{ "Event": { "analysis": "2", "date": "2018-08-13", "extends_uuid": "", "info": "Talos: Threat Roundup for August 3-10", "publish_timestamp": "1589184090", "published": true, "threat_level_id": "3", "timestamp": "1621865274", "uuid": "5b716ba0-7ecc-4f64-a07c-d96d0acd0835", "Orgc": { "name": "Synovus Financial", "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-d458-458c-8350-db180acd0835", "value": "25430a357d53aec77dd1f119b838ceae79a22bb3a60c7a002cb7328b098546a7" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-2204-418d-91a8-db180acd0835", "value": "54279416f864d374f33fe9a2fe2998db3976c4ff43e8b0da006548489a50bbdd" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-b3f4-423d-92f0-db180acd0835", "value": "5ce812ebf77f6d63de37a1e3d261b9688d595aaeadaef3388f4214896bb64892" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-6d3c-43db-990b-db180acd0835", "value": "810fb35557e051a7be3f03b37247c90796595a2d5afa1b2c3034187de2a3f0bc" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-96a0-40d4-8f60-db180acd0835", "value": "8f08bcadd3a44055a70dbae3308cf18c8d1824e424100eda03ddc71e9417fb5e" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-32a0-4dd9-8a7c-db180acd0835", "value": "9435b87c7c91ac98f9f461aeaa6b1630e2270e2d2ccdf6a05d46fa02de91d1eb" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-6e84-49d4-95e2-db180acd0835", "value": "9634a2afb40139e39da8c8ef0da8f5104229d7bb4c3b95faee5a4396713f528e" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-3f7c-4894-950c-db180acd0835", "value": "a137c89d2c6f0ae74217724e1cb56aea726e285d0e6e98adfda16617ad51d176" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-98c0-40c4-ad13-db180acd0835", "value": "a2907c7011b20373fd47e03a0f4679fdd51b982b973bb37d1d45bfa4a618bc5a" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-e620-493b-b243-db180acd0835", "value": "b3c6a0883d9ed8bcf1bf162c0ade8b16f2cd4ae890e30ba9e9540f4bdf5f5ba1" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-e7c8-40f2-b32b-db180acd0835", "value": "ba5afe1245d10f72637d34a96bf6e365c2f4326da69dcd440beacf421b634133" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-3ed8-4559-9a9d-db180acd0835", "value": "cd3a4783c2795a16c82518c56f955c9b56f415d59ef5bc77e143f6124123364b" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-4920-4878-b900-db180acd0835", "value": "d0dbd75a4d8716ba7ca7d025ee1c772aa4ff554214a993b4b874a0a26dcf5a6c" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-0724-48df-8122-db180acd0835", "value": "e2116a9a176ff765f1c5ec23003266bfe0f1592e46e41236482ad4c3520ea53a" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-c21c-4290-920a-db180acd0835", "value": "e2846881f6127d99222144e4ece509bd18522fdd7791bf84d7697b37ffa40919" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-4540-4a16-97cb-db180acd0835", "value": "efc3e1b1d6c13c3624160edc36f678dd92f172339bfde598ad1a95b02b474981" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-f3f4-4907-bc2e-db180acd0835", "value": "f7df8c9e36cf3440709111a33721e7ac7268a2a80057df08843ba95a72c222eb" }, { "category": "Payload delivery", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159896", "to_ids": true, "type": "sha256", "uuid": "5b716c18-5524-46cd-8b6c-db180acd0835", "value": "fdd4cce37fd524f99e096d0e45f95ac4dac696c8d7e8eb493bb485c63409c7b3" }, { "category": "Network activity", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159951", "to_ids": false, "type": "domain", "uuid": "5b716c18-0250-4206-b5e9-db180acd0835", "value": "ip-api.com" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159962", "to_ids": false, "type": "mutex", "uuid": "5b716c2e-0ccc-4258-855c-d73c0acd0835", "value": "QSR_MUTEX_HnRHWDxWQnveBdUtWT" }, { "category": "Persistence mechanism", "comment": "Win.Malware.Dbzx-6628757-0", "deleted": false, "disable_correlation": false, "timestamp": "1534159968", "to_ids": false, "type": "regkey", "uuid": "5b716c41-e8c8-44e6-bcb4-dc600acd0835", "value": "\\Software\\Wow6432Node\\Microsoft\\Tracing" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-6488-495f-8378-c6f10acd0835", "value": "0406ad0fe90d371b02742e6821486abbfbf2bbd72a7593e8ddb650f0b97673b3" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-878c-4274-80d6-c6f10acd0835", "value": "0604aa87706cb7890075b494f026c88b2f03b621367f1bb62a87f5c5deb87870" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-974c-462f-8819-c6f10acd0835", "value": "086af92d83279f5792c15a762a70e158de54b67c1a96bfc14c4ad52a24468f32" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-a5bc-425e-b91b-c6f10acd0835", "value": "10f13af2a3591efa3d58c47bb0635e3a653e14ec7726493bb4595b4dd8cd51cb" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-e6ec-4460-bf02-c6f10acd0835", "value": "127c316e7a10579e61369d6a8154e3e34726209b3cc075ddd6d9875c439c583e" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-0c28-41e6-9548-c6f10acd0835", "value": "1fc9fda1b0c868dc7cb0cf6d8867b7aefc202436fe9e41cba5b2b35bb1ce9e9f" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-a43c-49f9-88c2-c6f10acd0835", "value": "23ba67cf24c95f3bfd36b66f822feb3d2fd0f72617921550fee034a1b7b8cc74" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbe-de1c-4321-93bd-c6f10acd0835", "value": "27e37ac7cc8b48573a8345223399ce6b0ab9432ee977acf02c09bcf64cf6622d" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-cf80-4d92-94d6-c6f10acd0835", "value": "2bf1192e5200b6f8d25586908b05912a5fa6e06e87540dbb914200446a3deb10" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-b20c-4602-b35e-c6f10acd0835", "value": "2ee83958eb1e8cb622ca833c38e51b53548d299b6574e5b7203741a2d27963f5" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-f97c-4f93-a9d9-c6f10acd0835", "value": "2fca527cf8ebf4576e982118e22dfe3fd8e445749a5403dafed36089666f2357" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-b06c-4941-95cb-c6f10acd0835", "value": "30bbfb79d26a172975e9482204f06423eff6948b1732384e7b6d23f9932ec08d" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-0618-489c-9de6-c6f10acd0835", "value": "30bf6e1a41dea6e4024853f9b7a6a878e4f5e4141dba4b0fe7686159925fe6cf" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-fd7c-4fe4-b0ae-c6f10acd0835", "value": "42fca9d196c668747b74f80ca996aee9ae38bed96956b42436949a8d4d33ecf1" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-b980-4784-b2be-c6f10acd0835", "value": "45e6356ca3b373da3a80a72a1b64f1254f4426949598b8877abd6de99e379166" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-2224-40df-974c-c6f10acd0835", "value": "4ac5db87bc83dcbf1399f4fc0fede3c5ecee5b8ef2a2500fd79b1588ef033429" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-b884-4ac3-96da-c6f10acd0835", "value": "4b2f6d80bf78ad165c2f07d914cb4137ba31918f3f8f03f812b20715c3451f56" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-0f14-440a-8d2e-c6f10acd0835", "value": "4d7d9d73dad989590860178530dd8848d9b79a23f1cb379bc1ca5545cb196eca" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-f0b4-458e-bbd1-c6f10acd0835", "value": "4e81241256ab4adb5bb96b21633d95773cc34ee72e499659064db0d32046dabf" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160086", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-5790-4b9f-9b84-c6f10acd0835", "value": "4ea92195bc159e268c7a348f2649010cb01a3e67c315d2f0b8115eaf2c879692" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-7028-4ed4-9e75-c6f10acd0835", "value": "5639d3af9cf530a057aebf3cbf92061b58539b2c311491a26d8f404a211d66bb" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-e16c-4de3-a9b4-c6f10acd0835", "value": "59644dcd34cce275ff5d72c022fa76ac42a422b038d816909281e01e392d3b40" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-7aac-48a8-bbed-c6f10acd0835", "value": "599e4e8130e4a1f3f3777c6f9f088cc03c2781f4e802e0e16e417a43ec58c518" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-2df4-4ac8-a246-c6f10acd0835", "value": "5eef8b5433ebc22e4c9ea3c1462d525192a4bda8d20be4e7b09fe7d03fb9d119" }, { "category": "Payload delivery", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "sha256", "uuid": "5b716cbf-13a0-4cd4-b667-c6f10acd0835", "value": "6238c7a704baa8771812e4f3452acb042c6475913db4cd57cfaf17a7454d4d22" }, { "category": "Network activity", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "ip-dst", "uuid": "5b716cbf-8c38-4036-ba24-c6f10acd0835", "value": "67.68.235.25" }, { "category": "Network activity", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160085", "to_ids": true, "type": "ip-dst", "uuid": "5b716cbf-4a98-4e1a-b80c-c6f10acd0835", "value": "187.192.180.144" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160155", "to_ids": false, "type": "mutex", "uuid": "5b716d03-f2dc-4506-b4c0-c79c0acd0835", "value": "PEMB2C" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160152", "to_ids": false, "type": "mutex", "uuid": "5b716d03-7f58-4e42-b744-c79c0acd0835", "value": "PEM944" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160149", "to_ids": false, "type": "mutex", "uuid": "5b716d03-ffb8-49a1-b640-c79c0acd0835", "value": "PEM80C" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160145", "to_ids": false, "type": "mutex", "uuid": "5b716d03-6f4c-4108-b7dd-c79c0acd0835", "value": "PEMA10" }, { "category": "Payload installation", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160221", "to_ids": false, "type": "filename", "uuid": "5b716d5d-730c-4a0d-8e09-c6f10acd0835", "value": "%WinDir%\\SysWOW64\\TO5sH5uBMit.exe" }, { "category": "Payload installation", "comment": "Win.Malware.Emotet-6628754-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160221", "to_ids": false, "type": "filename", "uuid": "5b716d5d-e2a0-42d7-98ad-c6f10acd0835", "value": "TO5sH5uBMit.exe" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-4330-4b8e-8fee-d4890acd0835", "value": "25f8455b83b98f38809af120e35c3eda189a05538f7aa2d527a265520bc3c75e" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-85dc-4130-97d3-d4890acd0835", "value": "342a9470e5d3dd522c17cf0a5bc588d87a84689d90362c0b18c320385b2e908d" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-38e4-489f-9db1-d4890acd0835", "value": "41ebdf1d4a210f395d5ee32bf55c6b07ee1e0a0bdf939bd081f6d751323c643c" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-62ac-4ed1-ba31-d4890acd0835", "value": "54be105a129d959359107d7dff6b379cd366e32bf7be9ac9a06bc2141d3ca7fa" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-a784-4d5d-b120-d4890acd0835", "value": "5dce0e7e0a1807d2804f28c5d5afd4ac282a022acd1945786bd118e1caf4050c" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-b914-4475-beba-d4890acd0835", "value": "5fe244200c9367e1b132ccc13df6daaba5479d2491db8fe95658f43981567c5a" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-fc00-4260-952b-d4890acd0835", "value": "6292ddf51023ccca84211ed4f33944b4c3df1b694d102d90d3dd2a5a080ed2b9" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-2cf4-44c9-accd-d4890acd0835", "value": "649c52d7b9a58837e6ccd308665d63971e424d29480c44448ddbef15e91649a6" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-345c-4882-a3a6-d4890acd0835", "value": "6dd74f0816f8b24a6f93c2dae0c69d33689e4baba632605d138216d9c7aab2ba" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-a04c-4783-9c0c-d4890acd0835", "value": "7322fb7767b733ef5a279720f581d54edae9ea4af69d39aaa3e79fc443e2bb33" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-a7d8-40fd-968b-d4890acd0835", "value": "76be26ac77aa81a5fb7d78135adb05b579cecc2173ffef5f5ab6b484e37f9e6e" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-0428-4d7b-b150-d4890acd0835", "value": "793b978af24469a77490ea609de0142ff817e557ad78a688dd5d65c2fe49a8db" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-89b4-479a-9337-d4890acd0835", "value": "7c0e65092e8786d9052bbd74f4dc7b26567e150efb25d1503c4bfd9b3895b8ab" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-ab48-4f67-9fa7-d4890acd0835", "value": "8815e1daad1f9cb4ff4243ff485218e3a0be93e2afef07048852ba79fdd9294e" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-6490-49a5-b812-d4890acd0835", "value": "8e84fbc38403f1516447b73b73b5051777314089f0d1fefcfae004b1ef615641" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-71d4-424c-9543-d4890acd0835", "value": "a0e3bd64d556ce80b85b7d328bb61beeaf2da297dc09058211150617d6a83b8b" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-20f4-4cb2-8aed-d4890acd0835", "value": "b6b3b53b1001b6de24797a89d61bd825760574ab4cb60f7a5971115acb53c8e4" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-b264-434c-9a4a-d4890acd0835", "value": "ef66d0161200d413bb8a577a517fe03f325f2fd2f0df778f6297a8658ca0abc8" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-39ac-492a-8271-d4890acd0835", "value": "f25d03efc63cba1a262034382f809aaa5918f218b965164897df0c989a08dd04" }, { "category": "Payload delivery", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160291", "to_ids": true, "type": "sha256", "uuid": "5b716da3-5cd0-43af-b835-d4890acd0835", "value": "f8ee14337fe367aded0aee32c6c84ce404eaef53a6f75d86c6c08235f55ec303" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160699", "to_ids": false, "type": "mutex", "uuid": "5b716f3b-06a8-4bbf-9db7-df1b0acd0835", "value": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}" }, { "category": "Payload installation", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160799", "to_ids": false, "type": "filename", "uuid": "5b716f9f-26c8-4850-87cf-ded10acd0835", "value": "%AppData%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\FlashPlayerApp.lnk" }, { "category": "Payload installation", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160799", "to_ids": false, "type": "filename", "uuid": "5b716f9f-8d60-41b8-9d80-ded10acd0835", "value": "%AppData%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\FlashPlayerApp.exe" }, { "category": "Payload installation", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160799", "to_ids": false, "type": "filename", "uuid": "5b716f9f-a448-4de9-a87d-ded10acd0835", "value": "FlashPlayerApp.lnk" }, { "category": "Payload installation", "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160799", "to_ids": false, "type": "filename", "uuid": "5b716f9f-d4f8-403b-a8a2-ded10acd0835", "value": "FlashPlayerApp.exe" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-a4c0-4f60-965e-db180acd0835", "value": "00cc9438408d1b22b0afc57e3b233ff62774cbcb92e58b392403d8c794d988ed" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-dc2c-45bb-a3b0-db180acd0835", "value": "118e08c379b0035cef2a155d59d97c6e8cae94b6f46c5e77f58d84c88c689d2c" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-4924-4f94-b117-db180acd0835", "value": "1f270dc860158d63bb400e08f12bce40a9a50494368ea6e44cfd89f7e0dc23f4" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-c194-4db5-bb65-db180acd0835", "value": "3e49b3e58eec40b735124509bafcf434904f5945c9d65a5a860b0950850a979d" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-749c-4e2c-9597-db180acd0835", "value": "4348a4b50eba73d6eb5d0d254241d0e44fc63c975b589ac5276d6dc5cf8bab13" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-c084-4a3e-85e2-db180acd0835", "value": "4a1c1cf9c70b127cc514fa6cdbb0e286ee33bf19f6ff41ca02951c9947dac55e" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-dfd8-4c40-bd3d-db180acd0835", "value": "4ae8cf675d6517b7989391fc653e8ddc96aa81cec4802e7e66de30adf0e96d2e" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-fce0-4e16-a091-db180acd0835", "value": "527eac30113eb365330ec5c35591fe9ae69d4e1beca8b0ae24666e97d8773e36" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-5de0-46ae-bfd3-db180acd0835", "value": "53366f90f59348b8de81bdc04652200d2dcf8bad5cfc46a533c3b20cd0e200b2" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-bcec-444a-8036-db180acd0835", "value": "5f98685ee9098a31ced944840670772bb972db31ac5d1690974e59f566d1adae" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-7d7c-46e9-9c53-db180acd0835", "value": "61e7c5b6a7f1608cf0bf728d15f8cdfc0f9f5c7c3748ee28452cfa2a496e54cc" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-1c34-48bf-879e-db180acd0835", "value": "70ebc88b9a71c661b68325dd92d0945ea1927e4d115da217640a4efefcf0c730" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-4c60-4691-bb7a-db180acd0835", "value": "722e86b32635a1cace77ceee414761f28e386743fd2c513650e55814179bdac5" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-f174-44ee-a55d-db180acd0835", "value": "91bb8eb10e0aa88ea1e33d1ec23893d5a45e01e8ab69081b96835b4aff3b906a" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-1c8c-458e-a2bd-db180acd0835", "value": "97645bb27e056b282a0aa46dbbc79ed03bdc29c6f96e369d7537ee2bb1c8dd6e" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-5618-446e-8ae4-db180acd0835", "value": "9b36f0e70d5f7b4795b1278e052356484d4f2374f49563195f224ade6ce08c71" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-6a64-4b4f-941e-db180acd0835", "value": "ac86cafcc7062a389e25a4e26dd15df7ce2e64b7a6890bf5712189ab9ec81c8c" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-bc28-4891-a539-db180acd0835", "value": "c3883ba74230604d38a638a1b8d0673cc3c91e01b482e6b83a6e6bbd4edd3b10" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-6330-4526-9a57-db180acd0835", "value": "c56e3ca164803c5668cf0b8228c97626c486f5a7063d4b3109840137b67c8f98" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-cb38-410e-8d99-db180acd0835", "value": "c82eaf2f1f156b95b43b2a984867e486911f6ceb329daea6ac9a6c53fae42685" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-8034-4c24-b7d3-db180acd0835", "value": "ca544eaedd654782fa6b7a130bdc58869c2124a59754ed1baf9a5c00fafae12a" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-1e24-4fe3-b710-db180acd0835", "value": "d4ab2cc67c707cab8f7aab0fde94b50670f1b787b049f45564fe5368205ed642" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-6b78-4aba-b86c-db180acd0835", "value": "eac8c3c76e954d8e2be7a5d1570643b4ce6a856e8143faf6263ad50cf53aceb2" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-7b78-45bc-9246-db180acd0835", "value": "f0a9c1c2fc19b4abd905e8a2f187f94e74dfe1e7de2d9a5328b13893b301488d" }, { "category": "Payload delivery", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160858", "to_ids": true, "type": "sha256", "uuid": "5b716fda-63bc-49ed-b541-db180acd0835", "value": "fb2aa3891cc9383631ddcca4076ae800d67d701a7ffb83d48240cc1d72372175" }, { "category": "Network activity", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160926", "to_ids": true, "type": "hostname", "uuid": "5b71701e-b7e4-4e92-909a-db180acd0835", "value": "lip.healthcakes.men" }, { "category": "Artifacts dropped", "comment": "Win.Malware.Startsurf-6628791-0", "deleted": false, "disable_correlation": false, "timestamp": "1534160970", "to_ids": false, "type": "mutex", "uuid": "5b717037-367c-4e9b-917e-c79c0acd0835", "value": "Local\\MSCTF.Asm.MutexDefault1" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-2edc-4b28-9a36-df2e0acd0835", "value": "%ProgramFiles%\\WJTLINYZUI\\cast.config" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-ce3c-43ad-b826-df2e0acd0835", "value": "%LocalAppData%\\Temp\\DaGXhZc6w\\Nursehealth.exe" }, { "category": "Artifacts dropped", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161096", "to_ids": false, "type": "filename", "uuid": "5b7170b0-ec28-471d-a45a-df2e0acd0835", "value": "%System32%\\Tasks\\One" }, { "category": "Artifacts dropped", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161092", "to_ids": false, "type": "filename", "uuid": "5b7170b0-7ba4-4018-9902-df2e0acd0835", "value": "%ProgramFiles% (x86)\\OneSystemCare" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-6e58-442d-ac94-df2e0acd0835", "value": "%SystemDrive%\\TEMP\\config.conf" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-5acc-41a4-b61f-df2e0acd0835", "value": "%LocalAppData%\\Temp\\U8R09Z5FM2\\OneTwo.exe" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-0730-4856-8ffd-df2e0acd0835", "value": "%LocalAppData%\\Temp\\U8R09Z5FM2\\up.exe" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-81f8-4925-aaef-df2e0acd0835", "value": "%WinDir%\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\enterprisesec.config.cch.new" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161072", "to_ids": false, "type": "filename", "uuid": "5b7170b0-1048-4410-8c5b-df2e0acd0835", "value": "%ProgramFiles%\\WJTLINYZUI\\GCOMQP0KN.exe" }, { "category": "Artifacts dropped", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161124", "to_ids": false, "type": "mutex", "uuid": "5b7170e4-8c0c-43ec-8f0b-db180acd0835", "value": "Amazonassistant2018" }, { "category": "Artifacts dropped", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161124", "to_ids": false, "type": "mutex", "uuid": "5b7170e4-0ec4-466e-b7f9-db180acd0835", "value": "Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_2c8" }, { "category": "Artifacts dropped", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161124", "to_ids": false, "type": "mutex", "uuid": "5b7170e4-61d4-4784-8ee2-db180acd0835", "value": "Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_2c8" }, { "category": "Artifacts dropped", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161124", "to_ids": false, "type": "mutex", "uuid": "5b7170e4-c100-400c-a8f6-db180acd0835", "value": "WmiApRpl_Perf_Library_Lock_PID_2c8" }, { "category": "Network activity", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161152", "to_ids": true, "type": "hostname", "uuid": "5b717100-0d00-4a55-86ec-c79c0acd0835", "value": "www.wizzmonetize.com" }, { "category": "Network activity", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161152", "to_ids": true, "type": "domain", "uuid": "5b717100-5394-4ac5-880d-c79c0acd0835", "value": "ionesystemcare.info" }, { "category": "Network activity", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161152", "to_ids": true, "type": "hostname", "uuid": "5b717100-3964-49e7-944b-c79c0acd0835", "value": "www.rothsideadome.pw" }, { "category": "Network activity", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161152", "to_ids": true, "type": "hostname", "uuid": "5b717100-e8e8-4511-9c58-c79c0acd0835", "value": "www.usatdkeyboardhelper.pw" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-8a80-4708-a788-db180acd0835", "value": "002d9959f5e7417cc2cbc657243f2dab82fac3d2e94fa2d0c8e45eda10889b08" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-e30c-4215-b8ff-db180acd0835", "value": "03c948623cf78efe90258d894ab0e793bca7009bd73d0be0f652575f81bda621" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-698c-44e2-884f-db180acd0835", "value": "0f8d729821902252b7f7a1c0d51004d3770356969e7181548126f13f1e2ebf2a" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-8f2c-4ace-a5a7-db180acd0835", "value": "1e64134ff7358ea6e632fd2377532491235cf089f33095a72552e150088b42f1" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-cd68-442b-a0b4-db180acd0835", "value": "1eed9456e69a80cb4e8444ad0356d71e09a073715f92e51afa008e80d2a0352a" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-f3d0-442e-8f91-db180acd0835", "value": "26f928ef89fde0e3e3fa996073c7c0bba00c2cbfe280de338de15367f4c8f76b" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-ac90-447d-950c-db180acd0835", "value": "2b0c6557b39ad8cca97ea6975aa3f4a8341774461b1bacab05d04ab20a9463eb" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-ccb4-4ab3-8f02-db180acd0835", "value": "3a5ac5c5ee7985367349d84d60be2c5f94f876c56cf73acbae6fc680ebbdb3c6" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-e8d0-4fca-90b4-db180acd0835", "value": "47bcf1f1bca23a36e291a0ac4cb8d1cd59c0c80d6a8e3b2cc3d646284cc531d5" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-fbb0-4d44-94e6-db180acd0835", "value": "4ae3efb9a9cca68c098dcdba33d2aef39888cf229cd02be64cbf59a0b68dae30" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-3668-42e9-90e5-db180acd0835", "value": "5112edf0351d70ad31152f67e8996c9c4ad062f0023cfd43b4baecb8aa7b16b4" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-6ff4-4758-9fb2-db180acd0835", "value": "52544303a89f2c4e3eedd64c000504a2ef4c920c20361961fc81cae3f520244f" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-0504-4fcd-8120-db180acd0835", "value": "55e181f0e0e88efccf6534949ad8dd93a179e2b94b71e76a9e7db4d938ea2bd2" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-40c4-4435-8b66-db180acd0835", "value": "56982cc1f4b4e92aea28a30684bdfc752122eb78fc545ccc3f4169a1597233cc" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-be24-4fde-9112-db180acd0835", "value": "5c3982a206d40ec00b2029d4bdde1bb37192341583e803556872b97a609411ae" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-bb9c-4c3d-9a0c-db180acd0835", "value": "61ee5c724a4c9408e9c8120eabac1babea8e91bf5719b02c78ce129f68239ff6" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-50f4-4762-b144-db180acd0835", "value": "63cc723ad7e85798e9126f5cc933c48d0e3cdfa7504579ef0b0b3cced9cb19c8" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-f774-4c9a-b2d7-db180acd0835", "value": "65a0bb3fd94ec888696598703ed111471bd47962278a5f1006e7e0716bd5b58e" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-5670-4337-96c9-db180acd0835", "value": "71d6d1ed9a5bd71e8dbd03a91151a2965ac12198fa1825366bf19c4b14106cb7" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-7e68-4540-8f00-db180acd0835", "value": "71e3009284ae35a3087ef041162a2ada636b388738033ea62faefc2bbfca9dfc" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-a7cc-412e-ba1a-db180acd0835", "value": "7e17ee126754a9306b4ffcf536f384abe5c718672807de1e27e7c7f3846d9e74" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-1d5c-4c95-baf6-db180acd0835", "value": "85b36ab50aeb452822886815076c7c90c30273854496dde7fd3473e62119f672" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-2854-430e-ab0d-db180acd0835", "value": "877b9a03f0b8763c265ecbc4be76ffafc9eb26c4b618c2827ce1e200797ca876" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-a134-4e16-9468-db180acd0835", "value": "885718a7bd95c44d14dec7f0efa101147b671e60a7ecac2622ac86061dab17f2" }, { "category": "Payload delivery", "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "disable_correlation": false, "timestamp": "1534161214", "to_ids": true, "type": "sha256", "uuid": "5b71713e-df70-4d3d-ae7b-db180acd0835", "value": "9583c8f1f3c9982a45ed56fbc30f8be06708cfaa8557aa7f5b6117847018cd4f" } ], "Object": [ { "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "meta-category": "file", "name": "registry-key", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "template_version": "4", "timestamp": "1534160666", "uuid": "5b716e06-08a4-42a3-b6ab-c6f20acd0835", "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "key", "timestamp": "1534160522", "to_ids": true, "type": "regkey", "uuid": "5b716e06-4d54-46f2-95f2-c6f20acd0835", "value": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "data-type", "timestamp": "1534160390", "to_ids": false, "type": "text", "uuid": "5b716e06-41fc-415d-be27-c6f20acd0835", "value": "REG_NONE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "root-keys", "timestamp": "1534160390", "to_ids": false, "type": "text", "uuid": "5b716e06-fe38-45fa-b36a-c6f20acd0835", "value": "HKCU" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1534160666", "to_ids": false, "type": "text", "uuid": "5b716f1a-3e10-4bea-be91-c6f50acd0835", "value": "FlashPlayerApp" } ] }, { "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "meta-category": "file", "name": "registry-key", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "template_version": "4", "timestamp": "1534160649", "uuid": "5b716e42-1a90-4614-9115-d96d0acd0835", "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "key", "timestamp": "1534160543", "to_ids": true, "type": "regkey", "uuid": "5b716e42-b3f8-40fe-8cdd-d96d0acd0835", "value": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "data-type", "timestamp": "1534160450", "to_ids": false, "type": "text", "uuid": "5b716e42-9e10-4e35-80d3-d96d0acd0835", "value": "REG_NONE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "root-keys", "timestamp": "1534160450", "to_ids": false, "type": "text", "uuid": "5b716e42-6910-4713-91ae-d96d0acd0835", "value": "HKCU" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1534160649", "to_ids": false, "type": "text", "uuid": "5b716f09-3774-4bef-85aa-d96d0acd0835", "value": "Run" } ] }, { "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "meta-category": "file", "name": "registry-key", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "template_version": "4", "timestamp": "1534160634", "uuid": "5b716e67-5274-4deb-8dca-ded10acd0835", "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "key", "timestamp": "1534160487", "to_ids": true, "type": "regkey", "uuid": "5b716e67-d298-4a73-8e23-ded10acd0835", "value": "\\SOFTWARE\\MICROSOFT\\COMMAND PROCESSOR" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "data-type", "timestamp": "1534160487", "to_ids": false, "type": "text", "uuid": "5b716e67-a990-41bc-8640-ded10acd0835", "value": "REG_NONE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "root-keys", "timestamp": "1534160487", "to_ids": false, "type": "text", "uuid": "5b716e67-2070-4c82-be6e-ded10acd0835", "value": "HKCU" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1534160634", "to_ids": false, "type": "text", "uuid": "5b716efa-5f90-4c8e-bd91-df1c0acd0835", "value": "AutoRun" } ] }, { "comment": "Win.Malware.Zerber-6629234-0", "deleted": false, "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "meta-category": "file", "name": "registry-key", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "template_version": "4", "timestamp": "1534160614", "uuid": "5b716ed6-c20c-477f-9b55-d4e40acd0835", "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1534160598", "to_ids": false, "type": "text", "uuid": "5b716ed6-d1b0-4386-a36a-d4e40acd0835", "value": "DefaultConnectionSettings" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "key", "timestamp": "1534160598", "to_ids": true, "type": "regkey", "uuid": "5b716ed6-0754-4833-a9e9-d4e40acd0835", "value": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\INTERNET SETTINGS\\CONNECTIONS" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "data-type", "timestamp": "1534160598", "to_ids": false, "type": "text", "uuid": "5b716ed6-2fb0-4db0-bed0-d4e40acd0835", "value": "REG_NONE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "root-keys", "timestamp": "1534160614", "to_ids": false, "type": "text", "uuid": "5b716ed6-4eec-48d3-bdab-d4e40acd0835", "value": "HKCU" } ] }, { "comment": "Win.Packed.Eorezo-6629326-0", "deleted": false, "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "meta-category": "file", "name": "registry-key", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "template_version": "4", "timestamp": "1534161190", "uuid": "5b717126-8e34-42d0-9467-df2e0acd0835", "Attribute": [ { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "name", "timestamp": "1534161190", "to_ids": false, "type": "text", "uuid": "5b717126-e580-4d9a-b8a1-df2e0acd0835", "value": "6518673" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "key", "timestamp": "1534161190", "to_ids": true, "type": "regkey", "uuid": "5b717126-19f8-4c4f-9338-df2e0acd0835", "value": "SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN" }, { "category": "Persistence mechanism", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "data-type", "timestamp": "1534161190", "to_ids": false, "type": "text", "uuid": "5b717126-1350-42c6-95b6-df2e0acd0835", "value": "REG_NONE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "root-keys", "timestamp": "1534161190", "to_ids": false, "type": "text", "uuid": "5b717126-725c-4f70-96f1-df2e0acd0835", "value": "HKCU" } ] } ] } }