1968 lines
No EOL
68 KiB
JSON
1968 lines
No EOL
68 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2018-08-13",
|
|
"extends_uuid": "",
|
|
"info": "Talos: Threat Roundup for August 3-10",
|
|
"publish_timestamp": "1589184090",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1621865274",
|
|
"uuid": "5b716ba0-7ecc-4f64-a07c-d96d0acd0835",
|
|
"Orgc": {
|
|
"name": "Synovus Financial",
|
|
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-d458-458c-8350-db180acd0835",
|
|
"value": "25430a357d53aec77dd1f119b838ceae79a22bb3a60c7a002cb7328b098546a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-2204-418d-91a8-db180acd0835",
|
|
"value": "54279416f864d374f33fe9a2fe2998db3976c4ff43e8b0da006548489a50bbdd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-b3f4-423d-92f0-db180acd0835",
|
|
"value": "5ce812ebf77f6d63de37a1e3d261b9688d595aaeadaef3388f4214896bb64892"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-6d3c-43db-990b-db180acd0835",
|
|
"value": "810fb35557e051a7be3f03b37247c90796595a2d5afa1b2c3034187de2a3f0bc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-96a0-40d4-8f60-db180acd0835",
|
|
"value": "8f08bcadd3a44055a70dbae3308cf18c8d1824e424100eda03ddc71e9417fb5e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-32a0-4dd9-8a7c-db180acd0835",
|
|
"value": "9435b87c7c91ac98f9f461aeaa6b1630e2270e2d2ccdf6a05d46fa02de91d1eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-6e84-49d4-95e2-db180acd0835",
|
|
"value": "9634a2afb40139e39da8c8ef0da8f5104229d7bb4c3b95faee5a4396713f528e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-3f7c-4894-950c-db180acd0835",
|
|
"value": "a137c89d2c6f0ae74217724e1cb56aea726e285d0e6e98adfda16617ad51d176"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-98c0-40c4-ad13-db180acd0835",
|
|
"value": "a2907c7011b20373fd47e03a0f4679fdd51b982b973bb37d1d45bfa4a618bc5a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-e620-493b-b243-db180acd0835",
|
|
"value": "b3c6a0883d9ed8bcf1bf162c0ade8b16f2cd4ae890e30ba9e9540f4bdf5f5ba1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-e7c8-40f2-b32b-db180acd0835",
|
|
"value": "ba5afe1245d10f72637d34a96bf6e365c2f4326da69dcd440beacf421b634133"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-3ed8-4559-9a9d-db180acd0835",
|
|
"value": "cd3a4783c2795a16c82518c56f955c9b56f415d59ef5bc77e143f6124123364b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-4920-4878-b900-db180acd0835",
|
|
"value": "d0dbd75a4d8716ba7ca7d025ee1c772aa4ff554214a993b4b874a0a26dcf5a6c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-0724-48df-8122-db180acd0835",
|
|
"value": "e2116a9a176ff765f1c5ec23003266bfe0f1592e46e41236482ad4c3520ea53a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-c21c-4290-920a-db180acd0835",
|
|
"value": "e2846881f6127d99222144e4ece509bd18522fdd7791bf84d7697b37ffa40919"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-4540-4a16-97cb-db180acd0835",
|
|
"value": "efc3e1b1d6c13c3624160edc36f678dd92f172339bfde598ad1a95b02b474981"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-f3f4-4907-bc2e-db180acd0835",
|
|
"value": "f7df8c9e36cf3440709111a33721e7ac7268a2a80057df08843ba95a72c222eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159896",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716c18-5524-46cd-8b6c-db180acd0835",
|
|
"value": "fdd4cce37fd524f99e096d0e45f95ac4dac696c8d7e8eb493bb485c63409c7b3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159951",
|
|
"to_ids": false,
|
|
"type": "domain",
|
|
"uuid": "5b716c18-0250-4206-b5e9-db180acd0835",
|
|
"value": "ip-api.com"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159962",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b716c2e-0ccc-4258-855c-d73c0acd0835",
|
|
"value": "QSR_MUTEX_HnRHWDxWQnveBdUtWT"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "Win.Malware.Dbzx-6628757-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534159968",
|
|
"to_ids": false,
|
|
"type": "regkey",
|
|
"uuid": "5b716c41-e8c8-44e6-bcb4-dc600acd0835",
|
|
"value": "<HKLM>\\Software\\Wow6432Node\\Microsoft\\Tracing"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-6488-495f-8378-c6f10acd0835",
|
|
"value": "0406ad0fe90d371b02742e6821486abbfbf2bbd72a7593e8ddb650f0b97673b3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-878c-4274-80d6-c6f10acd0835",
|
|
"value": "0604aa87706cb7890075b494f026c88b2f03b621367f1bb62a87f5c5deb87870"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-974c-462f-8819-c6f10acd0835",
|
|
"value": "086af92d83279f5792c15a762a70e158de54b67c1a96bfc14c4ad52a24468f32"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-a5bc-425e-b91b-c6f10acd0835",
|
|
"value": "10f13af2a3591efa3d58c47bb0635e3a653e14ec7726493bb4595b4dd8cd51cb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-e6ec-4460-bf02-c6f10acd0835",
|
|
"value": "127c316e7a10579e61369d6a8154e3e34726209b3cc075ddd6d9875c439c583e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-0c28-41e6-9548-c6f10acd0835",
|
|
"value": "1fc9fda1b0c868dc7cb0cf6d8867b7aefc202436fe9e41cba5b2b35bb1ce9e9f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-a43c-49f9-88c2-c6f10acd0835",
|
|
"value": "23ba67cf24c95f3bfd36b66f822feb3d2fd0f72617921550fee034a1b7b8cc74"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbe-de1c-4321-93bd-c6f10acd0835",
|
|
"value": "27e37ac7cc8b48573a8345223399ce6b0ab9432ee977acf02c09bcf64cf6622d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-cf80-4d92-94d6-c6f10acd0835",
|
|
"value": "2bf1192e5200b6f8d25586908b05912a5fa6e06e87540dbb914200446a3deb10"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-b20c-4602-b35e-c6f10acd0835",
|
|
"value": "2ee83958eb1e8cb622ca833c38e51b53548d299b6574e5b7203741a2d27963f5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-f97c-4f93-a9d9-c6f10acd0835",
|
|
"value": "2fca527cf8ebf4576e982118e22dfe3fd8e445749a5403dafed36089666f2357"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-b06c-4941-95cb-c6f10acd0835",
|
|
"value": "30bbfb79d26a172975e9482204f06423eff6948b1732384e7b6d23f9932ec08d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-0618-489c-9de6-c6f10acd0835",
|
|
"value": "30bf6e1a41dea6e4024853f9b7a6a878e4f5e4141dba4b0fe7686159925fe6cf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-fd7c-4fe4-b0ae-c6f10acd0835",
|
|
"value": "42fca9d196c668747b74f80ca996aee9ae38bed96956b42436949a8d4d33ecf1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-b980-4784-b2be-c6f10acd0835",
|
|
"value": "45e6356ca3b373da3a80a72a1b64f1254f4426949598b8877abd6de99e379166"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-2224-40df-974c-c6f10acd0835",
|
|
"value": "4ac5db87bc83dcbf1399f4fc0fede3c5ecee5b8ef2a2500fd79b1588ef033429"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-b884-4ac3-96da-c6f10acd0835",
|
|
"value": "4b2f6d80bf78ad165c2f07d914cb4137ba31918f3f8f03f812b20715c3451f56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-0f14-440a-8d2e-c6f10acd0835",
|
|
"value": "4d7d9d73dad989590860178530dd8848d9b79a23f1cb379bc1ca5545cb196eca"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-f0b4-458e-bbd1-c6f10acd0835",
|
|
"value": "4e81241256ab4adb5bb96b21633d95773cc34ee72e499659064db0d32046dabf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160086",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-5790-4b9f-9b84-c6f10acd0835",
|
|
"value": "4ea92195bc159e268c7a348f2649010cb01a3e67c315d2f0b8115eaf2c879692"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-7028-4ed4-9e75-c6f10acd0835",
|
|
"value": "5639d3af9cf530a057aebf3cbf92061b58539b2c311491a26d8f404a211d66bb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-e16c-4de3-a9b4-c6f10acd0835",
|
|
"value": "59644dcd34cce275ff5d72c022fa76ac42a422b038d816909281e01e392d3b40"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-7aac-48a8-bbed-c6f10acd0835",
|
|
"value": "599e4e8130e4a1f3f3777c6f9f088cc03c2781f4e802e0e16e417a43ec58c518"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-2df4-4ac8-a246-c6f10acd0835",
|
|
"value": "5eef8b5433ebc22e4c9ea3c1462d525192a4bda8d20be4e7b09fe7d03fb9d119"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716cbf-13a0-4cd4-b667-c6f10acd0835",
|
|
"value": "6238c7a704baa8771812e4f3452acb042c6475913db4cd57cfaf17a7454d4d22"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5b716cbf-8c38-4036-ba24-c6f10acd0835",
|
|
"value": "67.68.235.25"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160085",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5b716cbf-4a98-4e1a-b80c-c6f10acd0835",
|
|
"value": "187.192.180.144"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160155",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b716d03-f2dc-4506-b4c0-c79c0acd0835",
|
|
"value": "PEMB2C"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160152",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b716d03-7f58-4e42-b744-c79c0acd0835",
|
|
"value": "PEM944"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160149",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b716d03-ffb8-49a1-b640-c79c0acd0835",
|
|
"value": "PEM80C"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160145",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b716d03-6f4c-4108-b7dd-c79c0acd0835",
|
|
"value": "PEMA10"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160221",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b716d5d-730c-4a0d-8e09-c6f10acd0835",
|
|
"value": "%WinDir%\\SysWOW64\\TO5sH5uBMit.exe"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Win.Malware.Emotet-6628754-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160221",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b716d5d-e2a0-42d7-98ad-c6f10acd0835",
|
|
"value": "TO5sH5uBMit.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-4330-4b8e-8fee-d4890acd0835",
|
|
"value": "25f8455b83b98f38809af120e35c3eda189a05538f7aa2d527a265520bc3c75e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-85dc-4130-97d3-d4890acd0835",
|
|
"value": "342a9470e5d3dd522c17cf0a5bc588d87a84689d90362c0b18c320385b2e908d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-38e4-489f-9db1-d4890acd0835",
|
|
"value": "41ebdf1d4a210f395d5ee32bf55c6b07ee1e0a0bdf939bd081f6d751323c643c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-62ac-4ed1-ba31-d4890acd0835",
|
|
"value": "54be105a129d959359107d7dff6b379cd366e32bf7be9ac9a06bc2141d3ca7fa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-a784-4d5d-b120-d4890acd0835",
|
|
"value": "5dce0e7e0a1807d2804f28c5d5afd4ac282a022acd1945786bd118e1caf4050c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-b914-4475-beba-d4890acd0835",
|
|
"value": "5fe244200c9367e1b132ccc13df6daaba5479d2491db8fe95658f43981567c5a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-fc00-4260-952b-d4890acd0835",
|
|
"value": "6292ddf51023ccca84211ed4f33944b4c3df1b694d102d90d3dd2a5a080ed2b9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-2cf4-44c9-accd-d4890acd0835",
|
|
"value": "649c52d7b9a58837e6ccd308665d63971e424d29480c44448ddbef15e91649a6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-345c-4882-a3a6-d4890acd0835",
|
|
"value": "6dd74f0816f8b24a6f93c2dae0c69d33689e4baba632605d138216d9c7aab2ba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-a04c-4783-9c0c-d4890acd0835",
|
|
"value": "7322fb7767b733ef5a279720f581d54edae9ea4af69d39aaa3e79fc443e2bb33"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-a7d8-40fd-968b-d4890acd0835",
|
|
"value": "76be26ac77aa81a5fb7d78135adb05b579cecc2173ffef5f5ab6b484e37f9e6e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-0428-4d7b-b150-d4890acd0835",
|
|
"value": "793b978af24469a77490ea609de0142ff817e557ad78a688dd5d65c2fe49a8db"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-89b4-479a-9337-d4890acd0835",
|
|
"value": "7c0e65092e8786d9052bbd74f4dc7b26567e150efb25d1503c4bfd9b3895b8ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-ab48-4f67-9fa7-d4890acd0835",
|
|
"value": "8815e1daad1f9cb4ff4243ff485218e3a0be93e2afef07048852ba79fdd9294e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-6490-49a5-b812-d4890acd0835",
|
|
"value": "8e84fbc38403f1516447b73b73b5051777314089f0d1fefcfae004b1ef615641"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-71d4-424c-9543-d4890acd0835",
|
|
"value": "a0e3bd64d556ce80b85b7d328bb61beeaf2da297dc09058211150617d6a83b8b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-20f4-4cb2-8aed-d4890acd0835",
|
|
"value": "b6b3b53b1001b6de24797a89d61bd825760574ab4cb60f7a5971115acb53c8e4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-b264-434c-9a4a-d4890acd0835",
|
|
"value": "ef66d0161200d413bb8a577a517fe03f325f2fd2f0df778f6297a8658ca0abc8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-39ac-492a-8271-d4890acd0835",
|
|
"value": "f25d03efc63cba1a262034382f809aaa5918f218b965164897df0c989a08dd04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160291",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716da3-5cd0-43af-b835-d4890acd0835",
|
|
"value": "f8ee14337fe367aded0aee32c6c84ce404eaef53a6f75d86c6c08235f55ec303"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160699",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b716f3b-06a8-4bbf-9db7-df1b0acd0835",
|
|
"value": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160799",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b716f9f-26c8-4850-87cf-ded10acd0835",
|
|
"value": "%AppData%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\FlashPlayerApp.lnk"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160799",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b716f9f-8d60-41b8-9d80-ded10acd0835",
|
|
"value": "%AppData%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\FlashPlayerApp.exe"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160799",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b716f9f-a448-4de9-a87d-ded10acd0835",
|
|
"value": "FlashPlayerApp.lnk"
|
|
},
|
|
{
|
|
"category": "Payload installation",
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160799",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b716f9f-d4f8-403b-a8a2-ded10acd0835",
|
|
"value": "FlashPlayerApp.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-a4c0-4f60-965e-db180acd0835",
|
|
"value": "00cc9438408d1b22b0afc57e3b233ff62774cbcb92e58b392403d8c794d988ed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-dc2c-45bb-a3b0-db180acd0835",
|
|
"value": "118e08c379b0035cef2a155d59d97c6e8cae94b6f46c5e77f58d84c88c689d2c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-4924-4f94-b117-db180acd0835",
|
|
"value": "1f270dc860158d63bb400e08f12bce40a9a50494368ea6e44cfd89f7e0dc23f4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-c194-4db5-bb65-db180acd0835",
|
|
"value": "3e49b3e58eec40b735124509bafcf434904f5945c9d65a5a860b0950850a979d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-749c-4e2c-9597-db180acd0835",
|
|
"value": "4348a4b50eba73d6eb5d0d254241d0e44fc63c975b589ac5276d6dc5cf8bab13"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-c084-4a3e-85e2-db180acd0835",
|
|
"value": "4a1c1cf9c70b127cc514fa6cdbb0e286ee33bf19f6ff41ca02951c9947dac55e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-dfd8-4c40-bd3d-db180acd0835",
|
|
"value": "4ae8cf675d6517b7989391fc653e8ddc96aa81cec4802e7e66de30adf0e96d2e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-fce0-4e16-a091-db180acd0835",
|
|
"value": "527eac30113eb365330ec5c35591fe9ae69d4e1beca8b0ae24666e97d8773e36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-5de0-46ae-bfd3-db180acd0835",
|
|
"value": "53366f90f59348b8de81bdc04652200d2dcf8bad5cfc46a533c3b20cd0e200b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-bcec-444a-8036-db180acd0835",
|
|
"value": "5f98685ee9098a31ced944840670772bb972db31ac5d1690974e59f566d1adae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-7d7c-46e9-9c53-db180acd0835",
|
|
"value": "61e7c5b6a7f1608cf0bf728d15f8cdfc0f9f5c7c3748ee28452cfa2a496e54cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-1c34-48bf-879e-db180acd0835",
|
|
"value": "70ebc88b9a71c661b68325dd92d0945ea1927e4d115da217640a4efefcf0c730"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-4c60-4691-bb7a-db180acd0835",
|
|
"value": "722e86b32635a1cace77ceee414761f28e386743fd2c513650e55814179bdac5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-f174-44ee-a55d-db180acd0835",
|
|
"value": "91bb8eb10e0aa88ea1e33d1ec23893d5a45e01e8ab69081b96835b4aff3b906a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-1c8c-458e-a2bd-db180acd0835",
|
|
"value": "97645bb27e056b282a0aa46dbbc79ed03bdc29c6f96e369d7537ee2bb1c8dd6e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-5618-446e-8ae4-db180acd0835",
|
|
"value": "9b36f0e70d5f7b4795b1278e052356484d4f2374f49563195f224ade6ce08c71"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-6a64-4b4f-941e-db180acd0835",
|
|
"value": "ac86cafcc7062a389e25a4e26dd15df7ce2e64b7a6890bf5712189ab9ec81c8c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-bc28-4891-a539-db180acd0835",
|
|
"value": "c3883ba74230604d38a638a1b8d0673cc3c91e01b482e6b83a6e6bbd4edd3b10"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-6330-4526-9a57-db180acd0835",
|
|
"value": "c56e3ca164803c5668cf0b8228c97626c486f5a7063d4b3109840137b67c8f98"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-cb38-410e-8d99-db180acd0835",
|
|
"value": "c82eaf2f1f156b95b43b2a984867e486911f6ceb329daea6ac9a6c53fae42685"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-8034-4c24-b7d3-db180acd0835",
|
|
"value": "ca544eaedd654782fa6b7a130bdc58869c2124a59754ed1baf9a5c00fafae12a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-1e24-4fe3-b710-db180acd0835",
|
|
"value": "d4ab2cc67c707cab8f7aab0fde94b50670f1b787b049f45564fe5368205ed642"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-6b78-4aba-b86c-db180acd0835",
|
|
"value": "eac8c3c76e954d8e2be7a5d1570643b4ce6a856e8143faf6263ad50cf53aceb2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-7b78-45bc-9246-db180acd0835",
|
|
"value": "f0a9c1c2fc19b4abd905e8a2f187f94e74dfe1e7de2d9a5328b13893b301488d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160858",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b716fda-63bc-49ed-b541-db180acd0835",
|
|
"value": "fb2aa3891cc9383631ddcca4076ae800d67d701a7ffb83d48240cc1d72372175"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160926",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b71701e-b7e4-4e92-909a-db180acd0835",
|
|
"value": "lip.healthcakes.men"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Malware.Startsurf-6628791-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534160970",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b717037-367c-4e9b-917e-c79c0acd0835",
|
|
"value": "Local\\MSCTF.Asm.MutexDefault1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-2edc-4b28-9a36-df2e0acd0835",
|
|
"value": "%ProgramFiles%\\WJTLINYZUI\\cast.config"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-ce3c-43ad-b826-df2e0acd0835",
|
|
"value": "%LocalAppData%\\Temp\\DaGXhZc6w\\Nursehealth.exe"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161096",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-ec28-471d-a45a-df2e0acd0835",
|
|
"value": "%System32%\\Tasks\\One"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161092",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-7ba4-4018-9902-df2e0acd0835",
|
|
"value": "%ProgramFiles% (x86)\\OneSystemCare"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-6e58-442d-ac94-df2e0acd0835",
|
|
"value": "%SystemDrive%\\TEMP\\config.conf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-5acc-41a4-b61f-df2e0acd0835",
|
|
"value": "%LocalAppData%\\Temp\\U8R09Z5FM2\\OneTwo.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-0730-4856-8ffd-df2e0acd0835",
|
|
"value": "%LocalAppData%\\Temp\\U8R09Z5FM2\\up.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-81f8-4925-aaef-df2e0acd0835",
|
|
"value": "%WinDir%\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\enterprisesec.config.cch.new"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161072",
|
|
"to_ids": false,
|
|
"type": "filename",
|
|
"uuid": "5b7170b0-1048-4410-8c5b-df2e0acd0835",
|
|
"value": "%ProgramFiles%\\WJTLINYZUI\\GCOMQP0KN.exe"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161124",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b7170e4-8c0c-43ec-8f0b-db180acd0835",
|
|
"value": "Amazonassistant2018"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161124",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b7170e4-0ec4-466e-b7f9-db180acd0835",
|
|
"value": "Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_2c8"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161124",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b7170e4-61d4-4784-8ee2-db180acd0835",
|
|
"value": "Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_2c8"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161124",
|
|
"to_ids": false,
|
|
"type": "mutex",
|
|
"uuid": "5b7170e4-c100-400c-a8f6-db180acd0835",
|
|
"value": "WmiApRpl_Perf_Library_Lock_PID_2c8"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161152",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b717100-0d00-4a55-86ec-c79c0acd0835",
|
|
"value": "www.wizzmonetize.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161152",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b717100-5394-4ac5-880d-c79c0acd0835",
|
|
"value": "ionesystemcare.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161152",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b717100-3964-49e7-944b-c79c0acd0835",
|
|
"value": "www.rothsideadome.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161152",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b717100-e8e8-4511-9c58-c79c0acd0835",
|
|
"value": "www.usatdkeyboardhelper.pw"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-8a80-4708-a788-db180acd0835",
|
|
"value": "002d9959f5e7417cc2cbc657243f2dab82fac3d2e94fa2d0c8e45eda10889b08"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-e30c-4215-b8ff-db180acd0835",
|
|
"value": "03c948623cf78efe90258d894ab0e793bca7009bd73d0be0f652575f81bda621"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-698c-44e2-884f-db180acd0835",
|
|
"value": "0f8d729821902252b7f7a1c0d51004d3770356969e7181548126f13f1e2ebf2a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-8f2c-4ace-a5a7-db180acd0835",
|
|
"value": "1e64134ff7358ea6e632fd2377532491235cf089f33095a72552e150088b42f1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-cd68-442b-a0b4-db180acd0835",
|
|
"value": "1eed9456e69a80cb4e8444ad0356d71e09a073715f92e51afa008e80d2a0352a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-f3d0-442e-8f91-db180acd0835",
|
|
"value": "26f928ef89fde0e3e3fa996073c7c0bba00c2cbfe280de338de15367f4c8f76b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-ac90-447d-950c-db180acd0835",
|
|
"value": "2b0c6557b39ad8cca97ea6975aa3f4a8341774461b1bacab05d04ab20a9463eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-ccb4-4ab3-8f02-db180acd0835",
|
|
"value": "3a5ac5c5ee7985367349d84d60be2c5f94f876c56cf73acbae6fc680ebbdb3c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-e8d0-4fca-90b4-db180acd0835",
|
|
"value": "47bcf1f1bca23a36e291a0ac4cb8d1cd59c0c80d6a8e3b2cc3d646284cc531d5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-fbb0-4d44-94e6-db180acd0835",
|
|
"value": "4ae3efb9a9cca68c098dcdba33d2aef39888cf229cd02be64cbf59a0b68dae30"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-3668-42e9-90e5-db180acd0835",
|
|
"value": "5112edf0351d70ad31152f67e8996c9c4ad062f0023cfd43b4baecb8aa7b16b4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-6ff4-4758-9fb2-db180acd0835",
|
|
"value": "52544303a89f2c4e3eedd64c000504a2ef4c920c20361961fc81cae3f520244f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-0504-4fcd-8120-db180acd0835",
|
|
"value": "55e181f0e0e88efccf6534949ad8dd93a179e2b94b71e76a9e7db4d938ea2bd2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-40c4-4435-8b66-db180acd0835",
|
|
"value": "56982cc1f4b4e92aea28a30684bdfc752122eb78fc545ccc3f4169a1597233cc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-be24-4fde-9112-db180acd0835",
|
|
"value": "5c3982a206d40ec00b2029d4bdde1bb37192341583e803556872b97a609411ae"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-bb9c-4c3d-9a0c-db180acd0835",
|
|
"value": "61ee5c724a4c9408e9c8120eabac1babea8e91bf5719b02c78ce129f68239ff6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-50f4-4762-b144-db180acd0835",
|
|
"value": "63cc723ad7e85798e9126f5cc933c48d0e3cdfa7504579ef0b0b3cced9cb19c8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-f774-4c9a-b2d7-db180acd0835",
|
|
"value": "65a0bb3fd94ec888696598703ed111471bd47962278a5f1006e7e0716bd5b58e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-5670-4337-96c9-db180acd0835",
|
|
"value": "71d6d1ed9a5bd71e8dbd03a91151a2965ac12198fa1825366bf19c4b14106cb7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-7e68-4540-8f00-db180acd0835",
|
|
"value": "71e3009284ae35a3087ef041162a2ada636b388738033ea62faefc2bbfca9dfc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-a7cc-412e-ba1a-db180acd0835",
|
|
"value": "7e17ee126754a9306b4ffcf536f384abe5c718672807de1e27e7c7f3846d9e74"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-1d5c-4c95-baf6-db180acd0835",
|
|
"value": "85b36ab50aeb452822886815076c7c90c30273854496dde7fd3473e62119f672"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-2854-430e-ab0d-db180acd0835",
|
|
"value": "877b9a03f0b8763c265ecbc4be76ffafc9eb26c4b618c2827ce1e200797ca876"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-a134-4e16-9468-db180acd0835",
|
|
"value": "885718a7bd95c44d14dec7f0efa101147b671e60a7ecac2622ac86061dab17f2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1534161214",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5b71713e-df70-4d3d-ae7b-db180acd0835",
|
|
"value": "9583c8f1f3c9982a45ed56fbc30f8be06708cfaa8557aa7f5b6117847018cd4f"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
|
"meta-category": "file",
|
|
"name": "registry-key",
|
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
|
"template_version": "4",
|
|
"timestamp": "1534160666",
|
|
"uuid": "5b716e06-08a4-42a3-b6ab-c6f20acd0835",
|
|
"Attribute": [
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "key",
|
|
"timestamp": "1534160522",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "5b716e06-4d54-46f2-95f2-c6f20acd0835",
|
|
"value": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "data-type",
|
|
"timestamp": "1534160390",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716e06-41fc-415d-be27-c6f20acd0835",
|
|
"value": "REG_NONE"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "root-keys",
|
|
"timestamp": "1534160390",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716e06-fe38-45fa-b36a-c6f20acd0835",
|
|
"value": "HKCU"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1534160666",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716f1a-3e10-4bea-be91-c6f50acd0835",
|
|
"value": "FlashPlayerApp"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
|
"meta-category": "file",
|
|
"name": "registry-key",
|
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
|
"template_version": "4",
|
|
"timestamp": "1534160649",
|
|
"uuid": "5b716e42-1a90-4614-9115-d96d0acd0835",
|
|
"Attribute": [
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "key",
|
|
"timestamp": "1534160543",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "5b716e42-b3f8-40fe-8cdd-d96d0acd0835",
|
|
"value": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "data-type",
|
|
"timestamp": "1534160450",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716e42-9e10-4e35-80d3-d96d0acd0835",
|
|
"value": "REG_NONE"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "root-keys",
|
|
"timestamp": "1534160450",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716e42-6910-4713-91ae-d96d0acd0835",
|
|
"value": "HKCU"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1534160649",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716f09-3774-4bef-85aa-d96d0acd0835",
|
|
"value": "Run"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
|
"meta-category": "file",
|
|
"name": "registry-key",
|
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
|
"template_version": "4",
|
|
"timestamp": "1534160634",
|
|
"uuid": "5b716e67-5274-4deb-8dca-ded10acd0835",
|
|
"Attribute": [
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "key",
|
|
"timestamp": "1534160487",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "5b716e67-d298-4a73-8e23-ded10acd0835",
|
|
"value": "\\SOFTWARE\\MICROSOFT\\COMMAND PROCESSOR"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "data-type",
|
|
"timestamp": "1534160487",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716e67-a990-41bc-8640-ded10acd0835",
|
|
"value": "REG_NONE"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "root-keys",
|
|
"timestamp": "1534160487",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716e67-2070-4c82-be6e-ded10acd0835",
|
|
"value": "HKCU"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1534160634",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716efa-5f90-4c8e-bd91-df1c0acd0835",
|
|
"value": "AutoRun"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Win.Malware.Zerber-6629234-0",
|
|
"deleted": false,
|
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
|
"meta-category": "file",
|
|
"name": "registry-key",
|
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
|
"template_version": "4",
|
|
"timestamp": "1534160614",
|
|
"uuid": "5b716ed6-c20c-477f-9b55-d4e40acd0835",
|
|
"Attribute": [
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1534160598",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716ed6-d1b0-4386-a36a-d4e40acd0835",
|
|
"value": "DefaultConnectionSettings"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "key",
|
|
"timestamp": "1534160598",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "5b716ed6-0754-4833-a9e9-d4e40acd0835",
|
|
"value": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\INTERNET SETTINGS\\CONNECTIONS"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "data-type",
|
|
"timestamp": "1534160598",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716ed6-2fb0-4db0-bed0-d4e40acd0835",
|
|
"value": "REG_NONE"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "root-keys",
|
|
"timestamp": "1534160614",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b716ed6-4eec-48d3-bdab-d4e40acd0835",
|
|
"value": "HKCU"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "Win.Packed.Eorezo-6629326-0",
|
|
"deleted": false,
|
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
|
"meta-category": "file",
|
|
"name": "registry-key",
|
|
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
|
|
"template_version": "4",
|
|
"timestamp": "1534161190",
|
|
"uuid": "5b717126-8e34-42d0-9467-df2e0acd0835",
|
|
"Attribute": [
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "name",
|
|
"timestamp": "1534161190",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b717126-e580-4d9a-b8a1-df2e0acd0835",
|
|
"value": "6518673"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "key",
|
|
"timestamp": "1534161190",
|
|
"to_ids": true,
|
|
"type": "regkey",
|
|
"uuid": "5b717126-19f8-4c4f-9338-df2e0acd0835",
|
|
"value": "SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN"
|
|
},
|
|
{
|
|
"category": "Persistence mechanism",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "data-type",
|
|
"timestamp": "1534161190",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b717126-1350-42c6-95b6-df2e0acd0835",
|
|
"value": "REG_NONE"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "root-keys",
|
|
"timestamp": "1534161190",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b717126-725c-4f70-96f1-df2e0acd0835",
|
|
"value": "HKCU"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |