{ "Event": { "analysis": "2", "date": "2017-10-30", "extends_uuid": "", "info": "Evasive Sage 2.2 Ransomware", "publish_timestamp": "1570571105", "published": true, "threat_level_id": "3", "timestamp": "1569244530", "uuid": "59f6f4a5-0e10-4c36-9c71-5690c25ed030", "Orgc": { "name": "CERT-RLP", "uuid": "593798b3-3924-4c43-9742-0d9fc25ed030" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#002b4a", "local": "0", "name": "osint:source-type=\"technical-report\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#2c4f00", "local": "0", "name": "malware_classification:malware-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Sage 2.2\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510060614", "to_ids": false, "type": "link", "uuid": "59f6f515-043c-4947-8052-568dc25ed030", "value": "http://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targets-more-countries" }, { "category": "Network activity", "comment": "download URL", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "url", "uuid": "5a002e66-0924-4cc1-ba34-4d2c950d210f", "value": "http://sutranjsdf.info/1" }, { "category": "Network activity", "comment": "download URL", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "url", "uuid": "5a002e66-2624-4b10-9db5-420a950d210f", "value": "http://xxxkeyoplw.top/2" }, { "category": "Network activity", "comment": "download URL", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "url", "uuid": "5a002e66-874c-4c64-a1a3-4d2d950d210f", "value": "http://johnmoplan.top/1.txt" }, { "category": "Network activity", "comment": "download URL", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "url", "uuid": "5a002e66-e384-4470-9a48-49d5950d210f", "value": "http://indiasoujapa.info/7" }, { "category": "Network activity", "comment": "download URL", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "url", "uuid": "5a002e66-935c-4180-8284-4b63950d210f", "value": "http://mondayyesha.info/7" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-0bf4-4910-8082-48b5950d210f", "value": "00f1e3b698488519bb6e5f723854ee89eb9f98bdfa4a7fe5137804f79829838e" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-3040-4e33-bc00-4530950d210f", "value": "0eb72241462c8bfda3ece4e6ebbde88778a33d8c69ce1e22153a3ed8cf47cc17" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-635c-4359-a94d-4c28950d210f", "value": "2b0b7c732177a0dd8f4e9c153b1975bbc29eef673c8d1b4665312b8f1b3fb114" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-6610-4fa9-8f2a-41bc950d210f", "value": "43921c3406d7b1a546334e324bdf46c279fdac928de810a86263ce7aa9eb1b83" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-681c-4eb7-9d01-4499950d210f", "value": "47a67a6fb50097491fd5ebad5e81b19bda303ececc6a83281eddbd6bd508b783" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-a3f8-450d-ac12-4783950d210f", "value": "5b7d2b261f29ddef9fda21061362729a9417b8ef2874cc9a2a3495181fc466d0" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-f914-4587-a4c7-407d950d210f", "value": "a14ee6e8d2baa577a181cd0bb0e5c2c833a4de972f2679ca3a9e410d5de97d7e" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-da2c-4cd1-9d67-4bec950d210f", "value": "b381d871fcb6c16317a068be01a7cb147960419995e8068db4e9b11ea2087457" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-a744-4583-b461-462d950d210f", "value": "bbc0e8981bfca4891d99eab5195cc1f158471b90b21d1a3f1abc0ee05bf60e93" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-9798-4245-a328-4f08950d210f", "value": "cb6b6941ec104ab125a7d42cfe560cd9946ca4d5b1d1a8d5beb6b6ceb083bb29" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-8a44-4657-844e-4ff3950d210f", "value": "df64fcde1c38aa2a0696fc11eb6ca7489aa861d64bbe4e59e44d83ff92734005" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-0888-4dc2-995f-461a950d210f", "value": "eff34c229bc82823a8d31af8fc0b3baac4ebe626d15511dcd0832e455bed1765" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-db50-4692-aa75-41b2950d210f", "value": "f5f875061c9aa07a7d55c37f28b34d84e49d5d97bd66de48f74869cb984bcb61" }, { "category": "Payload delivery", "comment": "W32/Kryptik.FXNL!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-8064-4962-8e89-4248950d210f", "value": "f93c77fd1c3ee16a28ef390d71f2c0af95f5bfc8ec4fe98b1d1352aeb77323e7" }, { "category": "Payload delivery", "comment": "W32/Kryptik.DMBP!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-4e7c-4224-9ae2-4219950d210f", "value": "903b0e894ec0583ada12e647ac3bcb3433d37dc440e7613e141c03f545fd0ddd" }, { "category": "Payload delivery", "comment": "W32/GenKryptik.AZLB!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-b67c-4fc0-930c-4b88950d210f", "value": "c4e208618d13f11d4a9ed6efb805943debe3bee0581eeebe22254a2b3a259b29" }, { "category": "Payload delivery", "comment": "W32/Kryptik.FXNL!tr", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha256", "uuid": "5a002f24-5310-4e69-9e0c-45a4950d210f", "value": "e0a9b6d54ab277e6d4b411d776b130624eac7f7a40affb67c544cc1414e22b19" }, { "category": "Payload delivery", "comment": "W32/Kryptik.FXNL!tr - Xchecked via VT: e0a9b6d54ab277e6d4b411d776b130624eac7f7a40affb67c544cc1414e22b19", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-4698-4534-994b-0d3302de0b81", "value": "b93039baa64a21ed90457a80a636a9e5c56f1a00" }, { "category": "Payload delivery", "comment": "W32/Kryptik.FXNL!tr - Xchecked via VT: e0a9b6d54ab277e6d4b411d776b130624eac7f7a40affb67c544cc1414e22b19", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-e2bc-4bc2-8db6-0d3302de0b81", "value": "42550d2c763c023869aebe866ede77e9" }, { "category": "External analysis", "comment": "W32/Kryptik.FXNL!tr - Xchecked via VT: e0a9b6d54ab277e6d4b411d776b130624eac7f7a40affb67c544cc1414e22b19", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-4c64-4243-aed8-0d3302de0b81", "value": "https://www.virustotal.com/file/e0a9b6d54ab277e6d4b411d776b130624eac7f7a40affb67c544cc1414e22b19/analysis/1510019719/" }, { "category": "Payload delivery", "comment": "W32/Kryptik.DMBP!tr - Xchecked via VT: 903b0e894ec0583ada12e647ac3bcb3433d37dc440e7613e141c03f545fd0ddd", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-56f4-4ce5-a856-0d3302de0b81", "value": "ee88d90a47dc738ea2e505b3e226e129c70c939a" }, { "category": "Payload delivery", "comment": "W32/Kryptik.DMBP!tr - Xchecked via VT: 903b0e894ec0583ada12e647ac3bcb3433d37dc440e7613e141c03f545fd0ddd", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-5750-42d7-b685-0d3302de0b81", "value": "b3a5732c4a3bfe4781a2a5d93111b99d" }, { "category": "External analysis", "comment": "W32/Kryptik.DMBP!tr - Xchecked via VT: 903b0e894ec0583ada12e647ac3bcb3433d37dc440e7613e141c03f545fd0ddd", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-bd24-4446-83c4-0d3302de0b81", "value": "https://www.virustotal.com/file/903b0e894ec0583ada12e647ac3bcb3433d37dc440e7613e141c03f545fd0ddd/analysis/1509780134/" }, { "category": "Payload delivery", "comment": "W32/Kryptik.FXNL!tr - Xchecked via VT: f93c77fd1c3ee16a28ef390d71f2c0af95f5bfc8ec4fe98b1d1352aeb77323e7", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-2b64-4301-a912-0d3302de0b81", "value": "feeae3fddb606fa45cbcf6b0b2c12fd4cf785113" }, { "category": "Payload delivery", "comment": "W32/Kryptik.FXNL!tr - Xchecked via VT: f93c77fd1c3ee16a28ef390d71f2c0af95f5bfc8ec4fe98b1d1352aeb77323e7", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-6eac-4ad9-9ed4-0d3302de0b81", "value": "f7432080c1f41af950a86655a6af6833" }, { "category": "External analysis", "comment": "W32/Kryptik.FXNL!tr - Xchecked via VT: f93c77fd1c3ee16a28ef390d71f2c0af95f5bfc8ec4fe98b1d1352aeb77323e7", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-d9a8-4623-8093-0d3302de0b81", "value": "https://www.virustotal.com/file/f93c77fd1c3ee16a28ef390d71f2c0af95f5bfc8ec4fe98b1d1352aeb77323e7/analysis/1510020302/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: f5f875061c9aa07a7d55c37f28b34d84e49d5d97bd66de48f74869cb984bcb61", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-6314-4f76-966e-0d3302de0b81", "value": "2a5035826371551552287ee2713906dba65ce3d3" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: f5f875061c9aa07a7d55c37f28b34d84e49d5d97bd66de48f74869cb984bcb61", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-0fd4-43c8-8b1c-0d3302de0b81", "value": "5cb7852dff9d0a6ffae7be5097ec14fd" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: f5f875061c9aa07a7d55c37f28b34d84e49d5d97bd66de48f74869cb984bcb61", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-fa04-4911-8b0e-0d3302de0b81", "value": "https://www.virustotal.com/file/f5f875061c9aa07a7d55c37f28b34d84e49d5d97bd66de48f74869cb984bcb61/analysis/1510019822/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: eff34c229bc82823a8d31af8fc0b3baac4ebe626d15511dcd0832e455bed1765", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-ad70-4630-b11f-0d3302de0b81", "value": "377dc00f646b7c871c62efa7b84d0fbb54095e93" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: eff34c229bc82823a8d31af8fc0b3baac4ebe626d15511dcd0832e455bed1765", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-f12c-45af-aa87-0d3302de0b81", "value": "cf707cb91b8e6a3fd076c3ac0fbe7b89" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: eff34c229bc82823a8d31af8fc0b3baac4ebe626d15511dcd0832e455bed1765", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-8ad0-4725-921c-0d3302de0b81", "value": "https://www.virustotal.com/file/eff34c229bc82823a8d31af8fc0b3baac4ebe626d15511dcd0832e455bed1765/analysis/1510020158/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: df64fcde1c38aa2a0696fc11eb6ca7489aa861d64bbe4e59e44d83ff92734005", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-12d4-49cd-abad-0d3302de0b81", "value": "ec046b0d74e2b245f1d2ae4cce5e4a4a47263c31" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: df64fcde1c38aa2a0696fc11eb6ca7489aa861d64bbe4e59e44d83ff92734005", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-e968-4459-b1ab-0d3302de0b81", "value": "6916c7e84a54c0d6960d716b8e8bffd2" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: df64fcde1c38aa2a0696fc11eb6ca7489aa861d64bbe4e59e44d83ff92734005", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-2180-4c50-a3a3-0d3302de0b81", "value": "https://www.virustotal.com/file/df64fcde1c38aa2a0696fc11eb6ca7489aa861d64bbe4e59e44d83ff92734005/analysis/1510019848/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: cb6b6941ec104ab125a7d42cfe560cd9946ca4d5b1d1a8d5beb6b6ceb083bb29", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-ae84-4c02-bbb3-0d3302de0b81", "value": "640aeed9a8d88f35affd46c23374620edaa58e3e" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: cb6b6941ec104ab125a7d42cfe560cd9946ca4d5b1d1a8d5beb6b6ceb083bb29", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-30d4-471b-ac42-0d3302de0b81", "value": "35c73da756c08dbcfba4cecb1bf93830" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: cb6b6941ec104ab125a7d42cfe560cd9946ca4d5b1d1a8d5beb6b6ceb083bb29", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-4d0c-47f9-a482-0d3302de0b81", "value": "https://www.virustotal.com/file/cb6b6941ec104ab125a7d42cfe560cd9946ca4d5b1d1a8d5beb6b6ceb083bb29/analysis/1509779839/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: b381d871fcb6c16317a068be01a7cb147960419995e8068db4e9b11ea2087457", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-875c-474a-acec-0d3302de0b81", "value": "d2200be3ec8510dd529531058e2e24e164809e72" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: b381d871fcb6c16317a068be01a7cb147960419995e8068db4e9b11ea2087457", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-355c-49e7-a274-0d3302de0b81", "value": "4d8a0e28d39d34a97bc8f0470a26073f" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: b381d871fcb6c16317a068be01a7cb147960419995e8068db4e9b11ea2087457", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-a468-4fdd-83f6-0d3302de0b81", "value": "https://www.virustotal.com/file/b381d871fcb6c16317a068be01a7cb147960419995e8068db4e9b11ea2087457/analysis/1510019749/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: a14ee6e8d2baa577a181cd0bb0e5c2c833a4de972f2679ca3a9e410d5de97d7e", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-8118-44b5-bae8-0d3302de0b81", "value": "c8a6ce85af6442b8d7202abd1023a90e24f782f9" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: a14ee6e8d2baa577a181cd0bb0e5c2c833a4de972f2679ca3a9e410d5de97d7e", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-78fc-48d5-822c-0d3302de0b81", "value": "9b224075f4a4366beb66cabbc18b7137" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: a14ee6e8d2baa577a181cd0bb0e5c2c833a4de972f2679ca3a9e410d5de97d7e", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-bb2c-41fe-9282-0d3302de0b81", "value": "https://www.virustotal.com/file/a14ee6e8d2baa577a181cd0bb0e5c2c833a4de972f2679ca3a9e410d5de97d7e/analysis/1510020027/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 5b7d2b261f29ddef9fda21061362729a9417b8ef2874cc9a2a3495181fc466d0", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-73c0-47c4-b479-0d3302de0b81", "value": "87a1603e8f9a1f5193932fd3f74a4a740b2e68e3" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 5b7d2b261f29ddef9fda21061362729a9417b8ef2874cc9a2a3495181fc466d0", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b247-9c80-40b2-a921-0d3302de0b81", "value": "aedd0bf1d7b94b163827aec2f4c64d15" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 5b7d2b261f29ddef9fda21061362729a9417b8ef2874cc9a2a3495181fc466d0", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": false, "type": "link", "uuid": "5a01b247-6cf8-4d12-aae2-0d3302de0b81", "value": "https://www.virustotal.com/file/5b7d2b261f29ddef9fda21061362729a9417b8ef2874cc9a2a3495181fc466d0/analysis/1509779516/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 43921c3406d7b1a546334e324bdf46c279fdac928de810a86263ce7aa9eb1b83", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "sha1", "uuid": "5a01b247-adac-4729-a3ff-0d3302de0b81", "value": "b8dd2eb66f33c895883ec2d20e411d3287ba8e33" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 43921c3406d7b1a546334e324bdf46c279fdac928de810a86263ce7aa9eb1b83", "deleted": false, "disable_correlation": false, "timestamp": "1510060615", "to_ids": true, "type": "md5", "uuid": "5a01b248-59d0-49ca-a977-0d3302de0b81", "value": "568f85f776c9cd061f56b7f4393b2eb5" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 43921c3406d7b1a546334e324bdf46c279fdac928de810a86263ce7aa9eb1b83", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": false, "type": "link", "uuid": "5a01b248-4658-4e34-bfe5-0d3302de0b81", "value": "https://www.virustotal.com/file/43921c3406d7b1a546334e324bdf46c279fdac928de810a86263ce7aa9eb1b83/analysis/1509779455/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 2b0b7c732177a0dd8f4e9c153b1975bbc29eef673c8d1b4665312b8f1b3fb114", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": true, "type": "sha1", "uuid": "5a01b248-4870-4f78-8a6d-0d3302de0b81", "value": "12c96f09d25cd6349d6e2395699dcae9be80401a" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 2b0b7c732177a0dd8f4e9c153b1975bbc29eef673c8d1b4665312b8f1b3fb114", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": true, "type": "md5", "uuid": "5a01b248-3460-44db-917b-0d3302de0b81", "value": "94f37e6331d1d9172034fbdc27b447a6" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 2b0b7c732177a0dd8f4e9c153b1975bbc29eef673c8d1b4665312b8f1b3fb114", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": false, "type": "link", "uuid": "5a01b248-8b0c-4301-9503-0d3302de0b81", "value": "https://www.virustotal.com/file/2b0b7c732177a0dd8f4e9c153b1975bbc29eef673c8d1b4665312b8f1b3fb114/analysis/1510019973/" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 0eb72241462c8bfda3ece4e6ebbde88778a33d8c69ce1e22153a3ed8cf47cc17", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": true, "type": "sha1", "uuid": "5a01b248-76b0-48e0-9e28-0d3302de0b81", "value": "d103a0032b7847a405f65d98af0a6c56c1622f67" }, { "category": "Payload delivery", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 0eb72241462c8bfda3ece4e6ebbde88778a33d8c69ce1e22153a3ed8cf47cc17", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": true, "type": "md5", "uuid": "5a01b248-08d4-44de-97f1-0d3302de0b81", "value": "ce9b4fe0e4053369f1a172a9838ad8b8" }, { "category": "External analysis", "comment": "W32/Sage.KAD!tr - Xchecked via VT: 0eb72241462c8bfda3ece4e6ebbde88778a33d8c69ce1e22153a3ed8cf47cc17", "deleted": false, "disable_correlation": false, "timestamp": "1510060616", "to_ids": false, "type": "link", "uuid": "5a01b248-7488-419b-bd1d-0d3302de0b81", "value": "https://www.virustotal.com/file/0eb72241462c8bfda3ece4e6ebbde88778a33d8c69ce1e22153a3ed8cf47cc17/analysis/1510020155/" } ] } }