adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/559d537c-f570-4e97-8154-98d9950d210b.json

1612 lines
No EOL
58 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2015-07-08",
"extends_uuid": "",
"info": "OSINT Morpho: Profiting from high-level corporate attacks by Symantec",
"publish_timestamp": "1596436493",
"published": true,
"threat_level_id": "2",
"timestamp": "1596436272",
"uuid": "559d537c-f570-4e97-8154-98d9950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:threat-actor=\"WildNeutron\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436373918",
"to_ids": false,
"type": "link",
"uuid": "559d539e-3848-4a7a-a61a-579a950d210b",
"value": "http://www.symantec.com/connect/blogs/morpho-profiting-high-level-corporate-attacks"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436373918",
"to_ids": false,
"type": "link",
"uuid": "559d539e-1e30-42bd-add3-579a950d210b",
"value": "http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/morpho-corporate-spies-out-for-financial-gain.pdf"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436373927",
"to_ids": false,
"type": "text",
"uuid": "559d53a7-885c-4439-91d2-4f5d950d210b",
"value": "Morpho"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596435972",
"to_ids": true,
"type": "yara",
"uuid": "559e20a1-70a4-430f-b7c4-a038950d210b",
"value": "rule Bannerjack\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho BannerJack hacktool\"\r\n strings:\r\n $str_1 = \"Usage: ./banner-jack [options]\"\r\n $str_2 = \"-f: file.csv\"\r\n $str_3 = \"-s: ip start\"\r\n $str_4 = \"-R: timeout read (optional, default %d secs)\"\r\n condition:\r\n all of them\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596436248",
"to_ids": true,
"type": "yara",
"uuid": "559e20b3-ac64-41f5-881a-4db2950d210b",
"value": "rule Eventlog\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Eventlog hacktool\"\r\n strings:\r\n $str_1 = \"wevtsvc.dll\"\r\n $str_2 = \"Stealing %S.evtx handle ...\"\r\n $str_3 = \"ElfChnk\"\r\n $str_4 = \"-Dr Dump all logs from a channel or .evtx file (raw\"\r\n condition:\r\n all of them\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596436196",
"to_ids": true,
"type": "yara",
"uuid": "559e20cc-3b88-4598-8dfd-eae3950d210b",
"value": "rule Hacktool\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho hacktool\"\r\n strings:\r\n $str_1 = \"\\\\\\\\.\\\\pipe\\\\winsession\" wide\r\n $str_2 = \"WsiSvc\" wide\r\n $str_3 = \"ConnectNamedPipe\"\r\n $str_4 = \"CreateNamedPipeW\"\r\n $str_5 = \"CreateProcessAsUserW\"\r\n condition:\r\n all of them\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596435976",
"to_ids": true,
"type": "yara",
"uuid": "559e20dc-8188-4564-aa28-4feb950d210b",
"value": "rule Multipurpose\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Multipurpose hacktool\"\r\n\r\n strings:\r\n $str_1 = \"dump %d|%d|%d|%d|%d|%d|%s|%d\"\r\n $str_2 = \"kerberos%d.dll\"\r\n $str_3 = \"\\\\\\\\.\\\\pipe\\\\lsassp\"\r\n $str_4 = \"pth <PID:USER:DOMAIN:NTLM>: change\"\r\n condition:\r\n all of them\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596436000",
"to_ids": true,
"type": "yara",
"uuid": "559e20ee-bb88-40d4-96a7-a037950d210b",
"value": "rule Securetunnel\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Securetunnel hacktool\"\r\n strings:\r\n $str_1 = \"KRB5CCNAME\"\r\n $str_2 = \"SSH _ AUTH _ SOCK\"\r\n $str_3 = \"f:l:u:cehR\"\r\n $str_4 = \".o+=*BOX@%&#/^SE\"\r\n condition:\r\n all of them\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1596435989",
"to_ids": true,
"type": "yara",
"uuid": "559e20fc-2154-465d-a50e-e09a950d210b",
"value": "rule Proxy\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho proxy hacktool\"\r\n strings:\r\n $str_1 = \"-u user : proxy username\"\r\n $str_2 = \"--pleh : displays help\"\r\n $str_3 = \"-x ip/host : proxy ip or host\"\r\n $str_4 = \"-m : bypass mutex check\"\r\n condition:\r\n all of them\r\n }"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1511189855",
"to_ids": true,
"type": "yara",
"uuid": "559e2111-9998-4ca2-ba49-4861950d210b",
"value": "rule jiripbot_ascii_str_decrypt\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Jiripbot hacktool\"\r\n strings:\r\n $decrypt_func = {\r\n 85 FF\r\n 75 03\r\n 33 C0\r\n C3\r\n 8B C7\r\n 8D 50 01\r\n 8A 08\r\n 40\r\n 84 C9\r\n 75 F9\r\n 2B C2\r\n 53\r\n 8B D8\r\n 80 7C 3B FF ??\r\n 75 3E\r\n 83 3D ?? ?? ?? ?? 00\r\n 56\r\n BE ?? ?? ?? ??\r\n 75 11\r\n 56\r\n FF 15 ?? ?? ?? ??\r\n C7 05 ?? ?? ?? ?? 01 00 00 00\r\n 56\r\n FF 15 ?? ?? ?? ??\r\n 33 C0\r\n 85 DB\r\n 74 09\r\n 80 34 38 ??\r\n 40\r\n 3B C3\r\n 72 F7\r\n 56\r\n FF 15 ?? ?? ?? ??\r\n 5E\r\n 8B C7\r\n 5B\r\n C3\r\n }\r\n condition:\r\n $decrypt_func\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1493453349",
"to_ids": true,
"type": "yara",
"uuid": "559e2131-66b8-4b07-97e2-e09a950d210b",
"value": "rule jiripbot_unicode_str_decrypt\r\n{\r\n meta:\r\n author = \"Symantec Security Response\"\r\n date = \"2015-07-01\"\r\n description = \"Morpho Jiripbot Unicode hacktool\"\r\n strings:\r\n $decrypt = {\r\n 85 ??\r\n 75 03\r\n 33 C0\r\n C3\r\n 8B ??\r\n 8D 50 02\r\n 66 8B 08\r\n 83 C0 02\r\n 66 85 C9\r\n 75 F5\r\n 2B C2\r\n D1 F8\r\n 57\r\n 8B F8\r\n B8 ?? ?? ?? ??\r\n 66 39 44 7E FE\r\n 75 43\r\n 83 3D ?? ?? ?? ?? 00\r\n 53\r\n BB ?? ?? ?? ??\r\n 75 11\r\n 53\r\n FF 15 ?? ?? ?? ??\r\n C7 05 ?? ?? ?? ?? 01 00 00 00\r\n 53\r\n FF 15 ?? ?? ?? ??\r\n 33 C0\r\n 85 FF\r\n 74 0E\r\n B9 ?? 00 00 00\r\n 66 31 0C 46\r\n 40\r\n 3B C7\r\n 72 F2\r\n 53\r\n FF 15 ?? ?? ?? ??\r\n 5B\r\n 8B C6\r\n 5F\r\n C3\r\n }\r\n condition:\r\n $decrypt\r\n}"
},
{
"category": "Network activity",
"comment": "SSH over port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426614",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e2176-9470-4372-b288-45b9950d210b",
"value": "46.183.217.132"
},
{
"category": "Network activity",
"comment": "SSH over port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426614",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e2176-8708-4641-a871-43c1950d210b",
"value": "46.165.237.75"
},
{
"category": "Network activity",
"comment": "SSH over port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426615",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e2177-e0fc-478a-9412-4bf1950d210b",
"value": "217.23.3.112"
},
{
"category": "Network activity",
"comment": "SSH over port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426615",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e2177-6d28-44c8-9b18-41d1950d210b",
"value": "178.162.197.9"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426911",
"to_ids": true,
"type": "sha256",
"uuid": "559e229f-6234-4f9d-a587-49de950d210b",
"value": "0ac7b594aaae21b61af2f3aabdc5eda9b6811eca52dcbf4691c4ec6dfd2d5cd8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426911",
"to_ids": true,
"type": "sha256",
"uuid": "559e229f-b908-4716-ac97-418b950d210b",
"value": "14bfc2bf8a80a19ff2c1480f513c96b8e8adc89a8d75d7c0064f810f1a7a2e61"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426911",
"to_ids": true,
"type": "sha256",
"uuid": "559e229f-25d8-4ce8-b3e1-40a6950d210b",
"value": "1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426911",
"to_ids": true,
"type": "sha256",
"uuid": "559e229f-8e58-4706-a012-4fb4950d210b",
"value": "178b25ddca2bd5ea1b8c3432291d4d0b5b725e16961f5e4596fb9267a700fa2f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426911",
"to_ids": true,
"type": "sha256",
"uuid": "559e229f-6e30-4831-bc56-4e54950d210b",
"value": "1a9f679016e38d399ff33efcfe7dc6560ec658d964297dbe377ff7c68e0dfbaf"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426912",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a0-9884-48fa-b96d-42b0950d210b",
"value": "1c81bc28ad91baed60ca5e7fee68fbcb976cf8a483112fa81aab71a18450a6b0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426912",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a0-2324-490c-a1b3-40ea950d210b",
"value": "1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426912",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a0-a37c-46a2-aa27-47e0950d210b",
"value": "25fe7dd1e2b19514346cb2b8b5e91ae110c6adb9df5a440b8e7bbc5e8bc74227"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426912",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a0-45c0-4bd2-b6aa-49f9950d210b",
"value": "29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426912",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a0-9048-416b-b549-4ee2950d210b",
"value": "2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426912",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a0-5e64-4f0e-abc1-4820950d210b",
"value": "2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426913",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a1-e808-42aa-952c-4b87950d210b",
"value": "2bd5f7e0382956a7c135cdeb96edfdbccfcfc1955d26e317e2328ea83ace7cee"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426913",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a1-2844-4ff3-8ce3-4fa5950d210b",
"value": "2d3ea11c5aea7e8a60cd4f530c1e234a2aa2df900d90122dd2fcf1fa9f47b935"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426913",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a1-cfac-4f92-9226-49a0950d210b",
"value": "3756ddcb5d52f938dd9e07d61fae21b70e665f01bbb2cbe04164e82892b86e2f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426913",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a1-97b8-4437-9246-4173950d210b",
"value": "3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426913",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a1-9300-428a-8642-44ed950d210b",
"value": "4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426913",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a1-f5cc-41ff-9e59-401a950d210b",
"value": "45f363e498312a34fa99af3c1cdd635fcebefaa3222dff348a9ab8ca25530797"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426914",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a2-a3b8-4da5-8dd0-4fb6950d210b",
"value": "48c0bd55e1cf3f75e911ef66a9ccb9436c1571c982c5281d2d8bf00a99f0ee1a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426914",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a2-411c-4b2b-900b-4d20950d210b",
"value": "49e4198c94b80483302e11c2e7d83e0ac2379f081ee3a3aa32d96d690729f2d6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426914",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a2-5698-449a-a2e9-4ee6950d210b",
"value": "534004a473761e60d0db8afbc99390b19c32e7c5af3445ecd63f43ba6187ded4"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426914",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a2-3a28-4047-bcc1-4b85950d210b",
"value": "54a8afb10a0569785d4a530ff25b07320881c139e813e58cb5a621da85f8a9f5"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426914",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a2-1d24-4ca2-adbc-40be950d210b",
"value": "5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426914",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a2-3df4-4350-8444-41f8950d210b",
"value": "683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426915",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a3-7f28-4a03-883b-46db950d210b",
"value": "6fb43afb191b09c7b62da7a5ddafdc1a9a4c46058fd376c045d69dd0a2ea71a6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426915",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a3-bce8-4a85-a9d9-480e950d210b",
"value": "758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426915",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a3-99b0-49ac-9f0e-4f6b950d210b",
"value": "781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426915",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a3-b928-4fd6-8424-4775950d210b",
"value": "796b1523573c889833f154aeb59532d2a9784e4747b25681a97ec00b9bb4fb19"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426915",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a3-357c-419f-9f9a-4381950d210b",
"value": "7aa1716426614463b8c20716acf8fd6461052a354b88c31ad2cc8b8a3b3e6868"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426915",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a3-640c-4502-98b8-4394950d210b",
"value": "81955e36dd46f3b05a1d7e47ffd53b7d1455406d952c890b5210a698dd97e938"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426916",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a4-c05c-4ed7-a801-450a950d210b",
"value": "8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426916",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a4-a60c-44bd-bbf2-41fb950d210b",
"value": "8db5c2b645eee393d0f676fe457cd2cd3e4b144bbe86a61e4f4fd48d9de4aeae"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426916",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a4-49c0-4b9b-a7d5-4244950d210b",
"value": "90b5fec973d31cc149d0e2683872785fa61770deec6925006e9142374c315fde"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426916",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a4-d564-4cb3-9f36-46f8950d210b",
"value": "9bff19ca48b43b148ff95e054efc39882d868527cdd4f036389a6f11750adddc"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426916",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a4-0bd4-47db-b133-472f950d210b",
"value": "9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426916",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a4-8508-4c6d-9c4f-4b55950d210b",
"value": "9fab34fa2d31a56609b56874e1265969dbfa6c17d967cca5ecce0e0760670a60"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426917",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a5-d3bc-4475-b0db-49fd950d210b",
"value": "a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426917",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a5-f8cc-4d7e-92a0-4cd6950d210b",
"value": "b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426917",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a5-7ed0-4845-8e5b-4be8950d210b",
"value": "b81484220a46c853dc996c19db9416493662d943b638915ed2b3a4a0471cc8d8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426917",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a5-5f08-4268-819c-4736950d210b",
"value": "bc177e879fd941911eb2ea404febffa2042310c632d9922205949155e9b35cb6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426917",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a5-744c-4f64-b245-471b950d210b",
"value": "c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426917",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a5-cf90-4254-a283-42b9950d210b",
"value": "c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426918",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a6-91d8-450b-bdce-46df950d210b",
"value": "c83bb0330d69f6ad4c79d4a0ce1891e6f34091aecfeaf72cf80b2532268a0abc"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426918",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a6-c660-4ea1-9a11-46d0950d210b",
"value": "ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426918",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a6-8144-43f8-9676-4921950d210b",
"value": "cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426918",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a6-c90c-43cf-8ccf-42f7950d210b",
"value": "d15b8071994bad01226a06f2802cbfe86a5483803244de4e99b91f130535d972"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426918",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a6-5f4c-4bae-8709-4e08950d210b",
"value": "da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426918",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a6-7970-46de-bfb5-4fee950d210b",
"value": "efbc082796df566261b07f51a325503231e5a7ce41617d3dfff3640b0be06162"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426919",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a7-4ea4-4a79-b9de-4c33950d210b",
"value": "fcaab8f77e4c9ba922d825b837acfffc9f231c3abb21015369431afae679d644"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426919",
"to_ids": true,
"type": "sha256",
"uuid": "559e22a7-bba0-4fbc-b479-466d950d210b",
"value": "fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426960",
"to_ids": true,
"type": "hostname",
"uuid": "559e22d0-e8b0-4992-947b-44b8950d210b",
"value": "ddosprotected.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426960",
"to_ids": true,
"type": "hostname",
"uuid": "559e22d0-f144-4775-9fd4-483b950d210b",
"value": "drfx.chickenkiller.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426993",
"to_ids": true,
"type": "domain",
"uuid": "559e22f1-0f1c-48b6-900c-a038950d210b",
"value": "digitalinsight-ltd.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426993",
"to_ids": true,
"type": "domain",
"uuid": "559e22f1-bf04-4e8d-b839-a038950d210b",
"value": "clust12-akmai.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426994",
"to_ids": true,
"type": "domain",
"uuid": "559e22f2-f898-4624-8cca-a038950d210b",
"value": "jdk-update.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426994",
"to_ids": true,
"type": "domain",
"uuid": "559e22f2-3030-4832-8da7-a038950d210b",
"value": "corp-aapl.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436426994",
"to_ids": true,
"type": "domain",
"uuid": "559e22f2-ae4c-4264-b113-a038950d210b",
"value": "cloudprotect.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427053",
"to_ids": true,
"type": "hostname",
"uuid": "559e232d-b48c-4c45-800d-4b34950d210b",
"value": "jdk.20e8ad99287f7fc244651237cbe8292a.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427073",
"to_ids": false,
"type": "comment",
"uuid": "559e2341-1b68-406c-84c5-4c62950d210b",
"value": "The following shows the format of Backdoor.Jiripbot\u00e2\u20ac\u2122s DGA domains:\r\njdk\\.[a-f0-9]{32}\\.org e.g. jdk.20e8ad99287f7fc244651237cbe8292a.org"
},
{
"category": "Antivirus detection",
"comment": "Symantec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427333",
"to_ids": false,
"type": "text",
"uuid": "559e2445-1780-408a-a19c-42f4950d210b",
"value": "Backdoor.Jiripbot"
},
{
"category": "Antivirus detection",
"comment": "Symantec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427333",
"to_ids": false,
"type": "text",
"uuid": "559e2445-32ec-4657-b803-4ce4950d210b",
"value": "Hacktool.Multipurpose"
},
{
"category": "Antivirus detection",
"comment": "Symantec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427333",
"to_ids": false,
"type": "text",
"uuid": "559e2445-1f1c-4665-9b46-4b73950d210b",
"value": "Hacktool.Securetunnel"
},
{
"category": "Antivirus detection",
"comment": "Symantec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427333",
"to_ids": false,
"type": "text",
"uuid": "559e2445-fb10-4967-bec2-4665950d210b",
"value": "Hacktool.Eventlog"
},
{
"category": "Antivirus detection",
"comment": "Symantec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427333",
"to_ids": false,
"type": "text",
"uuid": "559e2445-a434-43a7-b45f-4a90950d210b",
"value": "Hacktool.Bannerjack"
},
{
"category": "Antivirus detection",
"comment": "Symantec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436427334",
"to_ids": false,
"type": "text",
"uuid": "559e2446-ce48-4a27-b1af-44f3950d210b",
"value": "Hacktool.Proxy.A"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436510037",
"to_ids": false,
"type": "text",
"uuid": "559f6755-80e8-44bc-9190-d94a950d210b",
"value": "Wild Neutron"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529489",
"to_ids": true,
"type": "sha1",
"uuid": "560a8311-c798-492e-818a-4caf950d210b",
"value": "a22290d32d8a01e9b58da9bc5c8c047764e89336"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529489",
"to_ids": true,
"type": "md5",
"uuid": "560a8311-6628-485f-8530-4caf950d210b",
"value": "1a352beadff958f13b09fde8a89f36f1"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529490",
"to_ids": false,
"type": "link",
"uuid": "560a8312-e670-49a3-8fee-4caf950d210b",
"value": "https://www.virustotal.com/file/fd616d1298653119fb4fbd88c0d39b881181398d2011320dc9c8c698897848c4/analysis/1442486779/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529490",
"to_ids": true,
"type": "sha1",
"uuid": "560a8312-89b0-4e30-9fa7-4caf950d210b",
"value": "6a4a1076d7ad25d9a3f0052096e1e6697653db6c"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529490",
"to_ids": true,
"type": "md5",
"uuid": "560a8312-6414-4e82-bfd0-4caf950d210b",
"value": "7ae1b2ad1e40d0b19ce76a64348fa534"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529491",
"to_ids": false,
"type": "link",
"uuid": "560a8313-83cc-45df-905f-4caf950d210b",
"value": "https://www.virustotal.com/file/da41d27070488316cbf9776e9468fae34f2e14651280e3ec1fb8524fda0873de/analysis/1442486617/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529491",
"to_ids": true,
"type": "sha1",
"uuid": "560a8313-a258-48de-b71e-4caf950d210b",
"value": "3b8f6dbaa55c63ef87e96a9eb983a2890a6d9da7"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529491",
"to_ids": true,
"type": "md5",
"uuid": "560a8313-f004-435c-9313-4caf950d210b",
"value": "ece3cc272134b4ea0b3839228883a14c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529492",
"to_ids": false,
"type": "link",
"uuid": "560a8314-fbc8-492c-bc94-4caf950d210b",
"value": "https://www.virustotal.com/file/cfacc5389683518ecdd78002c975af6870fa5876337600e0b362abbbab0a19d2/analysis/1442486690/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529492",
"to_ids": true,
"type": "sha1",
"uuid": "560a8314-d274-42eb-acc8-4caf950d210b",
"value": "7f9c67959c273c76271d5d58a1049ced1c3b0e23"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529492",
"to_ids": true,
"type": "md5",
"uuid": "560a8314-b004-4c81-a944-4caf950d210b",
"value": "342887a7ec6b9f709adcb81fef0d30a3"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529493",
"to_ids": false,
"type": "link",
"uuid": "560a8315-e55c-4aec-bd84-4caf950d210b",
"value": "https://www.virustotal.com/file/ccc851cbd600592f1ed2c2969a30b87f0bf29046cdfa1590d8f09cfe454608a5/analysis/1442486074/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529493",
"to_ids": true,
"type": "sha1",
"uuid": "560a8315-abd0-46aa-9116-4caf950d210b",
"value": "30359201338053af55109266ebcea3b0060b7d61"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529493",
"to_ids": true,
"type": "md5",
"uuid": "560a8315-00a4-42d4-81a1-4caf950d210b",
"value": "2cafcd57e7fcb1649da9fef9664ea4da"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529494",
"to_ids": false,
"type": "link",
"uuid": "560a8316-85ec-418d-a594-4caf950d210b",
"value": "https://www.virustotal.com/file/c54f31f190b06649dff91f6b915273b88ee27a2f8e766d54ee4213671fc09f90/analysis/1442486621/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529494",
"to_ids": true,
"type": "sha1",
"uuid": "560a8316-1c10-464d-b502-4caf950d210b",
"value": "3d11dfaf87753b8a0622023607dcae6fa8bddc12"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529494",
"to_ids": true,
"type": "md5",
"uuid": "560a8317-9d64-4faa-a6df-4caf950d210b",
"value": "331e0b7f94708c39a07c6da38a665fdb"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529495",
"to_ids": false,
"type": "link",
"uuid": "560a8317-a63c-42a1-a6cd-4caf950d210b",
"value": "https://www.virustotal.com/file/c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0/analysis/1442486656/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529495",
"to_ids": true,
"type": "sha1",
"uuid": "560a8317-e030-4412-9bd0-4caf950d210b",
"value": "e8c3660c87a2265ddb01dcffcd1d0bb040ab247a"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529496",
"to_ids": true,
"type": "md5",
"uuid": "560a8318-3fd4-47be-886f-4caf950d210b",
"value": "f0fff29391e7c2e7b13eb4a806276a84"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529496",
"to_ids": false,
"type": "link",
"uuid": "560a8318-5500-45fe-adaf-4caf950d210b",
"value": "https://www.virustotal.com/file/b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45/analysis/1442486077/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529496",
"to_ids": true,
"type": "sha1",
"uuid": "560a8318-2394-4b3c-8da9-4caf950d210b",
"value": "c0721460f4ee074b25fb0b1ed8dae4d2cb7517c9"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529497",
"to_ids": true,
"type": "md5",
"uuid": "560a8319-9444-4cb6-8d83-4caf950d210b",
"value": "fe2439ef0ace518e1c1a32585099dab8"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529497",
"to_ids": false,
"type": "link",
"uuid": "560a8319-e2a8-4339-a36e-4caf950d210b",
"value": "https://www.virustotal.com/file/a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c/analysis/1442486694/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529497",
"to_ids": true,
"type": "sha1",
"uuid": "560a8319-8714-4bd0-a38f-4caf950d210b",
"value": "e540b71e8a4eafc5f26ab379ca5376ac01f05add"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529498",
"to_ids": true,
"type": "md5",
"uuid": "560a831a-c794-46b8-b30f-4caf950d210b",
"value": "e92ff1d7b66a112bfc29d5ccb98aeadc"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529498",
"to_ids": false,
"type": "link",
"uuid": "560a831a-d0cc-4511-a83a-4caf950d210b",
"value": "https://www.virustotal.com/file/9d077a37b94bf69b94426041e5d5bf1fe56c482ca358191ca911ae041305f3ed/analysis/1442486781/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529498",
"to_ids": true,
"type": "sha1",
"uuid": "560a831a-e06c-462d-b089-4caf950d210b",
"value": "3d75a14f3552d881061449d53577614430ff9e26"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529499",
"to_ids": true,
"type": "md5",
"uuid": "560a831b-7228-4c80-a531-4caf950d210b",
"value": "1582d68144de2808b518934f0a02bfd6"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529499",
"to_ids": false,
"type": "link",
"uuid": "560a831b-2818-46a8-acb2-4caf950d210b",
"value": "https://www.virustotal.com/file/8ca7ed720babb32a6f381769ea00e16082a563704f8b672cb21cf11843f4da7a/analysis/1442486067/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529499",
"to_ids": true,
"type": "sha1",
"uuid": "560a831b-acfc-4d35-9543-4caf950d210b",
"value": "cc941c08b2ff523651aefda9d2df3ee052a3b5cf"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529500",
"to_ids": true,
"type": "md5",
"uuid": "560a831c-5534-43a2-a94a-4caf950d210b",
"value": "95ffe4ab4b158602917dd2a999a8caf8"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529500",
"to_ids": false,
"type": "link",
"uuid": "560a831c-9404-44e3-b6a5-4caf950d210b",
"value": "https://www.virustotal.com/file/781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e/analysis/1442486072/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529500",
"to_ids": true,
"type": "sha1",
"uuid": "560a831c-2e34-4fb1-aaf8-4caf950d210b",
"value": "050eb34e35feb95b78bfeba3dea70d8dd27a5064"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529501",
"to_ids": true,
"type": "md5",
"uuid": "560a831d-f5dc-4ee0-b521-4caf950d210b",
"value": "0fa3657af06a8cc8ef14c445acd92c0f"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529501",
"to_ids": false,
"type": "link",
"uuid": "560a831d-b258-4d4f-be96-4caf950d210b",
"value": "https://www.virustotal.com/file/758e6b519f6c0931ff93542b767524fc1eab589feb5cfc3854c77842f9785c92/analysis/1442486070/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529501",
"to_ids": true,
"type": "sha1",
"uuid": "560a831d-d694-48a7-93f2-4caf950d210b",
"value": "6493bb7decbb6142d9ddb041af0dd385de1d3756"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529502",
"to_ids": true,
"type": "md5",
"uuid": "560a831e-9cd8-4a38-8acd-4caf950d210b",
"value": "14ba21a3a0081ef60e676fd4945a8bdc"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529502",
"to_ids": false,
"type": "link",
"uuid": "560a831e-5dc8-440e-9c2c-4caf950d210b",
"value": "https://www.virustotal.com/file/683f5b476f8ffe87ec22b8bab57f74da4a13ecc3a5c2cbf951999953c2064fc9/analysis/1442486069/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529502",
"to_ids": true,
"type": "sha1",
"uuid": "560a831e-52b8-4a6a-87a6-4caf950d210b",
"value": "35d6935dc04df08031f11696ea407eba9003888a"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529503",
"to_ids": true,
"type": "md5",
"uuid": "560a831f-2874-469a-bf82-4caf950d210b",
"value": "0af7a57ec3311128b58281a4deb425ab"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529503",
"to_ids": false,
"type": "link",
"uuid": "560a831f-743c-4994-8890-4caf950d210b",
"value": "https://www.virustotal.com/file/5ab4c378fd8b3254808d66c22bbaacc035874f1c9b4cee511b96458fedff64ed/analysis/1442486788/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529504",
"to_ids": true,
"type": "sha1",
"uuid": "560a8320-c720-456b-af5f-4caf950d210b",
"value": "fdfa0c4757b843c2728b876861390566dbcdba54"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529504",
"to_ids": true,
"type": "md5",
"uuid": "560a8320-fd48-4fe6-acd8-4caf950d210b",
"value": "828b19af6f4b94667960cb85079b458b"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529504",
"to_ids": false,
"type": "link",
"uuid": "560a8320-8054-46f8-9954-4caf950d210b",
"value": "https://www.virustotal.com/file/4327ce696b5bce9e9b2a691b4e915796218c00998363c7602d8461dd0c1c8fbb/analysis/1442486786/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529505",
"to_ids": true,
"type": "sha1",
"uuid": "560a8321-ad04-4dc8-9bd7-4caf950d210b",
"value": "d026039b985949f1f0d222b38d9fa0defb025309"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529505",
"to_ids": true,
"type": "md5",
"uuid": "560a8321-d414-48bc-83ee-4caf950d210b",
"value": "0bf56a08d031b08163b0a19576e56292"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529505",
"to_ids": false,
"type": "link",
"uuid": "560a8321-8e40-404f-b37c-4caf950d210b",
"value": "https://www.virustotal.com/file/3cfdd3cd1089c4152c0d4c7955210d489565f28fb0af9861b195db34e7ad2502/analysis/1442486784/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529506",
"to_ids": true,
"type": "sha1",
"uuid": "560a8322-d02c-4c55-8798-4caf950d210b",
"value": "8e4e662682f0f7f7fa59d39a2fc023a1843238a0"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529506",
"to_ids": true,
"type": "md5",
"uuid": "560a8322-d204-4a57-af5e-4caf950d210b",
"value": "425b40d687e34623f54ff58a079fc9af"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529506",
"to_ids": false,
"type": "link",
"uuid": "560a8322-7310-4e0f-af2a-4caf950d210b",
"value": "https://www.virustotal.com/file/2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94/analysis/1442486660/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529507",
"to_ids": true,
"type": "sha1",
"uuid": "560a8323-dfbc-47fa-8272-4caf950d210b",
"value": "29804cb689f1949e5f127378351f72fada48c1e0"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529507",
"to_ids": true,
"type": "md5",
"uuid": "560a8323-69ac-4c4f-ad7e-4caf950d210b",
"value": "b7efead869c3d92f1086c43cb99ab0a2"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529507",
"to_ids": false,
"type": "link",
"uuid": "560a8323-4868-45fe-a5df-4caf950d210b",
"value": "https://www.virustotal.com/file/2a8cb295f85f8d1d5aae7744899875ebb4e6c3ef74fbc5bfad6e7723c192c5cf/analysis/1442486615/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529508",
"to_ids": true,
"type": "sha1",
"uuid": "560a8324-00c0-400e-aa5c-4caf950d210b",
"value": "d838b54b755d6ec7be71f46c244cb3ecd180f2e5"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529508",
"to_ids": true,
"type": "md5",
"uuid": "560a8324-d7a8-4f9b-9060-4caf950d210b",
"value": "2c9cbe71dc98897aeaef4d6d3afc7eb3"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529508",
"to_ids": false,
"type": "link",
"uuid": "560a8324-3544-4138-abf1-4caf950d210b",
"value": "https://www.virustotal.com/file/29906c51217d15b9bbbcc8130f64dabdb69bd32baa7999500c7a230c218e8b0a/analysis/1442486782/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529509",
"to_ids": true,
"type": "sha1",
"uuid": "560a8325-bad4-4ea1-bb31-4caf950d210b",
"value": "c2b09f227d141befeab81df132c9abbad4b73c46"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529509",
"to_ids": true,
"type": "md5",
"uuid": "560a8325-afd0-4ece-b4af-4caf950d210b",
"value": "5c42ec22da050bbc82e4a86d4dd0e086"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529509",
"to_ids": false,
"type": "link",
"uuid": "560a8325-96ac-4952-83a3-4caf950d210b",
"value": "https://www.virustotal.com/file/1c9af096e4c7daa440af136f2b1439089a827101098cfe25b8c19fc7321eaad9/analysis/1442486777/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529510",
"to_ids": true,
"type": "sha1",
"uuid": "560a8326-0e80-46ba-85a1-4caf950d210b",
"value": "f42e316292f59ea51f4c40d1c574747eec227796"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529510",
"to_ids": true,
"type": "md5",
"uuid": "560a8326-05a0-4ec8-9c74-4caf950d210b",
"value": "a16e58bba851ea00e4ea79f9763df6f1"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443529510",
"to_ids": false,
"type": "link",
"uuid": "560a8326-b3f4-4e88-b8d6-4caf950d210b",
"value": "https://www.virustotal.com/file/1677573bb02cc073e248e4a14334db90be8052d0b236e446e29582f50441fa33/analysis/1442486775/"
}
]
}
}
Reference in a new issue View git blame Copy permalink