{ "Event": { "analysis": "2", "date": "2015-11-09", "extends_uuid": "", "info": "OSINT Macro documents with XOR Encoded Payloads by PhishMe", "publish_timestamp": "1447223945", "published": true, "threat_level_id": "3", "timestamp": "1447223941", "uuid": "56425772-8500-45c6-9575-6056950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188388", "to_ids": false, "type": "link", "uuid": "564257a4-c8e4-45ee-85cb-68b9950d210b", "value": "http://phishme.com/macro-documents-with-xor-encoded-payloads/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188388", "to_ids": false, "type": "link", "uuid": "564257a4-dc24-4003-ba5d-68b9950d210b", "value": "http://phishme.com/wp-content/uploads/Intel.csv" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188441", "to_ids": true, "type": "url", "uuid": "564257d9-0874-4b4c-a7e7-41c1950d210b", "value": "http://vintageselects.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188441", "to_ids": true, "type": "url", "uuid": "564257d9-2698-4470-a9cf-4a37950d210b", "value": "http://finehotels.net/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188442", "to_ids": true, "type": "url", "uuid": "564257da-6700-4ad5-85c9-4f66950d210b", "value": "http://basislabel.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188442", "to_ids": true, "type": "url", "uuid": "564257da-bc04-40c4-a00c-4ee3950d210b", "value": "http://textidea.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188443", "to_ids": true, "type": "url", "uuid": "564257db-c1f4-40f5-bb86-4f46950d210b", "value": "http://camelcap.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188443", "to_ids": true, "type": "url", "uuid": "564257db-28e0-40b0-8ca7-450e950d210b", "value": "http://mgsmedia.ru/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188444", "to_ids": true, "type": "url", "uuid": "564257dc-a3c8-429f-ac03-454a950d210b", "value": "http://pausephone.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188444", "to_ids": true, "type": "url", "uuid": "564257dc-1118-4bf2-9236-4520950d210b", "value": "http://fievenghapun.ru/gate.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188445", "to_ids": true, "type": "url", "uuid": "564257dd-975c-4f08-8e5c-4a77950d210b", "value": "http://zilibrinixs.net/mizzo773/gate.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188445", "to_ids": true, "type": "url", "uuid": "564257dd-3508-4ea3-bc79-4aee950d210b", "value": "http://guesstrade.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188446", "to_ids": true, "type": "url", "uuid": "564257de-b044-4b6f-975e-4a1f950d210b", "value": "http://beheutsi.ru/gate.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188446", "to_ids": true, "type": "url", "uuid": "564257de-2384-4fc4-abb4-4787950d210b", "value": "http://wildclick.net/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188447", "to_ids": true, "type": "url", "uuid": "564257df-89e0-4c5f-adde-46aa950d210b", "value": "http://juskinsandfo.ru/gate.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188447", "to_ids": true, "type": "url", "uuid": "564257df-1000-41fb-86e2-46fc950d210b", "value": "http://ninthclub.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188447", "to_ids": true, "type": "url", "uuid": "564257df-ab7c-4b4a-bc73-43e2950d210b", "value": "http://yeebay.co/media/system/host.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188448", "to_ids": true, "type": "url", "uuid": "564257e0-cdc8-44b6-b522-4f0f950d210b", "value": "http://helloalliance.net/work/new/index.php" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188448", "to_ids": true, "type": "md5", "uuid": "564257e0-1050-4ff4-9bd5-440b950d210b", "value": "444e36f7f825164db3cb165526b38d7e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188449", "to_ids": true, "type": "md5", "uuid": "564257e1-ba44-43e5-b26c-4459950d210b", "value": "4c4e81db339f03b0b5ab0d18d3a40202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188449", "to_ids": true, "type": "md5", "uuid": "564257e1-0dc8-4d4d-8e82-4def950d210b", "value": "25cd7beff6db77752efda58b703c1acd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188450", "to_ids": true, "type": "md5", "uuid": "564257e2-f604-43c4-9c84-4670950d210b", "value": "b198efe59d67728c7d0a339a7490222c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188450", "to_ids": true, "type": "md5", "uuid": "564257e2-5b68-490b-838d-4f7c950d210b", "value": "539ffbf98931aaaea5b745640988071a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188451", "to_ids": true, "type": "md5", "uuid": "564257e3-c77c-4eaa-88c1-4671950d210b", "value": "88c69cd7738b6c2228e3c602d385fab3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188451", "to_ids": true, "type": "url", "uuid": "564257e3-7d40-43c9-836d-4ff7950d210b", "value": "http://webshop.outsourcing4work.de/m1.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188452", "to_ids": true, "type": "md5", "uuid": "564257e4-b6b4-489c-ae17-4ada950d210b", "value": "7b14b4a5c21168de932e3c9bdce5805e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188452", "to_ids": true, "type": "md5", "uuid": "564257e4-6150-4492-b77c-44a6950d210b", "value": "6a2acafe7cd587351b3ef40b0f0384cd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188453", "to_ids": true, "type": "ip-dst", "uuid": "564257e5-0a28-44b8-9746-424e950d210b", "value": "46.148.26.44" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188453", "to_ids": true, "type": "url", "uuid": "564257e5-d794-49d1-923a-4b64950d210b", "value": "http://hungphatea.com.au/media/system/host.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188454", "to_ids": true, "type": "url", "uuid": "564257e6-90d0-4602-9126-4793950d210b", "value": "http://castuning.ru/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188454", "to_ids": true, "type": "url", "uuid": "564257e6-2228-48a1-b657-4a8a950d210b", "value": "http://seaboy.net/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188455", "to_ids": true, "type": "url", "uuid": "564257e7-1fb4-4784-9fbc-4d93950d210b", "value": "http://hybridtrend.com/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188455", "to_ids": true, "type": "url", "uuid": "564257e7-b818-4071-8678-4126950d210b", "value": "http://gourmet.pergaz.com/media/system/host.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188456", "to_ids": true, "type": "url", "uuid": "564257e8-f91c-4c1f-a83d-4114950d210b", "value": "http://circlewear.net/work/new/index.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447188456", "to_ids": true, "type": "url", "uuid": "564257e8-5450-4b7d-8107-4ea0950d210b", "value": "http://ideagreens.com/work/new/index.php" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd", "deleted": false, "disable_correlation": false, "timestamp": "1447223388", "to_ids": true, "type": "sha256", "uuid": "5642e05c-b2ac-435e-8e69-cf3b950d210b", "value": "f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd", "deleted": false, "disable_correlation": false, "timestamp": "1447223389", "to_ids": true, "type": "sha1", "uuid": "5642e05d-5bd0-4654-9173-cf3b950d210b", "value": "0be14ac098d24b2ec3cd7f7560e2a47587c33f8f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223389", "to_ids": false, "type": "link", "uuid": "5642e05d-5c80-4e8b-b8bd-cf3b950d210b", "value": "https://www.virustotal.com/file/f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2/analysis/1446306023/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e", "deleted": false, "disable_correlation": false, "timestamp": "1447223389", "to_ids": true, "type": "sha256", "uuid": "5642e05d-7228-48a1-878a-cf3b950d210b", "value": "dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e", "deleted": false, "disable_correlation": false, "timestamp": "1447223390", "to_ids": true, "type": "sha1", "uuid": "5642e05e-7f10-43eb-abf3-cf3b950d210b", "value": "0dcae2786f206149c06940c168945c58ae916be3" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223390", "to_ids": false, "type": "link", "uuid": "5642e05e-fe34-4e45-bc71-cf3b950d210b", "value": "https://www.virustotal.com/file/dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00/analysis/1446984972/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3", "deleted": false, "disable_correlation": false, "timestamp": "1447223391", "to_ids": true, "type": "sha256", "uuid": "5642e05f-21c8-4e6d-95de-cf3b950d210b", "value": "8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3", "deleted": false, "disable_correlation": false, "timestamp": "1447223391", "to_ids": true, "type": "sha1", "uuid": "5642e05f-2524-4897-a9e4-cf3b950d210b", "value": "ba6c7c6139f293dc5c442bf838c0bf90967496ad" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223391", "to_ids": false, "type": "link", "uuid": "5642e05f-f524-4a8e-964d-cf3b950d210b", "value": "https://www.virustotal.com/file/8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597/analysis/1446927268/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a", "deleted": false, "disable_correlation": false, "timestamp": "1447223392", "to_ids": true, "type": "sha256", "uuid": "5642e060-4254-4c74-a273-cf3b950d210b", "value": "f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a", "deleted": false, "disable_correlation": false, "timestamp": "1447223392", "to_ids": true, "type": "sha1", "uuid": "5642e060-83d4-4c39-83f0-cf3b950d210b", "value": "c0c2d67ed3cb2f684687c33846a62557faa20059" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223393", "to_ids": false, "type": "link", "uuid": "5642e061-a414-4721-bb09-cf3b950d210b", "value": "https://www.virustotal.com/file/f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4/analysis/1446984946/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c", "deleted": false, "disable_correlation": false, "timestamp": "1447223393", "to_ids": true, "type": "sha256", "uuid": "5642e061-dbdc-40e1-9046-cf3b950d210b", "value": "2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c", "deleted": false, "disable_correlation": false, "timestamp": "1447223393", "to_ids": true, "type": "sha1", "uuid": "5642e061-b8c0-4e7e-b9f2-cf3b950d210b", "value": "b0c27b220d32f2e94d75c0074835a8345f81b725" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223394", "to_ids": false, "type": "link", "uuid": "5642e062-26e0-4b53-b43e-cf3b950d210b", "value": "https://www.virustotal.com/file/2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4/analysis/1447109802/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd", "deleted": false, "disable_correlation": false, "timestamp": "1447223394", "to_ids": true, "type": "sha256", "uuid": "5642e062-1d50-48d9-aeb4-cf3b950d210b", "value": "7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd", "deleted": false, "disable_correlation": false, "timestamp": "1447223395", "to_ids": true, "type": "sha1", "uuid": "5642e063-f650-40eb-8441-cf3b950d210b", "value": "69d552eec7853df9c92802ac8f4a0601366b1e72" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223395", "to_ids": false, "type": "link", "uuid": "5642e063-ef9c-44b3-8f16-cf3b950d210b", "value": "https://www.virustotal.com/file/7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca/analysis/1446249621/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202", "deleted": false, "disable_correlation": false, "timestamp": "1447223395", "to_ids": true, "type": "sha256", "uuid": "5642e063-1cc8-4af3-bedc-cf3b950d210b", "value": "5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202", "deleted": false, "disable_correlation": false, "timestamp": "1447223396", "to_ids": true, "type": "sha1", "uuid": "5642e064-effc-4189-b0ea-cf3b950d210b", "value": "92eab2d3224bd1c465052dc48bca7e379c7c1cdf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223396", "to_ids": false, "type": "link", "uuid": "5642e064-3c6c-4e78-bc64-cf3b950d210b", "value": "https://www.virustotal.com/file/5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340/analysis/1446927456/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e", "deleted": false, "disable_correlation": false, "timestamp": "1447223397", "to_ids": true, "type": "sha256", "uuid": "5642e065-ab24-419d-90f4-cf3b950d210b", "value": "db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e", "deleted": false, "disable_correlation": false, "timestamp": "1447223397", "to_ids": true, "type": "sha1", "uuid": "5642e065-0828-45ae-9f47-cf3b950d210b", "value": "97ea5ac4bc95e6d660c362bf478b4d1f6bfaf7db" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223397", "to_ids": false, "type": "link", "uuid": "5642e065-d998-48b4-9b6e-cf3b950d210b", "value": "https://www.virustotal.com/file/db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401/analysis/1446472959/" } ] } }