{ "Event": { "analysis": "2", "date": "2015-04-27", "extends_uuid": "", "info": "OSINT Enterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak by Trend Micro", "publish_timestamp": "1447449859", "published": true, "threat_level_id": "3", "timestamp": "1447449579", "uuid": "553ead98-1fb4-4ee6-a8ea-ad6d950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430171109", "to_ids": false, "type": "link", "uuid": "553eade5-793c-4a21-bc6e-069f950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/enterprises-hit-by-bartalex-macro-malware-in-recent-spam-outbreak/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430171117", "to_ids": false, "type": "text", "uuid": "553eaded-4b28-4e7d-9de9-7df5950d210b", "value": "Bartalex" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430171150", "to_ids": false, "type": "text", "uuid": "553eae0e-b2a0-4f0c-a87f-ad6d950d210b", "value": "W2KM_BARTALEX.SMA" }, { "category": "Artifacts dropped", "comment": "W2KM_BARTALEX.SMA", "deleted": false, "disable_correlation": false, "timestamp": "1430171196", "to_ids": true, "type": "sha1", "uuid": "553eae22-047c-47ae-ad12-7df5950d210b", "value": "61a7cc6ed45657fa1330e922aea33254b189ef61" }, { "category": "Artifacts dropped", "comment": "W2KM_BARTALEX.SMA", "deleted": false, "disable_correlation": false, "timestamp": "1430171196", "to_ids": true, "type": "sha1", "uuid": "553eae23-93d4-4d15-bac4-7df5950d210b", "value": "6f252485dee0b854f72cc8b64601f6f19d01c02c" }, { "category": "Artifacts dropped", "comment": "W2KM_BARTALEX.SMA", "deleted": false, "disable_correlation": false, "timestamp": "1430171196", "to_ids": true, "type": "sha1", "uuid": "553eae23-dd90-4b93-9027-7df5950d210b", "value": "85e10382b06801770a4477505ed5d8c75fb37135" }, { "category": "Artifacts dropped", "comment": "TSPY_DYRE.YUYCC", "deleted": false, "disable_correlation": false, "timestamp": "1430171215", "to_ids": true, "type": "sha1", "uuid": "553eae4f-f320-4b97-a4c7-7df5950d210b", "value": "5e392950fa295a98219e1fc9cce7a7048792845e" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171239", "to_ids": true, "type": "sha1", "uuid": "553eae67-20b8-4592-b5ef-7dfa950d210b", "value": "0163fbb29c18e3d358ec5d5a5e4eb3c93f19a961" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171239", "to_ids": true, "type": "sha1", "uuid": "553eae67-e224-4269-89c7-7dfa950d210b", "value": "02358bcc501793454a6613f96e8f8210b2a27b88" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171239", "to_ids": true, "type": "sha1", "uuid": "553eae67-580c-405e-92ed-7dfa950d210b", "value": "05fe7c71ae5d902bb9ef4d4e43e3ddd1e45f6d0c" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171239", "to_ids": true, "type": "sha1", "uuid": "553eae67-bdac-494c-9833-7dfa950d210b", "value": "11d6e9bf38553900939ea100be70be95d094248b" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171239", "to_ids": true, "type": "sha1", "uuid": "553eae67-45d4-45e3-8497-7dfa950d210b", "value": "19aed57e1d211764618adc2399296d8b01d04d19" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171240", "to_ids": true, "type": "sha1", "uuid": "553eae68-74cc-4173-986d-7dfa950d210b", "value": "559a03a549acc497b8ec57790969bd980d7190f4" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171240", "to_ids": true, "type": "sha1", "uuid": "553eae68-5274-4783-afb2-7dfa950d210b", "value": "c0ca5686219e336171016a8c73b81be856e47bbc" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171240", "to_ids": true, "type": "sha1", "uuid": "553eae68-51b8-4346-afba-7dfa950d210b", "value": "d047decf0179a79fd4de03f0d154f4a2f9d18da4" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171240", "to_ids": true, "type": "sha1", "uuid": "553eae68-ce6c-4cf8-892d-7dfa950d210b", "value": "d3bf440f3c4e63b9c7165c1295c11f71f60b5f8c" }, { "category": "Payload delivery", "comment": "Malicious .doc file", "deleted": false, "disable_correlation": false, "timestamp": "1430171240", "to_ids": true, "type": "sha1", "uuid": "553eae68-1e20-4ee6-a27e-7dfa950d210b", "value": "ec7a2e7c1dce4a37da99a8f20a5d4674f5c80a1f" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675767", "to_ids": true, "type": "sha1", "uuid": "55466137-aa1c-41b4-817d-4ad5950d210b", "value": "037cebf49a412bcabd7d3b896382af53eaecabed" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-42d4-49fe-a270-4d53950d210b", "value": "0b4100e124507a174f147c3bf0121769ab209104" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-d72c-41d7-9b87-4d42950d210b", "value": "0fad05ba34d91de15047052c4a6166d92aa5e3ac" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-f89c-43a3-99d6-43dd950d210b", "value": "1363b79fc25467ea01842c5cbfa90c90bd7e7790" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-b32c-4fae-a112-456f950d210b", "value": "164929155ab6f78a3ff46753b0a321e8dbd13e8a" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-3b68-4f43-a2a1-4e8c950d210b", "value": "18df8417fce6f9e24c8369a2897eaf29b1ec11c4" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-a018-49e4-8ccb-40f4950d210b", "value": "21bc3485810e258b425e4b38e46d944f7be81c50" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-a6e4-413b-afc3-4a75950d210b", "value": "23f9777f17f86c9c8cbf25672e2e783ab0acc58c" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675768", "to_ids": true, "type": "sha1", "uuid": "55466138-7fe0-48a2-8eeb-4f55950d210b", "value": "25cbbcc94782b2f1efd46179f28c517af44637fb" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-e940-4f03-9311-4904950d210b", "value": "29e4f4013c07dfcb0aae20c806b157ed7f023e9c" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-e27c-4680-b590-43b4950d210b", "value": "2b01eb798d31d91cc03221b82c3f3fe04f4eb40a" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-7880-481e-9460-4dcf950d210b", "value": "2b8c9af6d0c372f3343ae76e26d48f8c9eed37c7" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-7de4-41b6-b690-4259950d210b", "value": "31dcc204661eee13920fda7ec582aaa1ec48f821" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-bde4-4863-82cf-49f4950d210b", "value": "31e2a2152a974f69e98c235c0dd3cddc1984b8da" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-6eac-4bf2-b24a-4bba950d210b", "value": "3338db3553bc2ef8b7587f5b331c2a3ecbbbcd6c" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-5148-4b4e-a64b-4815950d210b", "value": "339543194c2e64c27d746572d235dba37a332eeb" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675769", "to_ids": true, "type": "sha1", "uuid": "55466139-8ae4-4702-adcc-468a950d210b", "value": "33c73dfd66f9fb0e8bc30b53b150e202e7fc3055" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675770", "to_ids": true, "type": "sha1", "uuid": "5546613a-65b8-4b22-bbb4-4f58950d210b", "value": "350a922a008078c6fdbee9f566363f553ea55394" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675770", "to_ids": true, "type": "sha1", "uuid": "5546613a-f670-4fac-91f6-4a21950d210b", "value": "3916a8150fa10d4b4999f6bd97b7e7464bea13d1" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.", "deleted": false, "disable_correlation": false, "timestamp": "1430675770", "to_ids": true, "type": "sha1", "uuid": "5546613a-2780-4cca-a850-48d2950d210b", "value": "3cdde0489afab5c5fd9098c408c7419b44d2bc46" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430675804", "to_ids": true, "type": "sha1", "uuid": "5546615c-f99c-4629-b4cd-4483950d210b", "value": "61a7cc6ed45657fa1330e922aea33254b189ef61" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430675805", "to_ids": true, "type": "sha1", "uuid": "5546615d-96e0-45d6-9dcd-4ada950d210b", "value": "6f252485dee0b854f72cc8b64601f6f19d01c02c" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430675805", "to_ids": true, "type": "sha1", "uuid": "5546615d-3608-4a5a-8cea-47b8950d210b", "value": "85e10382b06801770a4477505ed5d8c75fb37135" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1430675866", "to_ids": false, "type": "comment", "uuid": "5546619a-8b20-4c44-819b-4b94950d210b", "value": "Update as of May 1, 2015, 11:00 PM (GMT+8) \r\nThe list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed." }, { "category": "Payload installation", "comment": "- Xchecked via VT: 85e10382b06801770a4477505ed5d8c75fb37135", "deleted": false, "disable_correlation": false, "timestamp": "1447449579", "to_ids": true, "type": "sha256", "uuid": "564653eb-6c0c-46ae-bd9e-48b6950d210b", "value": "4962bd87d1a7ef48a1eb67d1793f0f7cccbbf7aaffd58ab37e578476f80ec4d2" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 85e10382b06801770a4477505ed5d8c75fb37135", "deleted": false, "disable_correlation": false, "timestamp": "1447449579", "to_ids": true, "type": "md5", "uuid": "564653eb-a23c-472c-ba92-4cfe950d210b", "value": "a5cfe37d8ecfc22a60954f8462273e3f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449580", "to_ids": false, "type": "link", "uuid": "564653ec-e944-4759-9825-41a5950d210b", "value": "https://www.virustotal.com/file/4962bd87d1a7ef48a1eb67d1793f0f7cccbbf7aaffd58ab37e578476f80ec4d2/analysis/1430810167/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 6f252485dee0b854f72cc8b64601f6f19d01c02c", "deleted": false, "disable_correlation": false, "timestamp": "1447449580", "to_ids": true, "type": "sha256", "uuid": "564653ec-e414-4f2b-af71-49ac950d210b", "value": "5c85a8f0ce0e1a31fe07fd964e5c87e2394d542b8113f5d9dcfc47391dfbab95" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 6f252485dee0b854f72cc8b64601f6f19d01c02c", "deleted": false, "disable_correlation": false, "timestamp": "1447449581", "to_ids": true, "type": "md5", "uuid": "564653ed-3afc-4fc5-8a56-416a950d210b", "value": "91207439790ffe5f0d177c27cf4d68ac" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449581", "to_ids": false, "type": "link", "uuid": "564653ed-1c88-4a60-a1f3-4918950d210b", "value": "https://www.virustotal.com/file/5c85a8f0ce0e1a31fe07fd964e5c87e2394d542b8113f5d9dcfc47391dfbab95/analysis/1430418843/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 61a7cc6ed45657fa1330e922aea33254b189ef61", "deleted": false, "disable_correlation": false, "timestamp": "1447449582", "to_ids": true, "type": "sha256", "uuid": "564653ee-aa3c-49b2-96d7-4df5950d210b", "value": "7b3a6e7708fc7795a437fe62c954f780132fe0a41d9b679039011bc1a6cb4593" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 61a7cc6ed45657fa1330e922aea33254b189ef61", "deleted": false, "disable_correlation": false, "timestamp": "1447449582", "to_ids": true, "type": "md5", "uuid": "564653ee-d81c-49f4-9f33-4a2e950d210b", "value": "05be09f648bf2b62ebf9cd79ccfd0087" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449583", "to_ids": false, "type": "link", "uuid": "564653ef-fc04-407f-bcf9-4343950d210b", "value": "https://www.virustotal.com/file/7b3a6e7708fc7795a437fe62c954f780132fe0a41d9b679039011bc1a6cb4593/analysis/1430810886/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 3cdde0489afab5c5fd9098c408c7419b44d2bc46", "deleted": false, "disable_correlation": false, "timestamp": "1447449583", "to_ids": true, "type": "sha256", "uuid": "564653ef-3464-497e-a5b6-4828950d210b", "value": "1fa6eabce6d6f3290bd57ed7e52d49079d1a2340f2901130e084da4a75de29ec" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 3cdde0489afab5c5fd9098c408c7419b44d2bc46", "deleted": false, "disable_correlation": false, "timestamp": "1447449583", "to_ids": true, "type": "md5", "uuid": "564653ef-24b0-465e-aa3c-41e7950d210b", "value": "abc718998731a961f9110e5b6cc07f3b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449584", "to_ids": false, "type": "link", "uuid": "564653f0-d6ac-4dd8-b0f5-42c2950d210b", "value": "https://www.virustotal.com/file/1fa6eabce6d6f3290bd57ed7e52d49079d1a2340f2901130e084da4a75de29ec/analysis/1430809411/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 350a922a008078c6fdbee9f566363f553ea55394", "deleted": false, "disable_correlation": false, "timestamp": "1447449584", "to_ids": true, "type": "sha256", "uuid": "564653f0-6b44-455e-85a3-4cd0950d210b", "value": "6b048ac41c1e58773c00858e9644cb88bf2fae37af5b4b02d090f6bd310c03b4" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 350a922a008078c6fdbee9f566363f553ea55394", "deleted": false, "disable_correlation": false, "timestamp": "1447449585", "to_ids": true, "type": "md5", "uuid": "564653f1-a040-41ce-8946-49e5950d210b", "value": "cf6ac741c96d163c9f0fbf8538facd19" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449585", "to_ids": false, "type": "link", "uuid": "564653f1-e77c-439d-9622-410f950d210b", "value": "https://www.virustotal.com/file/6b048ac41c1e58773c00858e9644cb88bf2fae37af5b4b02d090f6bd310c03b4/analysis/1429800798/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 33c73dfd66f9fb0e8bc30b53b150e202e7fc3055", "deleted": false, "disable_correlation": false, "timestamp": "1447449585", "to_ids": true, "type": "sha256", "uuid": "564653f1-7694-4f52-aff0-4dba950d210b", "value": "f0cefa8f94e2d5fe0ac01a4f012a92c111946f8d1be9fd3708d3b642ca7ad16f" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 33c73dfd66f9fb0e8bc30b53b150e202e7fc3055", "deleted": false, "disable_correlation": false, "timestamp": "1447449586", "to_ids": true, "type": "md5", "uuid": "564653f2-ab38-4009-a63d-4c07950d210b", "value": "b49643e6a02b73b97f3c7896194f662d" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449586", "to_ids": false, "type": "link", "uuid": "564653f2-d5c8-4922-bc41-4c1e950d210b", "value": "https://www.virustotal.com/file/f0cefa8f94e2d5fe0ac01a4f012a92c111946f8d1be9fd3708d3b642ca7ad16f/analysis/1430490974/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 339543194c2e64c27d746572d235dba37a332eeb", "deleted": false, "disable_correlation": false, "timestamp": "1447449586", "to_ids": true, "type": "sha256", "uuid": "564653f2-2c58-4ef4-98f6-4a39950d210b", "value": "8e1ab2fd5b7fbd74ba61dae69719a5eb11f9396030bd8f6dfe82704bf0f5ff00" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 339543194c2e64c27d746572d235dba37a332eeb", "deleted": false, "disable_correlation": false, "timestamp": "1447449587", "to_ids": true, "type": "md5", "uuid": "564653f3-d0e0-4bd0-958e-4233950d210b", "value": "28aaa2613173586b8b31eef7dc4fcdce" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449587", "to_ids": false, "type": "link", "uuid": "564653f3-8650-4f8c-b4d1-477b950d210b", "value": "https://www.virustotal.com/file/8e1ab2fd5b7fbd74ba61dae69719a5eb11f9396030bd8f6dfe82704bf0f5ff00/analysis/1430896749/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31e2a2152a974f69e98c235c0dd3cddc1984b8da", "deleted": false, "disable_correlation": false, "timestamp": "1447449588", "to_ids": true, "type": "sha256", "uuid": "564653f4-29dc-43b0-9334-4839950d210b", "value": "9290501fd626add6de2a10733e2a9ebf19ca9a71bb068a2cb8717d8d6d59a0cd" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31e2a2152a974f69e98c235c0dd3cddc1984b8da", "deleted": false, "disable_correlation": false, "timestamp": "1447449588", "to_ids": true, "type": "md5", "uuid": "564653f4-d934-482c-a980-4a6e950d210b", "value": "386d736cdffa5812850e53494a66793a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449588", "to_ids": false, "type": "link", "uuid": "564653f4-a240-4e68-adb5-4221950d210b", "value": "https://www.virustotal.com/file/9290501fd626add6de2a10733e2a9ebf19ca9a71bb068a2cb8717d8d6d59a0cd/analysis/1430753558/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31dcc204661eee13920fda7ec582aaa1ec48f821", "deleted": false, "disable_correlation": false, "timestamp": "1447449589", "to_ids": true, "type": "sha256", "uuid": "564653f5-4fd8-4e0e-9fbd-4607950d210b", "value": "441e48ed561cc3322bf02f14723bc6549d08e59c00b4c443b5efbf9d374a5303" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31dcc204661eee13920fda7ec582aaa1ec48f821", "deleted": false, "disable_correlation": false, "timestamp": "1447449589", "to_ids": true, "type": "md5", "uuid": "564653f5-db4c-4003-a928-488b950d210b", "value": "2813ae3302a4c2892c947144ab289872" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449590", "to_ids": false, "type": "link", "uuid": "564653f6-f07c-46d1-a618-4248950d210b", "value": "https://www.virustotal.com/file/441e48ed561cc3322bf02f14723bc6549d08e59c00b4c443b5efbf9d374a5303/analysis/1429789168/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 2b01eb798d31d91cc03221b82c3f3fe04f4eb40a", "deleted": false, "disable_correlation": false, "timestamp": "1447449590", "to_ids": true, "type": "sha256", "uuid": "564653f6-4b1c-403a-a2d9-4610950d210b", "value": "a393243694bc7b536240da7605cb812d23879e41495efc89f032259c65dbb220" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 2b01eb798d31d91cc03221b82c3f3fe04f4eb40a", "deleted": false, "disable_correlation": false, "timestamp": "1447449590", "to_ids": true, "type": "md5", "uuid": "564653f6-a338-4490-92bc-47e7950d210b", "value": "593c5fea01fb19a14dbe161fe754108a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449591", "to_ids": false, "type": "link", "uuid": "564653f7-298c-4c97-806b-4d9b950d210b", "value": "https://www.virustotal.com/file/a393243694bc7b536240da7605cb812d23879e41495efc89f032259c65dbb220/analysis/1430753559/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 29e4f4013c07dfcb0aae20c806b157ed7f023e9c", "deleted": false, "disable_correlation": false, "timestamp": "1447449591", "to_ids": true, "type": "sha256", "uuid": "564653f7-1ea8-4c79-af8f-4331950d210b", "value": "a1c02381fa46138aaa84c2cf19b6a2d26b815cc31f73b84a207fa419474a0bbb" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 29e4f4013c07dfcb0aae20c806b157ed7f023e9c", "deleted": false, "disable_correlation": false, "timestamp": "1447449592", "to_ids": true, "type": "md5", "uuid": "564653f8-e2bc-440c-a599-45db950d210b", "value": "86e58db678dc48aa869c8f8fd5592055" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449592", "to_ids": false, "type": "link", "uuid": "564653f8-ef50-488d-bc19-4be1950d210b", "value": "https://www.virustotal.com/file/a1c02381fa46138aaa84c2cf19b6a2d26b815cc31f73b84a207fa419474a0bbb/analysis/1430809349/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 25cbbcc94782b2f1efd46179f28c517af44637fb", "deleted": false, "disable_correlation": false, "timestamp": "1447449592", "to_ids": true, "type": "sha256", "uuid": "564653f8-5f9c-453e-a967-4dba950d210b", "value": "ff352e51858dcab7ef9a69f15a8dd3b7d262d174d819c649f774ab0705703585" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 25cbbcc94782b2f1efd46179f28c517af44637fb", "deleted": false, "disable_correlation": false, "timestamp": "1447449593", "to_ids": true, "type": "md5", "uuid": "564653f9-ba60-4773-a625-48e7950d210b", "value": "e132ac28cc6163c1004ae0c84b908849" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449593", "to_ids": false, "type": "link", "uuid": "564653f9-66c0-4633-b4b5-4bec950d210b", "value": "https://www.virustotal.com/file/ff352e51858dcab7ef9a69f15a8dd3b7d262d174d819c649f774ab0705703585/analysis/1429801974/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 23f9777f17f86c9c8cbf25672e2e783ab0acc58c", "deleted": false, "disable_correlation": false, "timestamp": "1447449594", "to_ids": true, "type": "sha256", "uuid": "564653fa-3c30-4d50-bdfd-449b950d210b", "value": "7c63e1d82468998677b314a071264b0f6ca67c6b4a22f6fa6c22c468a594bd2a" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 23f9777f17f86c9c8cbf25672e2e783ab0acc58c", "deleted": false, "disable_correlation": false, "timestamp": "1447449594", "to_ids": true, "type": "md5", "uuid": "564653fa-dbbc-4c0f-bf03-4c8e950d210b", "value": "47a2eabeed5e3edd8382f9a52d99a3cc" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449594", "to_ids": false, "type": "link", "uuid": "564653fa-56d8-4689-a5d3-465d950d210b", "value": "https://www.virustotal.com/file/7c63e1d82468998677b314a071264b0f6ca67c6b4a22f6fa6c22c468a594bd2a/analysis/1430809477/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 18df8417fce6f9e24c8369a2897eaf29b1ec11c4", "deleted": false, "disable_correlation": false, "timestamp": "1447449595", "to_ids": true, "type": "sha256", "uuid": "564653fb-7dd8-451e-a86f-49e3950d210b", "value": "8a7534b23f0133de3027f0bb0aa04b3b8ea61af275f2128a9dead90f3264ab5d" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 18df8417fce6f9e24c8369a2897eaf29b1ec11c4", "deleted": false, "disable_correlation": false, "timestamp": "1447449595", "to_ids": true, "type": "md5", "uuid": "564653fb-e2f8-4fc2-9393-4435950d210b", "value": "b504965c00c94aa93d093fb72035d200" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449596", "to_ids": false, "type": "link", "uuid": "564653fc-f88c-474c-8131-47e8950d210b", "value": "https://www.virustotal.com/file/8a7534b23f0133de3027f0bb0aa04b3b8ea61af275f2128a9dead90f3264ab5d/analysis/1430810981/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 1363b79fc25467ea01842c5cbfa90c90bd7e7790", "deleted": false, "disable_correlation": false, "timestamp": "1447449596", "to_ids": true, "type": "sha256", "uuid": "564653fc-b6ac-4956-adf3-4087950d210b", "value": "e024d802b7fc976ed43a863f697658cb4aeacdcb905c1a7df951355b086d41e2" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 1363b79fc25467ea01842c5cbfa90c90bd7e7790", "deleted": false, "disable_correlation": false, "timestamp": "1447449596", "to_ids": true, "type": "md5", "uuid": "564653fc-6b28-4e08-a03d-4df4950d210b", "value": "78eb5aaf0b7b133af9666dc8e99909fb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449597", "to_ids": false, "type": "link", "uuid": "564653fd-4b88-427b-a592-4a9d950d210b", "value": "https://www.virustotal.com/file/e024d802b7fc976ed43a863f697658cb4aeacdcb905c1a7df951355b086d41e2/analysis/1430753556/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0fad05ba34d91de15047052c4a6166d92aa5e3ac", "deleted": false, "disable_correlation": false, "timestamp": "1447449597", "to_ids": true, "type": "sha256", "uuid": "564653fd-d208-4dc4-bbb5-4c0f950d210b", "value": "f695413819c0e10de4d016bda25741759b997269784cbc37ceb45de1c84c39d6" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0fad05ba34d91de15047052c4a6166d92aa5e3ac", "deleted": false, "disable_correlation": false, "timestamp": "1447449598", "to_ids": true, "type": "md5", "uuid": "564653fe-1c5c-43a8-812d-41ae950d210b", "value": "b8d31cfd80a4c0b4db7eba82710f30ea" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449598", "to_ids": false, "type": "link", "uuid": "564653fe-1cb4-4208-abe1-4e7d950d210b", "value": "https://www.virustotal.com/file/f695413819c0e10de4d016bda25741759b997269784cbc37ceb45de1c84c39d6/analysis/1430753555/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0b4100e124507a174f147c3bf0121769ab209104", "deleted": false, "disable_correlation": false, "timestamp": "1447449598", "to_ids": true, "type": "sha256", "uuid": "564653fe-1a18-48c1-a0e2-45de950d210b", "value": "c34c76f2f74dfa2fb1b588fd9940ace900da6e1aa411b1a4af51e151a809d8c7" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0b4100e124507a174f147c3bf0121769ab209104", "deleted": false, "disable_correlation": false, "timestamp": "1447449599", "to_ids": true, "type": "md5", "uuid": "564653ff-5ebc-4304-b1db-4ba3950d210b", "value": "694ef544a592a13ba701b73b7613cda6" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449599", "to_ids": false, "type": "link", "uuid": "564653ff-8738-42bd-9f6a-4763950d210b", "value": "https://www.virustotal.com/file/c34c76f2f74dfa2fb1b588fd9940ace900da6e1aa411b1a4af51e151a809d8c7/analysis/1430810856/" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 037cebf49a412bcabd7d3b896382af53eaecabed", "deleted": false, "disable_correlation": false, "timestamp": "1447449600", "to_ids": true, "type": "sha256", "uuid": "56465400-6bf8-4ad5-9239-4ea3950d210b", "value": "ef9643c0986331477b6eff730b299b9a4b844b38a52ee36d2b672b03e31f3c4a" }, { "category": "Payload delivery", "comment": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 037cebf49a412bcabd7d3b896382af53eaecabed", "deleted": false, "disable_correlation": false, "timestamp": "1447449600", "to_ids": true, "type": "md5", "uuid": "56465400-44d0-4f4c-a739-4fc7950d210b", "value": "c5ad2537409683eaa71c36c66ab2f05e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449600", "to_ids": false, "type": "link", "uuid": "56465400-6c14-4580-9f6a-4445950d210b", "value": "https://www.virustotal.com/file/ef9643c0986331477b6eff730b299b9a4b844b38a52ee36d2b672b03e31f3c4a/analysis/1439140579/" }, { "category": "Artifacts dropped", "comment": "TSPY_DYRE.YUYCC - Xchecked via VT: 5e392950fa295a98219e1fc9cce7a7048792845e", "deleted": false, "disable_correlation": false, "timestamp": "1447449601", "to_ids": true, "type": "sha256", "uuid": "56465401-6a40-413e-b65e-4df0950d210b", "value": "ec05df2a8f7a7bc2ae5b3c153c9ec450e3611b2343572d0aa8d84a8b1d23ee8d" }, { "category": "Artifacts dropped", "comment": "TSPY_DYRE.YUYCC - Xchecked via VT: 5e392950fa295a98219e1fc9cce7a7048792845e", "deleted": false, "disable_correlation": false, "timestamp": "1447449601", "to_ids": true, "type": "md5", "uuid": "56465401-cc6c-4e48-833a-44b0950d210b", "value": "22a7aafe5190a5cdcc92bfd304a21f7d" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447449602", "to_ids": false, "type": "link", "uuid": "56465402-e55c-4de8-b766-47da950d210b", "value": "https://www.virustotal.com/file/ec05df2a8f7a7bc2ae5b3c153c9ec450e3611b2343572d0aa8d84a8b1d23ee8d/analysis/1446494503/" } ] } }