adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59186a46-6d0c-4359-a644-c061950d210f.json

1376 lines
No EOL
53 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-05-14",
"extends_uuid": "",
"info": "OSINT - Alert (TA17-132A) Indicators Associated With WannaCry Ransomware",
"publish_timestamp": "1494773558",
"published": true,
"threat_level_id": "2",
"timestamp": "1494773442",
"uuid": "59186a46-6d0c-4359-a644-c061950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#075200",
"local": false,
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:ransomware=\"WannaCry\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": false,
"type": "link",
"uuid": "59186cef-0c9c-4b29-8570-449b950d210f",
"value": "https://www.us-cert.gov/ncas/alerts/TA17-132A",
"Tag": [
{
"colour": "#002b4a",
"local": false,
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": false,
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": false,
"type": "text",
"uuid": "59186d01-aff4-49f2-827e-453e950d210f",
"value": "According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.\r\nThe latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.\r\n\r\nThis Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.\r\nDescription\r\nInitial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 (link is external) vulnerability on March 14, 2017. According to open sources, one possible infection vector is via phishing emails.",
"Tag": [
{
"colour": "#002b4a",
"local": false,
"name": "osint:source-type=\"technical-report\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": false,
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "yara",
"uuid": "59186d3c-63ec-4821-ae62-40a4950d210f",
"value": "rule Wanna_Cry_Ransomware_Generic {\r\n meta:\r\n description = \"Detects WannaCry Ransomware on disk and in virtual page\"\r\n author = \"US-CERT Code Analysis Team\"\r\n reference = \"not set\" \r\n date = \"2017/05/12\"\r\n hash0 = \"4DA1F312A214C07143ABEEAFB695D904\"\r\n \r\n strings:\r\n $s0 = {410044004D0049004E0024}\r\n $s1 = \"WannaDecryptor\"\r\n $s2 = \"WANNACRY\"\r\n $s3 = \"Microsoft Enhanced RSA and AES Cryptographic\"\r\n $s4 = \"PKS\"\r\n $s5 = \"StartTask\"\r\n $s6 = \"wcry@123\"\r\n $s7 = {2F6600002F72}\r\n $s8 = \"unzip 0.15 Copyrigh\"\r\n condition:\r\n $s0 and $s1 and $s2 and $s3 or $s4 or $s5 or $s6 or $s7 or $s8\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "yara",
"uuid": "59186d5d-6790-457e-ab13-4f20950d210f",
"value": "/*The following Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.*/\r\n\r\nrule MS17_010_WanaCry_worm {\r\n meta:\r\n description = \"Worm exploiting MS17-010 and dropping WannaCry Ransomware\"\r\n author = \"Felipe Molina (@felmoltor)\"\r\n reference = \"https://www.exploit-db.com/exploits/41987/\"\r\n date = \"2017/05/12\"\r\n strings:\r\n $ms17010_str1=\"PC NETWORK PROGRAM 1.0\"\r\n $ms17010_str2=\"LANMAN1.0\"\r\n $ms17010_str3=\"Windows for Workgroups 3.1a\"\r\n $ms17010_str4=\"__TREEID__PLACEHOLDER__\"\r\n $ms17010_str5=\"__USERID__PLACEHOLDER__\"\r\n $wannacry_payload_substr1 = \"h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j\"\r\n $wannacry_payload_substr2 = \"h54WfF9cGigWFEx92bzmOd0UOaZlM\"\r\n $wannacry_payload_substr3 = \"tpGFEoLOU6+5I78Toh/nHs/RAP\"\r\n condition:\r\n all of them\r\n}"
},
{
"category": "Payload delivery",
"comment": "qeriuwjhrf",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e63-87a0-4e5b-981e-b099950d210f",
"value": "3175e4ba26e1e75e52935009a526002c"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e63-ccb8-4857-8b0d-b099950d210f",
"value": "31dab68b11824153b4c975399df0354f"
},
{
"category": "Payload delivery",
"comment": "cliconfg.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e63-24e4-4437-b94a-b099950d210f",
"value": "4fef5e34143e646dbf9907c4374276f5"
},
{
"category": "Payload delivery",
"comment": "diskpart.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e64-1bc8-4c8e-b7e4-b099950d210f",
"value": "509c41ec97bb81b0567b059aa2f50fe8"
},
{
"category": "Payload delivery",
"comment": "lhdfrgui.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e64-dd30-4087-a0ef-b099950d210f",
"value": "5bef35496fcbdbe841c82f4d1ab8b7c2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e65-36bc-49d2-b313-b099950d210f",
"value": "638f9235d038a0a001d5ea7f5c5dc4ae"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "sha256",
"uuid": "59186e65-2668-4823-bf8d-b099950d210f",
"value": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"
},
{
"category": "Payload delivery",
"comment": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e66-8f64-4fc3-b5dc-b099950d210f",
"value": "775a0631fb8229b2aa3d7621427085ad"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e66-89e0-4aee-bd3d-b099950d210f",
"value": "b9c5.bin"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e66-bb9c-43d3-884e-b099950d210f",
"value": "7bf2b57f2a205768755c07f238fb32cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e67-4310-4e07-bd67-b099950d210f",
"value": "2584E1521065E45EC3C17767C065429038FC6291C091097EA8B22C8A502C41DD.dat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e67-bdc0-4c44-a075-b099950d210f",
"value": "7f7ccaa16fb15eb1c7399d422f8363e8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e68-b7b8-4f4e-b355-b099950d210f",
"value": "waitfor.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e68-cad0-4d08-a8a4-b099950d210f",
"value": "8495400f199ac77853c53b5a3f278f3e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e69-fc34-4bde-b3e7-b099950d210f",
"value": "tasksche.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e69-c830-43d6-bdf2-b099950d210f",
"value": "84c82835a5d21bbcf75a61706d8ab549"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e69-e734-4325-a178-b099950d210f",
"value": "86721e64ffbd69aa6944b9672bcabb6d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e6a-ebf8-4186-b88c-b099950d210f",
"value": "8dd63adb68ef053e044a5a2f46e0d2cd.virus"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6a-5b98-4d19-9149-b099950d210f",
"value": "8dd63adb68ef053e044a5a2f46e0d2cd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6b-dab8-440f-8123-b099950d210f",
"value": "b0ad5902366f860f85b892867e5b1e87"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e6b-d830-41e6-ab27-b099950d210f",
"value": "3.13"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6c-9764-4c73-80ce-b099950d210f",
"value": "b675498639429b85af9d70be1e8a8782"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "filename",
"uuid": "59186e6c-115c-44aa-ad3b-b099950d210f",
"value": "ransomware07_no_detection.exe"
},
{
"category": "Payload delivery",
"comment": "ransomware07_no_detection.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6d-5530-412a-a504-b099950d210f",
"value": "d6114ba5f10ad67a4131ab72531f02da"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6d-eb54-46f4-a695-b099950d210f",
"value": "db349b97c37d22f5ea1d1841e3c89eb4"
},
{
"category": "Payload delivery",
"comment": "Message",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6e-34c0-4625-a0cb-b099950d210f",
"value": "e372d07207b4da75b3434584cd9f3450"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6e-5354-4011-81b5-b099950d210f",
"value": "f107a717f76f4f910ae9cb4dc5290594"
},
{
"category": "Payload delivery",
"comment": "taskhcst.eee",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6e-6fec-4fc8-95af-b099950d210f",
"value": "f529f4556a5126bba499c26d67892240"
},
{
"category": "Payload delivery",
"comment": "WCry_WannaCry_ransomware.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6f-b5fc-40ac-af86-b099950d210f",
"value": "4da1f312a214c07143abeeafb695d904"
},
{
"category": "Payload delivery",
"comment": "taskhcst.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e6f-f734-46f1-8960-b099950d210f",
"value": "3bc855bfadfea71a445080ba72b26c1c"
},
{
"category": "Payload delivery",
"comment": "findstr",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e70-80e4-414c-8fe6-b099950d210f",
"value": "b9b3965d1b218c63cd317ac33edcb942"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e70-d414-4776-af7e-b099950d210f",
"value": "808182340fb1b0b0b301c998e855a7c8"
},
{
"category": "Payload delivery",
"comment": "dvdplay",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e71-0594-4d79-933c-b099950d210f",
"value": "5c7fb0927db37372da25f270708103a2"
},
{
"category": "Payload delivery",
"comment": "Cmd.Exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e71-ac38-40e5-a3e9-b099950d210f",
"value": "66ddbd108b0c347550f18bb953e1831d"
},
{
"category": "Payload delivery",
"comment": "taskhcst.exe1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773442",
"to_ids": true,
"type": "md5",
"uuid": "59186e72-6038-480b-b334-b099950d210f",
"value": "b6ded2b8fe83be35341936e34aa433e5"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773460",
"to_ids": true,
"type": "sha1",
"uuid": "59186ed4-1b18-4604-bb07-4d0002de0b81",
"value": "45356a9dd616ed7161a3b9192e2f318d0ab5ad10"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773460",
"to_ids": false,
"type": "link",
"uuid": "59186ed4-c454-4db4-8fe0-470902de0b81",
"value": "https://www.virustotal.com/file/b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25/analysis/1494773175/"
},
{
"category": "Payload delivery",
"comment": "taskhcst.exe1 - Xchecked via VT: b6ded2b8fe83be35341936e34aa433e5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773461",
"to_ids": true,
"type": "sha256",
"uuid": "59186ed5-87ac-451a-a49a-4b6b02de0b81",
"value": "fc626fe1e0f4d77b34851a8c60cdd11172472da3b9325bfe288ac8342f6c710a"
},
{
"category": "Payload delivery",
"comment": "taskhcst.exe1 - Xchecked via VT: b6ded2b8fe83be35341936e34aa433e5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773461",
"to_ids": true,
"type": "sha1",
"uuid": "59186ed5-bfcc-434c-8711-452b02de0b81",
"value": "64b8e679727e99a369a2be3ed800f7b969d43aa8"
},
{
"category": "External analysis",
"comment": "taskhcst.exe1 - Xchecked via VT: b6ded2b8fe83be35341936e34aa433e5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773462",
"to_ids": false,
"type": "link",
"uuid": "59186ed6-00bc-4f55-8c8b-474a02de0b81",
"value": "https://www.virustotal.com/file/fc626fe1e0f4d77b34851a8c60cdd11172472da3b9325bfe288ac8342f6c710a/analysis/1494743524/"
},
{
"category": "Payload delivery",
"comment": "Cmd.Exe - Xchecked via VT: 66ddbd108b0c347550f18bb953e1831d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773462",
"to_ids": true,
"type": "sha256",
"uuid": "59186ed6-5fcc-4dd2-b252-47e602de0b81",
"value": "f7c7b5e4b051ea5bd0017803f40af13bed224c4b0fd60b890b6784df5bd63494"
},
{
"category": "Payload delivery",
"comment": "Cmd.Exe - Xchecked via VT: 66ddbd108b0c347550f18bb953e1831d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773462",
"to_ids": true,
"type": "sha1",
"uuid": "59186ed6-6b10-4080-9597-424002de0b81",
"value": "432c1a5353bab4dba67ea620ea6c1a3095c5d4fa"
},
{
"category": "External analysis",
"comment": "Cmd.Exe - Xchecked via VT: 66ddbd108b0c347550f18bb953e1831d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773463",
"to_ids": false,
"type": "link",
"uuid": "59186ed7-90e8-4552-af83-48b502de0b81",
"value": "https://www.virustotal.com/file/f7c7b5e4b051ea5bd0017803f40af13bed224c4b0fd60b890b6784df5bd63494/analysis/1494743664/"
},
{
"category": "Payload delivery",
"comment": "dvdplay - Xchecked via VT: 5c7fb0927db37372da25f270708103a2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773463",
"to_ids": true,
"type": "sha256",
"uuid": "59186ed7-c4e0-4a28-ba4c-4ec802de0b81",
"value": "be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844"
},
{
"category": "Payload delivery",
"comment": "dvdplay - Xchecked via VT: 5c7fb0927db37372da25f270708103a2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773464",
"to_ids": true,
"type": "sha1",
"uuid": "59186ed8-153c-4f8e-81a0-441802de0b81",
"value": "120ed9279d85cbfa56e5b7779ffa7162074f7a29"
},
{
"category": "External analysis",
"comment": "dvdplay - Xchecked via VT: 5c7fb0927db37372da25f270708103a2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773464",
"to_ids": false,
"type": "link",
"uuid": "59186ed8-5e78-4c77-ac91-416502de0b81",
"value": "https://www.virustotal.com/file/be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844/analysis/1494702148/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 808182340fb1b0b0b301c998e855a7c8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773465",
"to_ids": true,
"type": "sha256",
"uuid": "59186ed9-c890-4cc2-8ed5-4aec02de0b81",
"value": "76a3666ce9119295104bb69ee7af3f2845d23f40ba48ace7987f79b06312bbdf"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 808182340fb1b0b0b301c998e855a7c8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773465",
"to_ids": true,
"type": "sha1",
"uuid": "59186ed9-4754-410e-8c84-437302de0b81",
"value": "4fdae49be25846ca53b5936a731ce79c673a8e1f"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 808182340fb1b0b0b301c998e855a7c8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773465",
"to_ids": false,
"type": "link",
"uuid": "59186ed9-4ea8-449a-8747-487402de0b81",
"value": "https://www.virustotal.com/file/76a3666ce9119295104bb69ee7af3f2845d23f40ba48ace7987f79b06312bbdf/analysis/1494743657/"
},
{
"category": "Payload delivery",
"comment": "findstr - Xchecked via VT: b9b3965d1b218c63cd317ac33edcb942",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773466",
"to_ids": true,
"type": "sha256",
"uuid": "59186eda-9aec-44a7-842f-400502de0b81",
"value": "5d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b9"
},
{
"category": "Payload delivery",
"comment": "findstr - Xchecked via VT: b9b3965d1b218c63cd317ac33edcb942",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773466",
"to_ids": true,
"type": "sha1",
"uuid": "59186eda-e5c4-49aa-9b79-46a802de0b81",
"value": "02408bb6dc1f3605a7d3f9bad687a858ec147896"
},
{
"category": "External analysis",
"comment": "findstr - Xchecked via VT: b9b3965d1b218c63cd317ac33edcb942",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773467",
"to_ids": false,
"type": "link",
"uuid": "59186edb-6524-4f95-9404-44b202de0b81",
"value": "https://www.virustotal.com/file/5d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b9/analysis/1494743649/"
},
{
"category": "Payload delivery",
"comment": "taskhcst.exe - Xchecked via VT: 3bc855bfadfea71a445080ba72b26c1c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773467",
"to_ids": true,
"type": "sha256",
"uuid": "59186edb-fbac-475d-b132-404302de0b81",
"value": "043e0d0d8b8cda56851f5b853f244f677bd1fd50f869075ef7ba1110771f70c2"
},
{
"category": "Payload delivery",
"comment": "taskhcst.exe - Xchecked via VT: 3bc855bfadfea71a445080ba72b26c1c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773468",
"to_ids": true,
"type": "sha1",
"uuid": "59186edc-a134-401d-85c6-4b2902de0b81",
"value": "bc978db3d2dc20b1a305d294a504bb0ceb83f95a"
},
{
"category": "External analysis",
"comment": "taskhcst.exe - Xchecked via VT: 3bc855bfadfea71a445080ba72b26c1c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773468",
"to_ids": false,
"type": "link",
"uuid": "59186edc-9a80-43d3-8760-447c02de0b81",
"value": "https://www.virustotal.com/file/043e0d0d8b8cda56851f5b853f244f677bd1fd50f869075ef7ba1110771f70c2/analysis/1494713702/"
},
{
"category": "Payload delivery",
"comment": "WCry_WannaCry_ransomware.exe - Xchecked via VT: 4da1f312a214c07143abeeafb695d904",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773469",
"to_ids": true,
"type": "sha256",
"uuid": "59186edd-aebc-47d2-809a-4e6f02de0b81",
"value": "aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c"
},
{
"category": "Payload delivery",
"comment": "WCry_WannaCry_ransomware.exe - Xchecked via VT: 4da1f312a214c07143abeeafb695d904",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773469",
"to_ids": true,
"type": "sha1",
"uuid": "59186edd-421c-4098-b5b6-4dc602de0b81",
"value": "b629f072c9241fd2451f1cbca2290197e72a8f5e"
},
{
"category": "External analysis",
"comment": "WCry_WannaCry_ransomware.exe - Xchecked via VT: 4da1f312a214c07143abeeafb695d904",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773469",
"to_ids": false,
"type": "link",
"uuid": "59186edd-3cdc-4e95-8296-4a5b02de0b81",
"value": "https://www.virustotal.com/file/aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c/analysis/1494743633/"
},
{
"category": "Payload delivery",
"comment": "taskhcst.eee - Xchecked via VT: f529f4556a5126bba499c26d67892240",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773470",
"to_ids": true,
"type": "sha256",
"uuid": "59186ede-c150-4aba-b1ff-47e302de0b81",
"value": "dff26a9a44baa3ce109b8df41ae0a301d9e4a28ad7bd7721bbb7ccd137bfd696"
},
{
"category": "Payload delivery",
"comment": "taskhcst.eee - Xchecked via VT: f529f4556a5126bba499c26d67892240",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773470",
"to_ids": true,
"type": "sha1",
"uuid": "59186ede-cb7c-4978-b81a-420e02de0b81",
"value": "fb18818fc383330b401fc5b332cc63a5bbd4cd30"
},
{
"category": "External analysis",
"comment": "taskhcst.eee - Xchecked via VT: f529f4556a5126bba499c26d67892240",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773471",
"to_ids": false,
"type": "link",
"uuid": "59186edf-ba58-4660-8a00-4b5502de0b81",
"value": "https://www.virustotal.com/file/dff26a9a44baa3ce109b8df41ae0a301d9e4a28ad7bd7721bbb7ccd137bfd696/analysis/1494720293/"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe - Xchecked via VT: f107a717f76f4f910ae9cb4dc5290594",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773471",
"to_ids": true,
"type": "sha256",
"uuid": "59186edf-d044-4037-a06e-495c02de0b81",
"value": "f8812f1deb8001f3b7672b6fc85640ecb123bc2304b563728e6235ccbe782d85"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe - Xchecked via VT: f107a717f76f4f910ae9cb4dc5290594",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773472",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee0-aeac-4810-81e7-423802de0b81",
"value": "51e4307093f8ca8854359c0ac882ddca427a813c"
},
{
"category": "External analysis",
"comment": "mssecsvc.exe - Xchecked via VT: f107a717f76f4f910ae9cb4dc5290594",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773472",
"to_ids": false,
"type": "link",
"uuid": "59186ee0-84cc-441e-999e-44b502de0b81",
"value": "https://www.virustotal.com/file/f8812f1deb8001f3b7672b6fc85640ecb123bc2304b563728e6235ccbe782d85/analysis/1494751064/"
},
{
"category": "Payload delivery",
"comment": "Message - Xchecked via VT: e372d07207b4da75b3434584cd9f3450",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773473",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee1-e194-405e-8599-4e2202de0b81",
"value": "4b76e54de0243274f97430b26624c44694fbde3289ed81a160e0754ab9f56f32"
},
{
"category": "Payload delivery",
"comment": "Message - Xchecked via VT: e372d07207b4da75b3434584cd9f3450",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773473",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee1-9e80-4370-b26b-494502de0b81",
"value": "f3839c1cde9ce18021194573fdf0cae09a62172f"
},
{
"category": "External analysis",
"comment": "Message - Xchecked via VT: e372d07207b4da75b3434584cd9f3450",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773473",
"to_ids": false,
"type": "link",
"uuid": "59186ee1-eff0-4319-8b45-4b6c02de0b81",
"value": "https://www.virustotal.com/file/4b76e54de0243274f97430b26624c44694fbde3289ed81a160e0754ab9f56f32/analysis/1494743443/"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe - Xchecked via VT: db349b97c37d22f5ea1d1841e3c89eb4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773474",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee2-6158-4c8d-ac13-402602de0b81",
"value": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe - Xchecked via VT: db349b97c37d22f5ea1d1841e3c89eb4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773474",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee2-592c-4eb3-b66f-455702de0b81",
"value": "e889544aff85ffaf8b0d0da705105dee7c97fe26"
},
{
"category": "External analysis",
"comment": "mssecsvc.exe - Xchecked via VT: db349b97c37d22f5ea1d1841e3c89eb4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773475",
"to_ids": false,
"type": "link",
"uuid": "59186ee3-eca8-4b41-8634-4bc502de0b81",
"value": "https://www.virustotal.com/file/24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c/analysis/1494773179/"
},
{
"category": "Payload delivery",
"comment": "ransomware07_no_detection.exe - Xchecked via VT: d6114ba5f10ad67a4131ab72531f02da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773475",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee3-37c0-4002-a3a9-43f802de0b81",
"value": "7c465ea7bcccf4f94147add808f24629644be11c0ba4823f16e8c19e0090f0ff"
},
{
"category": "Payload delivery",
"comment": "ransomware07_no_detection.exe - Xchecked via VT: d6114ba5f10ad67a4131ab72531f02da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773476",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee4-3700-4b2a-80b5-470102de0b81",
"value": "a1818054b40ec9e28bebe518ecc92f4eceaffef4"
},
{
"category": "External analysis",
"comment": "ransomware07_no_detection.exe - Xchecked via VT: d6114ba5f10ad67a4131ab72531f02da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773476",
"to_ids": false,
"type": "link",
"uuid": "59186ee4-d7b8-4329-8551-424a02de0b81",
"value": "https://www.virustotal.com/file/7c465ea7bcccf4f94147add808f24629644be11c0ba4823f16e8c19e0090f0ff/analysis/1494751042/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: b675498639429b85af9d70be1e8a8782",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773477",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee5-5b74-425b-85b0-4c2102de0b81",
"value": "7108d6793a003695ee8107401cfb17af305fa82ff6c16b7a5db45f15e5c9e12d"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: b675498639429b85af9d70be1e8a8782",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773477",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee5-25b0-46c3-bb44-4c6502de0b81",
"value": "b8b49a36a52abcf537febcbf2d09497bee79987d"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: b675498639429b85af9d70be1e8a8782",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773477",
"to_ids": false,
"type": "link",
"uuid": "59186ee5-431c-44dc-9dce-42cf02de0b81",
"value": "https://www.virustotal.com/file/7108d6793a003695ee8107401cfb17af305fa82ff6c16b7a5db45f15e5c9e12d/analysis/1494666506/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: b0ad5902366f860f85b892867e5b1e87",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773478",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee6-e3a8-4279-ae1c-42bd02de0b81",
"value": "ca29de1dc8817868c93e54b09f557fe14e40083c0955294df5bd91f52ba469c8"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: b0ad5902366f860f85b892867e5b1e87",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773478",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee6-1010-4fe9-afef-418802de0b81",
"value": "a52e025d579bebae7c64cb40236b469b3c376024"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: b0ad5902366f860f85b892867e5b1e87",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773479",
"to_ids": false,
"type": "link",
"uuid": "59186ee7-924c-4790-ae15-4f7502de0b81",
"value": "https://www.virustotal.com/file/ca29de1dc8817868c93e54b09f557fe14e40083c0955294df5bd91f52ba469c8/analysis/1494720271/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 8dd63adb68ef053e044a5a2f46e0d2cd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773479",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee7-f31c-4a5c-8b0a-465e02de0b81",
"value": "201f42080e1c989774d05d5b127a8cd4b4781f1956b78df7c01112436c89b2c9"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 8dd63adb68ef053e044a5a2f46e0d2cd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773480",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee8-6dc4-40ee-bf4c-480e02de0b81",
"value": "1bc604573ceab106e5a0e9c419ade38739228707"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 8dd63adb68ef053e044a5a2f46e0d2cd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773480",
"to_ids": false,
"type": "link",
"uuid": "59186ee8-86d0-4f44-8d58-403402de0b81",
"value": "https://www.virustotal.com/file/201f42080e1c989774d05d5b127a8cd4b4781f1956b78df7c01112436c89b2c9/analysis/1494720276/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 86721e64ffbd69aa6944b9672bcabb6d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773481",
"to_ids": true,
"type": "sha256",
"uuid": "59186ee9-c5bc-4acc-8799-493d02de0b81",
"value": "c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 86721e64ffbd69aa6944b9672bcabb6d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773481",
"to_ids": true,
"type": "sha1",
"uuid": "59186ee9-bfe0-4a09-8002-499702de0b81",
"value": "8897c658c0373be54eeac23bbd4264687a141ae1"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 86721e64ffbd69aa6944b9672bcabb6d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773482",
"to_ids": false,
"type": "link",
"uuid": "59186eea-ed70-4404-8146-4f7202de0b81",
"value": "https://www.virustotal.com/file/c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9/analysis/1494750999/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 84c82835a5d21bbcf75a61706d8ab549",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773482",
"to_ids": true,
"type": "sha256",
"uuid": "59186eea-2358-4fa3-937f-442c02de0b81",
"value": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 84c82835a5d21bbcf75a61706d8ab549",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773482",
"to_ids": true,
"type": "sha1",
"uuid": "59186eea-1c70-41c6-8ab7-483902de0b81",
"value": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 84c82835a5d21bbcf75a61706d8ab549",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773483",
"to_ids": false,
"type": "link",
"uuid": "59186eeb-30bc-4bb3-a469-44a802de0b81",
"value": "https://www.virustotal.com/file/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa/analysis/1494770878/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 8495400f199ac77853c53b5a3f278f3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773483",
"to_ids": true,
"type": "sha256",
"uuid": "59186eeb-0650-4542-9687-4c1702de0b81",
"value": "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 8495400f199ac77853c53b5a3f278f3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773484",
"to_ids": true,
"type": "sha1",
"uuid": "59186eec-0ff0-42f6-bba9-440002de0b81",
"value": "be5d6279874da315e3080b06083757aad9b32c23"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 8495400f199ac77853c53b5a3f278f3e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773484",
"to_ids": false,
"type": "link",
"uuid": "59186eec-d110-445f-b5b6-4c3302de0b81",
"value": "https://www.virustotal.com/file/2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d/analysis/1494772081/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7f7ccaa16fb15eb1c7399d422f8363e8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773485",
"to_ids": true,
"type": "sha256",
"uuid": "59186eed-443c-4e5e-951b-489b02de0b81",
"value": "2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 7f7ccaa16fb15eb1c7399d422f8363e8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773485",
"to_ids": true,
"type": "sha1",
"uuid": "59186eed-758c-4fc3-bb0b-491d02de0b81",
"value": "bd44d0ab543bf814d93b719c24e90d8dd7111234"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 7f7ccaa16fb15eb1c7399d422f8363e8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773486",
"to_ids": false,
"type": "link",
"uuid": "59186eee-ab80-4589-ae8e-484002de0b81",
"value": "https://www.virustotal.com/file/2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd/analysis/1494767002/"
},
{
"category": "Payload delivery",
"comment": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 - Xchecked via VT: 775a0631fb8229b2aa3d7621427085ad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773486",
"to_ids": true,
"type": "sha256",
"uuid": "59186eee-4158-4161-ab1b-4b1902de0b81",
"value": "00fdb4c1c49aef198f37b8061eb585b8f9a4d5e6c62251441831fe2f6a0a25b7"
},
{
"category": "Payload delivery",
"comment": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 - Xchecked via VT: 775a0631fb8229b2aa3d7621427085ad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773487",
"to_ids": true,
"type": "sha1",
"uuid": "59186eef-41b0-4bf8-9cc7-44e402de0b81",
"value": "8286354a6a051704dec39993af4e127d317f6974"
},
{
"category": "External analysis",
"comment": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 - Xchecked via VT: 775a0631fb8229b2aa3d7621427085ad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773487",
"to_ids": false,
"type": "link",
"uuid": "59186eef-8cd0-456d-935d-46f802de0b81",
"value": "https://www.virustotal.com/file/00fdb4c1c49aef198f37b8061eb585b8f9a4d5e6c62251441831fe2f6a0a25b7/analysis/1494767713/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 638f9235d038a0a001d5ea7f5c5dc4ae",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773488",
"to_ids": true,
"type": "sha256",
"uuid": "59186ef0-a37c-4071-89ab-4a2602de0b81",
"value": "5ad4efd90dcde01d26cc6f32f7ce3ce0b4d4951d4b94a19aa097341aff2acaec"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 638f9235d038a0a001d5ea7f5c5dc4ae",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773488",
"to_ids": true,
"type": "sha1",
"uuid": "59186ef0-57b0-4ce6-a4da-4bfe02de0b81",
"value": "af7db69cbaa6ab3e4730af8763ae4bf7b7c0c9b2"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 638f9235d038a0a001d5ea7f5c5dc4ae",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773488",
"to_ids": false,
"type": "link",
"uuid": "59186ef0-6ef8-4912-98f7-498102de0b81",
"value": "https://www.virustotal.com/file/5ad4efd90dcde01d26cc6f32f7ce3ce0b4d4951d4b94a19aa097341aff2acaec/analysis/1494759773/"
},
{
"category": "Payload delivery",
"comment": "lhdfrgui.exe - Xchecked via VT: 5bef35496fcbdbe841c82f4d1ab8b7c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773489",
"to_ids": true,
"type": "sha256",
"uuid": "59186ef1-3398-4c29-a43a-44e302de0b81",
"value": "4186675cb6706f9d51167fb0f14cd3f8fcfb0065093f62b10a15f7d9a6c8d982"
},
{
"category": "Payload delivery",
"comment": "lhdfrgui.exe - Xchecked via VT: 5bef35496fcbdbe841c82f4d1ab8b7c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773489",
"to_ids": true,
"type": "sha1",
"uuid": "59186ef1-6b28-4ad2-83a4-417502de0b81",
"value": "50049556b3406e07347411767d6d01a704b6fee6"
},
{
"category": "External analysis",
"comment": "lhdfrgui.exe - Xchecked via VT: 5bef35496fcbdbe841c82f4d1ab8b7c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773490",
"to_ids": false,
"type": "link",
"uuid": "59186ef2-c8dc-4927-9a76-43aa02de0b81",
"value": "https://www.virustotal.com/file/4186675cb6706f9d51167fb0f14cd3f8fcfb0065093f62b10a15f7d9a6c8d982/analysis/1494750995/"
},
{
"category": "Payload delivery",
"comment": "diskpart.exe - Xchecked via VT: 509c41ec97bb81b0567b059aa2f50fe8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773490",
"to_ids": true,
"type": "sha256",
"uuid": "59186ef2-b3cc-4c54-b55c-4eaa02de0b81",
"value": "09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa"
},
{
"category": "Payload delivery",
"comment": "diskpart.exe - Xchecked via VT: 509c41ec97bb81b0567b059aa2f50fe8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773491",
"to_ids": true,
"type": "sha1",
"uuid": "59186ef3-e590-4c42-9210-448002de0b81",
"value": "87420a2791d18dad3f18be436045280a4cc16fc4"
},
{
"category": "External analysis",
"comment": "diskpart.exe - Xchecked via VT: 509c41ec97bb81b0567b059aa2f50fe8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773491",
"to_ids": false,
"type": "link",
"uuid": "59186ef3-9e58-4099-ae06-432102de0b81",
"value": "https://www.virustotal.com/file/09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa/analysis/1494751000/"
},
{
"category": "Payload delivery",
"comment": "cliconfg.exe - Xchecked via VT: 4fef5e34143e646dbf9907c4374276f5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773491",
"to_ids": true,
"type": "sha256",
"uuid": "59186ef3-a424-4bd3-b26a-4b0202de0b81",
"value": "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"
},
{
"category": "Payload delivery",
"comment": "cliconfg.exe - Xchecked via VT: 4fef5e34143e646dbf9907c4374276f5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773492",
"to_ids": true,
"type": "sha1",
"uuid": "59186ef4-d4e0-41c0-9f56-4a3902de0b81",
"value": "47a9ad4125b6bd7c55e4e7da251e23f089407b8f"
},
{
"category": "External analysis",
"comment": "cliconfg.exe - Xchecked via VT: 4fef5e34143e646dbf9907c4374276f5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773492",
"to_ids": false,
"type": "link",
"uuid": "59186ef4-1510-4b14-9be3-4d4602de0b81",
"value": "https://www.virustotal.com/file/4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79/analysis/1494765091/"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe - Xchecked via VT: 31dab68b11824153b4c975399df0354f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773493",
"to_ids": true,
"type": "sha256",
"uuid": "59186ef5-32b0-40c2-9f12-4b7502de0b81",
"value": "9b60c622546dc45cca64df935b71c26dcf4886d6fa811944dbc4e23db9335640"
},
{
"category": "Payload delivery",
"comment": "mssecsvc.exe - Xchecked via VT: 31dab68b11824153b4c975399df0354f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773493",
"to_ids": true,
"type": "sha1",
"uuid": "59186ef5-f4b4-40d2-a29d-469602de0b81",
"value": "14249e7fb3fb6f4b363c47d5aae9f46dab2083c1"
},
{
"category": "External analysis",
"comment": "mssecsvc.exe - Xchecked via VT: 31dab68b11824153b4c975399df0354f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773494",
"to_ids": false,
"type": "link",
"uuid": "59186ef6-d52c-4860-a182-458202de0b81",
"value": "https://www.virustotal.com/file/9b60c622546dc45cca64df935b71c26dcf4886d6fa811944dbc4e23db9335640/analysis/1494751026/"
},
{
"category": "Payload delivery",
"comment": "qeriuwjhrf - Xchecked via VT: 3175e4ba26e1e75e52935009a526002c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773494",
"to_ids": true,
"type": "sha256",
"uuid": "59186ef6-c6f0-441e-8972-480d02de0b81",
"value": "7e369022da51937781b3efe6c57f824f05cf43cbd66b4a24367a19488d2939e4"
},
{
"category": "Payload delivery",
"comment": "qeriuwjhrf - Xchecked via VT: 3175e4ba26e1e75e52935009a526002c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773495",
"to_ids": true,
"type": "sha1",
"uuid": "59186ef7-e05c-4353-ad61-456d02de0b81",
"value": "5d68e2779e2cccee49188363be6cddbb0bac7053"
},
{
"category": "External analysis",
"comment": "qeriuwjhrf - Xchecked via VT: 3175e4ba26e1e75e52935009a526002c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1494773495",
"to_ids": false,
"type": "link",
"uuid": "59186ef7-62ec-4b78-a6af-497302de0b81",
"value": "https://www.virustotal.com/file/7e369022da51937781b3efe6c57f824f05cf43cbd66b4a24367a19488d2939e4/analysis/1494751050/"
}
]
}
}
Reference in a new issue View git blame Copy permalink