913 lines
No EOL
29 KiB
JSON
913 lines
No EOL
29 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-04-06",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Threat Spotlight: Spam Served With a Side of Dridex from Cisco Talos",
|
|
"publish_timestamp": "1428476932",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1428443031",
|
|
"uuid": "55244f19-fc08-42e2-8cd9-42c7950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442923",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55244f2b-5448-4f83-8fae-4e86950d210b",
|
|
"value": "http://blogs.cisco.com/security/talos/spam-dridex"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442940",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "55244f3c-f1e4-4d7b-9c47-44c9950d210b",
|
|
"value": "Dridex"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442966",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f56-30f8-4b89-8771-4738950d210b",
|
|
"value": "f7692b39145af1e8d0184b953c1595390105589619e01847ddb70d9b7454f2c4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442966",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f56-6ea8-4ba2-96e3-4b29950d210b",
|
|
"value": "1b00a8206dde4818c3afa2240a74f757a3589ae596ebed7b78a07cb547096731"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442966",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f56-ed2c-43b2-9aa4-425e950d210b",
|
|
"value": "079418b9d05ba7ba1cabdb0e5e54c721e468d2630d2092aa233c73c6d8b584fa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442966",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f56-4cb8-4884-b222-4b5d950d210b",
|
|
"value": "7f2ad96dd55263e7e810e51f3d2a6b658dbbd33f4e70333ab5a3c608430c7195"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442966",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f56-bff4-4913-979b-4a7c950d210b",
|
|
"value": "12452620622d78405d5cb3914085efed3d07355c949677e339f139777b0f8c50"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442966",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f56-6648-4e08-93e4-480a950d210b",
|
|
"value": "cda256163613aeaa8f4e2fad66ef4a847392d359996ff63f30e338824ad8fb2a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-c334-4721-a86d-45ee950d210b",
|
|
"value": "a3f46b16fd25a9d8bfd8c7e8d041903f6769114a9c46d6c13b80814691bf424e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-e5ac-42d1-978f-4c53950d210b",
|
|
"value": "10e59ee0208122891913f84785b93662c5ea1a2749cf6320fbe8fe9071a5f91c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-6140-458e-9047-44ba950d210b",
|
|
"value": "c5cc2f88fef95f658c90f8a1e3518d75b15b504d8a184fd100d458e8891f6dd1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-c208-49a2-8f24-494b950d210b",
|
|
"value": "d5bca64e83d8bb5dd7c2ebbf1ec548235e8bc81df4fd6bc4ef2b9e9bb5cddf58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-6138-4ef0-8d4e-4926950d210b",
|
|
"value": "83345eb7f529712fca63a0456810107d1b25f279bc2e36d6142a95d60eb57690"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-8158-4817-81ce-4591950d210b",
|
|
"value": "24a00991acf2448cb428e9a8a57e54365e1cb51673b416c6ce70fc5f57d5aefb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-d058-4fe8-8a46-4422950d210b",
|
|
"value": "e1fa9f7c95cd97a07fe024f73367896fde0a27905c5464d4ad74a0563cdb788f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-185c-44ec-bfb6-4139950d210b",
|
|
"value": "c7016f7a317df006a6e10acbb017894dc1ae955b3a66a7d5c80e556c1331f03b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442967",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f57-2bf4-4147-b24e-4122950d210b",
|
|
"value": "531cd466540ce4475849532444f60e8d4dace097a73dc0d27855aced4b5c55d3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-520c-4907-8ba4-4461950d210b",
|
|
"value": "c2754ff1fc18dd1a9fe027383ff0d210e1e28c15d281c0a457fdfe0a4b35417c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-0770-4236-afe7-4357950d210b",
|
|
"value": "25fa9ff422dab272eb55a0b5891971070e4139d280b58ccc910fa2dd73bfbb13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-2728-461e-ab3a-47b9950d210b",
|
|
"value": "56196ecba3fbc6314a383eba8bcbf8879f5251f4343ffe2d3748b1ee9de93b93"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-2668-4ef1-befb-40fc950d210b",
|
|
"value": "24c427b22f7c124344b1d1ad8faeb70be50360d167d5e11fd8cc8ac82f2c5796"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-3104-4ba3-beb4-4f88950d210b",
|
|
"value": "7acb74f37f0844a56cd0fd3af1ce6e1db35d4954d9fb9e722107080b9e4e6c01"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-9a60-46fc-bcee-4de4950d210b",
|
|
"value": "5f5d81209f98a925f68fa71d847e109d63ba0af4bd49ec0e86b3d86110c0a8c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-5fcc-4deb-868f-42a5950d210b",
|
|
"value": "bafbeb98f2878d88a6d37b64a47eb789d3459c5d6f787e671a01e156bbfb0044"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-e8b8-4f98-be4f-4708950d210b",
|
|
"value": "57d7684839101600400a87b87b693d3194911d53a611a301e60a212d48ad3265"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442968",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f58-14ec-48ea-88fd-4644950d210b",
|
|
"value": "bacb4de5ae01f2fcc3a080633feb856597d2b388205217756b8c5e3a50c041db"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-5418-47a1-a8df-4809950d210b",
|
|
"value": "3ef213c1e2b44b7bf474af4c6ce9665a28ee4a6f097b7ff7d3bdecf28771a38a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-3de4-4c55-86db-43ae950d210b",
|
|
"value": "715852e4d27665050e48ec7bc1b5838aa27f986918c215b3c906d0f07d6dd3ea"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-cdfc-45fd-8378-4d48950d210b",
|
|
"value": "84a53e29c4a1016ed25b38b62742e23839e8285ff9a10fe2190468e48088759c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-3490-40f4-83bc-4bff950d210b",
|
|
"value": "4521696635ed15f8636d6c4c4620cd631f29bf605056cc52ef271d9d7bf864f0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-6388-41b8-834a-4d00950d210b",
|
|
"value": "39f5bc5ea6f6f44e4467b9ecf85733f7d756d6fa9bd44ff4a3ff61b8052290b7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-b294-41dd-aa20-4cfa950d210b",
|
|
"value": "021215c109abbde900a1ca0ba2a240effbb6306e04af5937b44a71baff458051"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-efb8-41a2-bd0c-43b8950d210b",
|
|
"value": "15d3b57e2482cc4343381c02a4670b5aa7ef31bb590b07a5a556b38c2b846c32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-a07c-495f-a893-44ab950d210b",
|
|
"value": "5c0d632b0decf0b856fa37eb828878cc39adfbda591829c4056b80cbde218cad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442969",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f59-3f38-4940-acdc-4e80950d210b",
|
|
"value": "56221852f2126ebcd1ecb5ae6a6a0222f2ce67ee3be055a6b6bd1a64e747e902"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-77ac-4907-a7b7-49e7950d210b",
|
|
"value": "ecedd609095925829e3861f99623a08f87a63076d212136b12f55a7463ff3a4e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-a334-431f-a57a-4dfc950d210b",
|
|
"value": "ceb512a26706e9055c5c7c6829a93da2593d8290e2f96c0d88a361bf5465de4d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-4ed8-453f-9bb9-4619950d210b",
|
|
"value": "153b24796e4ecf20246aaa19f9650aa3b93994bcd5d736e1193d435ce98d607e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-8ff0-4430-a221-432a950d210b",
|
|
"value": "0c3636f6d9502abeb8e714cfca9381cb941f1265d2aef06921cabd88569958d0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-b904-4dde-8acd-4ea6950d210b",
|
|
"value": "e0e199c4bf9e0faffd0921ddfa870aecdebd5ad96d36c73513d0492824b797a3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-56a4-4bd3-b17e-4cd7950d210b",
|
|
"value": "5cc88cf62c8ab69d3dcc1b5993eafa5c2b75ccf7c7a230a120b952bb4779e940"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-f434-4c15-b327-480b950d210b",
|
|
"value": "2d2a951cec26e271c2e6f24514e0b35450cb85932a3d45965bdd5eb7d19b7a01"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-54a4-4169-8cb9-4283950d210b",
|
|
"value": "00ebff78f236992c87d1851ed39c51edb8dafc361fee1e495d438f39f2960b46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442970",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5a-6dd8-40ba-a5c8-45cc950d210b",
|
|
"value": "b1dfc7aa345d01ede2531ae8cb93b20bece6678d8ff7efd3fe98eac7c262acb8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-5434-4bca-a8c4-4877950d210b",
|
|
"value": "a0c28bd757fac1a27ef69b0b1240b48e7b76d569d7c812f697e6e799b9950740"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-4994-49df-bd31-4422950d210b",
|
|
"value": "c5a0a04251d54015e90089d8720d3a47495472c4a8e432af9e64aa116148f9e5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-0034-4f4b-8a98-4eb3950d210b",
|
|
"value": "f42dd791495a93802851cfc98975b0ced502d66f0cd11c2d1d3d0b145be91e94"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-4da4-400a-a450-4dd3950d210b",
|
|
"value": "6b3810c0d8f5aa7e9f6390c9a7a93581a6766b87d2fb6c2a84f345ceec4b0c19"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-6ef0-4609-9288-401b950d210b",
|
|
"value": "1aca9debe5b9e5bf93334c1a16c4340ab00922b9580537c4e5f472ba543649ad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-dba0-46a6-956b-4dfa950d210b",
|
|
"value": "a15ae9d91e57269efb15c768e7f7b0f0c7acf2e7cc452df1e2a93aad84cf5676"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-4b38-464d-ad47-4735950d210b",
|
|
"value": "0c6ce8e5aebb40a22a771a9f9be2aab686260e5e00aa8a482b4306bf6b443603"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-3c78-4071-a294-4500950d210b",
|
|
"value": "65d47473fb824b198bf89198153621a1c5f80545ef6641334f00f49f2f6e1e48"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442971",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5b-7c5c-4d27-9a3f-4c34950d210b",
|
|
"value": "651b3fb4c1807b1b725280cbc59532953dd855c5bf6f7ef41a37dc5653e10fee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-0870-497b-beb5-40b4950d210b",
|
|
"value": "33e5818e9f534ba38028cc64f5147e5bb07b6ccf7c76bc00571381d3d0e4917f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-8330-4d01-a8ed-4afa950d210b",
|
|
"value": "9e428cf974084bf1bc24a05b109f061e0c4c3eb6f8b034d15b728062d605afcf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-1058-4d23-aea7-4727950d210b",
|
|
"value": "b8c12120fc8298f3cf9e637ddd73eca9e0f88f516cae7f00d9ce13360d625988"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-fea8-4770-93a6-46a0950d210b",
|
|
"value": "67cf302dff151c5bab481630a8938034a0597203be43c6ac14c9b872dcd80a04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-4a48-4486-b654-45d9950d210b",
|
|
"value": "6fb690d29190406d31461ed0d07370b329c0f4976ac936d3acb4a806a169f635"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-d004-4959-ad14-400a950d210b",
|
|
"value": "4f493a113ba258994da6600a4750c9a86aaa31282047c826a0cca7474c09f5fb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-76a0-4c0f-9304-45d4950d210b",
|
|
"value": "d97f8a613d13b87a5eb3feb773501ddbdb3a5ce645532b0ea6d61def96c5c9c3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-48fc-4152-9ad5-43a4950d210b",
|
|
"value": "bbb7f0005790c73fa82802f7153e2c55794ad651471cf5dd192836783f2a1955"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442972",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5c-7664-4345-8d1a-4c16950d210b",
|
|
"value": "01c7383d3dc15cdd36e0d68eee489683715abc58cb3d8c41430e3cbc06ae831f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-7cc8-4957-abd9-44b0950d210b",
|
|
"value": "43309a810f2d7fadcd09d1c044b472c0edef0a84a9763f895812904f1903db41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-03c0-4ed5-8430-406a950d210b",
|
|
"value": "2fd26eff17fc9d17b8c26e187441eb3163441aca7a025dc4e3f8762360e54503"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-6694-4e81-bba5-405f950d210b",
|
|
"value": "7694ef6610056f002bc8dd8a7f249b7f3027bc42fa1c9a10c09621f7e7e0aab5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-97d4-4b5b-9ea6-4aae950d210b",
|
|
"value": "fa2b2a61bf9dedca86fe05b68f4c5015c1ee79ff0a5d620d0517c13684e464c5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-5a90-428e-9025-4e75950d210b",
|
|
"value": "5bc7cf7be1f391a1f47fe1e1daff7dccb05477eee2c213e9ced2930da0d54c75"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-de58-4aa3-86d2-4033950d210b",
|
|
"value": "01f30887a828344f6cf574bb05bd0bf571fc35979a3032377b95fb0d692b8061"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-1c60-4736-b44f-42db950d210b",
|
|
"value": "06d2255b06fa8eff6eb90633c11b03717197bba807aee8168395a93002353a65"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442973",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f5d-9b14-4cfe-8b8c-4832950d210b",
|
|
"value": "ad6ab25bfa24c59b6345455170b4ae88a86d96e49ec04a07bf4aedaf1836ea42"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428442981",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55244f65-fa1c-4d8c-b9ae-4c3f950d210b",
|
|
"value": "http://blogs.cisco.com/wp-content/uploads/dridex_word_hashes.txt"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443010",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55244f82-cd20-4c30-bd38-4650950d210b",
|
|
"value": "7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443031",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f97-7d98-4091-9575-9065950d210b",
|
|
"value": "185.39.149.21"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-ba48-4a3d-8fe9-9065950d210b",
|
|
"value": "31.41.45.197"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-6768-4e34-96ea-9065950d210b",
|
|
"value": "185.91.175.64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-0f20-41dd-8fdb-9065950d210b",
|
|
"value": "93.26.217.203"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-feb8-494e-a14a-9065950d210b",
|
|
"value": "193.26.217.203"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-7624-4f9d-8e96-9065950d210b",
|
|
"value": "77.74.103.150"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-73f0-49bb-9361-9065950d210b",
|
|
"value": "199.201.121.169"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1428443032",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55244f98-4d68-4804-b39d-9065950d210b",
|
|
"value": "45.55.154.235"
|
|
}
|
|
]
|
|
}
|
|
} |