b", "value": "eniw577dlcp4zbag.onion" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277898", "to_ids": true, "type": "hostname", "uuid": "55c9a34a-6f20-48dc-b396-354b950d210b", "value": "fileshare.serveftp.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277898", "to_ids": true, "type": "hostname", "uuid": "55c9a34a-58d0-43e6-b65b-354b950d210b", "value": "inbox.webmailgoogle.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277898", "to_ids": true, "type": "hostname", "uuid": "55c9a34a-bb90-4e1e-a485-354b950d210b", "value": "jiussharefiles.ddns.net" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277899", "to_ids": true, "type": "hostname", "uuid": "55c9a34b-3b78-412c-bb61-354b950d210b", "value": "jp.virhub.biz" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277899", "to_ids": true, "type": "hostname", "uuid": "55c9a34b-9aac-41f2-9d41-354b950d210b", "value": "news.turkceil.tk" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277899", "to_ids": true, "type": "hostname", "uuid": "55c9a34b-7028-41c0-9f9e-354b950d210b", "value": "news.voanews.hk" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277899", "to_ids": true, "type": "hostname", "uuid": "55c9a34b-dc38-4aec-9615-354b950d210b", "value": "oop.jumpingcrab.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277899", "to_ids": true, "type": "hostname", "uuid": "55c9a34b-77f8-4afe-ad28-354b950d210b", "value": "sb.iffymonkey.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277900", "to_ids": true, "type": "hostname", "uuid": "55c9a34c-60d4-40f7-83d4-354b950d210b", "value": "sbuudd.webssl9.info" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277900", "to_ids": true, "type": "hostname", "uuid": "55c9a34c-3f0c-40d8-a5b4-354b950d210b", "value": "twnic.ignorelist.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277900", "to_ids": true, "type": "hostname", "uuid": "55c9a34c-4d10-413d-94db-354b950d210b", "value": "web.paramerat.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277900", "to_ids": true, "type": "hostname", "uuid": "55c9a34c-981c-415c-8684-354b950d210b", "value": "whois.nictr.info" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277900", "to_ids": true, "type": "hostname", "uuid": "55c9a34c-5fa4-4b52-8258-354b950d210b", "value": "win7.myz.info" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277901", "to_ids": true, "type": "hostname", "uuid": "55c9a34d-ff30-49a9-82f2-354b950d210b", "value": "www.aprilmusic.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277901", "to_ids": true, "type": "hostname", "uuid": "55c9a34d-0580-45c9-af5c-354b950d210b", "value": "www.mcafeea.cf" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277901", "to_ids": true, "type": "hostname", "uuid": "55c9a34d-68ac-4e61-b5b5-354b950d210b", "value": "www.n-fit-sub.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277901", "to_ids": true, "type": "url", "uuid": "55c9a34d-a708-4481-987f-354b950d210b", "value": "www.n-fit-sub.com/ec/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277901", "to_ids": true, "type": "url", "uuid": "55c9a34d-4124-4bd1-9068-354b950d210b", "value": "www.nichiiko-golf.com/news/index.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277902", "to_ids": true, "type": "hostname", "uuid": "55c9a34e-3a40-46fe-99d4-354b950d210b", "value": "www.wordpress.zzux.com" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1439277902", "to_ids": true, "type": "hostname", "uuid": "55c9a34e-3e44-45fb-b150-354b950d210b", "value": "yunwu1.xicp.net" } ] } }