656 lines
No EOL
25 KiB
JSON
656 lines
No EOL
25 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-10-05",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - FreeMilk: A Highly Targeted Spear Phishing Campaign",
|
|
"publish_timestamp": "1507283587",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1507283579",
|
|
"uuid": "59d68cfe-723c-4b5e-b737-fbfd02de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68d30-fef8-46e2-8299-4c2b02de0b81",
|
|
"value": "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "59d68d50-3d28-4831-8b96-fbfd02de0b81",
|
|
"value": "In May 2017, Palo Alto Networks Unit 42 identified a limited spear phishing campaign targeting various individuals across the world. The threat actor leveraged the CVE-2017-0199 Microsoft Word Office/WordPad Remote Code Execution Vulnerability with carefully crafted decoy content customized for each target recipient. Our research showed that the spear phishing emails came from multiple compromised email accounts tied to a legitimate domain in North East Asia. We believe that the threat actor hijacked an existing, legitimate in-progress conversation and posed as the legitimate senders to send malicious spear phishing emails to the recipients",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "JavaScript to extract and run the payload",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68def-93ac-417a-95dd-400802de0b81",
|
|
"value": "1893af524edea4541c317df288adbf17ae4fcc3a30d403331eae541281c71a3c"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59d68def-76dc-4ac8-8b0b-444802de0b81",
|
|
"value": "http://old.jrchina.com/btob_asiana/udel_ok.ipp"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Fake image extracts to Freenki downloader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68def-e5ec-416b-8650-45e502de0b81",
|
|
"value": "64ef80e7639c8c5dddf239883617e6740c6b3589f995d11314d36ab64fcfc54c"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59d68def-89dc-4632-8c84-4dfc02de0b81",
|
|
"value": "http://old.jrchina.com/btob_asiana/appach01.jpg"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68def-84a8-4265-94ec-49dd02de0b81",
|
|
"value": "7f35521cdbaa4e86143656ff9c52cef8d1e5e5f8245860c205364138f82c54df"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "PoohMilk loader",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68def-6160-4073-8635-4de102de0b81",
|
|
"value": "40572e1fc37f4376fdb2a33a6c376631ff7bc00b1e64538a0385bc1e09a85574"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68def-3968-412f-82f1-4f8602de0b81",
|
|
"value": "35273d6c25665a19ac14d469e1436223202be655ee19b5b247cb1afef626c9f2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "vulnerability",
|
|
"uuid": "59d68e21-a364-43f8-b09e-421402de0b81",
|
|
"value": "CVE-2017-0199"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Windows-KB276133-x86.exe",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ea6-7d58-426b-8637-403a02de0b81",
|
|
"value": "1163da8c37ad9ba98d59b921ba8cf8e54bfc1282712cf754f4ff82b63f8e6027"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Windows-KB251952-x86.exe",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507283579",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ea6-6038-4f14-b78f-42c102de0b81",
|
|
"value": "ba5905c2fe46bd6734973139e759ba405fd193c2342dfcac396e9d529b57821b",
|
|
"Tag": [
|
|
{
|
|
"colour": "#3a7300",
|
|
"local": false,
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "http://www.ethanpublishing.com/ethanpublishing/phpcms/templates/default/member/pub/jquery_min_2.2.6.js",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ecc-8668-4775-8992-fbfd02de0b81",
|
|
"value": "99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ef1-2558-4156-a0b7-7ed002de0b81",
|
|
"value": "a50543919c52ccaea40155ce35aa791bc86bd634240fb51922827223aca5c88a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ef1-ba78-4aec-8fd4-7ed002de0b81",
|
|
"value": "201b876bcb97f6c8972cc677bdf1e3e2b2f069ae2ec4653db8af4797884efa30"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ef1-5fe8-475f-a18e-7ed002de0b81",
|
|
"value": "0f82ea2f92c7e906ee9ffbbd8212be6a8545b9bb0200eda09cce0ba9d7cb1313"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ef1-8a9c-40fa-96f0-7ed002de0b81",
|
|
"value": "34478d6692f8c28332751b31fd695b799d4ab36a8c12f7b728e2cb99ae2efcd9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59d68ef1-cd70-4af0-81f9-7ed002de0b81",
|
|
"value": "ef40f7ddff404d1193e025081780e32f88883fa4dd496f4189084d772a435cb2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59d68ef1-a150-4d30-a712-7ed002de0b81",
|
|
"value": "old.jrchina.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59d68ef1-0b54-4ac7-a770-7ed002de0b81",
|
|
"value": "foodforu.heliohost.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59d68ef1-053c-4ed0-962d-7ed002de0b81",
|
|
"value": "www.ethanpublishing.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "59d68ef1-3c14-42eb-bad5-7ed002de0b81",
|
|
"value": "discgolfglow.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: ef40f7ddff404d1193e025081780e32f88883fa4dd496f4189084d772a435cb2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-6028-4934-8183-4cf702de0b81",
|
|
"value": "67cd2e35fd6e06afe80724f53effabbfdf80349b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: ef40f7ddff404d1193e025081780e32f88883fa4dd496f4189084d772a435cb2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-2850-481e-8d9c-43bf02de0b81",
|
|
"value": "9f022df0bcfded9377baf4da1fbe7b8c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: ef40f7ddff404d1193e025081780e32f88883fa4dd496f4189084d772a435cb2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-0658-420d-954b-4adf02de0b81",
|
|
"value": "https://www.virustotal.com/file/ef40f7ddff404d1193e025081780e32f88883fa4dd496f4189084d772a435cb2/analysis/1507220836/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 34478d6692f8c28332751b31fd695b799d4ab36a8c12f7b728e2cb99ae2efcd9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-2664-4f17-a556-455502de0b81",
|
|
"value": "f374436ec085e8bb254c3bf42d0dc84536cc4a90"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 34478d6692f8c28332751b31fd695b799d4ab36a8c12f7b728e2cb99ae2efcd9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-2e9c-4f28-9978-4ee302de0b81",
|
|
"value": "36ab73294dbbcdfe2554c5e29544de24"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 34478d6692f8c28332751b31fd695b799d4ab36a8c12f7b728e2cb99ae2efcd9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-ffc0-4f55-a249-475b02de0b81",
|
|
"value": "https://www.virustotal.com/file/34478d6692f8c28332751b31fd695b799d4ab36a8c12f7b728e2cb99ae2efcd9/analysis/1507217555/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 0f82ea2f92c7e906ee9ffbbd8212be6a8545b9bb0200eda09cce0ba9d7cb1313",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-00f0-49aa-8d6f-4f0102de0b81",
|
|
"value": "419a86472fa374a333fd616152a4e1c2e94e8c8d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 0f82ea2f92c7e906ee9ffbbd8212be6a8545b9bb0200eda09cce0ba9d7cb1313",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-0f68-4dcb-a9f9-478d02de0b81",
|
|
"value": "fed4b7096553965a07e0f340494889fe"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 0f82ea2f92c7e906ee9ffbbd8212be6a8545b9bb0200eda09cce0ba9d7cb1313",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-1868-461e-bcf3-4e7502de0b81",
|
|
"value": "https://www.virustotal.com/file/0f82ea2f92c7e906ee9ffbbd8212be6a8545b9bb0200eda09cce0ba9d7cb1313/analysis/1507217556/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 201b876bcb97f6c8972cc677bdf1e3e2b2f069ae2ec4653db8af4797884efa30",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-4238-455f-9053-4ffb02de0b81",
|
|
"value": "ad6fb28bd1eb1b992982648f0e78874e14e7b4ba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 201b876bcb97f6c8972cc677bdf1e3e2b2f069ae2ec4653db8af4797884efa30",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-b6c8-4ecd-85ab-4d5e02de0b81",
|
|
"value": "53fb994908b72067bc3d2f6f93c0de7d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 201b876bcb97f6c8972cc677bdf1e3e2b2f069ae2ec4653db8af4797884efa30",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-a048-4780-96ff-4d9302de0b81",
|
|
"value": "https://www.virustotal.com/file/201b876bcb97f6c8972cc677bdf1e3e2b2f069ae2ec4653db8af4797884efa30/analysis/1506334002/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: a50543919c52ccaea40155ce35aa791bc86bd634240fb51922827223aca5c88a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-83c8-41c6-8060-4ba402de0b81",
|
|
"value": "abe2753ea8c2c54163703c4a3ca86ae25a0ce780"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: a50543919c52ccaea40155ce35aa791bc86bd634240fb51922827223aca5c88a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-9ec0-4be5-995a-4d2d02de0b81",
|
|
"value": "321461c22c742328af1feb27a7c1c8e0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: a50543919c52ccaea40155ce35aa791bc86bd634240fb51922827223aca5c88a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-9c6c-46b1-80d4-45ff02de0b81",
|
|
"value": "https://www.virustotal.com/file/a50543919c52ccaea40155ce35aa791bc86bd634240fb51922827223aca5c88a/analysis/1507233005/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "http://www.ethanpublishing.com/ethanpublishing/phpcms/templates/default/member/pub/jquery_min_2.2.6.js - Xchecked via VT: 99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-a88c-4685-9964-43cd02de0b81",
|
|
"value": "f7fcadc8c71752ce5d47af1e8069069cc70e6e27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "http://www.ethanpublishing.com/ethanpublishing/phpcms/templates/default/member/pub/jquery_min_2.2.6.js - Xchecked via VT: 99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-c834-4724-8322-4b4b02de0b81",
|
|
"value": "6c668fd6a98f0659abc54d88c1db209e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "http://www.ethanpublishing.com/ethanpublishing/phpcms/templates/default/member/pub/jquery_min_2.2.6.js - Xchecked via VT: 99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-a574-409c-979d-4d0402de0b81",
|
|
"value": "https://www.virustotal.com/file/99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5/analysis/1507217555/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 35273d6c25665a19ac14d469e1436223202be655ee19b5b247cb1afef626c9f2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-ec2c-4ac1-bacb-489e02de0b81",
|
|
"value": "011604ce0e46229ece8d9266d69d0e68d5931e72"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 35273d6c25665a19ac14d469e1436223202be655ee19b5b247cb1afef626c9f2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-a5e0-43e2-a403-4b1a02de0b81",
|
|
"value": "237ff78e9d8c9407f89563cb696c2539"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 35273d6c25665a19ac14d469e1436223202be655ee19b5b247cb1afef626c9f2",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-d1a4-4ab2-a2cb-473c02de0b81",
|
|
"value": "https://www.virustotal.com/file/35273d6c25665a19ac14d469e1436223202be655ee19b5b247cb1afef626c9f2/analysis/1496397207/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "PoohMilk loader - Xchecked via VT: 40572e1fc37f4376fdb2a33a6c376631ff7bc00b1e64538a0385bc1e09a85574",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-9710-4f62-95af-44b002de0b81",
|
|
"value": "aa84276ca9a6ad2f644f927cc14c9bff09595d92"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "PoohMilk loader - Xchecked via VT: 40572e1fc37f4376fdb2a33a6c376631ff7bc00b1e64538a0385bc1e09a85574",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-c400-4825-bc49-456702de0b81",
|
|
"value": "f5cae9fcc8bad42b3dddb71ce68dbd92"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "PoohMilk loader - Xchecked via VT: 40572e1fc37f4376fdb2a33a6c376631ff7bc00b1e64538a0385bc1e09a85574",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-0d10-4f4f-859c-470a02de0b81",
|
|
"value": "https://www.virustotal.com/file/40572e1fc37f4376fdb2a33a6c376631ff7bc00b1e64538a0385bc1e09a85574/analysis/1503367656/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 7f35521cdbaa4e86143656ff9c52cef8d1e5e5f8245860c205364138f82c54df",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-5044-4612-a378-484802de0b81",
|
|
"value": "0f97d50ca513c6899204b59d594a0537a14aa81f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 7f35521cdbaa4e86143656ff9c52cef8d1e5e5f8245860c205364138f82c54df",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-4eb8-4a29-8339-40b802de0b81",
|
|
"value": "f5463cd95632706cd7823bfea8fc118c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 7f35521cdbaa4e86143656ff9c52cef8d1e5e5f8245860c205364138f82c54df",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-630c-481b-b4fb-4cdc02de0b81",
|
|
"value": "https://www.virustotal.com/file/7f35521cdbaa4e86143656ff9c52cef8d1e5e5f8245860c205364138f82c54df/analysis/1502302846/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Fake image extracts to Freenki downloader - Xchecked via VT: 64ef80e7639c8c5dddf239883617e6740c6b3589f995d11314d36ab64fcfc54c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-c38c-4a45-98f7-462b02de0b81",
|
|
"value": "5bb865a0518862c9b47e678446e9968b8e2d0bed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Fake image extracts to Freenki downloader - Xchecked via VT: 64ef80e7639c8c5dddf239883617e6740c6b3589f995d11314d36ab64fcfc54c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-ed5c-4691-a55d-489802de0b81",
|
|
"value": "7c2ebfc7960aac6f8d58b37e3f092a9c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Fake image extracts to Freenki downloader - Xchecked via VT: 64ef80e7639c8c5dddf239883617e6740c6b3589f995d11314d36ab64fcfc54c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-bcf0-4ab9-8041-447502de0b81",
|
|
"value": "https://www.virustotal.com/file/64ef80e7639c8c5dddf239883617e6740c6b3589f995d11314d36ab64fcfc54c/analysis/1502714265/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "JavaScript to extract and run the payload - Xchecked via VT: 1893af524edea4541c317df288adbf17ae4fcc3a30d403331eae541281c71a3c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59d68f38-f18c-4d90-8c81-462102de0b81",
|
|
"value": "73f84a1bfb63c06c43d570dd6fd0f08b14c2b7c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "JavaScript to extract and run the payload - Xchecked via VT: 1893af524edea4541c317df288adbf17ae4fcc3a30d403331eae541281c71a3c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59d68f38-5da0-4303-ae0c-408a02de0b81",
|
|
"value": "ab4596f26b25730fbc9dc41e629980f1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "JavaScript to extract and run the payload - Xchecked via VT: 1893af524edea4541c317df288adbf17ae4fcc3a30d403331eae541281c71a3c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507233592",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59d68f38-f7b0-4bcf-bf68-414702de0b81",
|
|
"value": "https://www.virustotal.com/file/1893af524edea4541c317df288adbf17ae4fcc3a30d403331eae541281c71a3c/analysis/1502714265/"
|
|
}
|
|
]
|
|
}
|
|
} |