946 lines
No EOL
36 KiB
JSON
946 lines
No EOL
36 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-10-25",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Houdini\u00e2\u20ac\u2122s Magic Reappearance",
|
|
"publish_timestamp": "1477431487",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1477431385",
|
|
"uuid": "580fcef3-28fc-42e2-aec1-4978950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431045",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "580fcf05-6a3c-47d5-9e3f-4075950d210f",
|
|
"value": "Unit 42 has observed a new version of Hworm (or Houdini) being used within multiple attacks. This blog outlines technical details of this new Hworm version and documents an attack campaign making use of the backdoor. Of the samples used in this attack, the first we observed were June 2016, while as-of publication we were still seeing attacks as recently as mid-October, suggesting that this is likely an active, ongoing campaign."
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431067",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fcf1b-efa8-4f60-adc9-4012950d210f",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Command and Control Network Locations",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431110",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "580fcf46-abe4-4266-aff2-4b1e950d210f",
|
|
"value": "start.loginto.me"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Command and Control Network Locations",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431110",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "580fcf46-7a18-4999-963e-4e67950d210f",
|
|
"value": "samah.sytes.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Command and Control Network Locations",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431110",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "580fcf46-6f48-4013-863c-4836950d210f",
|
|
"value": "52.42.161.75"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Command and Control Network Locations",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431110",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "580fcf46-8d90-430a-aacd-452a950d210f",
|
|
"value": "78.47.96.17"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Command and Control Network Locations",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431111",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "580fcf47-0cac-450a-ba51-4511950d210f",
|
|
"value": "136.243.104.200"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431127",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf57-5f70-4cd6-ba09-4725950d210f",
|
|
"value": "7916ca6ae6fdbfb45448f6dcff374d072d988d11aa15247a88167bf973ee2c0d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431128",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf58-1c04-4f21-b67a-4031950d210f",
|
|
"value": "947d264a413f3353c43dafa0fd918bec75e8752a953b50843bc8134286d6f93f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431128",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf58-0d94-4ea3-92ad-427c950d210f",
|
|
"value": "9ddf2f2e6ac7da61c04c03f3f27af12cb85e096746f120235724a4ed93fac5aa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431128",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf58-01a8-4d61-b535-49fe950d210f",
|
|
"value": "3d287cce7fe1caa5c033a4e6b94680c90a25cb3866837266130ba0fd8fab562c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431128",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf58-a3ec-4451-8a15-433e950d210f",
|
|
"value": "444b82caf3c17ea74034c984aeca0f5b2e6547af88a0fb15953f2d5b80e3b448"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431129",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf59-ecfc-4272-917c-4995950d210f",
|
|
"value": "3d3db84b6ad760540f638713e3f6a8daf8a226bd045351bcc72c6d22a7df8b3a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Decoy files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431129",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf59-fcfc-482e-a0f5-4384950d210f",
|
|
"value": "fffda1e2d794a5645f973900083a88ef38c3d20a89c5e59ca21412806db28197"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431142",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf66-4a24-4022-bf30-4f4a950d210f",
|
|
"value": "386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431143",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf67-2f30-4175-9f3a-4bcd950d210f",
|
|
"value": "44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431143",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf67-dbc8-41ee-8eda-435f950d210f",
|
|
"value": "8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431143",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf67-9ebc-400f-85a0-487d950d210f",
|
|
"value": "d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431143",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf67-d7e4-4e08-a2c2-4ff1950d210f",
|
|
"value": "bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431144",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf68-522c-4ace-ac50-4b4f950d210f",
|
|
"value": "774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431144",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf68-8e20-4162-8729-4cf0950d210f",
|
|
"value": "c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431161",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf79-e89c-4ec1-ab1c-44a0950d210f",
|
|
"value": "70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7a-0b58-428a-aced-4a79950d210f",
|
|
"value": "9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7a-8498-42e9-9078-4c91950d210f",
|
|
"value": "773716bc2d313e17326471289a0b552f90086a2687fa958ef8cdb611cbc9a8c9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7a-79c8-4dd2-a059-47fb950d210f",
|
|
"value": "e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431162",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7a-ef8c-496e-9e3e-450d950d210f",
|
|
"value": "1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431163",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7b-47c4-4480-bc2e-47f5950d210f",
|
|
"value": "5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431163",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7b-d368-4f02-9a43-4a52950d210f",
|
|
"value": "fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431163",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7b-2544-488e-9d9f-4745950d210f",
|
|
"value": "106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431163",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7b-1924-4d9e-85a2-4489950d210f",
|
|
"value": "ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431163",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf7b-3054-43e7-8d7b-43cf950d210f",
|
|
"value": "0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delphi Hworm Beta Builder",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431177",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "580fcf89-ee78-4265-a24b-4bf9950d210f",
|
|
"value": "a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delphi Hworm Beta Builder - Xchecked via VT: a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431385",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd059-0c48-48ab-b95c-429e02de0b81",
|
|
"value": "418fab5241665bb22d15e1d16ec723d61c26b9f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delphi Hworm Beta Builder - Xchecked via VT: a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431385",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd059-3948-487c-aa5a-461902de0b81",
|
|
"value": "9e2de96dfe130df54e1493893208f5b1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delphi Hworm Beta Builder - Xchecked via VT: a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431385",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd059-b548-4d48-9973-41c502de0b81",
|
|
"value": "https://www.virustotal.com/file/a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242/analysis/1474674057/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431386",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05a-6c4c-480d-b2b1-405b02de0b81",
|
|
"value": "fd5262678a0fee0350e2052336d0d7c09f9ca3bd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431386",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05a-b468-4973-afd9-410902de0b81",
|
|
"value": "80bb1b89187f6004e400d7d819480118"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: 0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431386",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05a-f7e0-48a8-b984-465e02de0b81",
|
|
"value": "https://www.virustotal.com/file/0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a/analysis/1472033496/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431386",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05a-4788-4c31-b086-482202de0b81",
|
|
"value": "8ee7705fae1d65327c52128d8cd8d961149b0a3a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431387",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05b-1e3c-46c5-bdab-4f7702de0b81",
|
|
"value": "25548be2223f7ce487c6b4d9db370875"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431387",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05b-d59c-4dd1-9005-49c802de0b81",
|
|
"value": "https://www.virustotal.com/file/ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c/analysis/1471428328/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431387",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05b-6ce4-4365-a69c-4e2f02de0b81",
|
|
"value": "21938a5653ccd2c78219b8360d291141873634f6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431387",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05b-4474-49e4-854c-491002de0b81",
|
|
"value": "07adbf4d0daa58933716e71baa9f501c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: 106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431388",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05c-de6c-4a87-b6fe-434002de0b81",
|
|
"value": "https://www.virustotal.com/file/106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65/analysis/1472089513/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431388",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05c-3ab4-42a4-a79d-439002de0b81",
|
|
"value": "0db3bf38a778e2e833e217f715ef67eb9da8169a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431388",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05c-06a0-493b-ba64-466702de0b81",
|
|
"value": "62d2982a709e45b0542e1cfe210c4058"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431388",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05c-953c-4b80-9acd-40f902de0b81",
|
|
"value": "https://www.virustotal.com/file/fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03/analysis/1471431559/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431388",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05c-9744-43ee-86ce-41c202de0b81",
|
|
"value": "665725908fc67c1810956e682f40bfe9e2ea8160"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431389",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05d-84e8-44cb-86d5-437602de0b81",
|
|
"value": "b9667b4b9d82c6eb254421831c881b45"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: 5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431389",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05d-baac-46c1-8472-488502de0b81",
|
|
"value": "https://www.virustotal.com/file/5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f/analysis/1466578036/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431389",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05d-7c24-4163-82c4-4a7d02de0b81",
|
|
"value": "c2a9af4f0168882d20ca34a15c8af91ea6652b2f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431389",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05d-ec10-4fdc-8899-44a702de0b81",
|
|
"value": "7102e9bc802b90b3fc2d82cacbb34aaa"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: 1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431390",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05e-3c50-4d30-ba02-470e02de0b81",
|
|
"value": "https://www.virustotal.com/file/1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588/analysis/1466513172/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431390",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05e-99a8-4717-9885-4a1802de0b81",
|
|
"value": "74d40ba2c54a99bca91bdf6d88d2d86b748f9127"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431390",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05e-c9a4-471b-b28e-46ec02de0b81",
|
|
"value": "84b87a84ea684e01d19808abacecf6e8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431390",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05e-898c-44a6-a5f3-46fb02de0b81",
|
|
"value": "https://www.virustotal.com/file/e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c/analysis/1474537778/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431391",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05f-29b4-43f1-860e-4ecd02de0b81",
|
|
"value": "fa73bffab7f2f2e38c70d7a78937e6e4eff242fb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431391",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd05f-8dc8-4292-810e-46eb02de0b81",
|
|
"value": "54444b71ba380c238f479a4deba20802"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: 9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431391",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd05f-12d0-4819-a240-4d8d02de0b81",
|
|
"value": "https://www.virustotal.com/file/9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d/analysis/1476112359/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431391",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd05f-e2c4-40d2-bb3e-487202de0b81",
|
|
"value": "e540045b61ba3e5fa3610b4941664033b1f4d9b8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Delivery Files - Xchecked via VT: 70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431392",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd060-f21c-4be4-b3c7-409602de0b81",
|
|
"value": "f73fed9140bc455617e2430693bc1caa"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Delivery Files - Xchecked via VT: 70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431392",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd060-f828-4002-a92b-422302de0b81",
|
|
"value": "https://www.virustotal.com/file/70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed/analysis/1472454981/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431392",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd060-6218-472c-b6fa-41ca02de0b81",
|
|
"value": "624811e7d89f81979ceb56d17aca235b883078b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431392",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd060-5524-47ea-8044-4d1b02de0b81",
|
|
"value": "dbb885f648c560a12beb0d1261ac80e6"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431393",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd061-2fb8-4466-b163-478a02de0b81",
|
|
"value": "https://www.virustotal.com/file/c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7/analysis/1476385118/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431393",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd061-cc14-4bc7-91ff-4dfb02de0b81",
|
|
"value": "76293d81aa1928c2b72e95dc243f77b9db218c25"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431393",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd061-24c8-4fb1-a0fd-4e3802de0b81",
|
|
"value": "f9cd963dec6af1064f6ec31901d50337"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: 774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431393",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd061-f214-4b0f-89d1-4e0b02de0b81",
|
|
"value": "https://www.virustotal.com/file/774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7/analysis/1472458086/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd062-9ed8-4b86-9eba-412902de0b81",
|
|
"value": "09c5f3cd41fe427c9926c867931b5384dead6869"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd062-91c0-49a9-b529-4fd202de0b81",
|
|
"value": "e805010d4b68af620b7e97936a5e8f48"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd062-da58-4c1f-af33-42bc02de0b81",
|
|
"value": "https://www.virustotal.com/file/bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab/analysis/1472050065/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431395",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd063-feec-4cbf-814a-4df302de0b81",
|
|
"value": "fbead272dfbf00bc6c3fdbe5a466477efd0afe6e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431395",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd063-9234-415c-9418-400102de0b81",
|
|
"value": "da9d023c1d36f8b469aed08ecc996a21"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431395",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd063-3bc4-4052-9a92-4acc02de0b81",
|
|
"value": "https://www.virustotal.com/file/d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1/analysis/1467104275/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431395",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd063-c0a4-444b-a4a5-436602de0b81",
|
|
"value": "1ee3eea0f12c21249c50dd235974d1bf64f65154"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431395",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd063-5898-4936-822a-4e7b02de0b81",
|
|
"value": "8fd6fc5f88e11d3df407aafa7ba4ade0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: 8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431396",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd064-c26c-4020-a0af-466402de0b81",
|
|
"value": "https://www.virustotal.com/file/8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78/analysis/1476385225/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431396",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd064-e488-41c1-9ac7-4cf102de0b81",
|
|
"value": "dd07143cbedce06fe46660f0867ce42597f20447"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431396",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd064-6f90-4e4b-86ec-41e602de0b81",
|
|
"value": "45009c70d362dcd253112c9cf1924f57"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: 44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431396",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd064-f148-4e0b-81bf-4f8002de0b81",
|
|
"value": "https://www.virustotal.com/file/44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b/analysis/1476125677/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431397",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "580fd065-04dc-4cca-a149-485702de0b81",
|
|
"value": "cdb55fb4e89464d78af65a9aa42e38f2dba0c70e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Payloads - Xchecked via VT: 386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431397",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "580fd065-8580-4234-b48a-480602de0b81",
|
|
"value": "d943834a0323105003194663248f6ff9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Payloads - Xchecked via VT: 386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1477431397",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "580fd065-5c34-4633-9941-458b02de0b81",
|
|
"value": "https://www.virustotal.com/file/386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36/analysis/1473061516/"
|
|
}
|
|
]
|
|
}
|
|
} |