{ "Event": { "analysis": "2", "date": "2018-05-23", "extends_uuid": "", "info": "Talos Blog: VPNFilter", "publish_timestamp": "1557217340", "published": true, "threat_level_id": "3", "timestamp": "1527104159", "uuid": "5b0598ec-97ac-4456-9246-dcdb0acd0835", "Orgc": { "name": "Synovus Financial", "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1527093886", "to_ids": true, "type": "sha256", "uuid": "5b059a7d-a3e0-4d18-a7fe-b8400acd0835", "value": "0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093886", "to_ids": true, "type": "sha256", "uuid": "5b059a7d-1974-4a65-b03c-e0b50acd0835", "value": "8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093886", "to_ids": true, "type": "sha256", "uuid": "5b059a7d-0b64-42db-a129-dbf60acd0835", "value": "9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093886", "to_ids": true, "type": "sha256", "uuid": "5b059a7d-f178-4202-86cf-fb970acd0835", "value": "37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093886", "to_ids": true, "type": "sha256", "uuid": "5b059a7d-5ad0-4008-8ae8-ce320acd0835", "value": "d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094478", "to_ids": true, "type": "url", "uuid": "5b059a7d-4a20-47ac-b50a-ecde0acd0835", "value": "http://photobucket.com/user/saragray1/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094481", "to_ids": true, "type": "url", "uuid": "5b059a7d-81bc-4322-b2c7-04370acd0835", "value": "http://zuh3vcyskd4gipkm.onion/bin32/update.php", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094483", "to_ids": true, "type": "url", "uuid": "5b059a7f-c824-4320-a8a6-085b0acd0835", "value": "http://photobucket.com/user/bob7301/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1527093887", "to_ids": true, "type": "sha256", "uuid": "5b059a7f-d374-412e-9380-085a0acd0835", "value": "50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094486", "to_ids": true, "type": "url", "uuid": "5b059a80-3624-47c5-9527-08d20acd0835", "value": "http://photobucket.com/user/nikkireed11/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093888", "to_ids": true, "type": "sha256", "uuid": "5b059a80-5060-4284-bc21-08d10acd0835", "value": "4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094490", "to_ids": true, "type": "url", "uuid": "5b059a81-fa30-4539-8c5f-095f0acd0835", "value": "http://photobucket.com/user/monicabelci4/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 3, plugins", "deleted": false, "disable_correlation": false, "timestamp": "1527093889", "to_ids": true, "type": "sha256", "uuid": "5b059a81-6d98-4ec6-9560-09610acd0835", "value": "f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094493", "to_ids": true, "type": "url", "uuid": "5b059a81-6dfc-49b8-90be-095d0acd0835", "value": "http://photobucket.com/user/amandaseyfried1/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093889", "to_ids": true, "type": "sha256", "uuid": "5b059a81-6d98-49ac-9b95-09630acd0835", "value": "776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093889", "to_ids": true, "type": "sha256", "uuid": "5b059a81-6e60-44a1-814b-095e0acd0835", "value": "9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094495", "to_ids": true, "type": "url", "uuid": "5b059a82-4d68-4ef7-b896-0a990acd0835", "value": "http://photobucket.com/user/eva_green1/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094497", "to_ids": true, "type": "url", "uuid": "5b059a82-7dd0-419a-b375-0aa00acd0835", "value": "http://photobucket.com/user/jeniferaniston1/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 3, plugins", "deleted": false, "disable_correlation": false, "timestamp": "1527093890", "to_ids": true, "type": "sha256", "uuid": "5b059a82-ebf4-4907-970c-0aa70acd0835", "value": "afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094501", "to_ids": true, "type": "url", "uuid": "5b059a82-a558-4725-8498-0a9a0acd0835", "value": "http://photobucket.com/user/suwe8/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094504", "to_ids": true, "type": "url", "uuid": "5b059a82-92b8-469e-8156-0a980acd0835", "value": "http://photobucket.com/user/millerfred/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094506", "to_ids": true, "type": "url", "uuid": "5b059a82-20e4-4bb7-9818-0aa50acd0835", "value": "http://photobucket.com/user/kmila302/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094508", "to_ids": true, "type": "url", "uuid": "5b059a82-6be0-4ba5-896b-0a9e0acd0835", "value": "http://photobucket.com/user/katyperry45/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527093890", "to_ids": true, "type": "sha256", "uuid": "5b059a82-85c0-4e16-9e4d-0a9f0acd0835", "value": "0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1, downloads picture", "deleted": false, "disable_correlation": false, "timestamp": "1527094511", "to_ids": true, "type": "url", "uuid": "5b059a82-458c-4317-9ac7-0aa80acd0835", "value": "http://photobucket.com/user/lisabraun87/library", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-af74-4f75-bf51-0aa00acd0835", "value": "d113ce61ab1e4bfcb32fb3c53bd3cdeee81108d02d3886f6e2286e0b6a006747", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-3038-4637-a319-0aa00acd0835", "value": "c52b3901a26df1680acbfb9e6184b321f0b22dd6c4bb107e5e071553d375c851", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-8f64-4625-a3ed-0aa00acd0835", "value": "f372ebe8277b78d50c5600d0e2af3fe29b1e04b5435a7149f04edd165743c16d", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-d4c8-41ed-ab2d-0aa00acd0835", "value": "be4715b029cbd3f8e2f37bc525005b2cb9cad977117a26fac94339a721e3f2a5", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-01f4-4734-a5a2-0aa00acd0835", "value": "27af4b890db1a611d0054d5d4a7d9a36c9f52dffeb67a053be9ea03a495a9302", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-3ec0-4ac8-a8b6-0aa00acd0835", "value": "fb47ba27dceea486aab7a0f8ec5674332ca1f6af962a1724df89d658d470348f", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-6994-433a-bc16-0aa00acd0835", "value": "b25336c2dd388459dec37fa8d0467cf2ac3c81a272176128338a2c1d7c083c78", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-df04-424a-831b-0aa00acd0835", "value": "cd75d3a70e3218688bdd23a0f618add964603736f7c899265b1d8386b9902526", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-06b8-4eea-9ef5-0aa00acd0835", "value": "110da84f31e7868ad741bcb0d9f7771a0bb39c44785055e6da0ecc393598adc8", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-2bb0-4fe2-abdb-0aa00acd0835", "value": "909cf80d3ef4c52abc95d286df8d218462739889b6be4762a1d2fac1adb2ec2b", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-63cc-4cf3-8f1e-0aa00acd0835", "value": "044bfa11ea91b5559f7502c3a504b19ee3c555e95907a98508825b4aa56294e4", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527093947", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-9990-4e08-bf61-0aa00acd0835", "value": "c0f8bde03df3dec6e43b327378777ebc35d9ea8cfe39628f79f20b1c40c1b412", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-baa0-4df2-9da5-0aa00acd0835", "value": "8f1d0cd5dd6585c3d5d478e18a85e7109c8a88489c46987621e01d21fab5095d", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "x509-fingerprint-sha256", "uuid": "5b059abb-ec7c-4959-9548-0aa00acd0835", "value": "d5dec646c957305d91303a1d7931b30e7fb2f38d54a1102e14fd7a4b9f6e0806", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1527094046", "to_ids": false, "type": "link", "uuid": "5b059b06-76c8-42ef-a695-0ce50acd0835", "value": "https://blog.talosintelligence.com/2018/05/VPNFilter.html", "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "5f358afee76f2a74b1a3443c6012b27b: Enriched via VT\nAttribute #1743132 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094082", "to_ids": false, "type": "filename", "uuid": "5b059b42-1798-4ab9-92df-0d3005dc1b25", "value": "%USERPROFILE%\\Documents\\qsync.php" }, { "category": "Payload delivery", "comment": "5f358afee76f2a74b1a3443c6012b27b: Enriched via VT\nAttribute #1743132 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094083", "to_ids": false, "type": "ssdeep", "uuid": "5b059b43-3ca8-4c94-a835-0d3005dc1b25", "value": "6144:gPgrKJ+zIIglQIU1BILPTQGEk9pmnhdTnfdkV8Ww+BthUeX2ut:gPkSAoQIUILwkwTy8Wye9" }, { "category": "Payload delivery", "comment": "92d47495c92d8c5dba107163df2bb212: Enriched via VT\nAttribute #1743133 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094086", "to_ids": false, "type": "ssdeep", "uuid": "5b059b46-3d9c-458f-80bb-0d3005dc1b25", "value": "6144:BLXXE5rpmlrk7dHlG+wQ+GEfNB/ORZy+Om7BC:dU5rpkw7i+Z6fNBiC" }, { "category": "Payload delivery", "comment": "4912aad5e79c78bc143e71633df9c17b: Enriched via VT\nAttribute #1743134 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094090", "to_ids": false, "type": "ssdeep", "uuid": "5b059b4a-bde0-4a4f-acae-0d3005dc1b25", "value": "6144:cmbS6GCJukDhQnhcOsKMglGEZVHTMKc+Mkf7su:csS6zJuoOnMKMQZVYBu" }, { "category": "Payload delivery", "comment": "19dd8b95fcca498582642f5a0b2fc58b: Enriched via VT\nAttribute #1743135 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094093", "to_ids": false, "type": "ssdeep", "uuid": "5b059b4d-cb7c-4a49-b039-0d3005dc1b25", "value": "6144:+9GiuTGkBPoiJhaalRXd6Rv0XXvpPJ7tkISJZM9PJetlXSImnb:62T/oiHRXU8bCZM9X9b" }, { "category": "Payload delivery", "comment": "87049e223dd922dc1d8180c83e2fde77: Enriched via VT\nAttribute #1743136 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094097", "to_ids": false, "type": "ssdeep", "uuid": "5b059b51-6b8c-4566-ad05-0d3005dc1b25", "value": "6144:aCwworoTxC3REpYGACnkEBWkTGEmRqCTGqmpc47qa:ax7olCBEanCpWKmRbha" }, { "category": "Payload delivery", "comment": "45871bad3a9b4594fc3de39e4b5930ad: Enriched via VT\nAttribute #1743140 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094100", "to_ids": false, "type": "ssdeep", "uuid": "5b059b54-8974-4c23-a736-0d3005dc1b25", "value": "6144:9QkvS9EWCxns8zTwJWIck9NpU6zT3C+rkoyoa3y0c2TLCAVrSj2+9Ea:89EhLkdfLQXoaE2TOAV2Rt" }, { "category": "Payload delivery", "comment": "17e5e5c25eef807a08f02b8e435dda30: Enriched via VT\nAttribute #1743142 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094104", "to_ids": false, "type": "ssdeep", "uuid": "5b059b58-5a9c-4784-b358-0d3005dc1b25", "value": "6144:baJi/5AF4DV6+aCOGi8eaFa63MNQmII5ktPLh:ba0RFaB6jyktd" }, { "category": "Payload delivery", "comment": "97444b5209278ed611e6a94076e814c8: Enriched via VT\nAttribute #1743144 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094107", "to_ids": false, "type": "filename", "uuid": "5b059b5b-7ba4-4371-8e6a-0d3005dc1b25", "value": "vpnfilterm_ps" }, { "category": "Payload delivery", "comment": "97444b5209278ed611e6a94076e814c8: Enriched via VT\nAttribute #1743144 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094107", "to_ids": false, "type": "ssdeep", "uuid": "5b059b5b-46ec-4e86-8e00-0d3005dc1b25", "value": "384:MEoMAy/GRMYA0V/e3mAbCy5wjwl3eX02wcLieJIh/PyVMItRwMeZz+zr1gBePaI9:MEQeFYX0/cLhIJPyVMKfe0fYIT9" }, { "category": "Payload delivery", "comment": "Stage 1 if Photobucket Fails", "deleted": false, "disable_correlation": false, "timestamp": "1527094527", "to_ids": true, "type": "domain", "uuid": "5b059b5e-3da8-4fc2-8da7-08d20acd0835", "value": "toknowall.com" }, { "category": "Payload delivery", "comment": "8e74e36ba104389aa6dc4d4429bcf0cf: Enriched via VT\nAttribute #1743146 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094111", "to_ids": false, "type": "ssdeep", "uuid": "5b059b5f-d4d0-4640-8fd0-0d3005dc1b25", "value": "6144:muz6HAcALFnJ6A1HtguhY2xwaSV58bDSXBteLq:mo+vG17UE0BtB" }, { "category": "Payload delivery", "comment": "42d891bcdee9588f8ed5d27456896a5e: Enriched via VT\nAttribute #1743147 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094115", "to_ids": false, "type": "ssdeep", "uuid": "5b059b63-af28-4bbc-bb18-0d3005dc1b25", "value": "6144:uZXfvVijz85XiCcYuty8f0trKy1AUiJh8SWMJvEKKvk1Dc3F/FkZX97U:uXiwXi9tnfHv7tK81ugY" }, { "category": "Payload delivery", "comment": "b5dc976043db9b42c9f6fa889205c68a: Enriched via VT\nAttribute #1743150 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094119", "to_ids": false, "type": "ssdeep", "uuid": "5b059b67-4818-4075-a163-0d3005dc1b25", "value": "98304:ZUKUXKMOzkGNCPCEQi0EADYT9Bci7A5HqPwy/pfmITeaysckQj:tUXK6CBVlDYMf5HqPwyhuITTy" }, { "category": "Payload delivery", "comment": "93ff367439becebd9d71c3e12041c95e: Enriched via VT\nAttribute #1743155 enriched by virustotal.", "deleted": false, "disable_correlation": false, "timestamp": "1527094122", "to_ids": false, "type": "ssdeep", "uuid": "5b059b6a-b2c4-43a8-80d0-0d3005dc1b25", "value": "6144:hlyC+z6zIitnujMMYNyCSyza7csDZmA/x2LwB7jvXHiY1:DCzgIiwMJ2DQux2L6Pr1" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094145", "to_ids": true, "type": "ip-dst", "uuid": "5b059b81-1950-4d6a-a03e-0aa30acd0835", "value": "91.121.109.209" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094145", "to_ids": true, "type": "ip-dst", "uuid": "5b059b81-5cbc-44f0-8aa5-0aa30acd0835", "value": "217.12.202.40" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094145", "to_ids": true, "type": "ip-dst", "uuid": "5b059b81-fc3c-4407-b68c-0aa30acd0835", "value": "94.242.222.68" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-4d84-4afe-9c9b-0aa30acd0835", "value": "82.118.242.124" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-4b90-4e10-8744-0aa30acd0835", "value": "46.151.209.33" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-843c-47bc-bc1e-0aa30acd0835", "value": "217.79.179.14" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-cf94-4cab-8abc-0aa30acd0835", "value": "91.214.203.144" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-ce54-4359-8228-0aa30acd0835", "value": "95.211.198.231" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-5f9c-4949-b910-0aa30acd0835", "value": "195.154.180.60" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-baa0-4804-a02c-0aa30acd0835", "value": "5.149.250.54" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-e848-4bb6-a465-0aa30acd0835", "value": "91.200.13.76" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-85e4-48be-b33d-0aa30acd0835", "value": "94.185.80.82" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094146", "to_ids": true, "type": "ip-dst", "uuid": "5b059b82-c03c-4400-983a-0aa30acd0835", "value": "62.210.180.229" }, { "category": "Payload installation", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1527094798", "to_ids": true, "type": "md5", "uuid": "5b059e0e-9e7c-4f4a-a1a3-0aa30acd0835", "value": "45871bad3a9b4594fc3de39e4b5930ad" }, { "category": "Payload installation", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1527094798", "to_ids": true, "type": "md5", "uuid": "5b059e0e-8b0c-486a-b473-0aa30acd0835", "value": "5f358afee76f2a74b1a3443c6012b27b" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-0dec-4d5e-b31c-0f810acd0835", "value": "4912aad5e79c78bc143e71633df9c17b" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-b6f0-4a60-8d6e-0f810acd0835", "value": "87049e223dd922dc1d8180c83e2fde77" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-3408-4d9c-94d6-0f810acd0835", "value": "17e5e5c25eef807a08f02b8e435dda30" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-5850-4b83-a6e6-0f810acd0835", "value": "42d891bcdee9588f8ed5d27456896a5e" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-1d48-43aa-ae5b-0f810acd0835", "value": "19dd8b95fcca498582642f5a0b2fc58b" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-4ed8-4713-809f-0f810acd0835", "value": "8e74e36ba104389aa6dc4d4429bcf0cf" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-17b8-4674-bbb7-0f810acd0835", "value": "92d47495c92d8c5dba107163df2bb212" }, { "category": "Payload installation", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1527094916", "to_ids": true, "type": "md5", "uuid": "5b059e84-d8c8-43a8-8069-0f810acd0835", "value": "93ff367439becebd9d71c3e12041c95e" }, { "category": "Payload installation", "comment": "Stage 3 Plugins", "deleted": false, "disable_correlation": false, "timestamp": "1527094964", "to_ids": true, "type": "md5", "uuid": "5b059eb4-c45c-4cd3-8de0-0f810acd0835", "value": "97444b5209278ed611e6a94076e814c8" }, { "category": "Payload installation", "comment": "Stage 3 Plugins", "deleted": false, "disable_correlation": false, "timestamp": "1527094964", "to_ids": true, "type": "md5", "uuid": "5b059eb4-f058-450a-b54f-0f810acd0835", "value": "b5dc976043db9b42c9f6fa889205c68a" } ] } }