926 lines
No EOL
36 KiB
JSON
926 lines
No EOL
36 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-05-21",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two",
|
|
"publish_timestamp": "1495353273",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1495353225",
|
|
"uuid": "592144d2-9100-4405-b018-4fd902de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#790097",
|
|
"local": false,
|
|
"name": "ms-caro-malware:malware-platform=\"Win64\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592144dc-42e8-4149-97a3-4fbb02de0b81",
|
|
"value": "https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "592144eb-a280-449c-97ba-4d3702de0b81",
|
|
"value": "Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two.\r\n\r\nThe worm's existence first came to light on Wednesday, after it infected the SMB honeypot of Miroslav Stampar, member of the Croatian Government CERT, and creator of the sqlmap tool used for detecting and exploiting SQL injection flaws.\r\n\r\nEternalRocks uses seven NSA tools\r\nThe worm, which Stampar named EternalRocks based on worm executable properties found in one sample, works by using six SMB-centric NSA tools to infect a computer with SMB ports exposed online. These are ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY, which are SMB exploits used to compromise vulnerable computers, while SMBTOUCH and ARCHITOUCH are two NSA tools used for SMB reconnaissance operations.\r\n\r\nOnce the worm has obtained this initial foothold, it then uses another NSA tool, DOUBLEPULSAR, to propagate to new vulnerable machines.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59214509-454c-474d-bacf-443802de0b81",
|
|
"value": "https://github.com/stamparm/EternalRocks/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "mutex",
|
|
"uuid": "59214567-aa10-4200-a3c7-4b8502de0b81",
|
|
"value": "{8F6F00C4-B901-45fd-08CF-72FDEFF}"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "mutex",
|
|
"uuid": "59214568-9d58-416f-b034-474502de0b81",
|
|
"value": "{8F6F0AC4-B9A1-45fd-A8CF-72FDEFF}"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "mutex",
|
|
"uuid": "59214568-7a90-4544-b7e3-4e8c02de0b81",
|
|
"value": "20b70e57-1c2e-4de9-99e5-69f369006912"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (captured)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458c-c068-44cd-94de-499302de0b81",
|
|
"value": "e049d8f69ddee0c2d360c27b98fa9e61b7202bb0d3884dd3ca63f8aa288422dc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5921458c-5bd4-4aad-ac0d-4edd02de0b81",
|
|
"value": "UpdateInstaller.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458d-69e0-4865-ae74-4be902de0b81",
|
|
"value": "1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458d-6d7c-4955-bfe8-462902de0b81",
|
|
"value": "64442cceb7d618e70c62d461cfaafdb8e653b8d98ac4765a6b3d8fd1ea3bce15"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458e-dbc4-4695-88d6-4c3002de0b81",
|
|
"value": "94189147ba9749fd0f184fe94b345b7385348361480360a59f12adf477f61c97"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458e-4f3c-48a3-906f-44b602de0b81",
|
|
"value": "9bd32162e0a50f8661fd19e3b26ff65868ab5ea636916bd54c244b0148bd9c1b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458f-f984-4709-b3c4-465c02de0b81",
|
|
"value": "a7c387b4929f51e38706d8b0f8641e032253b07bc2869a450dfa3df5663d7392"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5921458f-4f50-4859-a4f3-4a6b02de0b81",
|
|
"value": "ad8965e531424cb34120bf0c1b4b98d4ab769bed534d9a36583364e9572332fa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59214590-96e4-4e1a-8211-4de102de0b81",
|
|
"value": "b2ca4093b2e0271cb7a3230118843fccc094e0160a0968994ed9f10c8702d867"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59214590-48c0-4936-85b3-45bc02de0b81",
|
|
"value": "c999bf5da5ea3960408d3cba154f965d3436b497ac9d4959b412bfcd956c8491"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59214591-83c8-44cd-bb90-4ccb02de0b81",
|
|
"value": "d43c10a2c983049d4a32487ab1e8fe7727646052228554e0112f6651f4833d2c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59214591-bee4-4a98-ba15-46eb02de0b81",
|
|
"value": "d86af736644e20e62807f03c49f4d0ad7de9cbd0723049f34ec79f8c7308fdd5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59214592-c22c-4c34-bc20-407602de0b81",
|
|
"value": "fc75410aa8f76154f5ae8fe035b9a13c76f6e132077346101a0d673ed9f3a0dd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# taskhost.exe (captured)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "592145ba-0934-4078-86f7-44cb02de0b81",
|
|
"value": "cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# taskhost.exe (variant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "592145ba-0978-4a0e-b799-461102de0b81",
|
|
"value": "a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# shadowbrokers.zip (exploits)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "592145bb-e7f8-4ba7-90e6-487a02de0b81",
|
|
"value": "70ec0e2b6f9ff88b54618a5f7fbd55b383cf62f8e7c3795c25e2f613bfddf45d"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "592145de-8f1c-47bd-9d64-4b0a02de0b81",
|
|
"value": "ubgdgno5eswkhmpy.onion"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Debug strings",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "pattern-in-file",
|
|
"uuid": "59214605-2fa4-41ad-9301-40b502de0b81",
|
|
"value": "%PROGRAMFILES%\\(x86)\\Microsoft Visual Studio\\VB98\\VB6.OLB"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Debug strings",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "pattern-in-file",
|
|
"uuid": "59214606-b5fc-4f4b-bdbf-484f02de0b81",
|
|
"value": "%USERPROFILE%\\Documents\\DownLoader\\Project1.vbp"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Debug strings",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "pattern-in-file",
|
|
"uuid": "59214606-2d44-4445-8469-400d02de0b81",
|
|
"value": "%USERPROFILE%\\Documents\\TorUnzip\\Project1.vbp"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Debug strings",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "pattern-in-file",
|
|
"uuid": "59214606-c884-4c98-8672-4b3402de0b81",
|
|
"value": "%USERPROFILE%\\Documents\\Visual Studio 2015\\Projects\\MicroBotMassiveNet\\taskhost\\obj\\x86\\Debug\\taskhost.pdb"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Debug strings",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "pattern-in-file",
|
|
"uuid": "59214607-0ae4-4de2-b171-46ce02de0b81",
|
|
"value": "%USERPROFILE%\\Documents\\Visual Studio 2015\\Projects\\WindowsServices\\svchost\\bin\\svchost.pdb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Network traffic capture (PCAP)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5921462e-a604-4be3-85a9-472a02de0b81",
|
|
"value": "https://raw.githubusercontent.com/stamparm/EternalRocks/master/misc/exploitation.pcap"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Decompilation of an older sample - 1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59214647-9828-44af-bab7-434002de0b81",
|
|
"value": "https://raw.githubusercontent.com/stamparm/EternalRocks/master/misc/svchost.7z"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "# older (VB6) variants of UpdateInstaller.exe",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "imphash",
|
|
"uuid": "5921465f-ec80-4d55-862b-497a02de0b81",
|
|
"value": "8ef751c540fdc6962ddc6799f35a907c"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "59214676-e704-412d-b4db-451202de0b81",
|
|
"value": "%PROGRAMFILES%\\Microsoft Updates\\"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "windows-scheduled-task",
|
|
"uuid": "59214697-2604-4d4d-8336-406402de0b81",
|
|
"value": "ServiceHost"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353225",
|
|
"to_ids": false,
|
|
"type": "windows-scheduled-task",
|
|
"uuid": "59214697-11bc-4454-adf2-4c6502de0b81",
|
|
"value": "TaskHost"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# shadowbrokers.zip (exploits) - Xchecked via VT: 70ec0e2b6f9ff88b54618a5f7fbd55b383cf62f8e7c3795c25e2f613bfddf45d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353240",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59214798-f018-439b-aea9-4c7f02de0b81",
|
|
"value": "d553d55d3a9d99453550c9493468db663e0af4ec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# shadowbrokers.zip (exploits) - Xchecked via VT: 70ec0e2b6f9ff88b54618a5f7fbd55b383cf62f8e7c3795c25e2f613bfddf45d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353240",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59214798-7234-4525-8617-4ed202de0b81",
|
|
"value": "6fdbee99dc99a63ac6a5809450d55ad5"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "# shadowbrokers.zip (exploits) - Xchecked via VT: 70ec0e2b6f9ff88b54618a5f7fbd55b383cf62f8e7c3795c25e2f613bfddf45d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353241",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59214799-3164-4fc4-a193-416e02de0b81",
|
|
"value": "https://www.virustotal.com/file/70ec0e2b6f9ff88b54618a5f7fbd55b383cf62f8e7c3795c25e2f613bfddf45d/analysis/1495120618/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# taskhost.exe (variant) - Xchecked via VT: a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353241",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59214799-da18-4be2-a503-42d602de0b81",
|
|
"value": "e8b40f35af4d5bb24d73faa5a4babb86191b5310"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# taskhost.exe (variant) - Xchecked via VT: a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353241",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59214799-35f8-4858-a660-46ef02de0b81",
|
|
"value": "198f27f5ab972bfd99e89802e40d6ba7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "# taskhost.exe (variant) - Xchecked via VT: a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353242",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5921479a-3a84-4b4d-88c8-410d02de0b81",
|
|
"value": "https://www.virustotal.com/file/a77c61e86bc69fdc909560bb7a0fa1dd61ee6c86afceb9ea17462a97e7114ab0/analysis/1495206561/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# taskhost.exe (captured) - Xchecked via VT: cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353242",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5921479a-9534-40ba-9010-44c602de0b81",
|
|
"value": "8a2cfe220eebde096c17266f1ba597a1065211ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "# taskhost.exe (captured) - Xchecked via VT: cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353243",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5921479b-4544-4031-97b3-408002de0b81",
|
|
"value": "c52f20a854efb013a0a1248fd84aaa95"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "# taskhost.exe (captured) - Xchecked via VT: cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353243",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5921479b-6fd0-4131-ba06-4fd302de0b81",
|
|
"value": "https://www.virustotal.com/file/cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30/analysis/1495334571/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: fc75410aa8f76154f5ae8fe035b9a13c76f6e132077346101a0d673ed9f3a0dd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353243",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5921479b-3d7c-4620-878e-4f3c02de0b81",
|
|
"value": "7ffc0e123e6111e558fb99844d3b317694e419b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: fc75410aa8f76154f5ae8fe035b9a13c76f6e132077346101a0d673ed9f3a0dd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353244",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5921479c-7c70-4d05-bb56-4f9302de0b81",
|
|
"value": "5e8e046cb09f73b1e02aa4ac69c5765e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: fc75410aa8f76154f5ae8fe035b9a13c76f6e132077346101a0d673ed9f3a0dd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353244",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5921479c-47fc-4946-a54c-410d02de0b81",
|
|
"value": "https://www.virustotal.com/file/fc75410aa8f76154f5ae8fe035b9a13c76f6e132077346101a0d673ed9f3a0dd/analysis/1495312487/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: d86af736644e20e62807f03c49f4d0ad7de9cbd0723049f34ec79f8c7308fdd5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353244",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5921479c-bac0-4c02-883f-49ee02de0b81",
|
|
"value": "0d1535b51fd21a976a9c1184a56fbde4592a0f8f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: d86af736644e20e62807f03c49f4d0ad7de9cbd0723049f34ec79f8c7308fdd5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353245",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5921479d-c6ac-43c7-b8fe-4fa702de0b81",
|
|
"value": "c0321a1a0d33cd88bb04ec0250f8e924"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: d86af736644e20e62807f03c49f4d0ad7de9cbd0723049f34ec79f8c7308fdd5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353245",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5921479d-8944-410b-b861-442a02de0b81",
|
|
"value": "https://www.virustotal.com/file/d86af736644e20e62807f03c49f4d0ad7de9cbd0723049f34ec79f8c7308fdd5/analysis/1495132402/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: d43c10a2c983049d4a32487ab1e8fe7727646052228554e0112f6651f4833d2c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353246",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5921479e-4180-4d80-a484-466802de0b81",
|
|
"value": "ae461ac186c4e42f935ff9e49408bbae47899706"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: d43c10a2c983049d4a32487ab1e8fe7727646052228554e0112f6651f4833d2c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353246",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5921479e-3174-407f-961b-4d9d02de0b81",
|
|
"value": "b61068f85f030ee23d5b33b5b0c03930"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: d43c10a2c983049d4a32487ab1e8fe7727646052228554e0112f6651f4833d2c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353246",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5921479e-52f8-4333-894c-441802de0b81",
|
|
"value": "https://www.virustotal.com/file/d43c10a2c983049d4a32487ab1e8fe7727646052228554e0112f6651f4833d2c/analysis/1495133936/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: c999bf5da5ea3960408d3cba154f965d3436b497ac9d4959b412bfcd956c8491",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353247",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5921479f-b5b4-4437-83e0-449902de0b81",
|
|
"value": "64cb5c3f2cbd238f7f1d707f99dd98713c539f11"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: c999bf5da5ea3960408d3cba154f965d3436b497ac9d4959b412bfcd956c8491",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353247",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5921479f-0ca8-445d-a6ef-4f5902de0b81",
|
|
"value": "35c29de908e04eca97b39b96b3cadc2d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: c999bf5da5ea3960408d3cba154f965d3436b497ac9d4959b412bfcd956c8491",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353248",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a0-e5dc-4358-b8a8-44da02de0b81",
|
|
"value": "https://www.virustotal.com/file/c999bf5da5ea3960408d3cba154f965d3436b497ac9d4959b412bfcd956c8491/analysis/1495319617/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: b2ca4093b2e0271cb7a3230118843fccc094e0160a0968994ed9f10c8702d867",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353248",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a0-8434-45c4-ab3a-435302de0b81",
|
|
"value": "0cc1d20c48a0ec73329fac801ef5bf212a5a8dd6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: b2ca4093b2e0271cb7a3230118843fccc094e0160a0968994ed9f10c8702d867",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353249",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a1-6984-43e2-be35-430802de0b81",
|
|
"value": "344d431a88391fc89f97f3ccf87a603e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: b2ca4093b2e0271cb7a3230118843fccc094e0160a0968994ed9f10c8702d867",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353249",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a1-b764-420e-bcf8-4e7302de0b81",
|
|
"value": "https://www.virustotal.com/file/b2ca4093b2e0271cb7a3230118843fccc094e0160a0968994ed9f10c8702d867/analysis/1495133695/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: ad8965e531424cb34120bf0c1b4b98d4ab769bed534d9a36583364e9572332fa",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353250",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a2-f2bc-4bcd-92cd-4f0102de0b81",
|
|
"value": "822db2fd78b39b49547cce2f7fb92b276c74bcef"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: ad8965e531424cb34120bf0c1b4b98d4ab769bed534d9a36583364e9572332fa",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353250",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a2-49c8-4a16-ab00-4ada02de0b81",
|
|
"value": "2d540860d91cd25cc8d61555523c76ff"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: ad8965e531424cb34120bf0c1b4b98d4ab769bed534d9a36583364e9572332fa",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353250",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a2-9c98-4a76-9053-4c3902de0b81",
|
|
"value": "https://www.virustotal.com/file/ad8965e531424cb34120bf0c1b4b98d4ab769bed534d9a36583364e9572332fa/analysis/1495132708/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: a7c387b4929f51e38706d8b0f8641e032253b07bc2869a450dfa3df5663d7392",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353251",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a3-1ed8-4ffb-86c9-421202de0b81",
|
|
"value": "7d0a8cef28518f9be8ad083dcbd719ac4c85d89c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: a7c387b4929f51e38706d8b0f8641e032253b07bc2869a450dfa3df5663d7392",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353251",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a3-1200-4f89-a06f-440202de0b81",
|
|
"value": "67ef79ee308b8625d5f20ea3e5379436"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: a7c387b4929f51e38706d8b0f8641e032253b07bc2869a450dfa3df5663d7392",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353251",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a3-3234-4995-99a3-4c8102de0b81",
|
|
"value": "https://www.virustotal.com/file/a7c387b4929f51e38706d8b0f8641e032253b07bc2869a450dfa3df5663d7392/analysis/1495116317/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 9bd32162e0a50f8661fd19e3b26ff65868ab5ea636916bd54c244b0148bd9c1b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353252",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a4-34e0-45f3-90a5-411e02de0b81",
|
|
"value": "1cbc9d531ba0e5e67a1ada95cff19bf0020f88f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 9bd32162e0a50f8661fd19e3b26ff65868ab5ea636916bd54c244b0148bd9c1b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353252",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a4-c318-4643-ba8e-4ab902de0b81",
|
|
"value": "b7cf3852a0168777f8856e6565d8fe2e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 9bd32162e0a50f8661fd19e3b26ff65868ab5ea636916bd54c244b0148bd9c1b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353253",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a5-40c0-451d-b787-42d202de0b81",
|
|
"value": "https://www.virustotal.com/file/9bd32162e0a50f8661fd19e3b26ff65868ab5ea636916bd54c244b0148bd9c1b/analysis/1495206518/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 94189147ba9749fd0f184fe94b345b7385348361480360a59f12adf477f61c97",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353253",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a5-3c38-445e-a467-414302de0b81",
|
|
"value": "f1c027679d5009da067b12af258adc8afaade178"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 94189147ba9749fd0f184fe94b345b7385348361480360a59f12adf477f61c97",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353253",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a5-9bf4-484a-8562-442f02de0b81",
|
|
"value": "496131b90f83e8278462d2dd21213646"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 94189147ba9749fd0f184fe94b345b7385348361480360a59f12adf477f61c97",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353254",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a6-3a08-4eb8-b971-475b02de0b81",
|
|
"value": "https://www.virustotal.com/file/94189147ba9749fd0f184fe94b345b7385348361480360a59f12adf477f61c97/analysis/1495116293/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 64442cceb7d618e70c62d461cfaafdb8e653b8d98ac4765a6b3d8fd1ea3bce15",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353254",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a6-09b4-45c5-9ef5-4c6802de0b81",
|
|
"value": "f57f71ae1e52f25ec9f643760551e1b6cfb9c7ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 64442cceb7d618e70c62d461cfaafdb8e653b8d98ac4765a6b3d8fd1ea3bce15",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353255",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a7-e34c-4d74-ae52-4f5202de0b81",
|
|
"value": "3771b97552810a0ed107730b718f6fe1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 64442cceb7d618e70c62d461cfaafdb8e653b8d98ac4765a6b3d8fd1ea3bce15",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353255",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a7-7f0c-4001-aec3-4e5902de0b81",
|
|
"value": "https://www.virustotal.com/file/64442cceb7d618e70c62d461cfaafdb8e653b8d98ac4765a6b3d8fd1ea3bce15/analysis/1495260898/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353255",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a7-07ac-445c-897e-44e502de0b81",
|
|
"value": "70181383eedd8e93e3ecf1c05238c928e267163d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353256",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a8-5e20-497b-91f0-4e2302de0b81",
|
|
"value": "76e94e525a2d1a350ff989d532239976"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (variant) - Xchecked via VT: 1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353256",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a8-c034-4647-aaa5-486e02de0b81",
|
|
"value": "https://www.virustotal.com/file/1ee894c0b91f3b2f836288c22ebeab44798f222f17c255f557af2260b8c6a32d/analysis/1495312044/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (captured) - Xchecked via VT: e049d8f69ddee0c2d360c27b98fa9e61b7202bb0d3884dd3ca63f8aa288422dc",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353257",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "592147a9-7998-4c9d-92b2-4d3102de0b81",
|
|
"value": "b05f2d07d0af1184066f766bc78d1b680236c1b3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "UpdateInstaller.exe (captured) - Xchecked via VT: e049d8f69ddee0c2d360c27b98fa9e61b7202bb0d3884dd3ca63f8aa288422dc",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353257",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "592147a9-5074-491b-945a-479b02de0b81",
|
|
"value": "994bd0b23cce98b86e58218b9032ffab"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "UpdateInstaller.exe (captured) - Xchecked via VT: e049d8f69ddee0c2d360c27b98fa9e61b7202bb0d3884dd3ca63f8aa288422dc",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1495353257",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "592147a9-e100-4719-b4d7-4f2e02de0b81",
|
|
"value": "https://www.virustotal.com/file/e049d8f69ddee0c2d360c27b98fa9e61b7202bb0d3884dd3ca63f8aa288422dc/analysis/1495348433/"
|
|
}
|
|
]
|
|
}
|
|
} |