1914 lines
No EOL
72 KiB
JSON
1914 lines
No EOL
72 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-09-18",
|
|
"extends_uuid": "",
|
|
"info": "OSINT In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia by ProofPoint",
|
|
"publish_timestamp": "1442836087",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1442836055",
|
|
"uuid": "55fc725a-6828-4ffe-a197-4e6f950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442607726",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55fc726e-9464-4fef-88b6-53e7950d210b",
|
|
"value": "https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829515",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cb-fc90-4a9e-b5ef-d385950d210b",
|
|
"value": "\u00d0\u00a1\u00d0\u0153\u00d0\u02dc -\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d1\u2021\u00d0\u00b5\u00d1\u201a \u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d1\u0081\u00d1\u2039\u00d0\u00bb\u00d0\u00ba\u00d0\u00b8 \u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9.scr"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829516",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cc-3f14-47c9-a918-d385950d210b",
|
|
"value": "\u00d0\u2019 \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 \u00d1\u0081\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b8\u00d1\u20ac\u00d0\u00be\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b0 \u00d0\u00bb\u00d0\u00b5\u00d0\u00b3\u00d0\u00b5\u00d0\u00bd\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d0\u00bd\u00d0\u00b0\u00d1\u008f 6-\u00d1\u008f \u00d0\u203a\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00bd\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00b4\u00d1\u0081\u00d0\u00ba\u00d0\u00b0\u00d1\u008f \u00d0\u00b0\u00d1\u20ac\u00d0\u00bc\u00d0\u00b8\u00d1\u008f \u00d0\u2019\u00d0\u2019\u00d0\u00a1 \u00d0\u00b8 \u00d0\u0178\u00d0\u2019\u00d0\u017e.scr"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829516",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cc-d6b0-4eb2-b4ef-d385950d210b",
|
|
"value": "\u00d0\u00a1\u00d0\u00b0\u00d0\u00bc\u00d0\u00b0\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d1\u2030\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d1\u008f\u00d0\u00b4\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d0\u00b1\u00d0\u00be\u00d0\u00bc\u00d0\u00b1\u00d0\u00b0 \u00d0\u00b2 \u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d0\u00b8.scr"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829516",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cc-9988-4b94-a123-d385950d210b",
|
|
"value": "\u00d0\u0178\u00d0\u00b0\u00d0\u00bc\u00d1\u008f\u00d1\u201a\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bc\u00d0\u00b5\u00d1\u20ac\u00d0\u00be\u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d1\u008f\u00d1\u201a\u00d0\u00b8\u00d1\u008f, \u00d0\u00b2 \u00d1\u0081\u00d0\u00b2\u00d1\u008f\u00d0\u00b7\u00d0\u00b8 \u00d1\u0081 15-\u00d0\u00bb\u00d0\u00b5\u00d1\u201a\u00d0\u00b8\u00d0\u00b5\u00d0\u00bc \u00d0\u00b3\u00d0\u00b8\u00d0\u00b1\u00d0\u00b5\u00d0\u00bb\u00d0\u00b8 \u00d0\u0090\u00d0\u0178\u00d0\u00a0\u00d0\u0161 \u00c2\u00ab\u00d0\u0161\u00d1\u0192\u00d1\u20ac\u00d1\u0081\u00d0\u00ba\u00c2\u00bb.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829517",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cd-1834-406c-af56-d385950d210b",
|
|
"value": "\u00d0\u00a1\u00d0\u0153\u00d0\u02dc.scr"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829517",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cd-94ec-4156-a850-d385950d210b",
|
|
"value": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00b4\u00d1\u0192\u00d1\u02c6\u00d0\u00bd\u00d0\u00be-\u00d0\u00ba\u00d0\u00be\u00d1\u0081\u00d0\u00bc\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00b8\u00d0\u00b5 \u00d1\u0081\u00d0\u00b8\u00d0\u00bb\u00d1\u2039 \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b7\u00d0\u00b0\u00d1\u0081\u00d1\u201a\u00d1\u0192\u00d0\u00bf\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8 \u00d0\u00bd\u00d0\u00b0 \u00d0\u00b1\u00d0\u00be\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b5 \u00d0\u00b4\u00d0\u00b5\u00d0\u00b6\u00d1\u0192\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00be.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829517",
|
|
"to_ids": true,
|
|
"type": "email-attachment",
|
|
"uuid": "55ffd4cd-b4c0-433b-9638-d385950d210b",
|
|
"value": "11.08.2015.scr"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "rar",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829554",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffd4f2-001c-4e90-ab45-d52c950d210b",
|
|
"value": "71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "rar - Xchecked via VT: 71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829585",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffd511-4178-4679-ad74-d987950d210b",
|
|
"value": "bcb8f0c695ee188ebc881d28295789911f3e636b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "rar - Xchecked via VT: 71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829586",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffd512-5484-47d5-a31c-d987950d210b",
|
|
"value": "2e0262bb45fa553cc3929b4cc32e7581"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829586",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffd512-8a6c-4d41-b629-d987950d210b",
|
|
"value": "https://www.virustotal.com/file/71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c/analysis/1442670814/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829603",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "55ffd523-3214-4945-b6ad-d385950d210b",
|
|
"value": "PlugX"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829625",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "55ffd539-1c08-4fd0-aaa5-d99a950d210b",
|
|
"value": "Proofpoint researchers recently observed a campaign targeting telecom and military in Russia. Beginning in July 2015 (and possibly earlier), the attack continued into August and is currently ongoing. As a part of this campaign, we also observed attacks on Russian-speaking financial analysts working at global financial firms and covering telecom corporations in Russia, likely a result of collateral damage caused by the attackers targeting tactics. \r\n\r\nThe attacks employed PlugX, a Remote Access Trojan (RAT) widely used in targeted attacks. Proofpoint is tracking this attacker, believed to operate out of China, as TA459 . This same attacker is also reported to have targeted various military installations in Central Asia in the past [1]. While the current campaign from this attacker has been active for a couple of months, there is evidence of activity by this attacker as far back as 2013, employing other backdoors such as Saker, Netbot and DarkStRat .\r\n\r\nThe attacks seen in the current campaign involved spear-phishing emails that employ both exploit-laden Microsoft Word document attachments, as well as links leading to RAR archives. The email contents, filenames and decoy are all usually in Russian."
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "LTE-2600.doc",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829662",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffd55e-e4f4-4c5a-8759-da8a950d210b",
|
|
"value": "6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "LTE-2600.doc - Xchecked via VT: 6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829670",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffd566-cd84-42d3-b442-c40e950d210b",
|
|
"value": "08db4b8dc7c18133851774d687a9d2bcb993bffa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "LTE-2600.doc - Xchecked via VT: 6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829670",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffd566-6844-4203-8b0e-c40e950d210b",
|
|
"value": "7048add2873b08a9693a60135f978686"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829671",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffd567-f040-4091-9220-c40e950d210b",
|
|
"value": "https://www.virustotal.com/file/6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081/analysis/1442639599/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829689",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "55ffd579-a434-408b-bb08-d52d950d210b",
|
|
"value": "TA459"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829743",
|
|
"to_ids": false,
|
|
"type": "vulnerability",
|
|
"uuid": "55ffd5af-bc14-420a-8294-dbb7950d210b",
|
|
"value": "CVE-2012-0158"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829785",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffd5d9-12fc-4469-af47-d982950d210b",
|
|
"value": "arms-expo.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829785",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffd5d9-8cf0-4f8f-a1fb-d982950d210b",
|
|
"value": "forum-mil.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829786",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffd5da-2190-4520-a195-d982950d210b",
|
|
"value": "tvzvezda.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829786",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffd5da-8d70-405a-a9c5-d982950d210b",
|
|
"value": "rusarmy.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829786",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffd5da-484c-423e-a786-d982950d210b",
|
|
"value": "patriotp.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442829787",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffd5db-8c38-42fe-a6a1-d982950d210b",
|
|
"value": "militarynewes.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834853",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ffe9a5-85a0-47d1-b643-dda5950d210b",
|
|
"value": "43.252.175.119"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834899",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ffe9d3-9438-4035-a88b-dd91950d210b",
|
|
"value": "business-isa.mynetav.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834900",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ffe9d4-4da8-49a5-bc46-dd91950d210b",
|
|
"value": "business-rsa.onmypc.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834900",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ffe9d4-4290-4cd2-a95a-dd91950d210b",
|
|
"value": "blacktan.cn"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834900",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ffe9d4-2d14-44ba-9237-dd91950d210b",
|
|
"value": "dicemention.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834901",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ffe9d5-d850-4285-aa0b-dd91950d210b",
|
|
"value": "leeghost.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834901",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ffe9d5-18f0-4742-9c0c-dd91950d210b",
|
|
"value": "notebookhk.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834930",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ffe9f2-79a4-462b-b154-47a3950d210b",
|
|
"value": "123.254.104.50"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - Saker",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834978",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffea17-23e4-48b1-b2b2-dda5950d210b",
|
|
"value": "556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - Saker - Xchecked via VT: 556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834985",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffea29-2d70-400e-962c-4ab2950d210b",
|
|
"value": "a078b6de46feab5cca040f1e256c1b09e193ffeb"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - Saker - Xchecked via VT: 556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834986",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffea2a-160c-4b6c-b529-4559950d210b",
|
|
"value": "7160b0d2d5d1e565adc53f6731a202f4"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442834986",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffea2a-36f8-45cf-92ab-41bf950d210b",
|
|
"value": "https://www.virustotal.com/file/556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae/analysis/1439418346/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - netbot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835026",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffea52-d6cc-4494-8f90-4306950d210b",
|
|
"value": "277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - netbot - Xchecked via VT: 277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835032",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffea58-6428-40a8-b685-4968950d210b",
|
|
"value": "522649916f3e958f0040c768d8ac3d797324fc65"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - netbot - Xchecked via VT: 277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835032",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffea58-6bd4-4fbe-acd9-4c34950d210b",
|
|
"value": "38e35c5f140f802c70c974edadbbf63c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835033",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffea59-c74c-4bf4-91b4-4b8d950d210b",
|
|
"value": "https://www.virustotal.com/file/277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015/analysis/1409919706/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - netbot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835083",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffea8b-4958-4b46-be3a-4027950d210b",
|
|
"value": "dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - netbot - Xchecked via VT: dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835105",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffeaa1-1a5c-41f9-bb8f-411b950d210b",
|
|
"value": "ef0c809714f2a618ba66ac9215fac97139240046"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - netbot - Xchecked via VT: dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835105",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffeaa1-7a14-4d73-b24d-44c2950d210b",
|
|
"value": "3c7e67fe058d59624bcac401bd071fa1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835105",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffeaa1-e924-49fd-b661-4dd3950d210b",
|
|
"value": "https://www.virustotal.com/file/dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3/analysis/1431227221/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - Saker",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835193",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffeaf9-80c0-46f2-a983-4b9a950d210b",
|
|
"value": "1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - Saker - Xchecked via VT: 1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835201",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffeb01-c380-47f8-ac57-4fc2950d210b",
|
|
"value": "ffd4369080537f39518ff53371b30731f5faa0f9"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Related malware - Saker - Xchecked via VT: 1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835202",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffeb02-1510-475d-97de-44ef950d210b",
|
|
"value": "74301837c857f1f38348da87dd2b18b7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835202",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffeb02-6108-4e38-a2cb-4fcb950d210b",
|
|
"value": "https://www.virustotal.com/file/1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3/analysis/1393206966/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Whois record (registrant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835250",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "55ffeb32-5540-402c-b090-43fe950d210b",
|
|
"value": "gengd@gmail.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Whois record (registrant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835251",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "55ffeb33-ff04-4174-b2aa-4992950d210b",
|
|
"value": "hsdf@gmail.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Whois record (registrant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835251",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "55ffeb33-8710-43d1-ac5e-409f950d210b",
|
|
"value": "dolphin@yahoo.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Whois record (registrant)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835252",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "55ffeb34-aa34-4f44-85ee-461c950d210b",
|
|
"value": "gjklsdf@gmail.com"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835452",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfc-214c-4652-b0d4-4eae950d210b",
|
|
"value": "1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835452",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfc-673c-4c84-a87f-4c1f950d210b",
|
|
"value": "1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835453",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfd-e950-4f6d-aa6b-4914950d210b",
|
|
"value": "3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835453",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfd-5fc0-40fa-99cf-4461950d210b",
|
|
"value": "49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835453",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfd-9ba4-48dc-9575-41d7950d210b",
|
|
"value": "4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835454",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfe-cfb0-412a-8320-40a0950d210b",
|
|
"value": "67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835454",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfe-a898-45bd-8417-48eb950d210b",
|
|
"value": "6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835454",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebfe-4934-445d-88cb-4075950d210b",
|
|
"value": "7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835455",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebff-8ee0-4bd4-9254-4bd3950d210b",
|
|
"value": "8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835455",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffebff-210c-488c-b836-45e3950d210b",
|
|
"value": "8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835482",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1a-d9ac-4ce4-a821-460b950d210b",
|
|
"value": "0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835482",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1a-488c-4dcb-969c-4c79950d210b",
|
|
"value": "2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835482",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1a-ce00-41fc-a36c-4720950d210b",
|
|
"value": "383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835483",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1b-d354-47d8-b4b9-4a51950d210b",
|
|
"value": "53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835483",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1b-b0ac-479d-a81d-4ef2950d210b",
|
|
"value": "5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835483",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1b-4d18-4aae-a4c9-497d950d210b",
|
|
"value": "664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835484",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1c-7750-4193-a8e5-44cd950d210b",
|
|
"value": "6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835484",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1c-a2fc-4a85-bdca-46f6950d210b",
|
|
"value": "a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835484",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1c-b18c-44e4-88b4-48bf950d210b",
|
|
"value": "c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835485",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1d-d0cc-4810-ba82-46ef950d210b",
|
|
"value": "d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835485",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1d-89c8-4201-bb2d-42f2950d210b",
|
|
"value": "d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835486",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1e-2400-4e97-96d2-4bc5950d210b",
|
|
"value": "df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835486",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec1e-c7d8-41ea-ba5b-4d45950d210b",
|
|
"value": "ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835522",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec42-fe60-4b7f-b440-472b950d210b",
|
|
"value": "6b6f0d172024b1c0bde5c3b0704658f0f0ebb05b"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835522",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec42-bb34-42b7-aa17-4b69950d210b",
|
|
"value": "c824cb1c177c548c533879840bd8851c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835523",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec43-d5b4-4ec9-8060-432d950d210b",
|
|
"value": "https://www.virustotal.com/file/ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d/analysis/1442539401/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835523",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec43-2094-4492-b9a6-4c23950d210b",
|
|
"value": "fd81f43dfcf0562572d4fecf994eacb8689ab64a"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835523",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec43-97dc-43ff-885d-40c2950d210b",
|
|
"value": "460b26fcc28f25e1ed00dc04680f6311"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835524",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec44-5194-4117-9182-433d950d210b",
|
|
"value": "https://www.virustotal.com/file/df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c/analysis/1440678758/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835524",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec44-5bb4-4cb3-b728-423b950d210b",
|
|
"value": "90d4ede1a8ac3c8cf235e1606be897786a7a6cbb"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835524",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec44-3824-446d-a783-4d76950d210b",
|
|
"value": "1778bfb4bb39e09c2849499c1a7cfe0a"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835525",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec45-4de4-4625-b3de-4f7d950d210b",
|
|
"value": "https://www.virustotal.com/file/d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4/analysis/1406705327/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835525",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec45-761c-45c9-a8ca-4c6c950d210b",
|
|
"value": "2d3515d010c2c7c913088414465a76d81e484ba8"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835525",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec45-c7d4-45a7-a1cf-4597950d210b",
|
|
"value": "cb0f926b00981dbc2d1b92e91760e017"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835526",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec46-89f0-4b69-ba24-42ee950d210b",
|
|
"value": "https://www.virustotal.com/file/d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4/analysis/1442539424/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835526",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec46-2d84-4b5c-9467-477f950d210b",
|
|
"value": "dfb928b2cc617c74d87b4d5c46ab850f990859dc"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835526",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec46-4004-4b7f-a438-40bd950d210b",
|
|
"value": "f4572c1ab751929fc2dd88b344fe8f7e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835527",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec47-4bc0-4aa3-8266-481c950d210b",
|
|
"value": "https://www.virustotal.com/file/c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86/analysis/1442539413/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835527",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec47-1c10-4377-a944-4589950d210b",
|
|
"value": "bbaf8d3d1ccba73d26880a4247db04e980ccee81"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835527",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec47-d0d8-4631-8960-41bd950d210b",
|
|
"value": "142dd8beb167fbe9c20f4a0764e74477"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835528",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec48-07b4-4c45-8bb1-49b3950d210b",
|
|
"value": "https://www.virustotal.com/file/a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373/analysis/1442638928/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835528",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec48-6b5c-441e-8c48-404e950d210b",
|
|
"value": "d1c1f8b9907077d04fd0d33670898877913ae865"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835528",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec48-2e74-4cdc-956d-4cdb950d210b",
|
|
"value": "1686e7089dbd4c533744372f78b3928d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835529",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec49-50cc-47cd-af6c-4d7c950d210b",
|
|
"value": "https://www.virustotal.com/file/6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5/analysis/1380750618/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835529",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec49-f248-4310-85dc-4db1950d210b",
|
|
"value": "ae640cb9b2ac2b6b68ddd2b387f7303538fe7187"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835529",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec49-08d0-4e34-8b2d-4bc8950d210b",
|
|
"value": "83d92d7f69b054e8d2508d2f10a1a195"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835530",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec4a-53b0-4ea4-bf91-42e6950d210b",
|
|
"value": "https://www.virustotal.com/file/664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af/analysis/1442638686/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835530",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec4a-b3c0-4e53-b5f6-4dad950d210b",
|
|
"value": "60aa35a9c20e4adf93b0171a3ace75078ba3c469"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835530",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec4a-56ac-43ff-94f5-437d950d210b",
|
|
"value": "b44d492a5d772ae964d2e791507cbd24"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835531",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec4b-1500-44e9-b7b7-45eb950d210b",
|
|
"value": "https://www.virustotal.com/file/5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e/analysis/1416230500/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835531",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec4b-d180-4f96-bedf-415d950d210b",
|
|
"value": "67b43c95ec1df39f7d0d523be15ddceb2064b086"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835531",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec4b-4738-4f2b-981b-4a43950d210b",
|
|
"value": "2df77d71a5cfaf228d57690772a8342b"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835532",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec4c-ef90-442e-a61e-42b8950d210b",
|
|
"value": "https://www.virustotal.com/file/53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861/analysis/1377292757/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835532",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec4c-ae00-496c-95b0-40c5950d210b",
|
|
"value": "3a98227a754ca57cac7bdad93c90fb696eac49dc"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835533",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec4d-bc58-4b44-99db-4a93950d210b",
|
|
"value": "6b1b0d01279c4e976eb69cbb1d264a83"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835533",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec4d-a5f8-40e1-a67f-4dac950d210b",
|
|
"value": "https://www.virustotal.com/file/383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866/analysis/1442539408/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835533",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec4d-69a4-4e81-b1ad-4c17950d210b",
|
|
"value": "c95ee3f898e4db9240130af9b55bb2a83fafd7e8"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835534",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec4e-1180-4b32-9f6f-4649950d210b",
|
|
"value": "6a09c8d0b5497e4fa9bb4f62c8c77ffd"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835534",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec4e-9704-4410-9880-414f950d210b",
|
|
"value": "https://www.virustotal.com/file/2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670/analysis/1442539419/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835534",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec4e-517c-4809-81b1-4353950d210b",
|
|
"value": "774036cfd0d67904de894a019ea15fff03a8fb1e"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Saker hashes - Xchecked via VT: 0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835535",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec4f-8adc-42d9-a0d8-4178950d210b",
|
|
"value": "efc847ac17603a4c83d4b4a816bf75c7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835535",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec4f-7d4c-4222-a830-45c5950d210b",
|
|
"value": "https://www.virustotal.com/file/0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d/analysis/1404864185/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835535",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec4f-932c-4ffb-bd4d-48db950d210b",
|
|
"value": "104040b1b4db0920684c0d5966a188f7a4e0f2aa"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835536",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec50-89cc-4406-b2e6-4ecf950d210b",
|
|
"value": "e5a4c395d3de47fb4efc3c39b0e96bd6"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835536",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec50-7038-4ca8-bdcc-444d950d210b",
|
|
"value": "https://www.virustotal.com/file/8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b/analysis/1442512598/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835536",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec50-b79c-4dec-a88c-44c3950d210b",
|
|
"value": "be3d665893d165f9f25144a3be9eecc115610b49"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835537",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec51-084c-49be-a0f8-4ac4950d210b",
|
|
"value": "52c1150cd63b124cac7f8fef5e569849"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835537",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec51-0928-4b60-bf72-4ba7950d210b",
|
|
"value": "https://www.virustotal.com/file/8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac/analysis/1442512598/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835537",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec51-4630-4787-8aa8-420e950d210b",
|
|
"value": "e41965f8064d2f230093d80029c911742ce02997"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835538",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec52-132c-4bed-9c64-449a950d210b",
|
|
"value": "b2275c113143c6a3f2dbe92599642ad0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835538",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec52-6890-4de3-ab70-4209950d210b",
|
|
"value": "https://www.virustotal.com/file/7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a/analysis/1442512597/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835538",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec52-0658-4d79-982f-4a2a950d210b",
|
|
"value": "4a9d0d20d0b3e4706e8982b7fd7cd140f50bd56d"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835539",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec53-95e0-4aa2-b18e-41a7950d210b",
|
|
"value": "ecaafedebdfa5d8ea3fc302a39da52cf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835539",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec53-2e44-493c-9d7c-4ee9950d210b",
|
|
"value": "https://www.virustotal.com/file/67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f/analysis/1442639093/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835539",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec53-defc-4be2-9e49-4271950d210b",
|
|
"value": "dc1c1ec824ea100d12723ef4b0670226c10b919b"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835540",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec54-f9ec-48d9-a14d-4bfe950d210b",
|
|
"value": "bd7fa7161c471df73865b8bc20eb8439"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835540",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec54-ad20-4079-837d-4286950d210b",
|
|
"value": "https://www.virustotal.com/file/4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e/analysis/1442639245/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835541",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec55-b00c-49c0-9e6a-417a950d210b",
|
|
"value": "31c84b759218febe29b405beb6040758159c955f"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835541",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec55-e5fc-4e88-8611-4cd7950d210b",
|
|
"value": "677c925ff35a226a2c9a562a69f0fd8f"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835541",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec55-1404-4850-a159-472f950d210b",
|
|
"value": "https://www.virustotal.com/file/49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e/analysis/1442512595/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835542",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec56-7a40-4920-909c-4211950d210b",
|
|
"value": "e73207f7afb76c0b68025ad090d60394465ccb85"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835542",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec56-9830-4220-a466-4944950d210b",
|
|
"value": "d8b17a6f71621259d8e8e84d590d1864"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835542",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec56-37a4-4583-aacb-4e18950d210b",
|
|
"value": "https://www.virustotal.com/file/3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1/analysis/1442512595/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835543",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec57-b2bc-412a-bafa-480b950d210b",
|
|
"value": "aaf878464203ec8db53187058a595549a7d31f2c"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835543",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec57-e96c-4663-8225-42e6950d210b",
|
|
"value": "55075529bf97185ca7f72c719988ac11"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835543",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec57-0708-4850-8d45-4717950d210b",
|
|
"value": "https://www.virustotal.com/file/1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab/analysis/1442512596/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835544",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffec58-42c4-4e97-9606-4423950d210b",
|
|
"value": "9124b744367e3f1a98d73311dc41702b713e6b32"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "PlugX hashes - Xchecked via VT: 1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835544",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffec58-eac4-40cf-8620-489a950d210b",
|
|
"value": "8173ed653ad5d78027363185e354c5a8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835544",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffec58-aaa0-4988-a292-47e6950d210b",
|
|
"value": "https://www.virustotal.com/file/1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b/analysis/1442512596/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835588",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec84-b814-4adb-bdd7-40d5950d210b",
|
|
"value": "4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835589",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec85-8d80-4ab6-a715-429e950d210b",
|
|
"value": "317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835589",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec85-a87c-4ae6-8059-4272950d210b",
|
|
"value": "68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835590",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffec86-5cf8-44ca-b891-4c66950d210b",
|
|
"value": "f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "DarkStRat",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835641",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffecb9-ff50-4c89-97ed-40c4950d210b",
|
|
"value": "b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "DarkStRat",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835641",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "55ffecb9-0c08-40b0-aa01-4bf6950d210b",
|
|
"value": "0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835672",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffecd8-2c50-4ddb-a4ad-4473950d210b",
|
|
"value": "pressmil.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835672",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffecd8-3054-416d-9a5e-4360950d210b",
|
|
"value": "notebookhk.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffecd9-71b4-4cce-9241-4d30950d210b",
|
|
"value": "dicemention.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ffecd9-1b18-49f9-8fb6-42f5950d210b",
|
|
"value": "leeghost.com"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "DarkStRat - Xchecked via VT: 0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835708",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffecfc-1664-4f6d-8376-4731950d210b",
|
|
"value": "01b4b92d5839ecf3130f5c69652295fe4f2da0c5"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "DarkStRat - Xchecked via VT: 0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835709",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffecfd-ac9c-4979-a892-4d12950d210b",
|
|
"value": "4c184b9f897999b4daa4fbe2b023292e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835709",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffecfd-8eac-42c0-b699-4835950d210b",
|
|
"value": "https://www.virustotal.com/file/0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215/analysis/1402992163/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "DarkStRat - Xchecked via VT: b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835709",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffecfd-e4c4-44db-a309-4c7d950d210b",
|
|
"value": "1e76b395905c77f395c050d6b52b7e71890efab6"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "DarkStRat - Xchecked via VT: b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835710",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffecfe-f804-47c0-aea7-4670950d210b",
|
|
"value": "2395693481ea36feb66dac46da374eef"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835710",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffecfe-9e6c-421e-b081-4c93950d210b",
|
|
"value": "https://www.virustotal.com/file/b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c/analysis/1442539514/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835710",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffecfe-0254-433b-9e46-4b3c950d210b",
|
|
"value": "4a4a082adbaa881b6880d739bf45859de51ca045"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835711",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffecff-f460-458e-a499-4cf9950d210b",
|
|
"value": "9056cf50f74bc4f695d178c80ad19275"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835711",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffecff-9234-4de1-aab0-4b75950d210b",
|
|
"value": "https://www.virustotal.com/file/f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd/analysis/1442679428/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: 68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835711",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffecff-e6c0-45fe-ab49-4153950d210b",
|
|
"value": "082926b9c55363fd5b6c4dee56d8fb3dd356d64a"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: 68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835712",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffed00-b400-4a65-82e8-43f5950d210b",
|
|
"value": "52d116f11dd9117ffd3f067a28acbfb2"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835712",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffed00-c1d4-4003-bd2a-40c3950d210b",
|
|
"value": "https://www.virustotal.com/file/68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b/analysis/1431227473/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: 317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835712",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffed00-2998-4b78-859a-4b9e950d210b",
|
|
"value": "0f54ace0dcb2049bc80b715fc3011d537d33b2bd"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: 317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835713",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffed01-9fe8-4bbd-9ce6-4e34950d210b",
|
|
"value": "e11283c8b67e008cfb5abcaca355d2f8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835713",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffed01-803c-4b52-ba42-402a950d210b",
|
|
"value": "https://www.virustotal.com/file/317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9/analysis/1431226013/"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: 4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835713",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "55ffed01-2620-4559-8438-4e00950d210b",
|
|
"value": "d960db1fc0c6d72ecc26d65888398856bd5fdb85"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Netbot - Xchecked via VT: 4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835714",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ffed02-0690-426c-ad68-4b72950d210b",
|
|
"value": "2be7e7d330347976bfabc54cdda71a37"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1442835714",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ffed02-0318-48e2-ac63-4500950d210b",
|
|
"value": "https://www.virustotal.com/file/4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5/analysis/1380748636/"
|
|
}
|
|
]
|
|
}
|
|
} |