1404 lines
No EOL
49 KiB
JSON
1404 lines
No EOL
49 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-04-27",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Attacks against Israeli & Palestinian interests by PwC",
|
|
"publish_timestamp": "1517779424",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1517779399",
|
|
"uuid": "553ea363-7aa4-426b-8f54-ad70950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168546",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "553ea3e2-9adc-4432-b00b-ba7f950d210b",
|
|
"value": "http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168572",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea3fc-c4a4-4b75-a18f-5c47950d210b",
|
|
"value": "ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168784",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea4d0-c458-4826-a414-f38d950d210b",
|
|
"value": "rotter2.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168784",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea4d0-9d08-4aab-880c-f38d950d210b",
|
|
"value": "haartezenglish.strangled.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168784",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea4d0-f5f8-45a5-ab07-f38d950d210b",
|
|
"value": "wallanews.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168784",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea4d0-9e28-4402-8ff5-f38d950d210b",
|
|
"value": "ynet.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168784",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea4d0-79d4-4e9a-958d-f38d950d210b",
|
|
"value": "safar.selfip.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168784",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea4d0-d928-489f-a732-f38d950d210b",
|
|
"value": "depka.sytes.net"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168833",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea501-72f4-4d3b-98c4-ba7f950d210b",
|
|
"value": "8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168833",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea501-1dcc-4f72-9c81-ba7f950d210b",
|
|
"value": "bfe727f2f238f11eb989e5b76efd24ad2b41df3cf7dabf7077dfaace834e7f03"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168833",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea501-3c3c-471a-a77a-ba7f950d210b",
|
|
"value": "dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168833",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea501-aa08-4dca-bb1e-ba7f950d210b",
|
|
"value": "2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168833",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea501-fd98-4bc9-8e8b-ba7f950d210b",
|
|
"value": "f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-892c-4052-a59a-ba7f950d210b",
|
|
"value": "1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-cd08-4911-8ac1-ba7f950d210b",
|
|
"value": "95b2f926ae173ab45d6dac4039f0b91eb24699e6d11b621bbcebd860752e5d5e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-1cc0-426e-baa7-ba7f950d210b",
|
|
"value": "da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-a180-48a0-8f41-ba7f950d210b",
|
|
"value": "a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-e1d8-4fb1-8563-ba7f950d210b",
|
|
"value": "2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-31e4-419a-ac77-ba7f950d210b",
|
|
"value": "e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-03c8-44d2-9ae9-ba7f950d210b",
|
|
"value": "c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-d2b4-4126-9e14-ba7f950d210b",
|
|
"value": "047e8d542e2fcdf0f4dd45e2b19848771d01abc90d161d05242b79c52cdd248d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168834",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea502-47b4-41f6-9ff5-ba7f950d210b",
|
|
"value": "25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-b0c8-41b8-9796-ba7f950d210b",
|
|
"value": "b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-0b48-4cc0-8338-ba7f950d210b",
|
|
"value": "de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-60c0-4dfb-b454-ba7f950d210b",
|
|
"value": "f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-7b94-42a9-a8b1-ba7f950d210b",
|
|
"value": "14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-27c8-4b7c-813e-ba7f950d210b",
|
|
"value": "488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-17fc-45d2-9e68-ba7f950d210b",
|
|
"value": "b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-8774-40eb-a148-ba7f950d210b",
|
|
"value": "324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168835",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea503-8764-4007-996a-ba7f950d210b",
|
|
"value": "d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168836",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea504-dd68-4ced-a258-ba7f950d210b",
|
|
"value": "88e7a7e815565b92af81761ae7b9153b7507677df3d3b77e8ce68787ad1826d4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168836",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea504-4424-4719-95ee-ba7f950d210b",
|
|
"value": "f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168836",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "553ea504-a148-492d-bc71-ba7f950d210b",
|
|
"value": "bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168998",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553ea5a6-cf94-4fec-b254-f38d950d210b",
|
|
"value": "cbbnews.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168998",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553ea5a6-a648-4baa-a14b-f38d950d210b",
|
|
"value": "chromeupdt.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430168998",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553ea5a6-100c-4a1f-90a0-f38d950d210b",
|
|
"value": "store-legal.biz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169007",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5af-75ec-4da4-a9f3-7df3950d210b",
|
|
"value": "ajaxo.zapto.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-5ec0-439a-a136-7df3950d210b",
|
|
"value": "backjadwer.bounceme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-1f80-471e-a215-7df3950d210b",
|
|
"value": "bandao.publicvm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-1df4-4954-a9d7-7df3950d210b",
|
|
"value": "deapka.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-d1e4-4528-ad67-7df3950d210b",
|
|
"value": "download.likescandy.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-6a6c-4de7-916c-7df3950d210b",
|
|
"value": "downloadlog.linkpc.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-2748-47ba-8a3d-7df3950d210b",
|
|
"value": "downloadmyhost.zapto.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-cbe8-4e49-9754-7df3950d210b",
|
|
"value": "downloadskype.cf"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169008",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b0-e890-4d0d-8da7-7df3950d210b",
|
|
"value": "duntat.zapto.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-bd38-4152-995d-7df3950d210b",
|
|
"value": "fastbingcom.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-4a9c-40f4-b633-7df3950d210b",
|
|
"value": "gaonsmom.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-4770-487a-a2c2-7df3950d210b",
|
|
"value": "haartezenglish.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-1b24-44a5-b4d7-7df3950d210b",
|
|
"value": "help2014.linkpc.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-ff54-4d56-9f0d-7df3950d210b",
|
|
"value": "kaliob.selfip.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-2aa0-44eb-a0b8-7df3950d210b",
|
|
"value": "kaswer12.strangled.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-a00c-4d40-953b-7df3950d210b",
|
|
"value": "kaswer13.zapto.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169009",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b1-6898-456d-9d88-7df3950d210b",
|
|
"value": "kolabdown.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-2d68-4aac-993d-7df3950d210b",
|
|
"value": "lilian.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-bce0-45e2-879f-7df3950d210b",
|
|
"value": "nazer.zapto.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-0c54-48ce-b636-7df3950d210b",
|
|
"value": "noredirecto.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-828c-403e-8831-7df3950d210b",
|
|
"value": "orango.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-3928-4247-86fd-7df3950d210b",
|
|
"value": "redirectlnk.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-da54-47ca-9cc0-7df3950d210b",
|
|
"value": "rotter2.publicvm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-b9d8-4001-b6b5-7df3950d210b",
|
|
"value": "safara.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169010",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b2-636c-4895-ab17-7df3950d210b",
|
|
"value": "safari.linkpc.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-2500-4957-9bf5-7df3950d210b",
|
|
"value": "tango.zapto.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-cfd4-49c4-8a27-7df3950d210b",
|
|
"value": "thenewupdate.chickenkiller.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-2680-4ef8-abfa-7df3950d210b",
|
|
"value": "thenewupdatee.redirectme.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-5980-4491-b72c-7df3950d210b",
|
|
"value": "totoman.no-ip.biz"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-3a8c-4000-bd10-7df3950d210b",
|
|
"value": "wallanews.publicvm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-6df4-439a-b3fb-7df3950d210b",
|
|
"value": "webfile.myq-see.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169011",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553ea5b3-07fc-4556-8e61-7df3950d210b",
|
|
"value": "ynet.ignorelist.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-4f74-4b2e-8aef-069f950d210b",
|
|
"value": "185.33.168.150"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-60a8-4e91-8a5e-069f950d210b",
|
|
"value": "185.45.193.4"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-dfcc-4832-ab96-069f950d210b",
|
|
"value": "167.114.62.213"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-e7a8-45d5-ad9c-069f950d210b",
|
|
"value": "131.72.136.11"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-e79c-4df8-afa5-069f950d210b",
|
|
"value": "131.72.136.171"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-5370-4b69-b208-069f950d210b",
|
|
"value": "192.253.246.169"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-21b4-4d4f-99a0-069f950d210b",
|
|
"value": "198.105.122.96"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169073",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f1-ff3c-4991-bce3-069f950d210b",
|
|
"value": "131.72.136.124"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169074",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f2-38b4-45e5-af77-069f950d210b",
|
|
"value": "107.168.129.29"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169074",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "553ea5f2-da38-44ad-8510-069f950d210b",
|
|
"value": "198.105.122.9"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1517779398",
|
|
"to_ids": true,
|
|
"type": "yara",
|
|
"uuid": "553ea60d-1f7c-4bf6-8aa7-f38d950d210b",
|
|
"value": "rule DownExecute_A {\r\nmeta:\r\n author = \"PwC Cyber Threat Operations :: @tlansec\"\r\n date = \"2015-04\"\r\n reference = \"http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html\"\r\n description = \"Malware is often wrapped/protected, best to run on memory\"\r\n \r\nstrings:\r\n $winver1 = \"win 8.1\"\r\n $winver2 = \"win Server 2012 R2\"\r\n $winver3 = \"win Srv 2012\"\r\n $winver4 = \"win srv 2008 R2\"\r\n $winver5 = \"win srv 2008\"\r\n $winver6 = \"win vsta\"\r\n $winver7 = \"win srv 2003 R2\"\r\n $winver8 = \"win hm srv\"\r\n $winver9 = \"win Strg srv 2003\"\r\n $winver10 = \"win srv 2003\"\r\n $winver11 = \"win XP prof x64 edt\"\r\n $winver12 = \"win XP\"\r\n $winver13 = \"win 2000\"\r\n \r\n $pdb1 = \"D:\\\\Acms\\\\2\\\\docs\\\\Visual Studio 2013\\\\Projects\\\\DownloadExcute\\\\DownloadExcute\\\\Release\\\\DownExecute.pdb\"\r\n $pdb2 = \"d:\\\\acms\\\\2\\\\docs\\\\visual studio 2013\\\\projects\\\\downloadexcute\\\\downloadexcute\\\\downexecute\\\\json\\\\rapidjson\\\\writer.h\"\r\n $pdb3 = \":\\\\acms\\\\2\\\\docs\\\\visual studio 2013\\\\projects\\\\downloadexcute\\\\downloadexcute\\\\downexecute\\\\json\\\\rapidjson\\\\internal/stack.h\"\r\n $pdb4 = \"\\\\downloadexcute\\\\downexecute\\\\\"\r\n \r\n $magic1 = \"<Win Get Version Info Name Error\"\r\n $magic2 = \"P@$sw0rd$nd\"\r\n $magic3 = \"$t@k0v2rF10w\"\r\n $magic4 = \"|*|123xXx(Mutex)xXx321|*|6-21-2014-03:06PM\" wide\r\n \r\n $str1 = \"Download Excute\" ascii wide fullword\r\n $str2 = \"EncryptorFunctionPointer %d\"\r\n $str3 = \"%s\\\\%s.lnk\"\r\n $str4 = \"Mac:%s-Cpu:%s-HD:%s\"\r\n $str5 = \"feed back responce of host\"\r\n $str6 = \"GET Token at host\"\r\n $str7 = \"dwn md5 err\"\r\n \r\ncondition:\r\n all of ($winver*) or\r\n any of ($pdb*) or\r\n any of ($magic*) or\r\n 2 of ($str*)\r\n}"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169246",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "553ea69e-bdd8-410b-98f2-7df4950d210b",
|
|
"value": "alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute URI (/dw/gtk)\"; flow:established,to_server; urilen:7; content:\"/dw/gtk\"; http_uri; depth:7; content:\"GET\" ; http_method; content:!\"User-Agent:\"; http_header; content:!\"Referer:\"; http_header; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999901; rev:2015200401;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169246",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "553ea69e-f448-4133-952a-7df4950d210b",
|
|
"value": "alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute URI (/dw/setup)\"; flow:established,to_server; urilen:>8; content:\"/dw/setup\"; http_uri; depth:9; content:\"POST\" ; http_method; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999902; rev:2015200401;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169246",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "553ea69e-3fe0-4239-81ac-7df4950d210b",
|
|
"value": "alert http any any -> any any (msg:\"--[PwC CTD] -- Unclassified Middle Eastern Actor - DownExecute Headers\"; flow:established,to_server; urilen:>7; content:\"Accept */*\"; http_client_body; content:\"Content-Type: multipart/form-data\\; boundary=------------------------\"; http_header; content: \"ci_session=\"; http_cookie; depth:11; content: \"POST\"; http_method; content:!\"Referer:\"; http_header; content:!\"User-Agent:\"; http_header; reference:md5,4dd319a230ee3a0735a656231b4c9063; classtype:trojan-activity; metadata:tlp WHITE,author @ipsosCustodes; sid:99999903; rev:2015200401;)"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1430169321",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "553ea6e9-68bc-4fea-8b0d-ad6d950d210b",
|
|
"value": "https://malwr.com/analysis/N2I1YmExMjNkMmM3NGQwMThlNjg5YmI4OGY3Mjc3ZmI"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840102",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b66-31cc-44b3-87d8-599d950d210f",
|
|
"value": "360200d659519c5d398b05804975ebbe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840104",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b68-1028-4690-ad05-4bd6950d210f",
|
|
"value": "89ff2642d8c6b0b49a009a36380495a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840106",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b6a-fa68-4335-b1b2-599f950d210f",
|
|
"value": "e540076f48d7069bacb6d607f2d389d9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840108",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b6c-6984-41f1-80f7-599d950d210f",
|
|
"value": "77d43f0b32e30a3de6879610666f1b39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840109",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b6d-eb60-41d2-b66e-5ca1950d210f",
|
|
"value": "ec05a45ebd201a83974229a79979a672"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840111",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b6f-0fe8-462a-921d-59a4950d210f",
|
|
"value": "cb008f71eb83e68b9f601533910b6cc8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840113",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b71-0c60-46ca-bc16-c650950d210f",
|
|
"value": "bc42a09888de8b311f2e9ab0fc966c8c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840115",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b73-aac4-4165-8338-59a2950d210f",
|
|
"value": "23108c347282ff101a2104bcf54204a8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840117",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b75-278c-421b-9ac1-48b5950d210f",
|
|
"value": "02305cc3da69cf8d5cd2f6f5ea0ec0e8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840118",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b76-8798-4e2a-8e18-c652950d210f",
|
|
"value": "9c85c9400f941c4f2c8a1833fbc9283f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840120",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b78-c284-4c46-85d8-c654950d210f",
|
|
"value": "27d3105273529cfca93f73865ee43a40"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840122",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b7a-41b0-4394-8896-401d950d210f",
|
|
"value": "b7b01ee8548d4097f528ae4280834667"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840123",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b7b-b638-45c6-8805-457c950d210f",
|
|
"value": "53754fc20891b33d600f57a6e5975a41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840126",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b7e-2340-4582-8742-4ef7950d210f",
|
|
"value": "c7063f0178ea48e02f54769c0da275b8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840127",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b7f-b440-49df-8790-c651950d210f",
|
|
"value": "699067ce203ab9893943905e5b76f106"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840129",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b81-9f28-4766-9da8-599f950d210f",
|
|
"value": "b0f49c2c29d3966125dd322a504799c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840131",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b83-088c-4a6c-b26e-4eb5950d210f",
|
|
"value": "3dcb43a83a53a965b40de316c1593bca"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840133",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b85-3fd0-446d-b27e-599e950d210f",
|
|
"value": "5e43b6ca1fa9536f31e09d9a418ac8c3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840135",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b87-3bf0-4bf8-9b1b-59a1950d210f",
|
|
"value": "18d2222b56a499946e107721e5057a71"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840136",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b88-8ec8-4223-8876-5f51950d210f",
|
|
"value": "6203dde9fad9da6f9a85d609397105f0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840138",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56c65b8a-e6e8-4d6d-a440-5ca1950d210f",
|
|
"value": "7f684863780310a718254ff0f7f28ed2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via ecc240f1983007177bc5bbecba50eea27b80fd3d14fd261bef6cda10b8ffe1e9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840103",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b67-02cc-4e07-ab72-c652950d210f",
|
|
"value": "53c0008d517ca133be44f172f44c4b129d8e4c7a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 8993a516404c0dd62692f3ce5055d4ddee7e29ad4bb6aa29f67114eeeaee26b9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840104",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b68-8d98-45bb-a12e-4ad8950d210f",
|
|
"value": "89e71644f5da253f5c22b86eb5914be20fb9b067"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via dad34d2cb2aa9662d4a4148481ae018f5816498f30cc7aee4919e0e9fe6b9e08)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840106",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b6a-7dfc-4cbf-b4eb-5f51950d210f",
|
|
"value": "893723d32824802f95e77c81779c09dac0752b1d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 2cb9df0d52d09c98f0a97ce71eb8805f224945cadab7d615ef0257b7b09c80d3)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840108",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b6c-7518-408a-9df8-599c950d210f",
|
|
"value": "e25d458c398b591bb6c6e6c8a3cfff17db2ea090"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840110",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b6e-f1ec-4cd4-8003-408b950d210f",
|
|
"value": "b5ec494f4f82bffbe6d8ddcaa927aabebe2fbd9d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via da63f6392ce6af83f6d944fa1bd3f28082345fec928647ee7ef9939fac7b2e6c)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840112",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b70-3e28-4f7e-8aec-c654950d210f",
|
|
"value": "ce92d1c03fc8fc965134b9163fe450794580f120"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840114",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b72-2fc4-4f2f-b527-c653950d210f",
|
|
"value": "a0d914ee2a550f50f4d550863a23f724aab0f3ac"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840115",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b73-da4c-4630-bc08-59a1950d210f",
|
|
"value": "278ab45a4c27ec3ba63dff735feccf0ef91132ed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via e945b055fb4057a396506c74f73b873694125e6178a40d10cabf24b2d89d598f)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840117",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b75-0c00-400e-ad78-4c81950d210f",
|
|
"value": "49ec769c344a9dfbe3c40b0d4511be328c91d983"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via c9e084eb1ce1066ee063f860c13a8f7d2ead97495036855fc956dacc9a24ea68)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840119",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b77-c504-4b7f-b510-599e950d210f",
|
|
"value": "6293a9dc5b161fe3c26db6bdecc9cba15fdbe50e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840121",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b79-cbd0-4b99-97e9-c651950d210f",
|
|
"value": "5f0adbe4946e65ca32356e9dc68b6ccc5ef8b01a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via b0edbd0f44df72e0fad3fb73948444a4df5143ed954c9116eb1a7b606841f187)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840122",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b7a-43c8-4f09-99c6-59a1950d210f",
|
|
"value": "cd195f91a78e478f3b7bef77d4a7f93bccc36f20"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840124",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b7c-f558-467f-beaf-c654950d210f",
|
|
"value": "830be8a5fefd30f2b2697f2c0dded59d9646d017"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via f969bf3b7a9821b3b2d5de889b5af7af25972b25ba59e4e9439f87fe90f1c404)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840126",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b7e-d13c-447d-847d-c653950d210f",
|
|
"value": "89e37cb4324379165a3780bb57a2195ce67937ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 14be3a9a2a4261cb365915e720486a0632dbebb06fe68fb669ae67aa9b18507b)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840128",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b80-145c-4b6a-9286-4696950d210f",
|
|
"value": "cd2565d041bbb3563b605978f4603da78e98e4a0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840130",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b82-bae8-48d4-83c2-c651950d210f",
|
|
"value": "498edcff006dbf86b36cea721c0541ac86e06d66"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via b3a47e0bc0af49b46bc0c1158089bf200856ff462a5334df2b5c11e69c8b1ada)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840132",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b84-d4ac-4702-8e6c-599d950d210f",
|
|
"value": "b95e8757b6935745dab2f6f943c73de3fe7b6d0b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 324ce011b913feec4adb916f32c743a243f07dccb51b49c0122c4fa4a8e2bded)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840134",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b86-df2c-4d5a-afb9-59a2950d210f",
|
|
"value": "0700d5b49f9a7f530874355e7c998407c8d21fc7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via d6df5943169b48ac58fc28bb665fe8800c265b65fff8a2217b70703a4d3a7277)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840135",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b87-b28c-451d-865b-599c950d210f",
|
|
"value": "c31d298a16a00f9d079afbb9f7f6d711bc96fdeb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via f51d4155534e10c09b531acc41458e8ff3b7879f4ee7d3ee99f16180c4caf0ee)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840137",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b89-c7ec-4143-9e7e-c652950d210f",
|
|
"value": "3ab9230f3e8e4af499040f2d88b9dda5fedbb888"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455840139",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c65b8b-dab0-4b90-a6d3-47d7950d210f",
|
|
"value": "1088706ce7d3c623896c6fed3090eacdca832263"
|
|
}
|
|
]
|
|
}
|
|
} |