adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/589d81ee-0348-49fe-9b88-4c48950d210f.json

2051 lines
No EOL
68 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-02-10",
"extends_uuid": "",
"info": "OSINT - Shell Crew Variants Continue to Fly Under Big AV\u00e2\u20ac\u2122s Radar",
"publish_timestamp": "1486721797",
"published": true,
"threat_level_id": "3",
"timestamp": "1486721672",
"uuid": "589d81ee-0348-49fe-9b88-4c48950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#10c300",
"local": false,
"name": "misp-galaxy:threat-actor=\"Shell Crew\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:tool=\"StreamEx\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8270-df64-437d-a96b-4a0f950d210f",
"value": "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": false,
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "comment",
"uuid": "589d86ac-67f0-4796-aba9-4374950d210f",
"value": "Cylance SPEAR\u00e2\u201e\u00a2 has identified a newer family of samples deployed by Shell Crew that has flown under AV\u00e2\u20ac\u2122s radar for more than a year and a half. Simple programmatic techniques continue to be effective in evading signature-based detection. \r\n\r\nShell Crew, first named by RSA in this paper, has been incredibly proficient over time and breached numerous high-value targets. The backdoor provided an alternative foothold in several observed instances for the group and employed a few tricks like using the Intel SSE extended instruction set to avoid emulation and obscure analysis. \r\n\r\nMost of the variants Cylance identified were 64-bit; however, a couple of earlier 32-bit variants were created in May 2015."
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "yara",
"uuid": "589d86bd-00f4-40c6-8b96-4915950d210f",
"value": "rule StreamEx\r\n{\r\nstrings:\r\n$a = \"0r+8DQY97XGB5iZ4Vf3KsEt61HLoTOuIqJPp2AlncRCgSxUWyebhMdmzvFjNwka=\"\r\n$b = {34 ?? 88 04 11 48 63 C3 48 FF C1 48 3D D8 03 00 00}\r\n$bb = {81 86 ?? ?? 00 10 34 ?? 88 86 ?? ?? 00 10 46 81 FE D8 03 00 00}\r\n$c = \"greendll\"\r\n$d = \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36\" wide\r\n$f = {26 5E 25 24 23 91 91 91 91}\r\n$g = \"D:\\\\pdb\\\\ht_d6.pdb\" \r\n\r\ncondition:\r\n$a or $b or $bb or ($c and $d) or $f or $g\r\n} 116_Shell-Crew-Malware_f_SML"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "pdb",
"uuid": "589d86d7-b4fc-449e-8674-4d5b950d210f",
"value": "D:\\pdb\\ht_d6.pdb"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8703-4ea8-433e-8b1d-49fb950d210f",
"value": "103.214.143.44"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8704-3678-4703-92ac-4e8b950d210f",
"value": "104.148.71.127"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8705-2278-44a2-b75e-47de950d210f",
"value": "106.185.52.7"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8706-92cc-497b-8fe8-4246950d210f",
"value": "107.151.218.149"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8707-3718-4a8b-bbb4-4533950d210f",
"value": "107.161.80.22"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8707-c7c8-4d54-9a66-49dd950d210f",
"value": "118.193.153.5"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8708-9e60-47d3-8bab-4755950d210f",
"value": "119.57.196.30"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8709-899c-4e25-bb54-4054950d210f",
"value": "122.10.9.154"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870a-a47c-45df-8fdf-44eb950d210f",
"value": "158.69.34.129"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870a-b2d4-404a-a4f7-4c87950d210f",
"value": "167.160.16.242"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870b-f57c-4f02-89f3-4285950d210f",
"value": "173.231.49.141"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870c-448c-4285-9b90-44de950d210f",
"value": "174.139.57.26"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870d-edd4-4448-9713-469a950d210f",
"value": "174.139.57.27"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870e-7348-487b-9ec7-4804950d210f",
"value": "174.139.57.30"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870e-537c-4ef8-a62f-4b49950d210f",
"value": "211.58.38.100"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d870f-33e8-4aee-83da-4dc5950d210f",
"value": "220.73.222.120"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8710-09f0-4852-915e-49a6950d210f",
"value": "220.73.222.86"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8711-4104-4dc5-ace6-439a950d210f",
"value": "221.139.50.134"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8711-af10-4cd4-98e0-4802950d210f",
"value": "31.210.102.210"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8712-f348-47da-908c-4bda950d210f",
"value": "43.249.81.209"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8713-b7b0-4ebd-9b02-4b75950d210f",
"value": "43.249.81.210"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8714-fbf8-410c-b62c-46ae950d210f",
"value": "50.115.138.215"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8714-d52c-4596-9e73-49c4950d210f",
"value": "88.208.228.56"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "ip-dst",
"uuid": "589d8715-f9c4-4e52-afc6-4df0950d210f",
"value": "92.242.144.2"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d8964-a938-4ae4-ae7d-43fa950d210f",
"value": "seo777.f3322.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d8965-7a60-40da-8273-4b6f950d210f",
"value": "sexy.f3322.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d8966-7b64-47a9-a3ae-46d8950d210f",
"value": "allmnz.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d8967-754c-4e88-8795-4c42950d210f",
"value": "incsteelkor.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89a8-9348-45fb-8317-4879950d210f",
"value": "backup.microsoftappstore.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89a9-ccc0-498f-9c25-4de5950d210f",
"value": "dataserver.cmonkey3.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89aa-cb58-49e4-bf9b-49a2950d210f",
"value": "google-helps.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89ab-bae0-46b0-a117-49a0950d210f",
"value": "kpupdate.amz80.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89ab-e468-4846-8f9a-45b7950d210f",
"value": "mail-help.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89ac-77d8-4110-8bc1-4442950d210f",
"value": "mail-issue.top"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89ad-e734-4e07-8ef2-4fdb950d210f",
"value": "microsoftupdating.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89ae-d4d8-4cdd-836f-4229950d210f",
"value": "microsoftwww.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89af-8a24-4dd7-8773-445d950d210f",
"value": "ns1.ccccc.work"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89af-9534-4e81-b70f-47f1950d210f",
"value": "ns1.superman0x58.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b0-7b60-49d8-b49a-4254950d210f",
"value": "ns1.xssr.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b1-7f9c-4e5a-8713-4fc1950d210f",
"value": "ns2.ccccc.work"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b2-4c60-4592-a144-4be4950d210f",
"value": "ns2.superman0x58.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b3-43bc-4638-9730-484b950d210f",
"value": "ns2.xssr.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b4-91fc-48b1-953e-4ccf950d210f",
"value": "qr1.3jd90dsj3df.website"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b4-a2a0-4ece-b121-45bb950d210f",
"value": "r4.microsoftupdating.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b5-910c-447e-9339-48b9950d210f",
"value": "rouji.xssr.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b6-3be0-472e-91cd-416e950d210f",
"value": "t2z0n9.microsoftappstore.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b7-7e60-49ff-8e47-460b950d210f",
"value": "temp.mail-issue.top"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89b7-c2a4-48cb-bc62-4ca6950d210f",
"value": "time-service.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b8-e5cc-42c4-bec9-4366950d210f",
"value": "update.microsoftwww.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89b9-193c-46e5-b72b-47a5950d210f",
"value": "updatecz.mykorean.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89ba-2ccc-4775-9024-4da9950d210f",
"value": "uriupdate.newsbs.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89bb-f894-4bc8-8f15-41a0950d210f",
"value": "wwgooglewww.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89bb-6a88-4d66-80fa-4deb950d210f",
"value": "www.microsoftwww.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "domain",
"uuid": "589d89bc-de04-474a-ae40-4700950d210f",
"value": "wwwgooglewww.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89bd-6750-4fa5-8ded-442e950d210f",
"value": "zy.xssr.org"
},
{
"category": "Network activity",
"comment": "Compromised website",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "hostname",
"uuid": "589d89e2-edb8-4599-a03c-4ddd950d210f",
"value": "www.aceactor.co.kr",
"Tag": [
{
"colour": "#2d0048",
"local": false,
"name": "adversary:infrastructure-status=\"compromised\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d89f8-9c18-490e-b950-4977950d210f",
"value": "0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d89f9-c3e4-4bc4-91fc-40b0950d210f",
"value": "60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d89fa-35a4-4e9c-9dce-44c5950d210f",
"value": "6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d89fa-f570-44da-a363-47ad950d210f",
"value": "8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a10-aaa0-42bf-b16a-4009950d210f",
"value": "369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a10-bbcc-4873-8bb8-4634950d210f",
"value": "8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a11-85a8-454b-b8fa-46ae950d210f",
"value": "bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a12-7b88-45a4-b271-4b7c950d210f",
"value": "fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a20-96d0-4c91-9e81-46a7950d210f",
"value": "04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a20-8fc8-4890-bd57-429d950d210f",
"value": "37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a21-7f64-4a0c-bb61-4473950d210f",
"value": "434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a22-b05c-4677-b565-43c3950d210f",
"value": "50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a23-9b98-4fc3-98b6-4301950d210f",
"value": "5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a23-4a78-46e3-b28c-4048950d210f",
"value": "82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a24-2d74-4478-93fc-43ac950d210f",
"value": "a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a25-23d4-45ca-9763-48c1950d210f",
"value": "d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha256",
"uuid": "589d8a26-a1ec-49a6-a80e-400c950d210f",
"value": "e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b3d-db10-4dac-a7f6-42a902de0b81",
"value": "5d9e9616ca8a8034258655758eb19f8930f8fbfe",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b3e-1238-4f08-9dc0-41aa02de0b81",
"value": "6081723ac9d35de3a6eb9b8fcd474bae",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b3f-3914-4d79-9d9b-45de02de0b81",
"value": "https://www.virustotal.com/file/0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d/analysis/1465809113/",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b40-3644-4bcf-b7b7-49ac02de0b81",
"value": "91c62ae0edb2edf9237d68f1a85acee211e9f1ca",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b41-6428-4bb7-804b-4a6502de0b81",
"value": "956a719b0812990b12b648cb03868a67",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b41-9a64-49fe-9f06-4efe02de0b81",
"value": "https://www.virustotal.com/file/60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b/analysis/1482127685/",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b42-b504-49ac-bd74-4e8a02de0b81",
"value": "1ef6150a2a20667ca3d790b0f2772c495f340902",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b43-ad84-401e-819d-4df202de0b81",
"value": "01f5afdac12d5265ac73372496440312",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b44-8020-41fb-820a-42d102de0b81",
"value": "https://www.virustotal.com/file/6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b/analysis/1486667967/",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b44-4448-421d-90ec-447602de0b81",
"value": "efada2e9ad08a37c250a7595099fc95d3483982a",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b45-bccc-4673-9880-4fd402de0b81",
"value": "0c15030995abd0fb361c0c4f31f8ff3b",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx Droppers - Xchecked via VT: 8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b46-3424-4971-ad66-4e5102de0b81",
"value": "https://www.virustotal.com/file/8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b/analysis/1459968445/",
"Tag": [
{
"colour": "#77d500",
"local": false,
"name": "malware_classification:payload-classification=\"dropper\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: 369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b47-c244-412d-9885-48d102de0b81",
"value": "26f2fdfef16407781fbec0ba09f6347f0aacde43",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: 369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b47-8e80-42c6-a364-417102de0b81",
"value": "a7ea075b7b3ae7a795df520db52242db",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: 369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b48-53d4-4dc6-830a-4cd902de0b81",
"value": "https://www.virustotal.com/file/369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015/analysis/1476869912/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: 8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b49-5230-4a3b-83f5-44fb02de0b81",
"value": "0ff6213496d4b1859a5ae332368a3f0a1c508373",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: 8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b4a-a9d8-4b0d-9e6a-494d02de0b81",
"value": "c9732aab519274f6c0c5d7e0ecf909a7",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: 8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b4b-2d64-4d52-9c30-43ef02de0b81",
"value": "https://www.virustotal.com/file/8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396/analysis/1482732652/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b4b-941c-4ed4-a8c9-400402de0b81",
"value": "f99523c35acce33b3be591dff08e14ea585267c6",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b4c-a7f4-45d2-ac57-419f02de0b81",
"value": "db5a5de95b1badcdbb518b77e947f2ab",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b4d-4724-4bcf-ba92-479302de0b81",
"value": "https://www.virustotal.com/file/bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d/analysis/1475875168/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b4e-a898-4636-ade4-419d02de0b81",
"value": "1d1d37b9a1c35f8e352abe33af5164e61fb61f29",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b4f-b374-4554-bbdc-494f02de0b81",
"value": "c0ad63a680fbdc75d54b270cbedb4739",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 32-bit Backdoors - Xchecked via VT: fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b4f-5a68-4ab7-b7f4-467502de0b81",
"value": "https://www.virustotal.com/file/fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7/analysis/1475793989/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b50-5a10-418a-bb7a-46c802de0b81",
"value": "e2a9b047b771987c2656afa16c4aadf01d042aa6",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b51-2bc4-4db8-a700-413f02de0b81",
"value": "eafe79709f6cb5e4334a549bb278f123",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b52-393c-44c6-b8f2-473f02de0b81",
"value": "https://www.virustotal.com/file/04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423/analysis/1486664916/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b53-91f4-45fa-9a21-448602de0b81",
"value": "7c67a29928cb62fca61c830e90a965dafef40cd0",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b53-fb78-4492-a9ce-48d802de0b81",
"value": "f34276afaa1071f4c9610b451b5862b6",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b54-55c4-4995-a656-4c7802de0b81",
"value": "https://www.virustotal.com/file/37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b/analysis/1437552747/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b55-9bbc-4f13-a90a-4b5002de0b81",
"value": "5994a7027f5753cf025d5ec1e9a2d6374f587795",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b56-1054-4679-8be5-479f02de0b81",
"value": "8f8f1819f8844157e80b9f3aba3f6bcf",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b57-0914-4e84-b00a-407a02de0b81",
"value": "https://www.virustotal.com/file/434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836/analysis/1438116372/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b58-43b0-42bd-b8aa-44bb02de0b81",
"value": "a29e65c644c827a8f0be61f8a5a58d6e2feeacf5",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b58-b648-47b8-8408-4b3d02de0b81",
"value": "e13a072c13c546179be752c4aca9efa6",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b59-5294-4bdb-903e-490202de0b81",
"value": "https://www.virustotal.com/file/50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0/analysis/1485840922/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b5a-b58c-4dfe-9032-47ab02de0b81",
"value": "21d9298202fc35dbf2861838a9bbf6709d5bdae8",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b5b-2b24-46a4-a51d-471e02de0b81",
"value": "c78d2b6c855db963dd01d4659f8ca8ea",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b5c-a6c4-4504-b5c8-4af102de0b81",
"value": "https://www.virustotal.com/file/5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b/analysis/1466392954/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b5d-3758-4ed0-b8de-4fc102de0b81",
"value": "8bc0bfa58d13a3c5c043823439047f4bbf78211e",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b5e-7550-44a4-87ff-46cf02de0b81",
"value": "d95706b6a189358e7a748112cb644250",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b5e-f25c-4fd8-a7e8-49a802de0b81",
"value": "https://www.virustotal.com/file/82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa/analysis/1486719218/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b5f-6198-43fd-a10e-471802de0b81",
"value": "04e107941935f17c7fd51d493752732d813d4b0f",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b60-f6c0-40d8-86e7-416802de0b81",
"value": "7889a9a86d8b8145794e4b0e30d4d8ff",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b61-6660-4cd0-8a44-498702de0b81",
"value": "https://www.virustotal.com/file/a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc/analysis/1485788774/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b62-5368-404b-8f2b-484902de0b81",
"value": "87c11159c993c410b06a5be5c6748d6db0c54109",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b63-0af0-4e28-8645-465f02de0b81",
"value": "4b32f28adc3675401ba548dcaed7058b",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b63-0a24-4980-a0fa-45b602de0b81",
"value": "https://www.virustotal.com/file/d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad/analysis/1486716680/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "sha1",
"uuid": "589d8b64-36f0-4f93-b645-419002de0b81",
"value": "17f668e899a3523bf88f633bbffcab0df63344be",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": true,
"type": "md5",
"uuid": "589d8b65-abf0-4ff7-8864-471d02de0b81",
"value": "311d93ce6860777da29a46b83c1b06ec",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721672",
"to_ids": false,
"type": "link",
"uuid": "589d8b66-1748-47d5-b68a-456202de0b81",
"value": "https://www.virustotal.com/file/e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720/analysis/1475794860/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: 5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721694",
"to_ids": false,
"type": "link",
"uuid": "589d929e-5bac-4221-8d0d-4da402de0b81",
"value": "https://www.virustotal.com/file/5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b/analysis/1486720042/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "StreamEx 64-Bit Backdoors - Xchecked via VT: e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720",
"deleted": false,
"disable_correlation": false,
"timestamp": "1486721696",
"to_ids": false,
"type": "link",
"uuid": "589d92a0-9f28-4003-8495-47a402de0b81",
"value": "https://www.virustotal.com/file/e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720/analysis/1486721124/",
"Tag": [
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink