935 lines
No EOL
35 KiB
JSON
935 lines
No EOL
35 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-07-13",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Meet Ovidiy Stealer: Bringing credential theft to the masses",
|
|
"publish_timestamp": "1503646759",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1503646727",
|
|
"uuid": "599e9eb0-ddc0-4349-ad1c-4f26950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599e9ebd-9208-4ed8-b32a-410f950d210f",
|
|
"value": "https://www.proofpoint.com/us/threat-insight/post/meet-ovidiy-stealer-bringing-credential-theft-masses",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "599e9ecd-73bc-4057-a78c-48e9950d210f",
|
|
"value": "Proofpoint threat researchers recently analyzed Ovidiy Stealer, a previously undocumented credential stealer which appears to be marketed primarily in the Russian-speaking regions. It is under constant development, with several updated versions appearing since the original samples were observed in June 2017. The growing number of samples demonstrate that criminals are actively adopting this malware. Ovidiy Stealer is priced at 450-750 Rubles (~$7-13 USD) for one build, a price that includes a precompiled executable that is also \"crypted\" to thwart analysis and detection.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-fa30-4352-a502-466d950d210f",
|
|
"value": "8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-a444-4856-b6f4-4efc950d210f",
|
|
"value": "d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-228c-423d-973c-453a950d210f",
|
|
"value": "d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-4830-4c83-b261-40ee950d210f",
|
|
"value": "a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-1a28-46d3-854c-457a950d210f",
|
|
"value": "c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-915c-4077-bfac-420e950d210f",
|
|
"value": "255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-7100-462f-b397-4f3a950d210f",
|
|
"value": "2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-4d04-4f99-8503-4712950d210f",
|
|
"value": "84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-5760-4712-9dc3-4786950d210f",
|
|
"value": "c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-8650-4b41-80ea-4b64950d210f",
|
|
"value": "d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-cbf0-4398-bf22-4a70950d210f",
|
|
"value": "062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-e618-4c17-b54a-4330950d210f",
|
|
"value": "80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-3c7c-4aaf-9fb7-4c03950d210f",
|
|
"value": "22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "599e9f00-dfd4-4060-abbc-4990950d210f",
|
|
"value": "8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename|sha256",
|
|
"uuid": "599e9fd3-4690-4bf8-b641-4e80950d210f",
|
|
"value": "Litebitcoin-qt.zip|7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename|sha256",
|
|
"uuid": "599e9fd3-9b80-4895-8db9-465a950d210f",
|
|
"value": "Jora.exe|3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename|sha256",
|
|
"uuid": "599e9fd3-2bf8-44a8-844e-4f0e950d210f",
|
|
"value": "Uber.exe|5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "599ea175-a590-4393-afec-48f3950d210f",
|
|
"value": "hideminer.zip"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "599ea175-c9fc-4798-8c87-4eec950d210f",
|
|
"value": "vkhacktool.zip"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "599ea175-0ff8-4dee-ac2f-48fc950d210f",
|
|
"value": "update_teamspeak3.5.1.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "599ea175-97b8-4011-875d-41ad950d210f",
|
|
"value": "2017.txt.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "599ea175-ca6c-434c-9256-40b9950d210f",
|
|
"value": "dice_bot.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "599ea175-6b48-412d-baff-411a950d210f",
|
|
"value": "v5.4.3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "599ea175-9370-40d9-addd-4c3d950d210f",
|
|
"value": "2017.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "social network lure",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"timestamp": "1503583616",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "599ea175-7f0c-4099-9a9f-4613950d210f",
|
|
"value": "vk.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "599ea175-e8f8-4c8f-b6b2-4def950d210f",
|
|
"value": "BulliTl.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Ovidiy Stealer C&C",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583480",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "599ea175-d750-4372-be74-448d950d210f",
|
|
"value": "ovidiystealer.ru"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-f964-4928-a56a-465102de0b81",
|
|
"value": "15745e946ef627aacc8b69ddd407f98138e0f477"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-1954-4fc0-8b83-479f02de0b81",
|
|
"value": "c984afc8b7ae320dcf5bf96dfeb810e1"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-975c-4433-9e0e-451402de0b81",
|
|
"value": "https://www.virustotal.com/file/5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7/analysis/1502503297/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-f278-43e7-a5bf-490302de0b81",
|
|
"value": "8bca84a452b7ad9a81d3090664e98fee1e7842ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-4708-47d5-9c43-402502de0b81",
|
|
"value": "8bca45495846035b298412fc90a0aabe"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-ed7c-4189-8481-432f02de0b81",
|
|
"value": "https://www.virustotal.com/file/3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52/analysis/1503280217/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-aee0-4ea9-b4ed-4e5202de0b81",
|
|
"value": "ac09b00558d131de7f26ed858976af1dafaf84af"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-023c-463d-b91c-483d02de0b81",
|
|
"value": "5be70cd5c167b8320dd4f8b0c0f75942"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-d1dc-4d58-b68e-436b02de0b81",
|
|
"value": "https://www.virustotal.com/file/7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4/analysis/1503280055/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-f310-4e5c-a3ac-403002de0b81",
|
|
"value": "9009c964c2d085fed269b7a6c241e7f645bc2689"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-c104-4984-806f-4a8602de0b81",
|
|
"value": "8059b55781edbc4dbc27d50531a50ba9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-7e0c-4633-b334-409c02de0b81",
|
|
"value": "https://www.virustotal.com/file/8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee/analysis/1503280178/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-80bc-4865-b100-4b7c02de0b81",
|
|
"value": "e0d4ed2d470808f33b1384d8b9cec6e16142a17c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-1d24-4bbb-92b5-42c002de0b81",
|
|
"value": "727ae120f5afe39bf9736a43bef17be2"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-69e0-48a7-836d-495f02de0b81",
|
|
"value": "https://www.virustotal.com/file/22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05/analysis/1503280132/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-43e0-422a-b204-428302de0b81",
|
|
"value": "6b2e2ff345e0001a047d461e8a91ee34b3693617"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-f510-4b3c-8964-467902de0b81",
|
|
"value": "cd671a726a8498a8fd70c6c76069fb54"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-8a9c-43c7-8574-43ff02de0b81",
|
|
"value": "https://www.virustotal.com/file/80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410/analysis/1503280442/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-3cac-4d69-ae42-434602de0b81",
|
|
"value": "83449bf8ae20e93de938a1c9b42a46e831737c04"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcf9-03a0-4ff7-8e7b-4a8c02de0b81",
|
|
"value": "781e41b558870a28624b892ff028102d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcf9-44e4-4c78-8259-4cef02de0b81",
|
|
"value": "https://www.virustotal.com/file/062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432/analysis/1503280145/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583481",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcf9-a740-4186-86e0-4cdd02de0b81",
|
|
"value": "d5b5433405e2573bf1f5ad65c8be5571031fc2f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-1ed8-4441-b1e9-4aaf02de0b81",
|
|
"value": "3b98ca30e8f7cc3f15427eef1c252d1a"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-e3c4-4c66-bb58-430802de0b81",
|
|
"value": "https://www.virustotal.com/file/d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4/analysis/1503279946/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-6054-4f06-991f-4a6d02de0b81",
|
|
"value": "aeb9a6e9f2025a62fb33d8514ae4195d40e0f88e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-1d60-473e-b4b1-425702de0b81",
|
|
"value": "fd239bc850cb5b4c3f6acd7302d7296b"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-8030-478e-a823-46cf02de0b81",
|
|
"value": "https://www.virustotal.com/file/c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d/analysis/1503280609/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-883c-481e-b244-49de02de0b81",
|
|
"value": "9a3de133aa79deb5ec598f8db6a2c648102cade2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-a96c-4ef6-87c5-42a302de0b81",
|
|
"value": "36513bdb5dd7832590b3acfc4769aa6d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-9770-4ee4-9f1b-448602de0b81",
|
|
"value": "https://www.virustotal.com/file/84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04/analysis/1503279937/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-e3fc-4cfa-9617-4b1802de0b81",
|
|
"value": "3ea8815de77b78b97b81b04aca9af87652601430"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-dfac-4701-bc58-4f7b02de0b81",
|
|
"value": "3f9444a748c07c60debd5957749b9e40"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-87c4-4a1e-854b-44b402de0b81",
|
|
"value": "https://www.virustotal.com/file/2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a/analysis/1503279960/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-2ac8-4898-afbe-4b2202de0b81",
|
|
"value": "4ef4206695358cca3819ef3b2a70640c737666a5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-22f4-4452-bf9c-482d02de0b81",
|
|
"value": "6a12f2e24d148dc375b569cf994662cf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-9c90-4850-9ee4-4d9e02de0b81",
|
|
"value": "https://www.virustotal.com/file/255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec/analysis/1503280108/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-bc30-4e50-8b62-475602de0b81",
|
|
"value": "d03b5ba006986ea5f980468bcec1f245eb92b685"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-ac8c-4dcb-a005-49b302de0b81",
|
|
"value": "6838bce2f6c831414df831040fc14287"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-432c-4854-9093-4e1a02de0b81",
|
|
"value": "https://www.virustotal.com/file/c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3/analysis/1503280102/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-6fb0-41c4-a8ce-4b1f02de0b81",
|
|
"value": "368c2b4e66291e35e140ba6957164981e1409ce0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-b76c-42e3-b4fb-44a402de0b81",
|
|
"value": "4800f1aed32b3a776a8362651d8fc560"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-bdc4-4a7d-8010-421002de0b81",
|
|
"value": "https://www.virustotal.com/file/a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936/analysis/1503280010/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-e894-422d-9fb1-4a7202de0b81",
|
|
"value": "0ed8e49415383e44edce973fbaf88a2fd1ad10c3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-cb54-4b82-8a59-4d5b02de0b81",
|
|
"value": "e0cc886a4a0d01e399289eee7803cd59"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-0c30-41c0-a5e0-462202de0b81",
|
|
"value": "https://www.virustotal.com/file/d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88/analysis/1503280520/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-a2c8-49b4-8048-4cf102de0b81",
|
|
"value": "53d8f7b7e893bc543af3bc388edc80ba95513573"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-2fd4-4495-94b1-499802de0b81",
|
|
"value": "112a7aff7b6256d202749293d4c413e0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-42b4-4382-ab25-424902de0b81",
|
|
"value": "https://www.virustotal.com/file/d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792/analysis/1503279819/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "599edcfa-7064-4545-9ab5-410502de0b81",
|
|
"value": "9f148d85a3f921c1fc968f28826ea60d5d3d6e84"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "599edcfa-28ac-4630-83bb-441302de0b81",
|
|
"value": "2e58c2f2a88cce5a130cf7760da0256b"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Ovidiy Stealer - Xchecked via VT: 8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1503583482",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "599edcfa-df70-433d-b6bc-460102de0b81",
|
|
"value": "https://www.virustotal.com/file/8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506/analysis/1500037206/"
|
|
}
|
|
]
|
|
}
|
|
} |