{ "Event": { "analysis": "2", "date": "2018-07-03", "extends_uuid": "", "info": "Trend Micro Blog: Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor", "publish_timestamp": "1535016543", "published": true, "threat_level_id": "3", "timestamp": "1531390597", "uuid": "5b44a06a-d458-497b-b05e-0c1e0acd0835", "Orgc": { "name": "Synovus Financial", "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224196", "to_ids": true, "type": "sha256", "uuid": "5b44a084-23cc-4e7a-acec-0a3b0acd0835", "value": "0181a985897f1fa66ede98cc04e97b05387743de198c2dcf4667fa4fde7779c1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-e458-4ee9-9f34-0a3b0acd0835", "value": "20b05a17623a7e74f7cfe4296ba79cff8ca6b3ea64f404661b7bc46ab603511c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-8e9c-4645-b07a-0a3b0acd0835", "value": "2864b1b7417aacc13a4277d8cb9c94b5a04420f6ccc1cc4dfd3be4d369406383" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-e524-43a8-a22b-0a3b0acd0835", "value": "2b3cd4d85b2b1f22d88db07352fb9e93405f395e7d0cfe96490ea2bc03a8c5ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-e254-4866-a5a1-0a3b0acd0835", "value": "3b85e737965020d82cdc0890f1243732b71977117cdf310554e9dd91b78bfe63" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-10bc-4a12-8c90-0a3b0acd0835", "value": "451c4c3fbf5aec103833fa98d942b1876d9ce84575a00757562489921bc1d396" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-dcbc-4be6-a484-0a3b0acd0835", "value": "45b2580db6d13720014753813eb69c1aa0effbd100bb80e5a07d75447489ba0f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-f3fc-4783-9300-0a3b0acd0835", "value": "7730a98fd698f1043184992f1ca349ea1bdfd33d43a0ece2cd88f9f6da2e37d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-29d8-40cc-8996-0a3b0acd0835", "value": "804d883661ba51cec97135f9f33c1fa9084384783d59a4f55d496e2901c20289" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-e50c-49c8-b770-0a3b0acd0835", "value": "96a4f844d7102d0ee757caa1719f1cd95d1386e61eb7c694020d6cf14b546880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-b830-48d8-b2af-0a3b0acd0835", "value": "9eac92bec146ce9cef096105f6531f2ee4c2e1a14507f069728a1022ecdcdedd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-6a84-42dd-ab5a-0a3b0acd0835", "value": "a4b25e5e72fc552e30391d7cd8182af023dc1084641d93b7fa6f348e89b29492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-d1b4-49d5-9147-0a3b0acd0835", "value": "a9fc2b6f8bc339742268bac6c02843011ebb670114a786a71ff0fa65397ac9c6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-8830-4baf-94dc-0a3b0acd0835", "value": "c57bf08c414900b5b4ad907272a606d6695c14dc2acc0264eca53840eee3f3f4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-48f8-44fe-8e69-0a3b0acd0835", "value": "c9b7c2189d3cea05a666c45043812d832bed60cfcb8a97222bca9afc53b3d229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-425c-47a4-906a-0a3b0acd0835", "value": "cc60dae1199c72543dd761c921397f6e457ff0440da5b4451503bfca9fb0c730" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224197", "to_ids": true, "type": "sha256", "uuid": "5b44a085-8fa8-4a33-8c18-0a3b0acd0835", "value": "d904495737dfe33599c0c408855f6d0dd9539be4b989eb5ab910eb6ab076d9ef" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224268", "to_ids": true, "type": "url", "uuid": "5b44a0cc-9380-4803-a4d2-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1eoZvAJNwYmj97bWhzVLUVIt0lAqWKssD&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-4f10-4bf7-a9b9-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1f84hF8spepIVwTMAQU0nYs-6o9ZI3yjo&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-3aac-4026-8086-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1G7pfj4X3R4t8wq_NyCoE2pMYFo-TIkI9&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-2844-4c35-b9f3-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1GofUo_21wAidnNek5wIqTEH65c5B4mYl&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-2940-4451-b513-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1NfIqI9SJedlNn02Vww8rd5F73MfLlKsJ&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-8734-451f-908e-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1NgMUcD8FzNTEi45sNc6Cp-VG-EnK_uL-&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-2024-437e-88cd-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1NStRbzXtC4Vwv2qZ0CjrJYbk5ENFmQv_&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-a15c-41ba-9334-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1tBu1-SVAdWQccETb_AxAhBR3CLIrjkOU&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-af6c-45ce-8d36-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1TjywdxSZfENUorSHyjVDprOsT8Sq1_SW&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-2c3c-403f-b00b-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1Xhx22-OVqg-ZcpwU6bVBdP9lWZfzyFzB&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-fb38-4bff-b5d3-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1yC0rtWErmwTTyLO3VuP33pgLkfzy0xik&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-ec94-4833-9e6a-0c950acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1YqlYbFUObMjRBvNFfjwkdSJTpxU-rMVy&export=download" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-1a7c-4818-90b4-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/chrome_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-3118-4e91-80ac-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/chrome_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-44d4-4d3e-a76a-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/firefox_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-badc-4d60-8cc5-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/iexplorer_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-ab88-471a-9158-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/opera_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-89e4-4fd0-a95b-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/updater" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-fd70-4b88-ace3-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/firefox_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-cab8-4289-b2d1-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/iexplorer_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-851c-4744-b26f-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/opera_update" }, { "category": "Payload delivery", "comment": "Stage 1", "deleted": false, "disable_correlation": false, "timestamp": "1531224269", "to_ids": true, "type": "url", "uuid": "5b44a0cd-98ec-4d88-9b96-0c950acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/updater" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-fe20-4156-a165-0bd60acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1lcw-cN9o3NkR6zkeHrDHg-WiUhHBi1wK&export=download" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-30d4-442b-b051-0bd60acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1OhTA1K04zKFaKw7omXJbmN8_S2VmIcdD&export=download" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-dd4c-4b5f-929d-0bd60acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1okynNTx2kEvx1gBQsmmB3OuS0wQ3A3uE&export=download" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-1e48-40ef-9052-0bd60acd0835", "value": "https://drive.google.com/uc?authuser=0&id=1ZFcguS1z4bSCpnMibYZZ8KHdFtN6hscM&export=download" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-9c60-44b5-b917-0bd60acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.img" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-88a8-4da2-a8ea-0bd60acd0835", "value": "https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.ver" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-fda8-4bb7-a230-0bd60acd0835", "value": "https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.img" }, { "category": "Network activity", "comment": "Stage 2", "deleted": false, "disable_correlation": false, "timestamp": "1531224285", "to_ids": true, "type": "url", "uuid": "5b44a0dd-57fc-426a-9f50-0bd60acd0835", "value": "https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.ver" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1531224363", "to_ids": false, "type": "link", "uuid": "5b44a12b-a810-4c41-8563-0c950acd0835", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-macro-hijacks-desktop-shortcuts-to-deliver-backdoor/" } ] } }