{ "Event": { "analysis": "2", "date": "2016-05-25", "extends_uuid": "", "info": "OSINT - CVE-2015-2545: overview of current threats", "publish_timestamp": "1469608746", "published": true, "threat_level_id": "2", "timestamp": "1469608718", "uuid": "57460863-76dc-4272-8116-4ea302de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#001cad", "name": "estimative-language:likelihood-probability=\"very-likely\"" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1464207497", "to_ids": false, "type": "vulnerability", "uuid": "57460889-aeb0-4560-95a9-4f1802de0b81", "value": "CVE-2015-2545" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1464207574", "to_ids": false, "type": "link", "uuid": "574608d6-0abc-48d9-9b54-443502de0b81", "value": "https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1464207590", "to_ids": false, "type": "comment", "uuid": "574608e6-2b38-4738-b31a-453902de0b81", "value": "CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft\u00e2\u20ac\u2122s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.\r\n\r\nThe error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods.\r\n\r\nThe exploit was discovered in the wild in August 2015, when it was used in a targeted attack by the Platinum group, presumably against targets in India. Over the following months, there was significant growth in the number of threat actors using the vulnerability as a primary tool for initial penetration, with both the attack groups and their targets located in South-East and Central Asia and the Far East.\r\n\r\nIn this research paper, we discuss examples of attacks using the CVE-2015-2545 vulnerability undertaken by some of these groups." }, { "category": "Network activity", "comment": "SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207656", "to_ids": true, "type": "ip-dst", "uuid": "57460928-61e0-4a43-83f2-477202de0b81", "value": "59.188.13.204" }, { "category": "Network activity", "comment": "SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207657", "to_ids": true, "type": "ip-dst", "uuid": "57460929-ad38-4a8d-9e38-45bb02de0b81", "value": "180.128.10.28" }, { "category": "Network activity", "comment": "SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207657", "to_ids": true, "type": "hostname", "uuid": "57460929-61c0-4cb1-aa13-4f7e02de0b81", "value": "www.ocaler.mooo.com" }, { "category": "Network activity", "comment": "SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207658", "to_ids": true, "type": "hostname", "uuid": "5746092a-6dd0-420b-ba0c-4b4a02de0b81", "value": "www.onmypc.serverpit.com" }, { "category": "Payload delivery", "comment": "(svcmondr.ex, Taiwan) - SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207694", "to_ids": true, "type": "md5", "uuid": "5746094e-8e0c-489f-93bf-4b9502de0b81", "value": "8052234dcd41a7d619acb0ec9636be0b" }, { "category": "Payload delivery", "comment": "(svcmondr.ex,Thailand) - SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207695", "to_ids": true, "type": "md5", "uuid": "5746094f-cd60-4203-a6b2-467e02de0b81", "value": "046b98a742cecc11fb18d9554483be2d" }, { "category": "Payload delivery", "comment": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207768", "to_ids": true, "type": "md5", "uuid": "57460998-5644-40f4-9db5-488702de0b81", "value": "d0533874d7255b881187e842e747c268" }, { "category": "Payload delivery", "comment": "EPS - Taiwan - SVCMONDR attacks", "deleted": false, "disable_correlation": false, "timestamp": "1464207819", "to_ids": true, "type": "md5", "uuid": "574609cb-b624-4311-85cb-41ba02de0b81", "value": "98c57aa9c7e3f90c4eb4afeba8128484" }, { "category": "Network activity", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207883", "to_ids": true, "type": "ip-dst", "uuid": "57460a0b-88c8-4d09-8a10-45ca02de0b81", "value": "74.208.4.200" }, { "category": "Network activity", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207883", "to_ids": true, "type": "ip-dst", "uuid": "57460a0b-9768-43d3-bd39-4a3f02de0b81", "value": "74.208.4.201" }, { "category": "Network activity", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207883", "to_ids": true, "type": "ip-dst", "uuid": "57460a0b-3c7c-4504-b6a3-488e02de0b81", "value": "180.150.227.135" }, { "category": "Network activity", "comment": "Danti port 443", "deleted": false, "disable_correlation": false, "timestamp": "1464207884", "to_ids": true, "type": "hostname", "uuid": "57460a0c-9ee4-4b9c-a7bb-44bd02de0b81", "value": "goback.strangled.net" }, { "category": "Network activity", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207884", "to_ids": true, "type": "hostname", "uuid": "57460a0c-3538-46c6-903b-472e02de0b81", "value": "carwiseplot.no-ip.org" }, { "category": "Payload delivery", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1469608718", "to_ids": true, "type": "ip-dst", "uuid": "57460a0d-e3d8-4ddc-b1b2-4d2a02de0b81", "value": "115.144.69.54" }, { "category": "Network activity", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207885", "to_ids": true, "type": "hostname", "uuid": "57460a0d-d384-4108-99dc-43e602de0b81", "value": "newsupdate.dynssl.com" }, { "category": "Network activity", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207885", "to_ids": true, "type": "hostname", "uuid": "57460a0d-05f8-4769-9f57-41c302de0b81", "value": "dnsnews.dns05.com" }, { "category": "Payload delivery", "comment": "(dropper, from cab-archive) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207962", "to_ids": true, "type": "md5", "uuid": "57460a5a-a738-4354-a28b-434902de0b81", "value": "6bbdbf6d3b24b8bfa296b9c76b95bb2f" }, { "category": "Payload delivery", "comment": "(http.exe) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207962", "to_ids": true, "type": "md5", "uuid": "57460a5a-4b44-4948-842e-42bf02de0b81", "value": "3fbe576d33595734a92a665e72e5a04f" }, { "category": "Payload delivery", "comment": "(lsass.exe) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207963", "to_ids": true, "type": "md5", "uuid": "57460a5b-9358-4317-9e00-451902de0b81", "value": "8ad9cb6b948bcf7f9211887e0cf6f02a" }, { "category": "Payload delivery", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207963", "to_ids": true, "type": "md5", "uuid": "57460a5b-a94c-4b80-af51-4d2802de0b81", "value": "9469dd12136b6514d82c3b01d6082f59" }, { "category": "Payload delivery", "comment": "(mshtml.dll) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207963", "to_ids": true, "type": "md5", "uuid": "57460a5b-a1d8-4c40-afe6-448902de0b81", "value": "be0cc8411c066eac246097045b73c282" }, { "category": "Payload delivery", "comment": "Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207964", "to_ids": true, "type": "md5", "uuid": "57460a5c-92c4-425f-8048-409402de0b81", "value": "bae673964e9bc2a45ebcc667895104ef" }, { "category": "Payload delivery", "comment": "(update.dat) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207964", "to_ids": true, "type": "md5", "uuid": "57460a5c-6788-4cbb-a57b-467402de0b81", "value": "d44e971b202d573f8c797845c90e4658" }, { "category": "Payload delivery", "comment": "(potplayer.dll) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207964", "to_ids": true, "type": "md5", "uuid": "57460a5c-040c-47b0-9e8a-424702de0b81", "value": "332397ec261393aaa58522c4357c3e48" }, { "category": "Payload delivery", "comment": "(appinfo.dat) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464207965", "to_ids": true, "type": "md5", "uuid": "57460a5d-8bf8-4467-b032-4f6d02de0b81", "value": "2460871a040628c379e04f79af37060d" }, { "category": "Payload delivery", "comment": "Potplayer - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208043", "to_ids": true, "type": "md5", "uuid": "57460aab-7250-4e4e-a149-4f0802de0b81", "value": "f16903b2ff82689404f7d0820f461e5d" }, { "category": "Payload delivery", "comment": "RarSFX - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208068", "to_ids": true, "type": "md5", "uuid": "57460ac4-b81c-4962-a877-4bd702de0b81", "value": "d0407e1a66ee2082a0d170814bd4ab02" }, { "category": "Payload delivery", "comment": "RarSFX - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208068", "to_ids": true, "type": "md5", "uuid": "57460ac4-848c-4f38-a3f5-455302de0b81", "value": "4902abe46039d36b45ac8a39c745445a" }, { "category": "Payload delivery", "comment": "(India, from Mission list) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208145", "to_ids": true, "type": "md5", "uuid": "57460b11-4d68-4fb9-a1a2-4ec202de0b81", "value": "07f4b663cc3bcb5899edba9eaf9cf4b5" }, { "category": "Payload delivery", "comment": "(India, HQ List) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208146", "to_ids": true, "type": "md5", "uuid": "57460b12-3aa4-4416-8b50-4fd702de0b81", "value": "a90a329335fa0af64d8394b28e0f86c1" }, { "category": "Payload delivery", "comment": "(India, Hotels) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208146", "to_ids": true, "type": "md5", "uuid": "57460b12-f4c8-44b4-a0b5-459702de0b81", "value": "b751323586c5e36d1d644ab42888a100" }, { "category": "Payload delivery", "comment": "(Holidays in India in 2016) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208146", "to_ids": true, "type": "md5", "uuid": "57460b12-2e74-4080-ba7e-468402de0b81", "value": "8cd2eb90fabd03ac97279d398b09a5e9" }, { "category": "Payload delivery", "comment": "(Holidays in India in 2016) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208179", "to_ids": true, "type": "md5", "uuid": "57460b33-0d18-47d6-b3c8-467102de0b81", "value": "d91f101427a39d9f40c41aa041197a9c" }, { "category": "Payload delivery", "comment": "Doc web archive - (HQ List)", "deleted": false, "disable_correlation": false, "timestamp": "1464208238", "to_ids": true, "type": "md5", "uuid": "57460b6e-9314-47e7-8f43-4aec02de0b81", "value": "c591263d56b57dfadd06a68dd9657343" }, { "category": "Payload delivery", "comment": "Doc web archive - (Mission List)", "deleted": false, "disable_correlation": false, "timestamp": "1464208238", "to_ids": true, "type": "md5", "uuid": "57460b6e-04e8-435c-9c6d-4afe02de0b81", "value": "aebf03ceaef042a833ee5459016f5bde" }, { "category": "Payload delivery", "comment": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels)", "deleted": false, "disable_correlation": false, "timestamp": "1464208238", "to_ids": true, "type": "md5", "uuid": "57460b6e-ca7c-43e4-9de2-419302de0b81", "value": "fd6636af7d2358c40fe6923b23a690e8" }, { "category": "Payload delivery", "comment": "(chancery@indianembassy.hu) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208310", "to_ids": true, "type": "md5", "uuid": "57460bb6-e4d0-4c1f-b19a-4cc902de0b81", "value": "aae962611da956a26a76d185455f1d44" }, { "category": "Payload delivery", "comment": "(amb.bogota@mea.gov.in) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208310", "to_ids": true, "type": "md5", "uuid": "57460bb6-5ed8-403c-bfc3-46d502de0b81", "value": "3ed40dec891fd48c7ec6fa49b1058d24" }, { "category": "Payload delivery", "comment": "(amb.copenhagen@mea.gov.in) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208311", "to_ids": true, "type": "md5", "uuid": "57460bb7-8b94-4426-a516-465102de0b81", "value": "1aefd1c30d1710f901c70be7f1366cae" }, { "category": "Payload delivery", "comment": "(India, dsfsi@nic.in) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208311", "to_ids": true, "type": "md5", "uuid": "57460bb7-5abc-41e9-8f48-471a02de0b81", "value": "f4c1e96717c82b14ca76384cb005fbe5" }, { "category": "Payload delivery", "comment": "(India, chumarpost@gmail.com) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208311", "to_ids": true, "type": "md5", "uuid": "57460bb7-5dac-4821-b3cc-4c1102de0b81", "value": "1ba92c6d35b7a31046e013d35fa48775" }, { "category": "Payload delivery", "comment": "(India, Cabinet Secretary) - Danti", "deleted": false, "disable_correlation": false, "timestamp": "1464208312", "to_ids": true, "type": "md5", "uuid": "57460bb8-da3c-4092-b589-4f6d02de0b81", "value": "6d55eb3ced35c7479f67167d84bf15f0" }, { "category": "Payload delivery", "comment": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "deleted": false, "disable_correlation": false, "timestamp": "1464208385", "to_ids": true, "type": "sha256", "uuid": "57460c01-da8c-4831-a3b7-434d02de0b81", "value": "7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a" }, { "category": "Payload delivery", "comment": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "deleted": false, "disable_correlation": false, "timestamp": "1464208386", "to_ids": true, "type": "sha1", "uuid": "57460c02-a9f0-4aee-86c3-4cc502de0b81", "value": "d12324a522b404b7949a971fbe767ae06b03c576" }, { "category": "External analysis", "comment": "(India, Cabinet Secretary) - Danti - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0", "deleted": false, "disable_correlation": false, "timestamp": "1464208386", "to_ids": false, "type": "link", "uuid": "57460c02-add0-4029-8b6f-412e02de0b81", "value": "https://www.virustotal.com/file/7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a/analysis/1463177598/" }, { "category": "Payload delivery", "comment": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775", "deleted": false, "disable_correlation": false, "timestamp": "1464208387", "to_ids": true, "type": "sha256", "uuid": "57460c03-e688-4ff9-a888-452a02de0b81", "value": "e60bd3259177f787718e940c1bb2196ffd3ea0d1f722cc644c85006ddb7a28f3" }, { "category": "Payload delivery", "comment": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775", "deleted": false, "disable_correlation": false, "timestamp": "1464208387", "to_ids": true, "type": "sha1", "uuid": "57460c03-ae98-4185-b4d4-405102de0b81", "value": "8f2b1de6ef70b1ac5ffb8f3aa77af6c402cfdf56" }, { "category": "External analysis", "comment": "(India, chumarpost@gmail.com) - Danti - Xchecked via VT: 1ba92c6d35b7a31046e013d35fa48775", "deleted": false, "disable_correlation": false, "timestamp": "1464208388", "to_ids": false, "type": "link", "uuid": "57460c04-44e8-43e7-b23d-45a102de0b81", "value": "https://www.virustotal.com/file/e60bd3259177f787718e940c1bb2196ffd3ea0d1f722cc644c85006ddb7a28f3/analysis/1456743780/" }, { "category": "Payload delivery", "comment": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "deleted": false, "disable_correlation": false, "timestamp": "1464208388", "to_ids": true, "type": "sha256", "uuid": "57460c04-9008-43ba-9994-483102de0b81", "value": "5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b" }, { "category": "Payload delivery", "comment": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "deleted": false, "disable_correlation": false, "timestamp": "1464208388", "to_ids": true, "type": "sha1", "uuid": "57460c04-ef20-4fd9-912d-493f02de0b81", "value": "c4830ed7558cff7abebc15e13fb0a9ad8d1edb71" }, { "category": "External analysis", "comment": "(India, dsfsi@nic.in) - Danti - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5", "deleted": false, "disable_correlation": false, "timestamp": "1464208389", "to_ids": false, "type": "link", "uuid": "57460c05-7538-4d64-ae0a-42c302de0b81", "value": "https://www.virustotal.com/file/5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b/analysis/1462540391/" }, { "category": "Payload delivery", "comment": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae", "deleted": false, "disable_correlation": false, "timestamp": "1464208389", "to_ids": true, "type": "sha256", "uuid": "57460c05-4b18-493f-9403-471102de0b81", "value": "1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51" }, { "category": "Payload delivery", "comment": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae", "deleted": false, "disable_correlation": false, "timestamp": "1464208390", "to_ids": true, "type": "sha1", "uuid": "57460c06-8dbc-4313-baac-492302de0b81", "value": "6793228ee3b6bd1a4bc91f17460b89d12d347fc9" }, { "category": "External analysis", "comment": "(amb.copenhagen@mea.gov.in) - Danti - Xchecked via VT: 1aefd1c30d1710f901c70be7f1366cae", "deleted": false, "disable_correlation": false, "timestamp": "1464208390", "to_ids": false, "type": "link", "uuid": "57460c06-c2e4-47eb-bdf2-4bfb02de0b81", "value": "https://www.virustotal.com/file/1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51/analysis/1464092908/" }, { "category": "Payload delivery", "comment": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24", "deleted": false, "disable_correlation": false, "timestamp": "1464208391", "to_ids": true, "type": "sha256", "uuid": "57460c07-d200-400e-b3af-423602de0b81", "value": "de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649" }, { "category": "Payload delivery", "comment": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24", "deleted": false, "disable_correlation": false, "timestamp": "1464208391", "to_ids": true, "type": "sha1", "uuid": "57460c07-6844-4ad1-bba9-41ec02de0b81", "value": "0e2c603e23219598dc3432d94df6dfae147cceab" }, { "category": "External analysis", "comment": "(amb.bogota@mea.gov.in) - Danti - Xchecked via VT: 3ed40dec891fd48c7ec6fa49b1058d24", "deleted": false, "disable_correlation": false, "timestamp": "1464208391", "to_ids": false, "type": "link", "uuid": "57460c07-2530-431c-b761-4dfa02de0b81", "value": "https://www.virustotal.com/file/de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649/analysis/1464092543/" }, { "category": "Payload delivery", "comment": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44", "deleted": false, "disable_correlation": false, "timestamp": "1464208392", "to_ids": true, "type": "sha256", "uuid": "57460c08-6cb8-4762-b60e-4f5102de0b81", "value": "4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5" }, { "category": "Payload delivery", "comment": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44", "deleted": false, "disable_correlation": false, "timestamp": "1464208392", "to_ids": true, "type": "sha1", "uuid": "57460c08-4894-4a04-98d1-444102de0b81", "value": "8bed9000c2f6347e683beadb1a5d4dedaccbd21f" }, { "category": "External analysis", "comment": "(chancery@indianembassy.hu) - Danti - Xchecked via VT: aae962611da956a26a76d185455f1d44", "deleted": false, "disable_correlation": false, "timestamp": "1464208393", "to_ids": false, "type": "link", "uuid": "57460c09-5318-4158-90c5-463502de0b81", "value": "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1464093143/" }, { "category": "Payload delivery", "comment": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8", "deleted": false, "disable_correlation": false, "timestamp": "1464208393", "to_ids": true, "type": "sha256", "uuid": "57460c09-5ab4-4592-83ed-44b502de0b81", "value": "6a1706e1351cf911126b0ee57a11ed01135f7d42d911b4067f61067786407e7e" }, { "category": "Payload delivery", "comment": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8", "deleted": false, "disable_correlation": false, "timestamp": "1464208394", "to_ids": true, "type": "sha1", "uuid": "57460c0a-d480-4a88-9eb0-41c802de0b81", "value": "415c13cfc0344303fc484c8465f973525975a338" }, { "category": "External analysis", "comment": "Doc web archive - (India\u00e2\u20ac\u2122s 10 Top Luxury Hotels) - Xchecked via VT: fd6636af7d2358c40fe6923b23a690e8", "deleted": false, "disable_correlation": false, "timestamp": "1464208394", "to_ids": false, "type": "link", "uuid": "57460c0a-8b3c-4f04-8981-4e9d02de0b81", "value": "https://www.virustotal.com/file/6a1706e1351cf911126b0ee57a11ed01135f7d42d911b4067f61067786407e7e/analysis/1458811357/" }, { "category": "Payload delivery", "comment": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde", "deleted": false, "disable_correlation": false, "timestamp": "1464208394", "to_ids": true, "type": "sha256", "uuid": "57460c0a-0800-4d12-8383-401102de0b81", "value": "785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db" }, { "category": "Payload delivery", "comment": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde", "deleted": false, "disable_correlation": false, "timestamp": "1464208395", "to_ids": true, "type": "sha1", "uuid": "57460c0b-4ab8-4de1-8259-487702de0b81", "value": "31b92f816c9f3f45aeb435d47b654cd02c07a633" }, { "category": "External analysis", "comment": "Doc web archive - (Mission List) - Xchecked via VT: aebf03ceaef042a833ee5459016f5bde", "deleted": false, "disable_correlation": false, "timestamp": "1464208395", "to_ids": false, "type": "link", "uuid": "57460c0b-8fe4-4a00-9aef-47cb02de0b81", "value": "https://www.virustotal.com/file/785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db/analysis/1464092177/" }, { "category": "Payload delivery", "comment": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "deleted": false, "disable_correlation": false, "timestamp": "1464208396", "to_ids": true, "type": "sha256", "uuid": "57460c0c-22e4-4fd4-a42b-45e602de0b81", "value": "eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc" }, { "category": "Payload delivery", "comment": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "deleted": false, "disable_correlation": false, "timestamp": "1464208396", "to_ids": true, "type": "sha1", "uuid": "57460c0c-b8c0-4913-a3fa-4d8202de0b81", "value": "8c248daec675cb873a9ee850336e871dd4642c5b" }, { "category": "External analysis", "comment": "Doc web archive - (HQ List) - Xchecked via VT: c591263d56b57dfadd06a68dd9657343", "deleted": false, "disable_correlation": false, "timestamp": "1464208397", "to_ids": false, "type": "link", "uuid": "57460c0d-7c3c-4b38-ab60-4f2402de0b81", "value": "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1464091843/" }, { "category": "Payload delivery", "comment": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c", "deleted": false, "disable_correlation": false, "timestamp": "1464208397", "to_ids": true, "type": "sha256", "uuid": "57460c0d-9d08-4b8d-9245-49d402de0b81", "value": "ba0b721350a6fcc036b0b78cc13ecb154a4f11d221c1be763ee3c559ef544028" }, { "category": "Payload delivery", "comment": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c", "deleted": false, "disable_correlation": false, "timestamp": "1464208397", "to_ids": true, "type": "sha1", "uuid": "57460c0d-3bb0-42dc-994b-410302de0b81", "value": "9fcf5973260f0c5ca3f95570b76dbaab1a1c28d3" }, { "category": "External analysis", "comment": "(Holidays in India in 2016) - Danti - Xchecked via VT: d91f101427a39d9f40c41aa041197a9c", "deleted": false, "disable_correlation": false, "timestamp": "1464208398", "to_ids": false, "type": "link", "uuid": "57460c0e-15b8-4410-8cb7-454d02de0b81", "value": "https://www.virustotal.com/file/ba0b721350a6fcc036b0b78cc13ecb154a4f11d221c1be763ee3c559ef544028/analysis/1460625569/" }, { "category": "Payload delivery", "comment": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9", "deleted": false, "disable_correlation": false, "timestamp": "1464208398", "to_ids": true, "type": "sha256", "uuid": "57460c0e-8c28-4313-a417-4f5702de0b81", "value": "bfe23053efd11dbe2d577e25f5d029c0e145f0ef1c14753e03010e95c1d1d910" }, { "category": "Payload delivery", "comment": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9", "deleted": false, "disable_correlation": false, "timestamp": "1464208399", "to_ids": true, "type": "sha1", "uuid": "57460c0f-6ee4-46f4-8ca7-4a6402de0b81", "value": "81a82080da14b670a39d5b34728a9e79ba7ccbec" }, { "category": "External analysis", "comment": "(Holidays in India in 2016) - Danti - Xchecked via VT: 8cd2eb90fabd03ac97279d398b09a5e9", "deleted": false, "disable_correlation": false, "timestamp": "1464208399", "to_ids": false, "type": "link", "uuid": "57460c0f-5548-4146-9105-42b602de0b81", "value": "https://www.virustotal.com/file/bfe23053efd11dbe2d577e25f5d029c0e145f0ef1c14753e03010e95c1d1d910/analysis/1463393903/" }, { "category": "Payload delivery", "comment": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02", "deleted": false, "disable_correlation": false, "timestamp": "1464208400", "to_ids": true, "type": "sha256", "uuid": "57460c10-81f0-4684-8c4c-49eb02de0b81", "value": "b75ab0079160d388f92e641789415566e0b9e276859ebe3b9d08f074d9d2fd74" }, { "category": "Payload delivery", "comment": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02", "deleted": false, "disable_correlation": false, "timestamp": "1464208400", "to_ids": true, "type": "sha1", "uuid": "57460c10-ad14-451b-802e-44bb02de0b81", "value": "eeccda3083a268c377f65574a8e7ac8ceffed20a" }, { "category": "External analysis", "comment": "RarSFX - Danti - Xchecked via VT: d0407e1a66ee2082a0d170814bd4ab02", "deleted": false, "disable_correlation": false, "timestamp": "1464208400", "to_ids": false, "type": "link", "uuid": "57460c10-0e94-4dc4-ad53-447202de0b81", "value": "https://www.virustotal.com/file/b75ab0079160d388f92e641789415566e0b9e276859ebe3b9d08f074d9d2fd74/analysis/1459200615/" }, { "category": "Payload delivery", "comment": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d", "deleted": false, "disable_correlation": false, "timestamp": "1464208401", "to_ids": true, "type": "sha256", "uuid": "57460c11-e8e0-4acd-a9b8-4cbe02de0b81", "value": "76da9d0046fe76fc28b80c4c1062b17852264348fd873b7dd781f39491f911e0" }, { "category": "Payload delivery", "comment": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d", "deleted": false, "disable_correlation": false, "timestamp": "1464208401", "to_ids": true, "type": "sha1", "uuid": "57460c11-6bdc-461c-ace8-429802de0b81", "value": "58b6b5fd3f2bfd182622f547a93222a4afdf4e76" }, { "category": "External analysis", "comment": "Potplayer - Danti - Xchecked via VT: f16903b2ff82689404f7d0820f461e5d", "deleted": false, "disable_correlation": false, "timestamp": "1464208402", "to_ids": false, "type": "link", "uuid": "57460c12-eba8-4360-8fda-40b702de0b81", "value": "https://www.virustotal.com/file/76da9d0046fe76fc28b80c4c1062b17852264348fd873b7dd781f39491f911e0/analysis/1459917767/" }, { "category": "Payload delivery", "comment": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d", "deleted": false, "disable_correlation": false, "timestamp": "1464208402", "to_ids": true, "type": "sha256", "uuid": "57460c12-0c68-4d35-9524-4a8102de0b81", "value": "904a005e253a723263274c46236739cc907471f597e333836e153da142c62dc1" }, { "category": "Payload delivery", "comment": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d", "deleted": false, "disable_correlation": false, "timestamp": "1464208402", "to_ids": true, "type": "sha1", "uuid": "57460c12-3f18-4de3-9ce6-47d002de0b81", "value": "1cabd426bc1b1825f045c21f6face31a9512a1fc" }, { "category": "External analysis", "comment": "(appinfo.dat) - Danti - Xchecked via VT: 2460871a040628c379e04f79af37060d", "deleted": false, "disable_correlation": false, "timestamp": "1464208403", "to_ids": false, "type": "link", "uuid": "57460c13-8078-42e0-bc53-4dc902de0b81", "value": "https://www.virustotal.com/file/904a005e253a723263274c46236739cc907471f597e333836e153da142c62dc1/analysis/1462190688/" }, { "category": "Payload delivery", "comment": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48", "deleted": false, "disable_correlation": false, "timestamp": "1464208403", "to_ids": true, "type": "sha256", "uuid": "57460c13-2428-4521-8a72-4fb802de0b81", "value": "705409bc11fb45fa3c4e2fa9dd35af7d4613e52a713d9c6ea6bc4baff49aa74a" }, { "category": "Payload delivery", "comment": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48", "deleted": false, "disable_correlation": false, "timestamp": "1464208404", "to_ids": true, "type": "sha1", "uuid": "57460c14-88c0-4ff6-8f31-4c0002de0b81", "value": "6f10644a4509d6fc8bbefee04db855b43d9f91c5" }, { "category": "External analysis", "comment": "(potplayer.dll) - Danti - Xchecked via VT: 332397ec261393aaa58522c4357c3e48", "deleted": false, "disable_correlation": false, "timestamp": "1464208404", "to_ids": false, "type": "link", "uuid": "57460c14-6d70-4035-aee1-4eb702de0b81", "value": "https://www.virustotal.com/file/705409bc11fb45fa3c4e2fa9dd35af7d4613e52a713d9c6ea6bc4baff49aa74a/analysis/1463384101/" }, { "category": "Payload delivery", "comment": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658", "deleted": false, "disable_correlation": false, "timestamp": "1464208404", "to_ids": true, "type": "sha256", "uuid": "57460c14-7924-4921-aad9-4fb902de0b81", "value": "f49bbd7f0ecfa75b134e2cf0acc9931872d79072069f35a49f6de1a0a2347e2a" }, { "category": "Payload delivery", "comment": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658", "deleted": false, "disable_correlation": false, "timestamp": "1464208405", "to_ids": true, "type": "sha1", "uuid": "57460c15-0d08-4786-9fb2-403e02de0b81", "value": "af3ae8a6164e31b366ec372d699e1c89ad1b42fc" }, { "category": "External analysis", "comment": "(update.dat) - Danti - Xchecked via VT: d44e971b202d573f8c797845c90e4658", "deleted": false, "disable_correlation": false, "timestamp": "1464208405", "to_ids": false, "type": "link", "uuid": "57460c15-2d38-4aae-8764-47ce02de0b81", "value": "https://www.virustotal.com/file/f49bbd7f0ecfa75b134e2cf0acc9931872d79072069f35a49f6de1a0a2347e2a/analysis/1459239370/" }, { "category": "Payload delivery", "comment": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef", "deleted": false, "disable_correlation": false, "timestamp": "1464208406", "to_ids": true, "type": "sha256", "uuid": "57460c16-70c4-40f1-8327-4d9a02de0b81", "value": "67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed" }, { "category": "Payload delivery", "comment": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef", "deleted": false, "disable_correlation": false, "timestamp": "1464208406", "to_ids": true, "type": "sha1", "uuid": "57460c16-d238-476d-bbf8-4f0e02de0b81", "value": "f1f895aa6bdb7369525abfb86b4475241e9dbfbb" }, { "category": "External analysis", "comment": "Danti - Xchecked via VT: bae673964e9bc2a45ebcc667895104ef", "deleted": false, "disable_correlation": false, "timestamp": "1464208406", "to_ids": false, "type": "link", "uuid": "57460c16-ac98-4a52-bbe2-489202de0b81", "value": "https://www.virustotal.com/file/67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed/analysis/1464058721/" }, { "category": "Payload delivery", "comment": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282", "deleted": false, "disable_correlation": false, "timestamp": "1464208407", "to_ids": true, "type": "sha256", "uuid": "57460c17-48ac-4f94-b9ee-4aa202de0b81", "value": "9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba" }, { "category": "Payload delivery", "comment": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282", "deleted": false, "disable_correlation": false, "timestamp": "1464208407", "to_ids": true, "type": "sha1", "uuid": "57460c17-7b8c-46e3-bbb1-44a402de0b81", "value": "1a14cfdf652bcd1df572e47ed261abe453a41399" }, { "category": "External analysis", "comment": "(mshtml.dll) - Danti - Xchecked via VT: be0cc8411c066eac246097045b73c282", "deleted": false, "disable_correlation": false, "timestamp": "1464208407", "to_ids": false, "type": "link", "uuid": "57460c17-75fc-4e71-bdab-4b7f02de0b81", "value": "https://www.virustotal.com/file/9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba/analysis/1464058857/" }, { "category": "Payload delivery", "comment": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59", "deleted": false, "disable_correlation": false, "timestamp": "1464208408", "to_ids": true, "type": "sha256", "uuid": "57460c18-384c-4f96-ab3c-4dd102de0b81", "value": "2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18" }, { "category": "Payload delivery", "comment": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59", "deleted": false, "disable_correlation": false, "timestamp": "1464208408", "to_ids": true, "type": "sha1", "uuid": "57460c18-6224-4072-81e8-449a02de0b81", "value": "47a963e7588e9af060dfac62b94076f270d4008e" }, { "category": "External analysis", "comment": "Danti - Xchecked via VT: 9469dd12136b6514d82c3b01d6082f59", "deleted": false, "disable_correlation": false, "timestamp": "1464208408", "to_ids": false, "type": "link", "uuid": "57460c18-be9c-480a-9fab-477502de0b81", "value": "https://www.virustotal.com/file/2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18/analysis/1464079999/" }, { "category": "Payload delivery", "comment": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a", "deleted": false, "disable_correlation": false, "timestamp": "1464208409", "to_ids": true, "type": "sha256", "uuid": "57460c19-a3dc-4911-bf50-451e02de0b81", "value": "38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f" }, { "category": "Payload delivery", "comment": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a", "deleted": false, "disable_correlation": false, "timestamp": "1464208409", "to_ids": true, "type": "sha1", "uuid": "57460c19-4c04-4e65-9eb8-445702de0b81", "value": "0246a237b281162059b84f1bc013d90bbb4104f7" }, { "category": "External analysis", "comment": "(lsass.exe) - Danti - Xchecked via VT: 8ad9cb6b948bcf7f9211887e0cf6f02a", "deleted": false, "disable_correlation": false, "timestamp": "1464208409", "to_ids": false, "type": "link", "uuid": "57460c19-456c-494a-b765-4fa102de0b81", "value": "https://www.virustotal.com/file/38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f/analysis/1464170885/" }, { "category": "Payload delivery", "comment": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f", "deleted": false, "disable_correlation": false, "timestamp": "1464208410", "to_ids": true, "type": "sha256", "uuid": "57460c1a-ad58-4ef9-bb4d-4ce002de0b81", "value": "ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666" }, { "category": "Payload delivery", "comment": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f", "deleted": false, "disable_correlation": false, "timestamp": "1464208410", "to_ids": true, "type": "sha1", "uuid": "57460c1a-c00c-48cf-8d94-483202de0b81", "value": "fe48b93058cf7e0ff9c27ec9322015d230545646" }, { "category": "External analysis", "comment": "(http.exe) - Danti - Xchecked via VT: 3fbe576d33595734a92a665e72e5a04f", "deleted": false, "disable_correlation": false, "timestamp": "1464208411", "to_ids": false, "type": "link", "uuid": "57460c1b-cd80-4797-980c-46c902de0b81", "value": "https://www.virustotal.com/file/ad191d1d18841f0c5e48a5a1c9072709e2dd6359a6f6d427e0de59cfcd1d9666/analysis/1463728182/" }, { "category": "Payload delivery", "comment": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f", "deleted": false, "disable_correlation": false, "timestamp": "1464208411", "to_ids": true, "type": "sha256", "uuid": "57460c1b-0ef0-4c52-a04d-420202de0b81", "value": "9e7e5f70c4b32a4d5e8c798c26671843e76bb4bd5967056a822e982ed36e047b" }, { "category": "Payload delivery", "comment": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f", "deleted": false, "disable_correlation": false, "timestamp": "1464208411", "to_ids": true, "type": "sha1", "uuid": "57460c1b-d1a4-49fe-960a-415b02de0b81", "value": "469abc3cf1e3b871566cf404c1e382a5b7a20212" }, { "category": "External analysis", "comment": "(dropper, from cab-archive) - Danti - Xchecked via VT: 6bbdbf6d3b24b8bfa296b9c76b95bb2f", "deleted": false, "disable_correlation": false, "timestamp": "1464208412", "to_ids": false, "type": "link", "uuid": "57460c1c-1fbc-4beb-b6f1-433a02de0b81", "value": "https://www.virustotal.com/file/9e7e5f70c4b32a4d5e8c798c26671843e76bb4bd5967056a822e982ed36e047b/analysis/1459335213/" }, { "category": "Payload delivery", "comment": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268", "deleted": false, "disable_correlation": false, "timestamp": "1464208412", "to_ids": true, "type": "sha256", "uuid": "57460c1c-51d4-43cf-a490-4a5702de0b81", "value": "d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2" }, { "category": "Payload delivery", "comment": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268", "deleted": false, "disable_correlation": false, "timestamp": "1464208412", "to_ids": true, "type": "sha1", "uuid": "57460c1c-ac6c-4ceb-bab8-4ab902de0b81", "value": "8cca13ea2381b50be9880047d504d9bc423c1102" }, { "category": "External analysis", "comment": "Taiwan, 1-3\u00e8\u00aa\u00aa\u00e6\u02dc\u017d\u00e6\u00aa\u201d.doc - SVCMONDR attacks - Xchecked via VT: d0533874d7255b881187e842e747c268", "deleted": false, "disable_correlation": false, "timestamp": "1464208413", "to_ids": false, "type": "link", "uuid": "57460c1d-a1f0-47c5-9029-4f7502de0b81", "value": "https://www.virustotal.com/file/d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2/analysis/1456452590/" }, { "category": "Payload delivery", "comment": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d", "deleted": false, "disable_correlation": false, "timestamp": "1464208413", "to_ids": true, "type": "sha256", "uuid": "57460c1d-6c8c-4374-911c-492602de0b81", "value": "ee6cfaa117cce98abe49ae0c3c848bc5669dca53e8219ee6a338491393799118" }, { "category": "Payload delivery", "comment": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d", "deleted": false, "disable_correlation": false, "timestamp": "1464208414", "to_ids": true, "type": "sha1", "uuid": "57460c1e-23bc-4d2c-9338-4e8102de0b81", "value": "fe54fd458dcef3f120c71c7818ddd5a6d6731c29" }, { "category": "External analysis", "comment": "(svcmondr.ex,Thailand) - SVCMONDR attacks - Xchecked via VT: 046b98a742cecc11fb18d9554483be2d", "deleted": false, "disable_correlation": false, "timestamp": "1464208414", "to_ids": false, "type": "link", "uuid": "57460c1e-7f14-4a52-bb7d-4d0e02de0b81", "value": "https://www.virustotal.com/file/ee6cfaa117cce98abe49ae0c3c848bc5669dca53e8219ee6a338491393799118/analysis/1462817646/" }, { "category": "Payload delivery", "comment": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b", "deleted": false, "disable_correlation": false, "timestamp": "1464208414", "to_ids": true, "type": "sha256", "uuid": "57460c1e-16fc-4357-bcfb-4d2002de0b81", "value": "12ca6760857d1bb0751c3e108d4175ebcbc9688cfecad0db189efc56b0ff9768" }, { "category": "Payload delivery", "comment": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b", "deleted": false, "disable_correlation": false, "timestamp": "1464208415", "to_ids": true, "type": "sha1", "uuid": "57460c1f-8cc8-4e06-afc4-423202de0b81", "value": "a512228f9499a96d7cbf027854a04032d742fd6e" }, { "category": "External analysis", "comment": "(svcmondr.ex, Taiwan) - SVCMONDR attacks - Xchecked via VT: 8052234dcd41a7d619acb0ec9636be0b", "deleted": false, "disable_correlation": false, "timestamp": "1464208415", "to_ids": false, "type": "link", "uuid": "57460c1f-764c-49a1-869f-44fe02de0b81", "value": "https://www.virustotal.com/file/12ca6760857d1bb0751c3e108d4175ebcbc9688cfecad0db189efc56b0ff9768/analysis/1464134416/" } ] } }