adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5718c835-f58c-4f8e-8da4-452a950d210f.json

726 lines
No EOL
27 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2016-04-18",
"extends_uuid": "",
"info": "CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler",
"publish_timestamp": "1461251128",
"published": true,
"threat_level_id": "3",
"timestamp": "1461251080",
"uuid": "5718c835-f58c-4f8e-8da4-452a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461241928",
"to_ids": false,
"type": "link",
"uuid": "5718c848-2c34-4d55-a27f-47a7950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461241954",
"to_ids": false,
"type": "comment",
"uuid": "5718c862-de50-4d77-9195-450c950d210f",
"value": "Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. Dubbed \"CryptXXX\", this new ransomware is currently asking a relatively high $500 per computer to unlock encrypted files. Angler is the number one exploit kit by volume, making the potential impact of new ransomware in the hands of experienced actors with access to this vector quite significant."
},
{
"category": "Payload installation",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242290",
"to_ids": true,
"type": "filename",
"uuid": "5718c9b2-98dc-4310-8a5d-4dff950d210f",
"value": "%TEMP%\\{C3F31E62-344D-4056-BF01-BF77B94E0254}\\api-ms-win-system-softpub-l1-1-0.dll"
},
{
"category": "Payload installation",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242290",
"to_ids": true,
"type": "filename",
"uuid": "5718c9b2-a384-45fa-ba7f-4e32950d210f",
"value": "%TEMP%\\{D075E5D0-4442-4108-850E-3AD2874B270C}\\api-ms-win-system-provsvc-l1-1-0.dll"
},
{
"category": "Payload installation",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242291",
"to_ids": true,
"type": "filename",
"uuid": "5718c9b3-b180-4c09-b026-4010950d210f",
"value": "%TEMP%\\{D4A2C643-5399-4F4F-B9BF-ECB1A25644A6}\\api-ms-win-system-wer-l1-1-0.dll"
},
{
"category": "Payload installation",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242291",
"to_ids": true,
"type": "filename",
"uuid": "5718c9b3-b1ec-4bde-9de2-4eaa950d210f",
"value": "%TEMP%\\{FD68402A-8F8F-4B3D-9808-174323767296}\\api-ms-win-system-advpack-l1-1-0.dll"
},
{
"category": "Network activity",
"comment": "CryptXXX checkin server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242425",
"to_ids": true,
"type": "ip-dst",
"uuid": "5718ca39-5404-495b-a24b-45a6950d210f",
"value": "146.0.42.68"
},
{
"category": "Network activity",
"comment": "CryptXXX payment site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242425",
"to_ids": true,
"type": "url",
"uuid": "5718ca39-4744-4e5b-afa4-4449950d210f",
"value": "rp4roxeuhcf2vgft.onion.to"
},
{
"category": "Network activity",
"comment": "CryptXXX payment site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242425",
"to_ids": true,
"type": "url",
"uuid": "5718ca39-d1d0-4775-b006-4e70950d210f",
"value": "rp4roxeuhcf2vgft.onion.cab"
},
{
"category": "Network activity",
"comment": "CryptXXX payment site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242426",
"to_ids": true,
"type": "url",
"uuid": "5718ca3a-9598-449b-8fb9-4e4e950d210f",
"value": "rp4roxeuhcf2vgft.onion.city"
},
{
"category": "Network activity",
"comment": "Bedep C&C IP",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242426",
"to_ids": true,
"type": "ip-dst",
"uuid": "5718ca3a-e5a0-4afb-954f-4e39950d210f",
"value": "104.193.252.245"
},
{
"category": "Payload delivery",
"comment": "Zip archive with most of the mentioned content",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242706",
"to_ids": true,
"type": "md5",
"uuid": "5718cb52-4df8-47fb-aaaa-4367950d210f",
"value": "3776ec795ef3aa649ff48fcf83c87713"
},
{
"category": "Payload delivery",
"comment": "Zip archive with most of the mentioned content",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242706",
"to_ids": true,
"type": "sha256",
"uuid": "5718cb52-77ec-495e-87da-4831950d210f",
"value": "41dbbc60b8921709c5eb187cf03e60701e3b172e6deebdb67dd66c8cb3666b90"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 first stream dll CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242728",
"to_ids": true,
"type": "md5",
"uuid": "5718cb68-e624-45fd-aa89-4a29950d210f",
"value": "17697e1829f0d18d2051a67bc2bca134"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 first stream dll CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242728",
"to_ids": true,
"type": "sha256",
"uuid": "5718cb68-0760-46b9-9987-4596950d210f",
"value": "ab7a58b6e50be6b9bcb926c550ff26669601bbd8bfd922a5b32756e663b25a67"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream dll1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242846",
"to_ids": true,
"type": "md5",
"uuid": "5718cbde-58c0-40b2-be07-4b82950d210f",
"value": "d4439055d2d63e52ffc23c6d24d89194"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream dll1 || Bedep 1809 update stream exe2 - Dridex 222",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242846",
"to_ids": true,
"type": "sha256",
"uuid": "5718cbde-0fc4-4c28-85a1-46ee950d210f",
"value": "1036c84a003378907560356642bb065caef961f9dbc5c3b2a4954d5cbe7100df"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream exe2 - Dridex 222",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242846",
"to_ids": true,
"type": "md5",
"uuid": "5718cbde-9158-4737-8278-4d3b950d210f",
"value": "3e75e8238a6bbd8817164658696198af"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream dll3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242847",
"to_ids": true,
"type": "md5",
"uuid": "5718cbdf-cd08-4ec1-9cc1-4fe5950d210f",
"value": "de882c049be133a950b6917562bb2313"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream dll3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242847",
"to_ids": true,
"type": "sha256",
"uuid": "5718cbdf-bcd0-4e91-8ba0-424f950d210f",
"value": "e53610a977b65c01b275e37aefad7884368dfe00b50750e35b6c8c87556a2c06"
},
{
"category": "Payload delivery",
"comment": "CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242877",
"to_ids": true,
"type": "md5",
"uuid": "5718cbfd-0d9c-4f42-ba85-454f950d210f",
"value": "bfb8f7f6cbe24330a310e5c7cbe99ed4"
},
{
"category": "Payload delivery",
"comment": "CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242878",
"to_ids": true,
"type": "sha256",
"uuid": "5718cbfe-c5e4-4c77-bfdf-4ec3950d210f",
"value": "a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05"
},
{
"category": "Payload delivery",
"comment": "CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242878",
"to_ids": true,
"type": "md5",
"uuid": "5718cbfe-760c-4f40-9ca2-49b8950d210f",
"value": "0c3431dbb8cd0478250eb4357257880e"
},
{
"category": "Payload delivery",
"comment": "CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242878",
"to_ids": true,
"type": "sha256",
"uuid": "5718cbfe-5b80-4d79-8a87-479f950d210f",
"value": "565dadb36e1d8b0c787d0d5e4cd7ec8c24cac1d6b37637427547ae465ab0fff0"
},
{
"category": "Payload delivery",
"comment": "CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242879",
"to_ids": true,
"type": "md5",
"uuid": "5718cbff-9790-406a-aca4-4b5a950d210f",
"value": "cd2d085998a289134ffaf27fbdcbc8cb"
},
{
"category": "Payload delivery",
"comment": "CryptXXX",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461242879",
"to_ids": true,
"type": "sha256",
"uuid": "5718cbff-bfd4-4f0b-9704-46c0950d210f",
"value": "0b12584302a5a72f467a08046814593ea505fa397785f1012ab973dd961a6c0e"
},
{
"category": "Payload delivery",
"comment": "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243009",
"to_ids": true,
"type": "md5",
"uuid": "5718cc81-eda0-46c5-9008-45d6950d210f",
"value": "d65f155381d26f8ddfa304c83b1ad95a"
},
{
"category": "Payload delivery",
"comment": "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243010",
"to_ids": true,
"type": "sha256",
"uuid": "5718cc82-b3f0-4c5a-b661-4461950d210f",
"value": "eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d"
},
{
"category": "Payload delivery",
"comment": "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243010",
"to_ids": true,
"type": "md5",
"uuid": "5718cc82-8504-4d59-8540-47a1950d210f",
"value": "b824d94af0f981106ec2a12d0c4cc1c0"
},
{
"category": "Payload delivery",
"comment": "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243010",
"to_ids": true,
"type": "sha256",
"uuid": "5718cc82-b7ac-4b18-abfe-4746950d210f",
"value": "5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd"
},
{
"category": "Payload delivery",
"comment": "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (May 2015)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243011",
"to_ids": true,
"type": "md5",
"uuid": "5718cc83-2e60-41aa-ba90-43ec950d210f",
"value": "971c578c9dea43f91bfb44ceac0ee01d"
},
{
"category": "Payload delivery",
"comment": "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (May 2015)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243011",
"to_ids": true,
"type": "sha256",
"uuid": "5718cc83-bcbc-4afa-a0b0-47e3950d210f",
"value": "59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa"
},
{
"category": "Payload delivery",
"comment": "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (December 2015)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243012",
"to_ids": true,
"type": "md5",
"uuid": "5718cc84-0dc4-4f65-bbaa-4c79950d210f",
"value": "70a377690917a98e6ee682f7941eb565"
},
{
"category": "Payload delivery",
"comment": "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (December 2015)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243012",
"to_ids": true,
"type": "sha256",
"uuid": "5718cc84-6a50-40aa-853e-465a950d210f",
"value": "ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de"
},
{
"category": "Payload delivery",
"comment": "Reveton - 2015-04-14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243012",
"to_ids": true,
"type": "md5",
"uuid": "5718cc84-3584-49c1-8236-4601950d210f",
"value": "728733095fe2c66f91a19ebde412dd25"
},
{
"category": "Payload delivery",
"comment": "Reveton - 2015-04-14",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461243012",
"to_ids": true,
"type": "sha256",
"uuid": "5718cc84-2eac-4ccf-a8c7-4c04950d210f",
"value": "dff7c0aac326f210705e4f53cd78a57cb277e80ecec7bdffd6f68db3bdda39c3"
},
{
"category": "Payload delivery",
"comment": "Reveton - 2015-04-14 - Xchecked via VT: dff7c0aac326f210705e4f53cd78a57cb277e80ecec7bdffd6f68db3bdda39c3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251080",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec08-17e8-4e4f-bc91-4dc002de0b81",
"value": "fd1ae96536ef9f29f336425b83022d2beab767a2"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251081",
"to_ids": false,
"type": "link",
"uuid": "5718ec09-0a94-4850-95dd-42e402de0b81",
"value": "https://www.virustotal.com/file/dff7c0aac326f210705e4f53cd78a57cb277e80ecec7bdffd6f68db3bdda39c3/analysis/1461131947/"
},
{
"category": "Payload delivery",
"comment": "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (December 2015) - Xchecked via VT: ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251081",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec09-9708-4e77-b8e1-444c02de0b81",
"value": "246b1e0d01772a47a5f2032c8642d33d47a11c57"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251081",
"to_ids": false,
"type": "link",
"uuid": "5718ec09-a8b8-47fa-b41a-481102de0b81",
"value": "https://www.virustotal.com/file/ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de/analysis/1461131953/"
},
{
"category": "Payload delivery",
"comment": "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (May 2015) - Xchecked via VT: 59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251082",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0a-a808-4a5b-8dd6-4de802de0b81",
"value": "0487c3856c5e44d3a5c2dcee29c63cb644a4fc52"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251082",
"to_ids": false,
"type": "link",
"uuid": "5718ec0a-e65c-4944-ba24-415f02de0b81",
"value": "https://www.virustotal.com/file/59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa/analysis/1461131974/"
},
{
"category": "Payload delivery",
"comment": "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d - Xchecked via VT: 5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251082",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0b-1cfc-449d-8b92-439602de0b81",
"value": "b4e17ebe8b07727e7ce6ae8580b97d1129e7c6ce"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251083",
"to_ids": false,
"type": "link",
"uuid": "5718ec0b-2f3c-4ce3-a20e-489e02de0b81",
"value": "https://www.virustotal.com/file/5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd/analysis/1461163306/"
},
{
"category": "Payload delivery",
"comment": "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d - Xchecked via VT: eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251083",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0b-991c-4adf-83ad-4f5402de0b81",
"value": "87d7a85b4ea7d4041ade140576b4d6fd2c5aa403"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251084",
"to_ids": false,
"type": "link",
"uuid": "5718ec0c-9290-4654-8052-441e02de0b81",
"value": "https://www.virustotal.com/file/eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d/analysis/1461131964/"
},
{
"category": "Payload delivery",
"comment": "CryptXXX - Xchecked via VT: 0b12584302a5a72f467a08046814593ea505fa397785f1012ab973dd961a6c0e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251084",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0c-f468-49fb-9ba3-472f02de0b81",
"value": "e22678fe4bd0b209b14d5ed061ae61bb52e79df1"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251084",
"to_ids": false,
"type": "link",
"uuid": "5718ec0c-bff4-422c-ab48-403202de0b81",
"value": "https://www.virustotal.com/file/0b12584302a5a72f467a08046814593ea505fa397785f1012ab973dd961a6c0e/analysis/1461160828/"
},
{
"category": "Payload delivery",
"comment": "CryptXXX - Xchecked via VT: 565dadb36e1d8b0c787d0d5e4cd7ec8c24cac1d6b37637427547ae465ab0fff0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251085",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0d-4f74-4871-b896-43a102de0b81",
"value": "0a1d2182f272ff4e4321b41f6bf65f8320d9e88c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251085",
"to_ids": false,
"type": "link",
"uuid": "5718ec0d-2b70-41f4-87f7-445902de0b81",
"value": "https://www.virustotal.com/file/565dadb36e1d8b0c787d0d5e4cd7ec8c24cac1d6b37637427547ae465ab0fff0/analysis/1461162322/"
},
{
"category": "Payload delivery",
"comment": "CryptXXX - Xchecked via VT: a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251086",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0e-d908-428b-bba4-4c4802de0b81",
"value": "cfb97a66c90bff92b5d72eb9e81b2e9d8013b66d"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251086",
"to_ids": false,
"type": "link",
"uuid": "5718ec0e-22f0-48d2-b7bb-499102de0b81",
"value": "https://www.virustotal.com/file/a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05/analysis/1461225821/"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream dll3 - Xchecked via VT: e53610a977b65c01b275e37aefad7884368dfe00b50750e35b6c8c87556a2c06",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251086",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0e-5244-4e01-814e-401c02de0b81",
"value": "93e9e42eba18e83811b4e9858be5cd09b9c50e5d"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251087",
"to_ids": false,
"type": "link",
"uuid": "5718ec0f-30f8-402c-bda5-4aba02de0b81",
"value": "https://www.virustotal.com/file/e53610a977b65c01b275e37aefad7884368dfe00b50750e35b6c8c87556a2c06/analysis/1461164621/"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream dll1 || Bedep 1809 update stream exe2 - Dridex 222 - Xchecked via VT: 1036c84a003378907560356642bb065caef961f9dbc5c3b2a4954d5cbe7100df",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251087",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec0f-a46c-4586-9ce8-484902de0b81",
"value": "92a35105a3cf19a183ef9ca9e66cb9063fffecf1"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251087",
"to_ids": false,
"type": "link",
"uuid": "5718ec0f-b980-4e86-bc98-468602de0b81",
"value": "https://www.virustotal.com/file/1036c84a003378907560356642bb065caef961f9dbc5c3b2a4954d5cbe7100df/analysis/1461131970/"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 first stream dll CryptXXX - Xchecked via VT: ab7a58b6e50be6b9bcb926c550ff26669601bbd8bfd922a5b32756e663b25a67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251088",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec10-4cf4-44af-9f1d-4e9f02de0b81",
"value": "d3f6bd8b57a8c353fd3f25d66e0690d9f578d35e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251088",
"to_ids": false,
"type": "link",
"uuid": "5718ec10-c750-4490-958d-427902de0b81",
"value": "https://www.virustotal.com/file/ab7a58b6e50be6b9bcb926c550ff26669601bbd8bfd922a5b32756e663b25a67/analysis/1461226696/"
},
{
"category": "Payload delivery",
"comment": "Zip archive with most of the mentioned content - Xchecked via VT: 41dbbc60b8921709c5eb187cf03e60701e3b172e6deebdb67dd66c8cb3666b90",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251089",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec11-7160-45ce-aa3c-4f8f02de0b81",
"value": "8b2771240fdcb3ca11c0ea1b77a313484154a85f"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251089",
"to_ids": false,
"type": "link",
"uuid": "5718ec11-c674-4178-8bb7-48bb02de0b81",
"value": "https://www.virustotal.com/file/41dbbc60b8921709c5eb187cf03e60701e3b172e6deebdb67dd66c8cb3666b90/analysis/1461162315/"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream exe2 - Dridex 222 - Xchecked via VT: 3e75e8238a6bbd8817164658696198af",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251089",
"to_ids": true,
"type": "sha256",
"uuid": "5718ec11-4c84-4afb-818a-43a402de0b81",
"value": "669ae51d73a3fac117ec39195efb969cb41a16fadecfe412ad83b767b25ae2ae"
},
{
"category": "Payload delivery",
"comment": "Bedep 1809 update stream exe2 - Dridex 222 - Xchecked via VT: 3e75e8238a6bbd8817164658696198af",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251090",
"to_ids": true,
"type": "sha1",
"uuid": "5718ec12-bb6c-4b99-b685-470b02de0b81",
"value": "3c0246b41063f5ea26de9d96301774836270eff3"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1461251090",
"to_ids": false,
"type": "link",
"uuid": "5718ec12-fd54-4b04-8e9f-4e0f02de0b81",
"value": "https://www.virustotal.com/file/669ae51d73a3fac117ec39195efb969cb41a16fadecfe412ad83b767b25ae2ae/analysis/1461160978/"
}
]
}
}
Reference in a new issue View git blame Copy permalink