{ "Event": { "analysis": "2", "date": "2016-03-21", "extends_uuid": "", "info": "OSINT - STOP SCANNING MY MACRO", "publish_timestamp": "1458581977", "published": true, "threat_level_id": "3", "timestamp": "1458581850", "uuid": "56f0302e-e494-494b-b012-42d7950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581592", "to_ids": false, "type": "comment", "uuid": "56f03058-8564-4afc-bce3-4ace950d210f", "value": "FireEye Labs detected an interesting evasion strategy in two recent, large Dridex campaigns. These campaigns changed the attachment file-type and location of malicious logic in an attempt to avoid scanners." }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581602", "to_ids": false, "type": "link", "uuid": "56f03062-d6d4-4c13-aa02-468e950d210f", "value": "https://www.fireeye.com/blog/threat-research/2016/03/stop_scanning_mymac.html" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581624", "to_ids": true, "type": "md5", "uuid": "56f03078-7514-43db-af07-4d66950d210f", "value": "858451ad73050bda48e5470abd2643ac" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581624", "to_ids": true, "type": "md5", "uuid": "56f03078-4650-4fbf-92f5-4922950d210f", "value": "aff54d68cbf6ac8611fe89cd9f0dc2de" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581624", "to_ids": true, "type": "md5", "uuid": "56f03078-8794-489e-ab48-4075950d210f", "value": "876d081e8b474a3c1ac57cf435e330cb" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581625", "to_ids": true, "type": "md5", "uuid": "56f03079-5ca8-41f6-be41-46df950d210f", "value": "d8eebe2a08fff86abd06ec94e8bdd165" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581625", "to_ids": true, "type": "md5", "uuid": "56f03079-5dec-4fe9-aac4-479d950d210f", "value": "8c07b9337deda3c589d50e4ff3aadcd6" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581625", "to_ids": true, "type": "md5", "uuid": "56f03079-a4c4-471a-9c81-43b3950d210f", "value": "73c7bf49caa0d1bd37053b99a986ebe8" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581626", "to_ids": true, "type": "md5", "uuid": "56f0307a-f030-48bf-b212-4546950d210f", "value": "770fede93cc4220a371569daed2a4bc1" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581626", "to_ids": true, "type": "md5", "uuid": "56f0307a-a890-4d66-a26d-455a950d210f", "value": "5b7813105cf9ebccb46cf7e63a5a836d" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581626", "to_ids": true, "type": "md5", "uuid": "56f0307a-c1a4-4f4a-b5a7-4fc0950d210f", "value": "8f787ddedbaa8af3f6a73d0c6cd4e33e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581746", "to_ids": true, "type": "email-attachment", "uuid": "56f03094-ea38-44b9-be1d-4b79950d210f", "value": "Invoice_GIINV02514_from_tip_top_delivery.rtf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581665", "to_ids": true, "type": "hostname", "uuid": "56f030a1-a7dc-47b4-bc85-4bb8950d210f", "value": "parts.woodwardcounselinginc.com" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581693", "to_ids": true, "type": "md5", "uuid": "56f030bd-9368-4ab8-b4b0-481f950d210f", "value": "8840c20ac74281c0580e8637caf1edea" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581693", "to_ids": true, "type": "md5", "uuid": "56f030bd-7df0-4fb7-b858-4a23950d210f", "value": "800f90f29d13716eb1f7059fb84089ed" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581694", "to_ids": true, "type": "md5", "uuid": "56f030be-7d3c-4868-98f3-440a950d210f", "value": "7e74d5a3a20038fe0a66445eb76fa066" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581694", "to_ids": true, "type": "md5", "uuid": "56f030be-c334-4c0f-a9ae-4c62950d210f", "value": "7a4b7762f8db2438b4ad3d991864431d" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581695", "to_ids": true, "type": "md5", "uuid": "56f030bf-f1a0-4cc0-b43e-43e2950d210f", "value": "74f9da1ce1ff900113ae7cb28b3eb56f" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581695", "to_ids": true, "type": "md5", "uuid": "56f030bf-0664-4194-bb39-4874950d210f", "value": "6ccc678c3ec284fad015ed0eaa875733" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581695", "to_ids": true, "type": "md5", "uuid": "56f030bf-193c-45f5-a885-4fed950d210f", "value": "3ea5c225132f0d7423417b3c7ce98c7d" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign", "deleted": false, "disable_correlation": false, "timestamp": "1458581695", "to_ids": true, "type": "md5", "uuid": "56f030bf-31c4-4f80-8007-4ab8950d210f", "value": "33b2a2d98aca34b66de9a11b7ec2d951" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581713", "to_ids": true, "type": "hostname", "uuid": "56f030d1-5904-4f85-8080-4b68950d210f", "value": "house.nochildforgotten.org" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581736", "to_ids": true, "type": "email-attachment", "uuid": "56f030e1-4bc0-4463-9a0f-4aa3950d210f", "value": "IGINV51905.rtf" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 33b2a2d98aca34b66de9a11b7ec2d951", "deleted": false, "disable_correlation": false, "timestamp": "1458581782", "to_ids": true, "type": "sha256", "uuid": "56f03116-e580-4803-91f7-4c2302de0b81", "value": "fb36a810bf9a543384cb23b103394aad380548f871297f6a580773c138c8f8c8" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 33b2a2d98aca34b66de9a11b7ec2d951", "deleted": false, "disable_correlation": false, "timestamp": "1458581783", "to_ids": true, "type": "sha1", "uuid": "56f03117-3234-41d0-9d7e-495402de0b81", "value": "4ca1f37cb52c33b9678d499ed8b6a37b8577a680" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581783", "to_ids": false, "type": "link", "uuid": "56f03117-6aa4-4140-92de-40c102de0b81", "value": "https://www.virustotal.com/file/fb36a810bf9a543384cb23b103394aad380548f871297f6a580773c138c8f8c8/analysis/1458552924/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 3ea5c225132f0d7423417b3c7ce98c7d", "deleted": false, "disable_correlation": false, "timestamp": "1458581783", "to_ids": true, "type": "sha256", "uuid": "56f03117-324c-400a-bd86-4c1002de0b81", "value": "cccbd3f2d121575290c19304faf1abeac1a3bbf4c1ad4af0c34479c95006ac5e" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 3ea5c225132f0d7423417b3c7ce98c7d", "deleted": false, "disable_correlation": false, "timestamp": "1458581784", "to_ids": true, "type": "sha1", "uuid": "56f03118-c954-4830-bfe2-4e2002de0b81", "value": "28f463492c3d5683405ac76fce2e43f2a2ae58db" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581784", "to_ids": false, "type": "link", "uuid": "56f03118-0468-48ac-9571-43aa02de0b81", "value": "https://www.virustotal.com/file/cccbd3f2d121575290c19304faf1abeac1a3bbf4c1ad4af0c34479c95006ac5e/analysis/1458544469/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 6ccc678c3ec284fad015ed0eaa875733", "deleted": false, "disable_correlation": false, "timestamp": "1458581784", "to_ids": true, "type": "sha256", "uuid": "56f03118-7e30-47c8-9c66-48ef02de0b81", "value": "cbec8323a70876fa9d2261ed2a81cc3917c45c516e14cd24600fdc062bcf0889" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 6ccc678c3ec284fad015ed0eaa875733", "deleted": false, "disable_correlation": false, "timestamp": "1458581784", "to_ids": true, "type": "sha1", "uuid": "56f03118-2ffc-4c44-b133-406a02de0b81", "value": "585e82ec384cce5f329bbe6d917946723845da91" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581785", "to_ids": false, "type": "link", "uuid": "56f03119-8dbc-41f3-a54d-47b102de0b81", "value": "https://www.virustotal.com/file/cbec8323a70876fa9d2261ed2a81cc3917c45c516e14cd24600fdc062bcf0889/analysis/1458424209/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 74f9da1ce1ff900113ae7cb28b3eb56f", "deleted": false, "disable_correlation": false, "timestamp": "1458581785", "to_ids": true, "type": "sha256", "uuid": "56f03119-b7c4-4c29-80e1-4bc702de0b81", "value": "fe523db2e1b86127d21cd9b3476ba7b1b0cee35bbaa8965841fce71ed54eb576" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 74f9da1ce1ff900113ae7cb28b3eb56f", "deleted": false, "disable_correlation": false, "timestamp": "1458581785", "to_ids": true, "type": "sha1", "uuid": "56f03119-bb00-4100-a128-45a202de0b81", "value": "9aa3cb387006af303e43b564140fd2bd302f83d4" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581786", "to_ids": false, "type": "link", "uuid": "56f0311a-17cc-4844-88bc-437f02de0b81", "value": "https://www.virustotal.com/file/fe523db2e1b86127d21cd9b3476ba7b1b0cee35bbaa8965841fce71ed54eb576/analysis/1458537966/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 7a4b7762f8db2438b4ad3d991864431d", "deleted": false, "disable_correlation": false, "timestamp": "1458581786", "to_ids": true, "type": "sha256", "uuid": "56f0311a-d55c-438e-8b49-44eb02de0b81", "value": "2c7c3650f85a6ec5fab51078318cbeb2781305e5713df98e2ed3b0dd689d0bda" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 7a4b7762f8db2438b4ad3d991864431d", "deleted": false, "disable_correlation": false, "timestamp": "1458581786", "to_ids": true, "type": "sha1", "uuid": "56f0311a-37c4-468f-9805-460802de0b81", "value": "333e2815f05401ea4d365b7b8052aca7ffa92861" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581787", "to_ids": false, "type": "link", "uuid": "56f0311b-22d8-4b20-9edc-459702de0b81", "value": "https://www.virustotal.com/file/2c7c3650f85a6ec5fab51078318cbeb2781305e5713df98e2ed3b0dd689d0bda/analysis/1458454881/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 7e74d5a3a20038fe0a66445eb76fa066", "deleted": false, "disable_correlation": false, "timestamp": "1458581787", "to_ids": true, "type": "sha256", "uuid": "56f0311b-3690-48dc-992f-47f202de0b81", "value": "28e80edc15b3bebac008a4cdb030603e1477d20b7814cea491fc8506b9388c1c" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 7e74d5a3a20038fe0a66445eb76fa066", "deleted": false, "disable_correlation": false, "timestamp": "1458581787", "to_ids": true, "type": "sha1", "uuid": "56f0311b-d7d4-4101-9f0a-4eef02de0b81", "value": "747cb0aaa3c48d2b1e46b2e36027ebe55681218b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581788", "to_ids": false, "type": "link", "uuid": "56f0311c-cc34-4132-ab1e-4eb902de0b81", "value": "https://www.virustotal.com/file/28e80edc15b3bebac008a4cdb030603e1477d20b7814cea491fc8506b9388c1c/analysis/1458468781/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 800f90f29d13716eb1f7059fb84089ed", "deleted": false, "disable_correlation": false, "timestamp": "1458581788", "to_ids": true, "type": "sha256", "uuid": "56f0311c-8d54-43d2-a1f2-466402de0b81", "value": "81ec6bc642130d1f5f9882a4cef9256636f543d46da759081bcf8886f13394ff" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 800f90f29d13716eb1f7059fb84089ed", "deleted": false, "disable_correlation": false, "timestamp": "1458581788", "to_ids": true, "type": "sha1", "uuid": "56f0311c-a69c-4368-af80-4bac02de0b81", "value": "5bf90ec91adba8c2684c3e31c1bd0ddfe2a9397b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581789", "to_ids": false, "type": "link", "uuid": "56f0311d-bd54-4f90-836d-489202de0b81", "value": "https://www.virustotal.com/file/81ec6bc642130d1f5f9882a4cef9256636f543d46da759081bcf8886f13394ff/analysis/1458424210/" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 8840c20ac74281c0580e8637caf1edea", "deleted": false, "disable_correlation": false, "timestamp": "1458581789", "to_ids": true, "type": "sha256", "uuid": "56f0311d-b0d0-4c28-a75a-40f602de0b81", "value": "b1088ada9a80ae8a5bfa6a54994573afaee16cecec1fcafdcca877d182ba088f" }, { "category": "Payload delivery", "comment": "IMAGINiT campaign - Xchecked via VT: 8840c20ac74281c0580e8637caf1edea", "deleted": false, "disable_correlation": false, "timestamp": "1458581789", "to_ids": true, "type": "sha1", "uuid": "56f0311d-a360-4732-ae42-466b02de0b81", "value": "f577ff9b4c62b784d04cb3a22d733f07ec195881" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581790", "to_ids": false, "type": "link", "uuid": "56f0311e-1a20-46b0-bf9b-4ab502de0b81", "value": "https://www.virustotal.com/file/b1088ada9a80ae8a5bfa6a54994573afaee16cecec1fcafdcca877d182ba088f/analysis/1458547416/" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 8f787ddedbaa8af3f6a73d0c6cd4e33e", "deleted": false, "disable_correlation": false, "timestamp": "1458581790", "to_ids": true, "type": "sha256", "uuid": "56f0311e-3bec-4ea9-a949-4f2002de0b81", "value": "e5ccec9d24b4d518de6c6722c1c72b6b23b3bb4ddddfc03a2b9a5630702e59c0" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 8f787ddedbaa8af3f6a73d0c6cd4e33e", "deleted": false, "disable_correlation": false, "timestamp": "1458581790", "to_ids": true, "type": "sha1", "uuid": "56f0311e-cdb8-4e97-8352-4acc02de0b81", "value": "20fb89ae7ec81f28dc5fd29a5664d257150a7f7c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581791", "to_ids": false, "type": "link", "uuid": "56f0311f-03fc-4a48-b5a6-4cfb02de0b81", "value": "https://www.virustotal.com/file/e5ccec9d24b4d518de6c6722c1c72b6b23b3bb4ddddfc03a2b9a5630702e59c0/analysis/1458424207/" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 5b7813105cf9ebccb46cf7e63a5a836d", "deleted": false, "disable_correlation": false, "timestamp": "1458581791", "to_ids": true, "type": "sha256", "uuid": "56f0311f-932c-4f37-b1e7-4fa802de0b81", "value": "7a1df6c77168f06b06df8e53120d3a5c0c465d6319d42fc95dcc08593a4d1108" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 5b7813105cf9ebccb46cf7e63a5a836d", "deleted": false, "disable_correlation": false, "timestamp": "1458581791", "to_ids": true, "type": "sha1", "uuid": "56f0311f-8930-42de-8706-46c702de0b81", "value": "5d38822aa1ce863eb260e38684a781a13ccd450c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581792", "to_ids": false, "type": "link", "uuid": "56f03120-b2ac-4451-9d81-485102de0b81", "value": "https://www.virustotal.com/file/7a1df6c77168f06b06df8e53120d3a5c0c465d6319d42fc95dcc08593a4d1108/analysis/1458577767/" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 770fede93cc4220a371569daed2a4bc1", "deleted": false, "disable_correlation": false, "timestamp": "1458581792", "to_ids": true, "type": "sha256", "uuid": "56f03120-a018-434b-8970-420e02de0b81", "value": "cd9fdb4c3a7b647bda3aec1b5afa2e7b9e2fbdb49ee833e56f7cd8104bba3547" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 770fede93cc4220a371569daed2a4bc1", "deleted": false, "disable_correlation": false, "timestamp": "1458581792", "to_ids": true, "type": "sha1", "uuid": "56f03120-f604-4c60-af93-4b3f02de0b81", "value": "681cb976de29f799c037e11c030d28dd490b04e4" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581792", "to_ids": false, "type": "link", "uuid": "56f03120-16e0-48b2-abba-4eb702de0b81", "value": "https://www.virustotal.com/file/cd9fdb4c3a7b647bda3aec1b5afa2e7b9e2fbdb49ee833e56f7cd8104bba3547/analysis/1458424507/" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: d8eebe2a08fff86abd06ec94e8bdd165", "deleted": false, "disable_correlation": false, "timestamp": "1458581793", "to_ids": true, "type": "sha256", "uuid": "56f03121-84f4-48ca-ab99-475b02de0b81", "value": "aa74d7d58b474d4fe9cd92826093c8c7af080452f19165c501fb0925ed8b2920" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: d8eebe2a08fff86abd06ec94e8bdd165", "deleted": false, "disable_correlation": false, "timestamp": "1458581793", "to_ids": true, "type": "sha1", "uuid": "56f03121-0ec0-42f9-a7a9-42b702de0b81", "value": "745f519e41610bd5a89edb1359ced486474cca7f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581793", "to_ids": false, "type": "link", "uuid": "56f03121-31bc-44d1-8270-4cb902de0b81", "value": "https://www.virustotal.com/file/aa74d7d58b474d4fe9cd92826093c8c7af080452f19165c501fb0925ed8b2920/analysis/1458473661/" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 876d081e8b474a3c1ac57cf435e330cb", "deleted": false, "disable_correlation": false, "timestamp": "1458581794", "to_ids": true, "type": "sha256", "uuid": "56f03122-3824-4a64-8802-408d02de0b81", "value": "ed603ed10f71e2eb33d77bc4ef32ba8d00b410610b92df9bda4659a4eacc2a79" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: 876d081e8b474a3c1ac57cf435e330cb", "deleted": false, "disable_correlation": false, "timestamp": "1458581794", "to_ids": true, "type": "sha1", "uuid": "56f03122-3c30-40bd-bf7a-4f1002de0b81", "value": "d50e97f803ef65e6f0ff136d81dba2c396287567" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581794", "to_ids": false, "type": "link", "uuid": "56f03122-1260-43f2-8ba9-483e02de0b81", "value": "https://www.virustotal.com/file/ed603ed10f71e2eb33d77bc4ef32ba8d00b410610b92df9bda4659a4eacc2a79/analysis/1458580699/" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: aff54d68cbf6ac8611fe89cd9f0dc2de", "deleted": false, "disable_correlation": false, "timestamp": "1458581795", "to_ids": true, "type": "sha256", "uuid": "56f03123-1744-4203-80e7-42b502de0b81", "value": "7f1548c7549c6a452d95ae9ed821f83e29a1ca9a225a3f7294c0d58f204b5d41" }, { "category": "Payload delivery", "comment": "Tip Top Delivery campaign - Xchecked via VT: aff54d68cbf6ac8611fe89cd9f0dc2de", "deleted": false, "disable_correlation": false, "timestamp": "1458581795", "to_ids": true, "type": "sha1", "uuid": "56f03123-7fc8-4e21-8e46-456402de0b81", "value": "f83f899e5e12f610cb932014c1d05096cf5c7144" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1458581795", "to_ids": false, "type": "link", "uuid": "56f03123-fbc0-42ad-8b1c-4e1302de0b81", "value": "https://www.virustotal.com/file/7f1548c7549c6a452d95ae9ed821f83e29a1ca9a225a3f7294c0d58f204b5d41/analysis/1458579160/" }, { "category": "Artifacts dropped", "comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.", "deleted": false, "disable_correlation": false, "timestamp": "1458581850", "to_ids": true, "type": "pattern-in-file", "uuid": "56f0315a-4820-4860-9a00-4c79950d210f", "value": "" }, { "category": "Artifacts dropped", "comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.", "deleted": false, "disable_correlation": false, "timestamp": "1458581850", "to_ids": true, "type": "pattern-in-file", "uuid": "56f0315a-bf78-42bb-9d6c-4e36950d210f", "value": "" }, { "category": "Artifacts dropped", "comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.", "deleted": false, "disable_correlation": false, "timestamp": "1458581850", "to_ids": true, "type": "pattern-in-file", "uuid": "56f0315a-ef1c-4929-be90-4d1c950d210f", "value": "" }, { "category": "Artifacts dropped", "comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.", "deleted": false, "disable_correlation": false, "timestamp": "1458581851", "to_ids": true, "type": "pattern-in-file", "uuid": "56f0315b-2cd8-4fdc-b80a-4ca8950d210f", "value": "\u00d0\u00bf\u00d0\u00b0\u00d0\u00b2\u00d1\u0192\u00d0\u00b2\u00d0\u00b0\u00d1\u2039\u00d0\u00b2\u00d0\u00b0" } ] } }