adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/57fddaac-da34-43f7-8844-4430950d210f.json

1866 lines
No EOL
75 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2016-10-12",
"extends_uuid": "",
"info": "OSINT - Odinaff: New Trojan used in high level financial attacks",
"publish_timestamp": "1476260256",
"published": true,
"threat_level_id": "2",
"timestamp": "1476260248",
"uuid": "57fddaac-da34-43f7-8844-4430950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#6bd600",
"local": false,
"name": "circl:topic=\"finance\"",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": false,
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255308",
"to_ids": false,
"type": "comment",
"uuid": "57fdde4c-94e0-4df7-9483-4fdd950d210f",
"value": "Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide. These attacks appear to be extremely focused on organizations operating in the banking, securities, trading, and payroll sectors. Organizations who provide support services to these industries are also of interest.\r\n\r\nOdinaff is typically deployed in the first stage of an attack, to gain a foothold onto the network, providing a persistent presence and the ability to install additional tools onto the target network. These additional tools bear the hallmarks of a sophisticated attacker which has plagued the financial industry since at least 2013\u00e2\u20ac\u201cCarbanak. This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns.\r\n\r\nThese attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest. There appears to be a heavy investment in the coordination, development, deployment, and operation of these tools during the attacks. Custom malware tools, purpose built for stealthy communications (Backdoor.Batel), network discovery, credential stealing, and monitoring of employee activity are deployed.\r\n\r\nAlthough difficult to perform, these kinds of attacks on banks can be highly lucrative. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars."
},
{
"category": "Payload delivery",
"comment": "Odinaff droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255601",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf71-e4ec-4761-8086-400b950d210f",
"value": "f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5"
},
{
"category": "Payload delivery",
"comment": "Odinaff droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255601",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf71-2ce0-462d-852c-4e0d950d210f",
"value": "c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14"
},
{
"category": "Payload delivery",
"comment": "Odinaff document droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255602",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf72-00e8-4312-ad2c-4bfc950d210f",
"value": "102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990"
},
{
"category": "Payload delivery",
"comment": "Odinaff document droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255602",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf72-bd10-4bb0-be12-4adc950d210f",
"value": "60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa"
},
{
"category": "Payload delivery",
"comment": "Odinaff samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255602",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf72-8ed0-4368-9e0d-4786950d210f",
"value": "22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96"
},
{
"category": "Payload delivery",
"comment": "Odinaff samples",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255603",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf73-9810-4caf-bab9-46cb950d210f",
"value": "2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098"
},
{
"category": "Payload delivery",
"comment": "SWIFT log suppressors",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255603",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf73-b1e8-4def-a8d0-4c34950d210f",
"value": "84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel RTF document dropper",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255603",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf73-97d8-4718-8a0c-47cc950d210f",
"value": "21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel stagers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255603",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf73-0274-4cf4-b03c-4d63950d210f",
"value": "001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel stagers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255603",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf73-7e40-48f5-bd90-4c79950d210f",
"value": "1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a"
},
{
"category": "Payload delivery",
"comment": "Older Batel *.CPL droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255604",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf74-ee28-401a-907f-4315950d210f",
"value": "1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d"
},
{
"category": "Payload delivery",
"comment": "Older Batel *.CPL droppers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255604",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf74-fed0-4b1d-8c2b-4f80950d210f",
"value": "298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike, possible ATM implants",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255604",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf74-3950-4cc8-bc10-4885950d210f",
"value": "429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike, possible ATM implants",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255604",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf74-7e44-4216-b895-4fad950d210f",
"value": "44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike implants",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255604",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf74-fa54-4bf6-8241-4e2b950d210f",
"value": "1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike implants",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255605",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf75-8ed8-476b-a1ba-4efa950d210f",
"value": "48fb5e3c3dc17f549a76e1b1ce74c9fef5c94bfc29119a248ce1647644b125c7"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel loaders",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255605",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf75-7f04-48c7-9149-4cf9950d210f",
"value": "0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel loaders",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255605",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf75-1558-4803-a029-4df3950d210f",
"value": "174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed"
},
{
"category": "Payload delivery",
"comment": "Stagers (MINGW)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255605",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf75-851c-445b-a531-46e5950d210f",
"value": "d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455"
},
{
"category": "Payload delivery",
"comment": "Stagers (MINGW)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255605",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf75-3320-44fd-b747-4602950d210f",
"value": "3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e"
},
{
"category": "Payload delivery",
"comment": "Disk wipers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255606",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf76-472c-4d24-a2f2-48ce950d210f",
"value": "72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17"
},
{
"category": "Payload delivery",
"comment": "Disk wipers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255606",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf76-62b4-4241-88d4-468d950d210f",
"value": "c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da"
},
{
"category": "Payload delivery",
"comment": "Keylogger",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255606",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf76-e494-4a66-a49b-499d950d210f",
"value": "e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90"
},
{
"category": "Payload delivery",
"comment": "Screengrabbers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255606",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf76-32bc-41f0-95d7-4d41950d210f",
"value": "a7c3f125c8b9ca732832d64db2334f07240294d74ba76bdc47ea9d4009381fdc"
},
{
"category": "Payload delivery",
"comment": "Screengrabbers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255606",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf76-2254-458f-8a93-4dd3950d210f",
"value": "ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c"
},
{
"category": "Payload delivery",
"comment": "Command shells",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255607",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf77-e278-4d41-acd7-4438950d210f",
"value": "9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a"
},
{
"category": "Payload delivery",
"comment": "Command shells",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255607",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf77-b6a4-4dfc-b0d2-4a3b950d210f",
"value": "e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a"
},
{
"category": "Payload delivery",
"comment": "HTTP Backconnect",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255607",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf77-07d0-47b7-b171-4889950d210f",
"value": "b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec"
},
{
"category": "Payload delivery",
"comment": "Connection checkers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255607",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf77-ea98-44df-aeba-4e5b950d210f",
"value": "28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5"
},
{
"category": "Payload delivery",
"comment": "Connection checkers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255608",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf78-3230-485d-b5be-49e3950d210f",
"value": "d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874"
},
{
"category": "Payload delivery",
"comment": "PoisonIvy loaders",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255608",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf78-53cc-4c39-ac80-44ee950d210f",
"value": "25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da"
},
{
"category": "Payload delivery",
"comment": "PoisonIvy loaders",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255608",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf78-4154-4ea6-8878-4590950d210f",
"value": "91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin remote administration tools",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255608",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf78-7570-4b7a-8b6a-47dc950d210f",
"value": "0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin remote administration tools",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255608",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf78-0db0-476d-845b-4fc5950d210f",
"value": "295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin, Trojanized",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255609",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf79-a820-43b1-b9a4-4105950d210f",
"value": "cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f"
},
{
"category": "Payload delivery",
"comment": "RemoteUtilities remote administration toolsRemoteUtilities remote administration tools",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255609",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf79-1288-4be7-b3c2-482d950d210f",
"value": "2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1"
},
{
"category": "Payload delivery",
"comment": "RemoteUtilities remote administration tools",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255609",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf79-6e6c-420b-bc38-4557950d210f",
"value": "3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51"
},
{
"category": "Payload delivery",
"comment": "Runas",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255609",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf79-601c-414f-93e6-4700950d210f",
"value": "170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20"
},
{
"category": "Payload delivery",
"comment": "Mimikatz",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255609",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf79-2608-4a83-ba00-4392950d210f",
"value": "7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4"
},
{
"category": "Payload delivery",
"comment": "Mimikatz",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255610",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf7a-5db0-4d77-af58-4c17950d210f",
"value": "e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6"
},
{
"category": "Payload delivery",
"comment": "Kasidet",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255610",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf7a-e494-44b1-9a11-4027950d210f",
"value": "c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2"
},
{
"category": "Payload delivery",
"comment": "Kasidet",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255610",
"to_ids": true,
"type": "sha256",
"uuid": "57fddf7a-ac7c-4bae-ba07-4ffd950d210f",
"value": "cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255713",
"to_ids": false,
"type": "text",
"uuid": "57fddfe1-51bc-4ff5-95e2-4932950d210f",
"value": "Trojan.Odinaff"
},
{
"category": "Payload delivery",
"comment": "Kasidet - Xchecked via VT: cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255805",
"to_ids": true,
"type": "sha1",
"uuid": "57fde03d-56a4-47cc-84e9-441402de0b81",
"value": "ce46b856e77ed458db1846fa6f9e8df422d582b3"
},
{
"category": "Payload delivery",
"comment": "Kasidet - Xchecked via VT: cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255805",
"to_ids": true,
"type": "md5",
"uuid": "57fde03d-41a4-43cf-846d-42c802de0b81",
"value": "074db802aa499ac108216e2c031657d0"
},
{
"category": "External analysis",
"comment": "Kasidet - Xchecked via VT: cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255805",
"to_ids": false,
"type": "link",
"uuid": "57fde03d-11bc-4656-a0c7-40da02de0b81",
"value": "https://www.virustotal.com/file/cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba/analysis/1464288443/"
},
{
"category": "Payload delivery",
"comment": "Kasidet - Xchecked via VT: c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255805",
"to_ids": true,
"type": "sha1",
"uuid": "57fde03d-dc60-4ac4-86d6-453902de0b81",
"value": "f7f5434539290ba88781237da086331030a4f051"
},
{
"category": "Payload delivery",
"comment": "Kasidet - Xchecked via VT: c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255805",
"to_ids": true,
"type": "md5",
"uuid": "57fde03d-c4e4-496c-b206-4fd702de0b81",
"value": "ec84d9d8ce82455214d36f7ab6e3dc56"
},
{
"category": "External analysis",
"comment": "Kasidet - Xchecked via VT: c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255806",
"to_ids": false,
"type": "link",
"uuid": "57fde03e-68ec-408d-9fa0-47e302de0b81",
"value": "https://www.virustotal.com/file/c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2/analysis/1476234896/"
},
{
"category": "Payload delivery",
"comment": "Mimikatz - Xchecked via VT: e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255806",
"to_ids": true,
"type": "sha1",
"uuid": "57fde03e-f658-4a2f-b63a-44dd02de0b81",
"value": "fac724a7b6d1bdd6e2ca697c239d39dd4aa8a52b"
},
{
"category": "Payload delivery",
"comment": "Mimikatz - Xchecked via VT: e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255806",
"to_ids": true,
"type": "md5",
"uuid": "57fde03e-c798-42c0-b509-471a02de0b81",
"value": "12613ac87e6e550057ab5eb770f98f35"
},
{
"category": "External analysis",
"comment": "Mimikatz - Xchecked via VT: e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255806",
"to_ids": false,
"type": "link",
"uuid": "57fde03e-7dac-497a-8d15-47c502de0b81",
"value": "https://www.virustotal.com/file/e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6/analysis/1469035595/"
},
{
"category": "Payload delivery",
"comment": "Mimikatz - Xchecked via VT: 7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255806",
"to_ids": true,
"type": "sha1",
"uuid": "57fde03e-9fd4-4395-a7d0-462202de0b81",
"value": "052c8587aed8dbd775f179f670e822da4d2a1eb6"
},
{
"category": "Payload delivery",
"comment": "Mimikatz - Xchecked via VT: 7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255807",
"to_ids": true,
"type": "md5",
"uuid": "57fde03f-d4c0-4eb4-b5ef-4e1702de0b81",
"value": "db34ce686d2b911589667cbcae3a920c"
},
{
"category": "External analysis",
"comment": "Mimikatz - Xchecked via VT: 7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255807",
"to_ids": false,
"type": "link",
"uuid": "57fde03f-bc70-4d3b-b7b2-4a0702de0b81",
"value": "https://www.virustotal.com/file/7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4/analysis/1476213199/"
},
{
"category": "Payload delivery",
"comment": "Runas - Xchecked via VT: 170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255807",
"to_ids": true,
"type": "sha1",
"uuid": "57fde03f-faa0-40ef-95ed-478602de0b81",
"value": "bd1d24f63f2f25a6eb4a7f6f3bc97a443e728b17"
},
{
"category": "Payload delivery",
"comment": "Runas - Xchecked via VT: 170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255807",
"to_ids": true,
"type": "md5",
"uuid": "57fde03f-7d30-43df-b4f5-441d02de0b81",
"value": "424872148d3e84ed99cedd5bfbb8740c"
},
{
"category": "External analysis",
"comment": "Runas - Xchecked via VT: 170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255807",
"to_ids": false,
"type": "link",
"uuid": "57fde03f-0794-4278-b254-45a302de0b81",
"value": "https://www.virustotal.com/file/170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20/analysis/1476195264/"
},
{
"category": "Payload delivery",
"comment": "RemoteUtilities remote administration tools - Xchecked via VT: 3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255808",
"to_ids": true,
"type": "sha1",
"uuid": "57fde040-c7e0-42cc-94ce-4df602de0b81",
"value": "88de72284fb04b40efda6b7edd8793a4a79f2f11"
},
{
"category": "Payload delivery",
"comment": "RemoteUtilities remote administration tools - Xchecked via VT: 3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255808",
"to_ids": true,
"type": "md5",
"uuid": "57fde040-e520-47ba-88f8-457e02de0b81",
"value": "5615449487df19589bd69207d7f2c6cd"
},
{
"category": "External analysis",
"comment": "RemoteUtilities remote administration tools - Xchecked via VT: 3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255808",
"to_ids": false,
"type": "link",
"uuid": "57fde040-d378-4048-8ab0-447302de0b81",
"value": "https://www.virustotal.com/file/3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51/analysis/1476195266/"
},
{
"category": "Payload delivery",
"comment": "RemoteUtilities remote administration toolsRemoteUtilities remote administration tools - Xchecked via VT: 2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255808",
"to_ids": true,
"type": "sha1",
"uuid": "57fde040-6648-439f-a4f6-4c7c02de0b81",
"value": "b500c2f9310b28719383a8b5fdd78d0ff7fd5b80"
},
{
"category": "Payload delivery",
"comment": "RemoteUtilities remote administration toolsRemoteUtilities remote administration tools - Xchecked via VT: 2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255808",
"to_ids": true,
"type": "md5",
"uuid": "57fde040-9ab0-4352-a9ee-456e02de0b81",
"value": "42552c5ac5fb48975115fe8b020073f3"
},
{
"category": "External analysis",
"comment": "RemoteUtilities remote administration toolsRemoteUtilities remote administration tools - Xchecked via VT: 2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255809",
"to_ids": false,
"type": "link",
"uuid": "57fde041-004c-456d-ad30-4c1e02de0b81",
"value": "https://www.virustotal.com/file/2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1/analysis/1476195266/"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin, Trojanized - Xchecked via VT: cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255809",
"to_ids": true,
"type": "sha1",
"uuid": "57fde041-0b0c-45d0-a8f0-441e02de0b81",
"value": "01317404282c428b9d2a48ad5c542bd951b45268"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin, Trojanized - Xchecked via VT: cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255809",
"to_ids": true,
"type": "md5",
"uuid": "57fde041-91c8-4069-9478-4e6902de0b81",
"value": "c7f1c6f20161ab9f703cc1c5d7498655"
},
{
"category": "External analysis",
"comment": "Ammyy Admin, Trojanized - Xchecked via VT: cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255809",
"to_ids": false,
"type": "link",
"uuid": "57fde041-4d38-4251-b2a1-48da02de0b81",
"value": "https://www.virustotal.com/file/cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f/analysis/1462449891/"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin remote administration tools - Xchecked via VT: 295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255810",
"to_ids": true,
"type": "sha1",
"uuid": "57fde042-da1c-4301-9d13-4bd002de0b81",
"value": "cf4a4ea4be619856bd19cb63cdd15efdc23dcec8"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin remote administration tools - Xchecked via VT: 295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255810",
"to_ids": true,
"type": "md5",
"uuid": "57fde042-4bb0-4bd0-8f3c-406e02de0b81",
"value": "084df0be594c98d868377de12d74703c"
},
{
"category": "External analysis",
"comment": "Ammyy Admin remote administration tools - Xchecked via VT: 295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255810",
"to_ids": false,
"type": "link",
"uuid": "57fde042-8a74-4daf-88b4-4a9302de0b81",
"value": "https://www.virustotal.com/file/295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130/analysis/1476213496/"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin remote administration tools - Xchecked via VT: 0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255810",
"to_ids": true,
"type": "sha1",
"uuid": "57fde042-de18-4a5f-a7cd-4aa202de0b81",
"value": "edcfcb4124dcc23bd75fcd69c2e7d8617a36554a"
},
{
"category": "Payload delivery",
"comment": "Ammyy Admin remote administration tools - Xchecked via VT: 0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255810",
"to_ids": true,
"type": "md5",
"uuid": "57fde042-7dbc-4fa3-b2fb-49ed02de0b81",
"value": "070b6925b020c92e7f1cb0ad2c553a54"
},
{
"category": "External analysis",
"comment": "Ammyy Admin remote administration tools - Xchecked via VT: 0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255811",
"to_ids": false,
"type": "link",
"uuid": "57fde043-9b48-46e6-8323-486e02de0b81",
"value": "https://www.virustotal.com/file/0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687/analysis/1476252610/"
},
{
"category": "Payload delivery",
"comment": "PoisonIvy loaders - Xchecked via VT: 91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255811",
"to_ids": true,
"type": "sha1",
"uuid": "57fde043-32ec-4f9f-b57c-440f02de0b81",
"value": "4ec0b0f33afc35a59eca1efc37a74ff87d760d8c"
},
{
"category": "Payload delivery",
"comment": "PoisonIvy loaders - Xchecked via VT: 91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255811",
"to_ids": true,
"type": "md5",
"uuid": "57fde043-bea4-42bf-a355-4d5b02de0b81",
"value": "5014f2c3850dedee06218e1585a7fc2d"
},
{
"category": "External analysis",
"comment": "PoisonIvy loaders - Xchecked via VT: 91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255811",
"to_ids": false,
"type": "link",
"uuid": "57fde043-0c68-49a0-a4c1-490702de0b81",
"value": "https://www.virustotal.com/file/91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c/analysis/1476213746/"
},
{
"category": "Payload delivery",
"comment": "PoisonIvy loaders - Xchecked via VT: 25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255811",
"to_ids": true,
"type": "sha1",
"uuid": "57fde043-eec0-4763-b546-45cb02de0b81",
"value": "b853c10fe548e8136ded8301586bc3c01b724bb0"
},
{
"category": "Payload delivery",
"comment": "PoisonIvy loaders - Xchecked via VT: 25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255812",
"to_ids": true,
"type": "md5",
"uuid": "57fde044-c49c-4684-bc39-4e6002de0b81",
"value": "5cbee6f706d9c6ee96ce159cdf2c2967"
},
{
"category": "External analysis",
"comment": "PoisonIvy loaders - Xchecked via VT: 25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255812",
"to_ids": false,
"type": "link",
"uuid": "57fde044-6f74-4d4d-b8d4-465502de0b81",
"value": "https://www.virustotal.com/file/25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da/analysis/1476195267/"
},
{
"category": "Payload delivery",
"comment": "Connection checkers - Xchecked via VT: d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255812",
"to_ids": true,
"type": "sha1",
"uuid": "57fde044-d460-4adc-87fc-45bd02de0b81",
"value": "c01d318abcff123fd5561dbba1dfacc8aaa65ca8"
},
{
"category": "Payload delivery",
"comment": "Connection checkers - Xchecked via VT: d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255812",
"to_ids": true,
"type": "md5",
"uuid": "57fde044-f26c-45eb-b08d-421a02de0b81",
"value": "e1cd4de9afb99bee3568bb0bdc34e122"
},
{
"category": "External analysis",
"comment": "Connection checkers - Xchecked via VT: d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255812",
"to_ids": false,
"type": "link",
"uuid": "57fde044-1498-4ac3-892c-487202de0b81",
"value": "https://www.virustotal.com/file/d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874/analysis/1476195269/"
},
{
"category": "Payload delivery",
"comment": "Connection checkers - Xchecked via VT: 28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255813",
"to_ids": true,
"type": "sha1",
"uuid": "57fde045-4624-4119-93fc-4b1e02de0b81",
"value": "163ef2b5b25270934c967627c49225aed747f3f0"
},
{
"category": "Payload delivery",
"comment": "Connection checkers - Xchecked via VT: 28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255813",
"to_ids": true,
"type": "md5",
"uuid": "57fde045-5bc4-417e-bf93-4b5102de0b81",
"value": "2ff170c0da366c94351877e977546541"
},
{
"category": "External analysis",
"comment": "Connection checkers - Xchecked via VT: 28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255813",
"to_ids": false,
"type": "link",
"uuid": "57fde045-1870-433d-b771-496002de0b81",
"value": "https://www.virustotal.com/file/28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5/analysis/1476195265/"
},
{
"category": "Payload delivery",
"comment": "HTTP Backconnect - Xchecked via VT: b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255813",
"to_ids": true,
"type": "sha1",
"uuid": "57fde045-7b84-43b7-9cdb-4d4d02de0b81",
"value": "9c5b16ad07e3e58de697dafc546f0af7b8fea08f"
},
{
"category": "Payload delivery",
"comment": "HTTP Backconnect - Xchecked via VT: b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255814",
"to_ids": true,
"type": "md5",
"uuid": "57fde046-dd9c-4d99-bb17-45c302de0b81",
"value": "0aeabdd4e5fe8b181147f555bd02e5e9"
},
{
"category": "External analysis",
"comment": "HTTP Backconnect - Xchecked via VT: b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255814",
"to_ids": false,
"type": "link",
"uuid": "57fde046-5dac-4442-bc23-465902de0b81",
"value": "https://www.virustotal.com/file/b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec/analysis/1476218183/"
},
{
"category": "Payload delivery",
"comment": "Command shells - Xchecked via VT: e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255814",
"to_ids": true,
"type": "sha1",
"uuid": "57fde046-245c-44eb-a7c2-495302de0b81",
"value": "28a9c74d62d14909ab91ebbb8eef27776584cf27"
},
{
"category": "Payload delivery",
"comment": "Command shells - Xchecked via VT: e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255814",
"to_ids": true,
"type": "md5",
"uuid": "57fde046-dbb4-4fbf-ac48-425502de0b81",
"value": "3bbc51cfc5c1c1d51a26f61f3c0182bf"
},
{
"category": "External analysis",
"comment": "Command shells - Xchecked via VT: e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255814",
"to_ids": false,
"type": "link",
"uuid": "57fde046-0f18-4adc-9b70-497e02de0b81",
"value": "https://www.virustotal.com/file/e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a/analysis/1476195269/"
},
{
"category": "Payload delivery",
"comment": "Command shells - Xchecked via VT: 9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255815",
"to_ids": true,
"type": "sha1",
"uuid": "57fde047-2214-4122-a2d7-421502de0b81",
"value": "7b7a219c7539e173eb39acc6136a39359ad3db67"
},
{
"category": "Payload delivery",
"comment": "Command shells - Xchecked via VT: 9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255815",
"to_ids": true,
"type": "md5",
"uuid": "57fde047-298c-4606-9bd9-49f602de0b81",
"value": "b77b8cde7ca6b6345caaf94bddbff9f1"
},
{
"category": "External analysis",
"comment": "Command shells - Xchecked via VT: 9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255815",
"to_ids": false,
"type": "link",
"uuid": "57fde047-eca0-4e14-ab3c-40d502de0b81",
"value": "https://www.virustotal.com/file/9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a/analysis/1472306542/"
},
{
"category": "Payload delivery",
"comment": "Screengrabbers - Xchecked via VT: ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255815",
"to_ids": true,
"type": "sha1",
"uuid": "57fde047-f254-4d6d-9372-4e1402de0b81",
"value": "abc6d05f9e4631deeaa06e4116f3907fc4135585"
},
{
"category": "Payload delivery",
"comment": "Screengrabbers - Xchecked via VT: ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255815",
"to_ids": true,
"type": "md5",
"uuid": "57fde047-e070-44de-8bf2-4bd302de0b81",
"value": "64b40780a94c4c4d1c1b4a0b12ce4b7d"
},
{
"category": "External analysis",
"comment": "Screengrabbers - Xchecked via VT: ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255816",
"to_ids": false,
"type": "link",
"uuid": "57fde048-0e48-4f1d-96a8-4f4502de0b81",
"value": "https://www.virustotal.com/file/ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c/analysis/1469035651/"
},
{
"category": "Payload delivery",
"comment": "Keylogger - Xchecked via VT: e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255816",
"to_ids": true,
"type": "sha1",
"uuid": "57fde048-ddb8-4cbf-ba19-495c02de0b81",
"value": "4a861db8310b2eb51818aea93238347f156fd4b6"
},
{
"category": "Payload delivery",
"comment": "Keylogger - Xchecked via VT: e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255816",
"to_ids": true,
"type": "md5",
"uuid": "57fde048-617c-4542-a355-4fae02de0b81",
"value": "e91fc5e15fa391d180779b47d511980b"
},
{
"category": "External analysis",
"comment": "Keylogger - Xchecked via VT: e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255816",
"to_ids": false,
"type": "link",
"uuid": "57fde048-bb20-4954-b4a7-44ed02de0b81",
"value": "https://www.virustotal.com/file/e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90/analysis/1476195269/"
},
{
"category": "Payload delivery",
"comment": "Disk wipers - Xchecked via VT: c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255816",
"to_ids": true,
"type": "sha1",
"uuid": "57fde048-1490-42b6-842b-4bc702de0b81",
"value": "ffb9cda0584eb2d0663bc8c98d8c0be889179855"
},
{
"category": "Payload delivery",
"comment": "Disk wipers - Xchecked via VT: c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255817",
"to_ids": true,
"type": "md5",
"uuid": "57fde049-51f4-4881-b4a8-4ef202de0b81",
"value": "80bee18fba8db4ae56120ef860cf82a2"
},
{
"category": "External analysis",
"comment": "Disk wipers - Xchecked via VT: c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255817",
"to_ids": false,
"type": "link",
"uuid": "57fde049-8418-4226-8a72-414002de0b81",
"value": "https://www.virustotal.com/file/c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da/analysis/1467353193/"
},
{
"category": "Payload delivery",
"comment": "Disk wipers - Xchecked via VT: 72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255817",
"to_ids": true,
"type": "sha1",
"uuid": "57fde049-7ef4-4fff-bc00-465502de0b81",
"value": "63534363ccb1b8495599fb3056e6610ece49ac11"
},
{
"category": "Payload delivery",
"comment": "Disk wipers - Xchecked via VT: 72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255817",
"to_ids": true,
"type": "md5",
"uuid": "57fde049-8b1c-4430-9e25-4ab002de0b81",
"value": "32eae3a8fd4a06819466dd07ca363c4f"
},
{
"category": "External analysis",
"comment": "Disk wipers - Xchecked via VT: 72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255818",
"to_ids": false,
"type": "link",
"uuid": "57fde04a-b590-4ec7-8adf-48a702de0b81",
"value": "https://www.virustotal.com/file/72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17/analysis/1470794579/"
},
{
"category": "Payload delivery",
"comment": "Stagers (MINGW) - Xchecked via VT: 3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255818",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04a-ec90-4ccf-87cc-473202de0b81",
"value": "e8903fb954896cb9db4dd5c3bc79c5cd8e20910d"
},
{
"category": "Payload delivery",
"comment": "Stagers (MINGW) - Xchecked via VT: 3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255818",
"to_ids": true,
"type": "md5",
"uuid": "57fde04a-44b8-44ac-ac79-483102de0b81",
"value": "c61dc9d26ac2b0bebca00c9c1b8bb9b3"
},
{
"category": "External analysis",
"comment": "Stagers (MINGW) - Xchecked via VT: 3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255818",
"to_ids": false,
"type": "link",
"uuid": "57fde04a-dac8-4b85-94e4-4fe702de0b81",
"value": "https://www.virustotal.com/file/3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e/analysis/1476208783/"
},
{
"category": "Payload delivery",
"comment": "Stagers (MINGW) - Xchecked via VT: d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255818",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04a-fcb0-4068-9015-451c02de0b81",
"value": "ec13e1fcd1731dcaf008d6b0394f016c7c2afbaf"
},
{
"category": "Payload delivery",
"comment": "Stagers (MINGW) - Xchecked via VT: d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255819",
"to_ids": true,
"type": "md5",
"uuid": "57fde04b-f598-4f22-841d-448702de0b81",
"value": "1c02c6b68025768d056805d26d33af4f"
},
{
"category": "External analysis",
"comment": "Stagers (MINGW) - Xchecked via VT: d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255819",
"to_ids": false,
"type": "link",
"uuid": "57fde04b-73c4-4483-aef6-4f8f02de0b81",
"value": "https://www.virustotal.com/file/d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455/analysis/1469556139/"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel loaders - Xchecked via VT: 174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255819",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04b-4044-4d59-af0a-4bb302de0b81",
"value": "384d80934a6efaba7c858891a2253b9dd1a1327b"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel loaders - Xchecked via VT: 174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255819",
"to_ids": true,
"type": "md5",
"uuid": "57fde04b-1ea0-4353-89b5-4b2a02de0b81",
"value": "2cd6451bf78b588bb253acaf899f74f5"
},
{
"category": "External analysis",
"comment": "Backdoor.Batel loaders - Xchecked via VT: 174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255819",
"to_ids": false,
"type": "link",
"uuid": "57fde04b-b4bc-4471-bfbc-4ee602de0b81",
"value": "https://www.virustotal.com/file/174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed/analysis/1475980072/"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel loaders - Xchecked via VT: 0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255820",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04c-4188-4ef7-9927-488b02de0b81",
"value": "544cab0b08f4d3992bfd9fa69abf5633ed29d0b8"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel loaders - Xchecked via VT: 0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255820",
"to_ids": true,
"type": "md5",
"uuid": "57fde04c-bad0-4e18-90b3-427a02de0b81",
"value": "5f95d9936344c9f294d5471ffd53d8aa"
},
{
"category": "External analysis",
"comment": "Backdoor.Batel loaders - Xchecked via VT: 0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255820",
"to_ids": false,
"type": "link",
"uuid": "57fde04c-6ab8-4daf-9e46-4dc402de0b81",
"value": "https://www.virustotal.com/file/0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24/analysis/1476195269/"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike implants - Xchecked via VT: 1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255820",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04c-a668-442d-aa27-48a202de0b81",
"value": "a9c8a39e8000efa388d73c1d340e359738441170"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike implants - Xchecked via VT: 1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255820",
"to_ids": true,
"type": "md5",
"uuid": "57fde04c-35ec-4314-8b01-409702de0b81",
"value": "03bead6a263c179e848f14bf81b6f038"
},
{
"category": "External analysis",
"comment": "Cobalt Strike implants - Xchecked via VT: 1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255821",
"to_ids": false,
"type": "link",
"uuid": "57fde04d-7008-4a76-a1e5-461102de0b81",
"value": "https://www.virustotal.com/file/1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486/analysis/1469035649/"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike, possible ATM implants - Xchecked via VT: 44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255821",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04d-8208-42b6-bdf1-4cc402de0b81",
"value": "c9661008ffb49964e12ec6ed331098afdf2394a9"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike, possible ATM implants - Xchecked via VT: 44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255821",
"to_ids": true,
"type": "md5",
"uuid": "57fde04d-a474-4fcf-9c39-448002de0b81",
"value": "59453862a00339305eb848a95fba4782"
},
{
"category": "External analysis",
"comment": "Cobalt Strike, possible ATM implants - Xchecked via VT: 44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255821",
"to_ids": false,
"type": "link",
"uuid": "57fde04d-62d0-421c-a93a-48ab02de0b81",
"value": "https://www.virustotal.com/file/44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579/analysis/1476199268/"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike, possible ATM implants - Xchecked via VT: 429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255822",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04e-2250-4e88-afa0-41fd02de0b81",
"value": "835e8f56faa46cc31a9964c46604076111ba2537"
},
{
"category": "Payload delivery",
"comment": "Cobalt Strike, possible ATM implants - Xchecked via VT: 429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255822",
"to_ids": true,
"type": "md5",
"uuid": "57fde04e-76b8-4e3a-8fde-4f5e02de0b81",
"value": "7acb0eeca94a6eb902ba516f465bcfc6"
},
{
"category": "External analysis",
"comment": "Cobalt Strike, possible ATM implants - Xchecked via VT: 429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255822",
"to_ids": false,
"type": "link",
"uuid": "57fde04e-e7a4-4a18-b158-423b02de0b81",
"value": "https://www.virustotal.com/file/429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e/analysis/1476214207/"
},
{
"category": "Payload delivery",
"comment": "Older Batel *.CPL droppers - Xchecked via VT: 298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255822",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04e-7aa8-4151-9d3b-4aa002de0b81",
"value": "55af5e3c1c5fcee9aeccd19eb19768f268efba5d"
},
{
"category": "Payload delivery",
"comment": "Older Batel *.CPL droppers - Xchecked via VT: 298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255822",
"to_ids": true,
"type": "md5",
"uuid": "57fde04e-e334-4850-af7f-471802de0b81",
"value": "966d9e07d1a75fa6867bbf02748c4212"
},
{
"category": "External analysis",
"comment": "Older Batel *.CPL droppers - Xchecked via VT: 298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255823",
"to_ids": false,
"type": "link",
"uuid": "57fde04f-5340-42e2-a6d0-472e02de0b81",
"value": "https://www.virustotal.com/file/298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd/analysis/1476195265/"
},
{
"category": "Payload delivery",
"comment": "Older Batel *.CPL droppers - Xchecked via VT: 1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255823",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04f-aab8-4d00-9c1d-41ef02de0b81",
"value": "2cfc22acaa3fc6660eb058a13cab81b9bd07536a"
},
{
"category": "Payload delivery",
"comment": "Older Batel *.CPL droppers - Xchecked via VT: 1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255823",
"to_ids": true,
"type": "md5",
"uuid": "57fde04f-ee58-4ee9-96ac-4fef02de0b81",
"value": "0cf14d472410589c920fb55a97adaab1"
},
{
"category": "External analysis",
"comment": "Older Batel *.CPL droppers - Xchecked via VT: 1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255823",
"to_ids": false,
"type": "link",
"uuid": "57fde04f-9110-431a-bac5-469f02de0b81",
"value": "https://www.virustotal.com/file/1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d/analysis/1476213381/"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel stagers - Xchecked via VT: 1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255823",
"to_ids": true,
"type": "sha1",
"uuid": "57fde04f-74c4-4860-8436-4f2702de0b81",
"value": "af062457e4dfbc5256fee58db6eb4873a2c649c1"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel stagers - Xchecked via VT: 1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255824",
"to_ids": true,
"type": "md5",
"uuid": "57fde050-7ff4-450e-95c6-4b0702de0b81",
"value": "61054bdfd5220ecc37956c713f126d43"
},
{
"category": "External analysis",
"comment": "Backdoor.Batel stagers - Xchecked via VT: 1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255824",
"to_ids": false,
"type": "link",
"uuid": "57fde050-ba58-41e9-9dcf-404202de0b81",
"value": "https://www.virustotal.com/file/1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a/analysis/1475469967/"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel stagers - Xchecked via VT: 001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255824",
"to_ids": true,
"type": "sha1",
"uuid": "57fde050-56e8-4208-b04a-4ff902de0b81",
"value": "c510fc1e20bbf80390c7fce23863608fc2d843a2"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel stagers - Xchecked via VT: 001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255824",
"to_ids": true,
"type": "md5",
"uuid": "57fde050-c154-4baf-be74-42b902de0b81",
"value": "d4c1af678b3afa099f21ab5c29065fca"
},
{
"category": "External analysis",
"comment": "Backdoor.Batel stagers - Xchecked via VT: 001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255824",
"to_ids": false,
"type": "link",
"uuid": "57fde050-1704-4d6b-9546-4c0c02de0b81",
"value": "https://www.virustotal.com/file/001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746/analysis/1475586974/"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel RTF document dropper - Xchecked via VT: 21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255825",
"to_ids": true,
"type": "sha1",
"uuid": "57fde051-1e78-4685-80e6-4cbe02de0b81",
"value": "bb607fec8569a0ec4eec30e37c3e2eeafafb5fab"
},
{
"category": "Payload delivery",
"comment": "Backdoor.Batel RTF document dropper - Xchecked via VT: 21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255825",
"to_ids": true,
"type": "md5",
"uuid": "57fde051-6e4c-4510-b5ca-481202de0b81",
"value": "1fa19e329bd5f2eaf933c39eba13d869"
},
{
"category": "External analysis",
"comment": "Backdoor.Batel RTF document dropper - Xchecked via VT: 21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255825",
"to_ids": false,
"type": "link",
"uuid": "57fde051-5ac4-4296-ba39-44ed02de0b81",
"value": "https://www.virustotal.com/file/21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f/analysis/1471377471/"
},
{
"category": "Payload delivery",
"comment": "SWIFT log suppressors - Xchecked via VT: 84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255825",
"to_ids": true,
"type": "sha1",
"uuid": "57fde051-0c38-4419-bdc2-4fb602de0b81",
"value": "c31d3002d9f1bebc85b41d4c55a87ea1b797d4d2"
},
{
"category": "Payload delivery",
"comment": "SWIFT log suppressors - Xchecked via VT: 84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255825",
"to_ids": true,
"type": "md5",
"uuid": "57fde051-7fec-485a-bf27-43ed02de0b81",
"value": "6d355ffa06ae39fc8671cc8ac38f984e"
},
{
"category": "External analysis",
"comment": "SWIFT log suppressors - Xchecked via VT: 84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255826",
"to_ids": false,
"type": "link",
"uuid": "57fde052-079c-4c27-af94-45ca02de0b81",
"value": "https://www.virustotal.com/file/84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8/analysis/1476234908/"
},
{
"category": "Payload delivery",
"comment": "Odinaff samples - Xchecked via VT: 2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255826",
"to_ids": true,
"type": "sha1",
"uuid": "57fde052-d714-4fcf-9e34-4b3202de0b81",
"value": "dd913de9bf860b5f33d745413cc08f60d12d64b3"
},
{
"category": "Payload delivery",
"comment": "Odinaff samples - Xchecked via VT: 2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255826",
"to_ids": true,
"type": "md5",
"uuid": "57fde052-634c-4ce1-8a44-450602de0b81",
"value": "5a45366da2a8023464d7ea09fd80ba9f"
},
{
"category": "External analysis",
"comment": "Odinaff samples - Xchecked via VT: 2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255826",
"to_ids": false,
"type": "link",
"uuid": "57fde052-fcb0-462e-9d5d-46cc02de0b81",
"value": "https://www.virustotal.com/file/2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098/analysis/1476251166/"
},
{
"category": "Payload delivery",
"comment": "Odinaff samples - Xchecked via VT: 22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255826",
"to_ids": true,
"type": "sha1",
"uuid": "57fde052-31ec-4597-b3d9-476f02de0b81",
"value": "d2951010b16e82c124ec8938f1968a4f3c141995"
},
{
"category": "Payload delivery",
"comment": "Odinaff samples - Xchecked via VT: 22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255827",
"to_ids": true,
"type": "md5",
"uuid": "57fde053-d670-45e0-ad52-489402de0b81",
"value": "342652dab8a5fb7073a99438abd5d28a"
},
{
"category": "External analysis",
"comment": "Odinaff samples - Xchecked via VT: 22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255827",
"to_ids": false,
"type": "link",
"uuid": "57fde053-227c-4b6a-a763-41fe02de0b81",
"value": "https://www.virustotal.com/file/22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96/analysis/1476251715/"
},
{
"category": "Payload delivery",
"comment": "Odinaff document droppers - Xchecked via VT: 60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255827",
"to_ids": true,
"type": "sha1",
"uuid": "57fde053-8eec-40d3-91c6-4d0802de0b81",
"value": "325cf43226632978166765737d8858170d0a56b7"
},
{
"category": "Payload delivery",
"comment": "Odinaff document droppers - Xchecked via VT: 60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255827",
"to_ids": true,
"type": "md5",
"uuid": "57fde053-1ac0-4357-92c8-443c02de0b81",
"value": "a19f48cae862d4e550ca2b54b3395374"
},
{
"category": "External analysis",
"comment": "Odinaff document droppers - Xchecked via VT: 60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255828",
"to_ids": false,
"type": "link",
"uuid": "57fde054-38a4-464a-99a0-402a02de0b81",
"value": "https://www.virustotal.com/file/60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa/analysis/1473849020/"
},
{
"category": "Payload delivery",
"comment": "Odinaff document droppers - Xchecked via VT: 102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255828",
"to_ids": true,
"type": "sha1",
"uuid": "57fde054-5d58-4d93-8f12-49da02de0b81",
"value": "f661d7d16b4b73f6dc8452b7b5a598b00a411037"
},
{
"category": "Payload delivery",
"comment": "Odinaff document droppers - Xchecked via VT: 102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255828",
"to_ids": true,
"type": "md5",
"uuid": "57fde054-157c-4f68-9ecb-4bd702de0b81",
"value": "62659e1c3ab3b1feb85614ec15e1d701"
},
{
"category": "External analysis",
"comment": "Odinaff document droppers - Xchecked via VT: 102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255828",
"to_ids": false,
"type": "link",
"uuid": "57fde054-a1f4-4f89-9d69-479502de0b81",
"value": "https://www.virustotal.com/file/102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990/analysis/1476196967/"
},
{
"category": "Payload delivery",
"comment": "Odinaff droppers - Xchecked via VT: c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255829",
"to_ids": true,
"type": "sha1",
"uuid": "57fde055-cdb4-404d-80bd-4cc302de0b81",
"value": "025dd881f20381357f96f1a3e802214a1168a78f"
},
{
"category": "Payload delivery",
"comment": "Odinaff droppers - Xchecked via VT: c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255829",
"to_ids": true,
"type": "md5",
"uuid": "57fde055-2a2c-470d-9093-4d8b02de0b81",
"value": "88718cc6c00683af78a6f04e4d977bb9"
},
{
"category": "External analysis",
"comment": "Odinaff droppers - Xchecked via VT: c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255829",
"to_ids": false,
"type": "link",
"uuid": "57fde055-6d90-475b-837e-4e3002de0b81",
"value": "https://www.virustotal.com/file/c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14/analysis/1466577613/"
},
{
"category": "Payload delivery",
"comment": "Odinaff droppers - Xchecked via VT: f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255829",
"to_ids": true,
"type": "sha1",
"uuid": "57fde055-39b8-4c3b-a15c-4f9902de0b81",
"value": "3151247681a1f220aafe11b70580fad7c92ef065"
},
{
"category": "Payload delivery",
"comment": "Odinaff droppers - Xchecked via VT: f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255829",
"to_ids": true,
"type": "md5",
"uuid": "57fde055-4aac-4898-ab81-4f7502de0b81",
"value": "f425e731d0cee5b49dc4d32b74156b80"
},
{
"category": "External analysis",
"comment": "Odinaff droppers - Xchecked via VT: f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476255830",
"to_ids": false,
"type": "link",
"uuid": "57fde056-b2d0-4e81-a161-454502de0b81",
"value": "https://www.virustotal.com/file/f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5/analysis/1476193606/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1476260248",
"to_ids": false,
"type": "link",
"uuid": "57fdf198-5894-4cdf-9b84-4487950d210f",
"value": "https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks"
}
]
}
}
Reference in a new issue View git blame Copy permalink