misp-circl-feed/feeds/circl/misp/56f0302e-e494-494b-b012-42d7950d210f.json

792 lines
No EOL
29 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2016-03-21",
"extends_uuid": "",
"info": "OSINT - STOP SCANNING MY MACRO",
"publish_timestamp": "1458581977",
"published": true,
"threat_level_id": "3",
"timestamp": "1458581850",
"uuid": "56f0302e-e494-494b-b012-42d7950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581592",
"to_ids": false,
"type": "comment",
"uuid": "56f03058-8564-4afc-bce3-4ace950d210f",
"value": "FireEye Labs detected an interesting evasion strategy in two recent, large Dridex campaigns. These campaigns changed the attachment file-type and location of malicious logic in an attempt to avoid scanners."
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581602",
"to_ids": false,
"type": "link",
"uuid": "56f03062-d6d4-4c13-aa02-468e950d210f",
"value": "https://www.fireeye.com/blog/threat-research/2016/03/stop_scanning_mymac.html"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581624",
"to_ids": true,
"type": "md5",
"uuid": "56f03078-7514-43db-af07-4d66950d210f",
"value": "858451ad73050bda48e5470abd2643ac"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581624",
"to_ids": true,
"type": "md5",
"uuid": "56f03078-4650-4fbf-92f5-4922950d210f",
"value": "aff54d68cbf6ac8611fe89cd9f0dc2de"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581624",
"to_ids": true,
"type": "md5",
"uuid": "56f03078-8794-489e-ab48-4075950d210f",
"value": "876d081e8b474a3c1ac57cf435e330cb"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581625",
"to_ids": true,
"type": "md5",
"uuid": "56f03079-5ca8-41f6-be41-46df950d210f",
"value": "d8eebe2a08fff86abd06ec94e8bdd165"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581625",
"to_ids": true,
"type": "md5",
"uuid": "56f03079-5dec-4fe9-aac4-479d950d210f",
"value": "8c07b9337deda3c589d50e4ff3aadcd6"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581625",
"to_ids": true,
"type": "md5",
"uuid": "56f03079-a4c4-471a-9c81-43b3950d210f",
"value": "73c7bf49caa0d1bd37053b99a986ebe8"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581626",
"to_ids": true,
"type": "md5",
"uuid": "56f0307a-f030-48bf-b212-4546950d210f",
"value": "770fede93cc4220a371569daed2a4bc1"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581626",
"to_ids": true,
"type": "md5",
"uuid": "56f0307a-a890-4d66-a26d-455a950d210f",
"value": "5b7813105cf9ebccb46cf7e63a5a836d"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581626",
"to_ids": true,
"type": "md5",
"uuid": "56f0307a-c1a4-4f4a-b5a7-4fc0950d210f",
"value": "8f787ddedbaa8af3f6a73d0c6cd4e33e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581746",
"to_ids": true,
"type": "email-attachment",
"uuid": "56f03094-ea38-44b9-be1d-4b79950d210f",
"value": "Invoice_GIINV02514_from_tip_top_delivery.rtf"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581665",
"to_ids": true,
"type": "hostname",
"uuid": "56f030a1-a7dc-47b4-bc85-4bb8950d210f",
"value": "parts.woodwardcounselinginc.com"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581693",
"to_ids": true,
"type": "md5",
"uuid": "56f030bd-9368-4ab8-b4b0-481f950d210f",
"value": "8840c20ac74281c0580e8637caf1edea"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581693",
"to_ids": true,
"type": "md5",
"uuid": "56f030bd-7df0-4fb7-b858-4a23950d210f",
"value": "800f90f29d13716eb1f7059fb84089ed"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581694",
"to_ids": true,
"type": "md5",
"uuid": "56f030be-7d3c-4868-98f3-440a950d210f",
"value": "7e74d5a3a20038fe0a66445eb76fa066"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581694",
"to_ids": true,
"type": "md5",
"uuid": "56f030be-c334-4c0f-a9ae-4c62950d210f",
"value": "7a4b7762f8db2438b4ad3d991864431d"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581695",
"to_ids": true,
"type": "md5",
"uuid": "56f030bf-f1a0-4cc0-b43e-43e2950d210f",
"value": "74f9da1ce1ff900113ae7cb28b3eb56f"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581695",
"to_ids": true,
"type": "md5",
"uuid": "56f030bf-0664-4194-bb39-4874950d210f",
"value": "6ccc678c3ec284fad015ed0eaa875733"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581695",
"to_ids": true,
"type": "md5",
"uuid": "56f030bf-193c-45f5-a885-4fed950d210f",
"value": "3ea5c225132f0d7423417b3c7ce98c7d"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581695",
"to_ids": true,
"type": "md5",
"uuid": "56f030bf-31c4-4f80-8007-4ab8950d210f",
"value": "33b2a2d98aca34b66de9a11b7ec2d951"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581713",
"to_ids": true,
"type": "hostname",
"uuid": "56f030d1-5904-4f85-8080-4b68950d210f",
"value": "house.nochildforgotten.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581736",
"to_ids": true,
"type": "email-attachment",
"uuid": "56f030e1-4bc0-4463-9a0f-4aa3950d210f",
"value": "IGINV51905.rtf"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 33b2a2d98aca34b66de9a11b7ec2d951",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581782",
"to_ids": true,
"type": "sha256",
"uuid": "56f03116-e580-4803-91f7-4c2302de0b81",
"value": "fb36a810bf9a543384cb23b103394aad380548f871297f6a580773c138c8f8c8"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 33b2a2d98aca34b66de9a11b7ec2d951",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581783",
"to_ids": true,
"type": "sha1",
"uuid": "56f03117-3234-41d0-9d7e-495402de0b81",
"value": "4ca1f37cb52c33b9678d499ed8b6a37b8577a680"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581783",
"to_ids": false,
"type": "link",
"uuid": "56f03117-6aa4-4140-92de-40c102de0b81",
"value": "https://www.virustotal.com/file/fb36a810bf9a543384cb23b103394aad380548f871297f6a580773c138c8f8c8/analysis/1458552924/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 3ea5c225132f0d7423417b3c7ce98c7d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581783",
"to_ids": true,
"type": "sha256",
"uuid": "56f03117-324c-400a-bd86-4c1002de0b81",
"value": "cccbd3f2d121575290c19304faf1abeac1a3bbf4c1ad4af0c34479c95006ac5e"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 3ea5c225132f0d7423417b3c7ce98c7d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581784",
"to_ids": true,
"type": "sha1",
"uuid": "56f03118-c954-4830-bfe2-4e2002de0b81",
"value": "28f463492c3d5683405ac76fce2e43f2a2ae58db"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581784",
"to_ids": false,
"type": "link",
"uuid": "56f03118-0468-48ac-9571-43aa02de0b81",
"value": "https://www.virustotal.com/file/cccbd3f2d121575290c19304faf1abeac1a3bbf4c1ad4af0c34479c95006ac5e/analysis/1458544469/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 6ccc678c3ec284fad015ed0eaa875733",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581784",
"to_ids": true,
"type": "sha256",
"uuid": "56f03118-7e30-47c8-9c66-48ef02de0b81",
"value": "cbec8323a70876fa9d2261ed2a81cc3917c45c516e14cd24600fdc062bcf0889"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 6ccc678c3ec284fad015ed0eaa875733",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581784",
"to_ids": true,
"type": "sha1",
"uuid": "56f03118-2ffc-4c44-b133-406a02de0b81",
"value": "585e82ec384cce5f329bbe6d917946723845da91"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581785",
"to_ids": false,
"type": "link",
"uuid": "56f03119-8dbc-41f3-a54d-47b102de0b81",
"value": "https://www.virustotal.com/file/cbec8323a70876fa9d2261ed2a81cc3917c45c516e14cd24600fdc062bcf0889/analysis/1458424209/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 74f9da1ce1ff900113ae7cb28b3eb56f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581785",
"to_ids": true,
"type": "sha256",
"uuid": "56f03119-b7c4-4c29-80e1-4bc702de0b81",
"value": "fe523db2e1b86127d21cd9b3476ba7b1b0cee35bbaa8965841fce71ed54eb576"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 74f9da1ce1ff900113ae7cb28b3eb56f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581785",
"to_ids": true,
"type": "sha1",
"uuid": "56f03119-bb00-4100-a128-45a202de0b81",
"value": "9aa3cb387006af303e43b564140fd2bd302f83d4"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581786",
"to_ids": false,
"type": "link",
"uuid": "56f0311a-17cc-4844-88bc-437f02de0b81",
"value": "https://www.virustotal.com/file/fe523db2e1b86127d21cd9b3476ba7b1b0cee35bbaa8965841fce71ed54eb576/analysis/1458537966/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 7a4b7762f8db2438b4ad3d991864431d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581786",
"to_ids": true,
"type": "sha256",
"uuid": "56f0311a-d55c-438e-8b49-44eb02de0b81",
"value": "2c7c3650f85a6ec5fab51078318cbeb2781305e5713df98e2ed3b0dd689d0bda"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 7a4b7762f8db2438b4ad3d991864431d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581786",
"to_ids": true,
"type": "sha1",
"uuid": "56f0311a-37c4-468f-9805-460802de0b81",
"value": "333e2815f05401ea4d365b7b8052aca7ffa92861"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581787",
"to_ids": false,
"type": "link",
"uuid": "56f0311b-22d8-4b20-9edc-459702de0b81",
"value": "https://www.virustotal.com/file/2c7c3650f85a6ec5fab51078318cbeb2781305e5713df98e2ed3b0dd689d0bda/analysis/1458454881/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 7e74d5a3a20038fe0a66445eb76fa066",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581787",
"to_ids": true,
"type": "sha256",
"uuid": "56f0311b-3690-48dc-992f-47f202de0b81",
"value": "28e80edc15b3bebac008a4cdb030603e1477d20b7814cea491fc8506b9388c1c"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 7e74d5a3a20038fe0a66445eb76fa066",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581787",
"to_ids": true,
"type": "sha1",
"uuid": "56f0311b-d7d4-4101-9f0a-4eef02de0b81",
"value": "747cb0aaa3c48d2b1e46b2e36027ebe55681218b"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581788",
"to_ids": false,
"type": "link",
"uuid": "56f0311c-cc34-4132-ab1e-4eb902de0b81",
"value": "https://www.virustotal.com/file/28e80edc15b3bebac008a4cdb030603e1477d20b7814cea491fc8506b9388c1c/analysis/1458468781/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 800f90f29d13716eb1f7059fb84089ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581788",
"to_ids": true,
"type": "sha256",
"uuid": "56f0311c-8d54-43d2-a1f2-466402de0b81",
"value": "81ec6bc642130d1f5f9882a4cef9256636f543d46da759081bcf8886f13394ff"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 800f90f29d13716eb1f7059fb84089ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581788",
"to_ids": true,
"type": "sha1",
"uuid": "56f0311c-a69c-4368-af80-4bac02de0b81",
"value": "5bf90ec91adba8c2684c3e31c1bd0ddfe2a9397b"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581789",
"to_ids": false,
"type": "link",
"uuid": "56f0311d-bd54-4f90-836d-489202de0b81",
"value": "https://www.virustotal.com/file/81ec6bc642130d1f5f9882a4cef9256636f543d46da759081bcf8886f13394ff/analysis/1458424210/"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 8840c20ac74281c0580e8637caf1edea",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581789",
"to_ids": true,
"type": "sha256",
"uuid": "56f0311d-b0d0-4c28-a75a-40f602de0b81",
"value": "b1088ada9a80ae8a5bfa6a54994573afaee16cecec1fcafdcca877d182ba088f"
},
{
"category": "Payload delivery",
"comment": "IMAGINiT campaign - Xchecked via VT: 8840c20ac74281c0580e8637caf1edea",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581789",
"to_ids": true,
"type": "sha1",
"uuid": "56f0311d-a360-4732-ae42-466b02de0b81",
"value": "f577ff9b4c62b784d04cb3a22d733f07ec195881"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581790",
"to_ids": false,
"type": "link",
"uuid": "56f0311e-1a20-46b0-bf9b-4ab502de0b81",
"value": "https://www.virustotal.com/file/b1088ada9a80ae8a5bfa6a54994573afaee16cecec1fcafdcca877d182ba088f/analysis/1458547416/"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 8f787ddedbaa8af3f6a73d0c6cd4e33e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581790",
"to_ids": true,
"type": "sha256",
"uuid": "56f0311e-3bec-4ea9-a949-4f2002de0b81",
"value": "e5ccec9d24b4d518de6c6722c1c72b6b23b3bb4ddddfc03a2b9a5630702e59c0"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 8f787ddedbaa8af3f6a73d0c6cd4e33e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581790",
"to_ids": true,
"type": "sha1",
"uuid": "56f0311e-cdb8-4e97-8352-4acc02de0b81",
"value": "20fb89ae7ec81f28dc5fd29a5664d257150a7f7c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581791",
"to_ids": false,
"type": "link",
"uuid": "56f0311f-03fc-4a48-b5a6-4cfb02de0b81",
"value": "https://www.virustotal.com/file/e5ccec9d24b4d518de6c6722c1c72b6b23b3bb4ddddfc03a2b9a5630702e59c0/analysis/1458424207/"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 5b7813105cf9ebccb46cf7e63a5a836d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581791",
"to_ids": true,
"type": "sha256",
"uuid": "56f0311f-932c-4f37-b1e7-4fa802de0b81",
"value": "7a1df6c77168f06b06df8e53120d3a5c0c465d6319d42fc95dcc08593a4d1108"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 5b7813105cf9ebccb46cf7e63a5a836d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581791",
"to_ids": true,
"type": "sha1",
"uuid": "56f0311f-8930-42de-8706-46c702de0b81",
"value": "5d38822aa1ce863eb260e38684a781a13ccd450c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581792",
"to_ids": false,
"type": "link",
"uuid": "56f03120-b2ac-4451-9d81-485102de0b81",
"value": "https://www.virustotal.com/file/7a1df6c77168f06b06df8e53120d3a5c0c465d6319d42fc95dcc08593a4d1108/analysis/1458577767/"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 770fede93cc4220a371569daed2a4bc1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581792",
"to_ids": true,
"type": "sha256",
"uuid": "56f03120-a018-434b-8970-420e02de0b81",
"value": "cd9fdb4c3a7b647bda3aec1b5afa2e7b9e2fbdb49ee833e56f7cd8104bba3547"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 770fede93cc4220a371569daed2a4bc1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581792",
"to_ids": true,
"type": "sha1",
"uuid": "56f03120-f604-4c60-af93-4b3f02de0b81",
"value": "681cb976de29f799c037e11c030d28dd490b04e4"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581792",
"to_ids": false,
"type": "link",
"uuid": "56f03120-16e0-48b2-abba-4eb702de0b81",
"value": "https://www.virustotal.com/file/cd9fdb4c3a7b647bda3aec1b5afa2e7b9e2fbdb49ee833e56f7cd8104bba3547/analysis/1458424507/"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: d8eebe2a08fff86abd06ec94e8bdd165",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581793",
"to_ids": true,
"type": "sha256",
"uuid": "56f03121-84f4-48ca-ab99-475b02de0b81",
"value": "aa74d7d58b474d4fe9cd92826093c8c7af080452f19165c501fb0925ed8b2920"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: d8eebe2a08fff86abd06ec94e8bdd165",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581793",
"to_ids": true,
"type": "sha1",
"uuid": "56f03121-0ec0-42f9-a7a9-42b702de0b81",
"value": "745f519e41610bd5a89edb1359ced486474cca7f"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581793",
"to_ids": false,
"type": "link",
"uuid": "56f03121-31bc-44d1-8270-4cb902de0b81",
"value": "https://www.virustotal.com/file/aa74d7d58b474d4fe9cd92826093c8c7af080452f19165c501fb0925ed8b2920/analysis/1458473661/"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 876d081e8b474a3c1ac57cf435e330cb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581794",
"to_ids": true,
"type": "sha256",
"uuid": "56f03122-3824-4a64-8802-408d02de0b81",
"value": "ed603ed10f71e2eb33d77bc4ef32ba8d00b410610b92df9bda4659a4eacc2a79"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: 876d081e8b474a3c1ac57cf435e330cb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581794",
"to_ids": true,
"type": "sha1",
"uuid": "56f03122-3c30-40bd-bf7a-4f1002de0b81",
"value": "d50e97f803ef65e6f0ff136d81dba2c396287567"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581794",
"to_ids": false,
"type": "link",
"uuid": "56f03122-1260-43f2-8ba9-483e02de0b81",
"value": "https://www.virustotal.com/file/ed603ed10f71e2eb33d77bc4ef32ba8d00b410610b92df9bda4659a4eacc2a79/analysis/1458580699/"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: aff54d68cbf6ac8611fe89cd9f0dc2de",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581795",
"to_ids": true,
"type": "sha256",
"uuid": "56f03123-1744-4203-80e7-42b502de0b81",
"value": "7f1548c7549c6a452d95ae9ed821f83e29a1ca9a225a3f7294c0d58f204b5d41"
},
{
"category": "Payload delivery",
"comment": "Tip Top Delivery campaign - Xchecked via VT: aff54d68cbf6ac8611fe89cd9f0dc2de",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581795",
"to_ids": true,
"type": "sha1",
"uuid": "56f03123-7fc8-4e21-8e46-456402de0b81",
"value": "f83f899e5e12f610cb932014c1d05096cf5c7144"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581795",
"to_ids": false,
"type": "link",
"uuid": "56f03123-fbc0-42ad-8b1c-4e1302de0b81",
"value": "https://www.virustotal.com/file/7f1548c7549c6a452d95ae9ed821f83e29a1ca9a225a3f7294c0d58f204b5d41/analysis/1458579160/"
},
{
"category": "Artifacts dropped",
"comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581850",
"to_ids": true,
"type": "pattern-in-file",
"uuid": "56f0315a-4820-4860-9a00-4c79950d210f",
"value": "<wx:uiName wx:val=\"\u00d0\u017e\u00d1\u0081\u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d0\u00bd\u00d0\u00be\u00d0\u00b9 \u00d1\u02c6\u00d1\u20ac\u00d0\u00b8\u00d1\u201e\u00d1\u201a \u00d0\u00b0\u00d0\u00b1\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b0\"/>"
},
{
"category": "Artifacts dropped",
"comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581850",
"to_ids": true,
"type": "pattern-in-file",
"uuid": "56f0315a-bf78-42bb-9d6c-4e36950d210f",
"value": "<wx:uiName wx:val=\"\u00d0\u017e\u00d0\u00b1\u00d1\u2039\u00d1\u2021\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d1\u201a\u00d0\u00b0\u00d0\u00b1\u00d0\u00bb\u00d0\u00b8\u00d1\u2020\u00d0\u00b0\"/>"
},
{
"category": "Artifacts dropped",
"comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581850",
"to_ids": true,
"type": "pattern-in-file",
"uuid": "56f0315a-ef1c-4929-be90-4d1c950d210f",
"value": "<wx:uiName wx:val=\"\u00d0\u009d\u00d0\u00b5\u00d1\u201a \u00d1\u0081\u00d0\u00bf\u00d0\u00b8\u00d1\u0081\u00d0\u00ba\u00d0\u00b0\"/>"
},
{
"category": "Artifacts dropped",
"comment": "The authors left Cyrillic strings in the XML, which could possibly be used as an IOC to hunt for similar documents.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458581851",
"to_ids": true,
"type": "pattern-in-file",
"uuid": "56f0315b-2cd8-4fdc-b80a-4ca8950d210f",
"value": "<o:LastAuthor>\u00d0\u00bf\u00d0\u00b0\u00d0\u00b2\u00d1\u0192\u00d0\u00b2\u00d0\u00b0\u00d1\u2039\u00d0\u00b2\u00d0\u00b0</o:LastAuthor>"
}
]
}
}