{ "Event": { "analysis": "2", "date": "2017-01-05", "extends_uuid": "", "info": "OSINT - MM Core In-Memory Backdoor Returns as \"BigBoss\" and \"SillyGoose\"", "publish_timestamp": "1483874295", "published": true, "threat_level_id": "3", "timestamp": "1483873066", "uuid": "58720d9e-8b54-40a9-9d80-42e7950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:tool=\"MM Core\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006262", "local": "0", "name": "ecsirt:malicious-code=\"malware\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1483869612", "to_ids": false, "type": "link", "uuid": "58720dac-52b8-4003-a6c3-4836950d210f", "value": "https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1483869659", "to_ids": false, "type": "comment", "uuid": "58720ddb-b720-488b-a2bf-43c2950d210f", "value": "In October 2016 Forcepoint Security Labs\u00e2\u201e\u00a2 discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number \u00e2\u20ac\u01532.0-LNK\u00e2\u20ac\u009d where it used the tag \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d in its command-and-control (C2) network request. A second version \u00e2\u20ac\u01532.1-LNK\u00e2\u20ac\u009d with the network tag \u00e2\u20ac\u0153StrangeLove\u00e2\u20ac\u009d was discovered shortly after.\r\n\r\nIn this blog we will detail our discovery of the next two versions of MM Core, namely \u00e2\u20ac\u0153BigBoss\u00e2\u20ac\u009d (2.2-LNK) and \u00e2\u20ac\u0153SillyGoose\u00e2\u20ac\u009d (2.3-LNK). Attacks using \"BigBoss\" appear likely to have occurred since mid-2015, whereas \"SillyGoose\" appears to have been distributed since September 2016. Both versions still appear to be active." }, { "category": "Network activity", "comment": "Gratem Second Stage Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872236", "to_ids": true, "type": "url", "uuid": "587217ec-4e98-42bf-b74a-424b950d210f", "value": "http://adnetwork33.redirectme.net/wp-content/themes/booswrap/layers.png" }, { "category": "Network activity", "comment": "Gratem Second Stage Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872236", "to_ids": true, "type": "url", "uuid": "587217ec-c724-4dcf-932a-4f85950d210f", "value": "http://network-resources.net/wp-content/themes/booswrap/layers.png" }, { "category": "Network activity", "comment": "Gratem Second Stage Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872237", "to_ids": true, "type": "url", "uuid": "587217ed-cfd4-4326-997a-417a950d210f", "value": "http://adworks.webhop.me/wp-content/themes/bmw/s6.png" }, { "category": "Network activity", "comment": "Gratem Second Stage Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872238", "to_ids": true, "type": "url", "uuid": "587217ee-116c-47fa-9494-43ad950d210f", "value": "http://adrev22.ddns.net/network/superads/logo.dat" }, { "category": "Network activity", "comment": "Gratem Second Stage Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872238", "to_ids": true, "type": "url", "uuid": "587217ee-18bc-4247-9bca-43da950d210f", "value": "http://davidjone.net/network/superads/logo.dat" }, { "category": "Network activity", "comment": "MM Core C2s", "deleted": false, "disable_correlation": false, "timestamp": "1483872266", "to_ids": true, "type": "url", "uuid": "5872180a-6d30-4ddc-b39f-4ee3950d210f", "value": "http://presspublishing24.net/plugins/cc/mik.php" }, { "category": "Network activity", "comment": "MM Core C2s", "deleted": false, "disable_correlation": false, "timestamp": "1483872266", "to_ids": true, "type": "url", "uuid": "5872180a-39ac-43e5-9fcc-4ca4950d210f", "value": "http://presspublishing24.net/plugins/slm/log.php" }, { "category": "Network activity", "comment": "MM Core C2s", "deleted": false, "disable_correlation": false, "timestamp": "1483872267", "to_ids": true, "type": "url", "uuid": "5872180b-eb54-473f-b2a7-4e36950d210f", "value": "http://presspublishing24.net/plugins/xim/trail.php" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872309", "to_ids": true, "type": "url", "uuid": "58721835-9658-4fa8-a5f7-4337950d210f", "value": "http://mockingbird.no-ip.org/plugins/xim/top.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872310", "to_ids": true, "type": "url", "uuid": "58721836-b8e8-4eaf-8b19-4c34950d210f", "value": "http://presspublishing24.net/plugins/xim/top.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872310", "to_ids": true, "type": "url", "uuid": "58721836-1084-43fc-8c42-45b9950d210f", "value": "http://ichoose.zapto.org/plugins/cc/me.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872311", "to_ids": true, "type": "url", "uuid": "58721837-2fbc-460a-9f83-4899950d210f", "value": "http://presspublishing24.net/plugins/cc/me.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872312", "to_ids": true, "type": "url", "uuid": "58721838-2b78-40e9-b9c9-4b77950d210f", "value": "http://waterlily.ddns.net/plugins/slm/pogo.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872312", "to_ids": true, "type": "url", "uuid": "58721838-f638-4bba-9e22-497b950d210f", "value": "http://presspublishing24.net/plugins/slm/pogo.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872313", "to_ids": true, "type": "url", "uuid": "58721839-a2b4-4163-a22b-45a1950d210f", "value": "http://nayanew1.no-ip.org/plugins/xim/top.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872314", "to_ids": true, "type": "url", "uuid": "5872183a-f23c-4ff6-9b56-46f8950d210f", "value": "http://davidjone.net/plugins/xim/top.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872314", "to_ids": true, "type": "url", "uuid": "5872183a-3db8-4a61-a3a2-4175950d210f", "value": "http://hawahawa123.no-ip.org/plugins/xim/logo.jpg" }, { "category": "Network activity", "comment": "MM Core Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872315", "to_ids": true, "type": "url", "uuid": "5872183b-f2a4-4a22-8227-4e18950d210f", "value": "http://davidjone.net/plugins/xim/logo.jpg" }, { "category": "Network activity", "comment": "Dropper/Downloader Payload Locations", "deleted": false, "disable_correlation": false, "timestamp": "1483872340", "to_ids": true, "type": "url", "uuid": "58721854-dbb0-4266-8413-407b950d210f", "value": "http://davidjone.net/huan/normaldot.exe" }, { "category": "Payload delivery", "comment": "Related Gratem Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872362", "to_ids": true, "type": "sha1", "uuid": "5872186a-99b0-411a-b17c-44c8950d210f", "value": "673f315388d9c3e47adc280da1ff8b85a0893525" }, { "category": "Payload delivery", "comment": "Related Gratem Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872363", "to_ids": true, "type": "sha1", "uuid": "5872186b-b6b8-4a62-b94b-4268950d210f", "value": "f7372222ec3e56d384e7ca2650eb39c0f420bc88" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872524", "to_ids": true, "type": "sha1", "uuid": "5872190c-2478-489c-bd2a-443a950d210f", "value": "f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872525", "to_ids": true, "type": "sha1", "uuid": "5872190d-7000-425a-a1b5-4f13950d210f", "value": "ef59b4ffc8a92a5a49308ba98cb38949f74774f1" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872525", "to_ids": true, "type": "sha1", "uuid": "5872190d-e9c8-44e3-8919-407d950d210f", "value": "1cf86d87140f13bf88ede74654e01853bae2413c" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872526", "to_ids": true, "type": "sha1", "uuid": "5872190e-9338-4dba-8635-4fa9950d210f", "value": "415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872527", "to_ids": true, "type": "sha1", "uuid": "5872190f-fb0c-430d-bf45-4450950d210f", "value": "e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872527", "to_ids": true, "type": "sha1", "uuid": "5872190f-935c-4383-a9a9-479d950d210f", "value": "83e7b2d6ea775c8eb1f6cfefb32df754609a8129" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872528", "to_ids": true, "type": "sha1", "uuid": "58721910-04ec-4145-8714-4d34950d210f", "value": "b931d3988eb37491506504990cae3081208e1a66" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872529", "to_ids": true, "type": "sha1", "uuid": "58721911-bfa4-42ff-9b08-4f4c950d210f", "value": "7031f4be6ced5241ae0dd4315d66a261f654dbd6" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872529", "to_ids": true, "type": "sha1", "uuid": "58721911-9064-4f63-899c-4398950d210f", "value": "ab53485990ac503fb9c440ab469771fac661f3cc" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872530", "to_ids": true, "type": "sha1", "uuid": "58721912-becc-4f40-8b4f-4d88950d210f", "value": "b8e6f570e02d105df2d78698de12ae80d66c54a2" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872531", "to_ids": true, "type": "sha1", "uuid": "58721913-5370-4f55-b6ca-48c1950d210f", "value": "188776d098f61fa2c3b482b2ace202caee18b411" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872532", "to_ids": true, "type": "sha1", "uuid": "58721914-6ba8-4b62-b14f-4ea1950d210f", "value": "e0ed40ec0196543814b00fd0aac7218f23de5ec5" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872532", "to_ids": true, "type": "sha1", "uuid": "58721914-0e18-483c-b7e4-43fa950d210f", "value": "5498bb49083289dfc2557a7c205aed7f8b97b2a8" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872533", "to_ids": true, "type": "sha1", "uuid": "58721915-cddc-495b-859f-45fe950d210f", "value": "ce18064f675348dd327569bd50528286929bc37a" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872534", "to_ids": true, "type": "sha1", "uuid": "58721916-8cfc-4327-8fee-4e0d950d210f", "value": "3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872534", "to_ids": true, "type": "sha1", "uuid": "58721916-6d98-4bbf-992e-4280950d210f", "value": "21c1904477ceb8d4d26ac9306e844b4ba0af1b43" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872535", "to_ids": true, "type": "sha1", "uuid": "58721917-2178-42c3-b843-4066950d210f", "value": "f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872569", "to_ids": true, "type": "sha1", "uuid": "58721939-3100-4117-8ed9-4e58950d210f", "value": "13b25ba2b139b9f45e21697ae00cf1b452eeeff5" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872569", "to_ids": true, "type": "sha1", "uuid": "58721939-0f00-4a6d-966b-4703950d210f", "value": "c58aac5567df7676c2b08e1235cd70daec3023e8" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872570", "to_ids": true, "type": "sha1", "uuid": "5872193a-b494-417b-9429-462d950d210f", "value": "4372bb675827922280e8de87a78bf61a6a3e7e4d" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples", "deleted": false, "disable_correlation": false, "timestamp": "1483872571", "to_ids": true, "type": "sha1", "uuid": "5872193b-d864-4ff3-a9e6-457e950d210f", "value": "08bfdefef8a1fb1ea6f292b1ed7d709fbbc2c602" }, { "category": "Payload delivery", "comment": "US pak track ii naval dialogues.doc", "deleted": false, "disable_correlation": false, "timestamp": "1483872602", "to_ids": true, "type": "sha1", "uuid": "5872195a-2fc8-46ba-af9b-4376950d210f", "value": "d336b8424a65f5c0b83328aa89089c2e4ddbcf72" }, { "category": "Payload delivery", "comment": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72", "deleted": false, "disable_correlation": false, "timestamp": "1483872784", "to_ids": true, "type": "sha256", "uuid": "58721a10-f288-42b4-9702-4e1402de0b81", "value": "72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631" }, { "category": "Payload delivery", "comment": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72", "deleted": false, "disable_correlation": false, "timestamp": "1483872785", "to_ids": true, "type": "md5", "uuid": "58721a11-170c-44ad-97eb-4f2c02de0b81", "value": "c4cee8d6f30127938681c93dd19f2af4" }, { "category": "External analysis", "comment": "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72", "deleted": false, "disable_correlation": false, "timestamp": "1483872786", "to_ids": false, "type": "link", "uuid": "58721a12-9fc8-496e-9634-49f702de0b81", "value": "https://www.virustotal.com/file/72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631/analysis/1483862088/" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d", "deleted": false, "disable_correlation": false, "timestamp": "1483872787", "to_ids": true, "type": "sha256", "uuid": "58721a13-eba0-47a2-b999-4a2b02de0b81", "value": "0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d", "deleted": false, "disable_correlation": false, "timestamp": "1483872787", "to_ids": true, "type": "md5", "uuid": "58721a13-f348-436e-a7cc-445202de0b81", "value": "060d13afdb2212a717666b251feda1d3" }, { "category": "External analysis", "comment": "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d", "deleted": false, "disable_correlation": false, "timestamp": "1483872788", "to_ids": false, "type": "link", "uuid": "58721a14-4514-462c-a44e-4d1c02de0b81", "value": "https://www.virustotal.com/file/0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6/analysis/1483698678/" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8", "deleted": false, "disable_correlation": false, "timestamp": "1483872789", "to_ids": true, "type": "sha256", "uuid": "58721a15-2874-4692-b24a-47b602de0b81", "value": "1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233" }, { "category": "Payload delivery", "comment": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8", "deleted": false, "disable_correlation": false, "timestamp": "1483872790", "to_ids": true, "type": "md5", "uuid": "58721a16-79ec-4e62-9d31-475c02de0b81", "value": "bddb10729acb2dfe28a7017b261d63db" }, { "category": "External analysis", "comment": "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8", "deleted": false, "disable_correlation": false, "timestamp": "1483872790", "to_ids": false, "type": "link", "uuid": "58721a16-b100-4e55-a771-4bc202de0b81", "value": "https://www.virustotal.com/file/1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233/analysis/1483633479/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6", "deleted": false, "disable_correlation": false, "timestamp": "1483872791", "to_ids": true, "type": "sha256", "uuid": "58721a17-7564-4a40-9826-4caa02de0b81", "value": "f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6", "deleted": false, "disable_correlation": false, "timestamp": "1483872792", "to_ids": true, "type": "md5", "uuid": "58721a18-0f84-4bc6-aa83-450d02de0b81", "value": "a9c07b9fb099f44e7b8f53a74d7f71d0" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6", "deleted": false, "disable_correlation": false, "timestamp": "1483872792", "to_ids": false, "type": "link", "uuid": "58721a18-59e0-4238-8532-45bc02de0b81", "value": "https://www.virustotal.com/file/f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5/analysis/1483633483/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43", "deleted": false, "disable_correlation": false, "timestamp": "1483872793", "to_ids": true, "type": "sha256", "uuid": "58721a19-2abc-478e-b5fb-416102de0b81", "value": "a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43", "deleted": false, "disable_correlation": false, "timestamp": "1483872794", "to_ids": true, "type": "md5", "uuid": "58721a1a-cb00-48df-bedc-41ef02de0b81", "value": "0932b703849364ca1537305761bc3429" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43", "deleted": false, "disable_correlation": false, "timestamp": "1483872795", "to_ids": false, "type": "link", "uuid": "58721a1b-d7a8-430f-ab7d-4a7702de0b81", "value": "https://www.virustotal.com/file/a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9/analysis/1460698281/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3", "deleted": false, "disable_correlation": false, "timestamp": "1483872795", "to_ids": true, "type": "sha256", "uuid": "58721a1b-2f2c-41ea-8f54-456402de0b81", "value": "033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3", "deleted": false, "disable_correlation": false, "timestamp": "1483872796", "to_ids": true, "type": "md5", "uuid": "58721a1c-7550-4fb8-8efb-45cc02de0b81", "value": "9e73734ac2ab5293c0f326245658b50e" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3", "deleted": false, "disable_correlation": false, "timestamp": "1483872797", "to_ids": false, "type": "link", "uuid": "58721a1d-6e5c-41fb-bd35-491902de0b81", "value": "https://www.virustotal.com/file/033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb/analysis/1483633482/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a", "deleted": false, "disable_correlation": false, "timestamp": "1483872798", "to_ids": true, "type": "sha256", "uuid": "58721a1e-a7d8-4a04-ba60-4dbe02de0b81", "value": "ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a", "deleted": false, "disable_correlation": false, "timestamp": "1483872798", "to_ids": true, "type": "md5", "uuid": "58721a1e-efec-4012-b0be-4cb202de0b81", "value": "c27da5a756569012449c479609c3b959" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a", "deleted": false, "disable_correlation": false, "timestamp": "1483872799", "to_ids": false, "type": "link", "uuid": "58721a1f-2ad4-4c50-9306-44c902de0b81", "value": "https://www.virustotal.com/file/ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795/analysis/1483633482/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8", "deleted": false, "disable_correlation": false, "timestamp": "1483872800", "to_ids": true, "type": "sha256", "uuid": "58721a20-074c-47e6-a681-48cc02de0b81", "value": "87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8", "deleted": false, "disable_correlation": false, "timestamp": "1483872801", "to_ids": true, "type": "md5", "uuid": "58721a21-28dc-40dd-83a8-431702de0b81", "value": "6c833531eb3c6b97095b45fcc8f2a1e6" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8", "deleted": false, "disable_correlation": false, "timestamp": "1483872801", "to_ids": false, "type": "link", "uuid": "58721a21-1a9c-414f-94c7-43c702de0b81", "value": "https://www.virustotal.com/file/87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317/analysis/1458047912/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5", "deleted": false, "disable_correlation": false, "timestamp": "1483872802", "to_ids": true, "type": "sha256", "uuid": "58721a22-d584-49ff-856c-40ab02de0b81", "value": "1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5", "deleted": false, "disable_correlation": false, "timestamp": "1483872803", "to_ids": true, "type": "md5", "uuid": "58721a23-37fc-403c-a41a-48a902de0b81", "value": "898812640c2cb691e5d9cdea96fe9599" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5", "deleted": false, "disable_correlation": false, "timestamp": "1483872803", "to_ids": false, "type": "link", "uuid": "58721a23-05e8-49af-9028-4e9002de0b81", "value": "https://www.virustotal.com/file/1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9/analysis/1483633481/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411", "deleted": false, "disable_correlation": false, "timestamp": "1483872804", "to_ids": true, "type": "sha256", "uuid": "58721a24-bf78-4e4f-a1c9-455502de0b81", "value": "4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411", "deleted": false, "disable_correlation": false, "timestamp": "1483872805", "to_ids": true, "type": "md5", "uuid": "58721a25-7e24-48af-8641-48b902de0b81", "value": "bffc9f409be33207849207f62622db50" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411", "deleted": false, "disable_correlation": false, "timestamp": "1483872806", "to_ids": false, "type": "link", "uuid": "58721a26-1990-4c1e-b4fe-4ac802de0b81", "value": "https://www.virustotal.com/file/4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e/analysis/1483633481/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2", "deleted": false, "disable_correlation": false, "timestamp": "1483872806", "to_ids": true, "type": "sha256", "uuid": "58721a26-2a54-4c67-8966-401402de0b81", "value": "e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2", "deleted": false, "disable_correlation": false, "timestamp": "1483872807", "to_ids": true, "type": "md5", "uuid": "58721a27-df90-4e23-a7d8-45b602de0b81", "value": "2801b537960058643dfdb3fc5199246d" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2", "deleted": false, "disable_correlation": false, "timestamp": "1483872808", "to_ids": false, "type": "link", "uuid": "58721a28-5f34-4997-993f-45b402de0b81", "value": "https://www.virustotal.com/file/e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0/analysis/1483698672/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc", "deleted": false, "disable_correlation": false, "timestamp": "1483872809", "to_ids": true, "type": "sha256", "uuid": "58721a29-513c-42cd-a8a9-414d02de0b81", "value": "0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc", "deleted": false, "disable_correlation": false, "timestamp": "1483872809", "to_ids": true, "type": "md5", "uuid": "58721a29-5e84-4009-935f-4b3b02de0b81", "value": "fe1eb07a9068c32efd032404a7472e58" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc", "deleted": false, "disable_correlation": false, "timestamp": "1483872810", "to_ids": false, "type": "link", "uuid": "58721a2a-950c-48b1-9e9c-47ad02de0b81", "value": "https://www.virustotal.com/file/0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85/analysis/1483633481/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6", "deleted": false, "disable_correlation": false, "timestamp": "1483872811", "to_ids": true, "type": "sha256", "uuid": "58721a2b-e744-411e-b4bb-4f6202de0b81", "value": "4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6", "deleted": false, "disable_correlation": false, "timestamp": "1483872812", "to_ids": true, "type": "md5", "uuid": "58721a2c-07b8-4db7-9de3-433602de0b81", "value": "380cfac90270b45518c17c224aa8e5be" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6", "deleted": false, "disable_correlation": false, "timestamp": "1483872812", "to_ids": false, "type": "link", "uuid": "58721a2c-2080-4fc2-af18-460202de0b81", "value": "https://www.virustotal.com/file/4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479/analysis/1483633481/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66", "deleted": false, "disable_correlation": false, "timestamp": "1483872813", "to_ids": true, "type": "sha256", "uuid": "58721a2d-c900-4abc-aeb2-4c6202de0b81", "value": "86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66", "deleted": false, "disable_correlation": false, "timestamp": "1483872814", "to_ids": true, "type": "md5", "uuid": "58721a2e-0338-4f99-8c58-471302de0b81", "value": "ee4563761247361632046c8966a4c790" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66", "deleted": false, "disable_correlation": false, "timestamp": "1483872815", "to_ids": false, "type": "link", "uuid": "58721a2f-bf20-41b2-bb9a-4a3002de0b81", "value": "https://www.virustotal.com/file/86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a/analysis/1483633481/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129", "deleted": false, "disable_correlation": false, "timestamp": "1483872815", "to_ids": true, "type": "sha256", "uuid": "58721a2f-19b0-4b16-81dd-49a202de0b81", "value": "af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129", "deleted": false, "disable_correlation": false, "timestamp": "1483872816", "to_ids": true, "type": "md5", "uuid": "58721a30-4acc-414f-b8e8-45a702de0b81", "value": "f38ffc4bfe7b449389b05d483016625b" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129", "deleted": false, "disable_correlation": false, "timestamp": "1483872817", "to_ids": false, "type": "link", "uuid": "58721a31-2a00-4bef-b78c-41eb02de0b81", "value": "https://www.virustotal.com/file/af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93/analysis/1483633480/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b", "deleted": false, "disable_correlation": false, "timestamp": "1483872817", "to_ids": true, "type": "sha256", "uuid": "58721a31-1f84-45b4-aaf4-4ace02de0b81", "value": "87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b", "deleted": false, "disable_correlation": false, "timestamp": "1483872818", "to_ids": true, "type": "md5", "uuid": "58721a32-8fe8-45ad-8243-4fc502de0b81", "value": "50b20197c9f9f3a8ded3a42aa6cf5315" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b", "deleted": false, "disable_correlation": false, "timestamp": "1483872819", "to_ids": false, "type": "link", "uuid": "58721a33-5160-4698-87dc-40ed02de0b81", "value": "https://www.virustotal.com/file/87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca/analysis/1475469859/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2", "deleted": false, "disable_correlation": false, "timestamp": "1483872820", "to_ids": true, "type": "sha256", "uuid": "58721a34-4718-401d-8c17-4eb802de0b81", "value": "62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2", "deleted": false, "disable_correlation": false, "timestamp": "1483872820", "to_ids": true, "type": "md5", "uuid": "58721a34-8cac-494e-95cd-4e4802de0b81", "value": "0647bac99b6a8407795134f5d67d4590" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2", "deleted": false, "disable_correlation": false, "timestamp": "1483872821", "to_ids": false, "type": "link", "uuid": "58721a35-67f0-44c8-9dab-421c02de0b81", "value": "https://www.virustotal.com/file/62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829/analysis/1482068488/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c", "deleted": false, "disable_correlation": false, "timestamp": "1483872822", "to_ids": true, "type": "sha256", "uuid": "58721a36-c628-4aa7-93d2-499f02de0b81", "value": "3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c", "deleted": false, "disable_correlation": false, "timestamp": "1483872823", "to_ids": true, "type": "md5", "uuid": "58721a37-2c60-432a-9471-4e3402de0b81", "value": "2826c9c6c25368f773c0e448572585d0" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c", "deleted": false, "disable_correlation": false, "timestamp": "1483872823", "to_ids": false, "type": "link", "uuid": "58721a37-4c14-4040-b978-4e5c02de0b81", "value": "https://www.virustotal.com/file/3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e/analysis/1483633480/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1", "deleted": false, "disable_correlation": false, "timestamp": "1483872824", "to_ids": true, "type": "sha256", "uuid": "58721a38-e2f4-400c-b548-478102de0b81", "value": "dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1", "deleted": false, "disable_correlation": false, "timestamp": "1483872825", "to_ids": true, "type": "md5", "uuid": "58721a39-d50c-4ba2-b029-4c4102de0b81", "value": "263b6c350cbf7354b99139be17c272d3" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1", "deleted": false, "disable_correlation": false, "timestamp": "1483872825", "to_ids": false, "type": "link", "uuid": "58721a39-fc50-49eb-aa98-44be02de0b81", "value": "https://www.virustotal.com/file/dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce/analysis/1483632797/" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab", "deleted": false, "disable_correlation": false, "timestamp": "1483872826", "to_ids": true, "type": "sha256", "uuid": "58721a3a-475c-44a4-8137-43f002de0b81", "value": "e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e" }, { "category": "Payload delivery", "comment": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab", "deleted": false, "disable_correlation": false, "timestamp": "1483872827", "to_ids": true, "type": "md5", "uuid": "58721a3b-8860-4374-bcd3-4e4802de0b81", "value": "d692a057330361f8f58163f9aa7fc3a8" }, { "category": "External analysis", "comment": "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab", "deleted": false, "disable_correlation": false, "timestamp": "1483872828", "to_ids": false, "type": "link", "uuid": "58721a3c-1a08-4680-9c4f-4e5102de0b81", "value": "https://www.virustotal.com/file/e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e/analysis/1483712714/" }, { "category": "Payload delivery", "comment": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88", "deleted": false, "disable_correlation": false, "timestamp": "1483872828", "to_ids": true, "type": "sha256", "uuid": "58721a3c-aa5c-46e5-9141-416202de0b81", "value": "c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873" }, { "category": "Payload delivery", "comment": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88", "deleted": false, "disable_correlation": false, "timestamp": "1483872829", "to_ids": true, "type": "md5", "uuid": "58721a3d-58ec-49c2-bb1b-424602de0b81", "value": "1bbc1549b8fe1ced42e65d8375ff7010" }, { "category": "External analysis", "comment": "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88", "deleted": false, "disable_correlation": false, "timestamp": "1483872830", "to_ids": false, "type": "link", "uuid": "58721a3e-3fbc-42a7-85d3-47ca02de0b81", "value": "https://www.virustotal.com/file/c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873/analysis/1483633479/" }, { "category": "Payload delivery", "comment": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525", "deleted": false, "disable_correlation": false, "timestamp": "1483872831", "to_ids": true, "type": "sha256", "uuid": "58721a3f-1e9c-45e9-9f31-4a1d02de0b81", "value": "a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf" }, { "category": "Payload delivery", "comment": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525", "deleted": false, "disable_correlation": false, "timestamp": "1483872831", "to_ids": true, "type": "md5", "uuid": "58721a3f-eba8-4c01-9964-429002de0b81", "value": "e2bc937f028602dda3fa56ad204ca726" }, { "category": "External analysis", "comment": "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525", "deleted": false, "disable_correlation": false, "timestamp": "1483872832", "to_ids": false, "type": "link", "uuid": "58721a40-54a0-4945-b198-4a6b02de0b81", "value": "https://www.virustotal.com/file/a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf/analysis/1483697879/" } ] } }