misp-circl-feed/feeds/circl/misp/57504442-9454-4159-a7e9-4ad8950d210f.json

529 lines
No EOL
32 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2016-06-02",
"extends_uuid": "",
"info": "OSINT - IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems",
"publish_timestamp": "1464879433",
"published": true,
"threat_level_id": "2",
"timestamp": "1464878972",
"uuid": "57504442-9454-4159-a7e9-4ad8950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878200",
"to_ids": false,
"type": "link",
"uuid": "57504478-e3f8-49d3-a594-41f4950d210f",
"value": "https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878215",
"to_ids": false,
"type": "comment",
"uuid": "57504487-2318-431d-a74a-44ca950d210f",
"value": "In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE.\r\n\r\nFLARE found the samples on VirusTotal while researching droppers compiled with PyInstaller \u00e2\u20ac\u201d an approach used by numerous malicious actors. The IRONGATE samples stood out based on their references to SCADA and associated functionality. Two samples of the malware payload were uploaded by different sources in 2014, but none of the antivirus vendors featured on VirusTotal flagged them as malicious.\r\n\r\nSiemens Product Computer Emergency Readiness Team (ProductCERT) confirmed that IRONGATE is not viable against operational Siemens control systems and determined that IRONGATE does not exploit any vulnerabilities in Siemens products. We are unable to associate IRONGATE with any campaigns or threat actors. We acknowledge that IRONGATE could be a test case, proof of concept, or research activity for ICS attack techniques.\r\n\r\nOur analysis finds that IRONGATE invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community."
},
{
"category": "Other",
"comment": "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878272",
"to_ids": false,
"type": "comment",
"uuid": "575044c0-ed64-4bdb-896e-48e8950d210f",
"value": "info: IRONGATE (FAMILY)\nby FireEye"
},
{
"category": "Other",
"comment": "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878272",
"to_ids": false,
"type": "comment",
"uuid": "575044c0-00ec-4eeb-847a-4d29950d210f",
"value": "uuid: 9cee306d-5441-4cd3-932d-f3119752634c"
},
{
"category": "Other",
"comment": "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878272",
"to_ids": false,
"type": "comment",
"uuid": "575044c0-0ab0-4bbc-9f4e-4c71950d210f",
"value": "date: 2015-08-21T16:39:02Z"
},
{
"category": "External analysis",
"comment": "OpenIOC import source file",
"data": "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPCEtLQogICAgVElUTEU6ICAgICAgICAgIDljZWUzMDZkLTU0NDEtNGNkMy05MzJkLWYzMTE5NzUyNjM0Yy5pb2MKICAgIFZFUlNJT046ICAgICAgICAxLjAKICAgIERFU0NSSVBUSU9OOiAgICBPcGVuSU9DIGZpbGUKICAgIExJQ0VOU0U6ICAgICAgICBDb3B5cmlnaHQgMjAxNiBGaXJlRXllIENvcnBvcmF0aW9uLiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSAyLjAgbGljZW5zZS4KCiAgICBGaXJlRXllIGxpY2Vuc2VzIHRoaXMgZmlsZSB0byB5b3UgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uCiAgICAyLjAgKHRoZSAiTGljZW5zZSIpOyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlCiAgICBMaWNlbnNlLiAgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0OgoKICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCgogICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvcgogICAgaW1wbGllZC4gIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZwogICAgcGVybWlzc2lvbnMgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLgotLT4KPGlvYyB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWFuZGlhbnQuY29tLzIwMTAvaW9jIiBpZD0iOWNlZTMwNmQtNTQ0MS00Y2QzLTkzMmQtZjMxMTk3NTI2MzRjIiBsYXN0LW1vZGlmaWVkPSIyMDE2LTA1LTE4VDE0OjExOjA1WiI+CiAgPHNob3J0X2Rlc2NyaXB0aW9uPklST05HQVRFIChGQU1JTFkpPC9zaG9ydF9kZXNjcmlwdGlvbj4KICA8ZGVzY3JpcHRpb24+SVJPTkdBVEUgaXMgYSB0b29sIHRoYXQgdGFyZ2V0cyBiaW9nYXMuZXhlIHByb2dyYW1zIGJ5IHJlcGxhY2luZyB0aGUgU3RlcDdDb25NZ3IuZGxsIGxpYnJhcnkgd2l0aCBhIG1hbGljaW91cyBvbmUuIFRoZSBtYWxpY2lvdXMgU3RlcDdDb25NZ3IuZGxsIGxpYnJhcnkgcGVyZm9ybXMgRExMIGhpamFja2luZyB3aGVyZSBpdCByZWNvcmRzIGRhdGEgYW5kIHJlcGxheXMgaXQgYmFjayB0byB0aGUgcGFyZW50IHByb2dyYW0uIFRoZSBtYWxpY2lvdXMgU3RlcDdDb25NZ3IuZGxsIGxpYnJhcnkgYWxzbyBzZW5kcyBkYXRhIHRvIHdoYXQgaXMgc3VzcGVjdGVkIHRvIGJlIHRoZSBzaW11bGF0ZWQgb3IgY29udHJvbGxlZCBkZXZpY2UuIFRoaXMgSU9DIGNvbnRhaW5zIGluZGljYXRvcnMgZGV0YWlsZWQgaW4gdGhlIGJsb2cgcG9zdCAiSVJPTkdBVEUgSUNTIE1hbHdhcmU6IE5vdGhpbmcgdG8gU2VlIEhlcmUsIE1hc2tpbmcgTWFsaWNpb3VzIEFjdGl2aXR5IG9uIFNDQURBIFN5c3RlbXMiIHRoYXQgY2FuIGJlIHJlYWQgaGVyZTogaHR0cHM6Ly93d3cuZmlyZWV5ZS5jb20vYmxvZy90aHJlYXQtcmVzZWFyY2gvMjAxNi8wNi9pcm9uZ2F0ZV9pY3NfbWFsd2FyZS5odG1sPC9kZXNjcmlwdGlvbj4KICA8a2V5d29yZHMvPgogIDxhdXRob3JlZF9ieT5GaXJlRXllPC9hdXRob3JlZF9ieT4KICA8YXV0aG9yZWRfZGF0ZT4yMDE1LTA4LTIxVDE2OjM5OjAyWjwvYXV0aG9yZWRfZGF0ZT4KICA8bGlua3M+CiAgICA8bGluayByZWw9ImZhbWlseSI+SVJPTkdBVEU8L2xpbms+CiAgICA8bGluayByZWw9ImxpY2Vuc2UiPkFwYWNoZSAyLjA8L2xpbms+CiAgPC9saW5rcz4KICA8ZGVmaW5pdGlvbj4KICAgIDxJbmRpY2F0b3IgaWQ9IjdkODFkZWU5LTc3ZmItNDEwZS1hODIxLTVlOWQzOWJmYWJlNiIgb3BlcmF0b3I9Ik9SIj4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9ImIzNmY1MWQzLTJjMmEtNGZmMC05ZjcwLWNlYjI0ZDFjMTIwYyIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij5FREEwMjFBQ0FDQTgxQUU5OUUzOUVDQ0RBMDE2MzI5NTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iNzYxNTM3MjctNmNiMi00MTlhLWIyOWYtMTI4MGYwODhhZWZkIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjlCNTg4QURCMUQwQUU3MkNFQjQwNTEwMzFGRDFGMUYzPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJiNGU2NDc3NC03YTBmLTRlYmItOGY5Mi00MDI2NGJiNDg2NDUiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+RUMwN0E1RUNCMTgyOTYwNzc3MDA3QUZFMkMwNzdBMUQ8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjhkODA4ZDgwLTlhODYtNDk5Zi1hYWU3LTAwN2JlMmRmNzU5ZSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij4wMjZCQzU4MzAwREUwMjQ1NTkzN0NFRjQ2NDA1RjA2NTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iYzk1Nzc5MDYtZWIzMy00NTcxLTk0OGMtYzI3MzE2MDQ4ODVkIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPkE3OTU5NkJDQ0E1MzdGQTNGQTQ1MDM3RjQ4NTVGRDAwPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSI3MTJhNWFkZC1kNTIwLTQzNDMtOTcyYy0xODI3MDU3YzQ2MTAiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9GaWxlTmFtZSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5TdGVwN0Nvbk1nci5kbGw8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjA3YmE2NWE5LTQyYjAtNDcyNy1iNGEyLWQ0MjlmNWNkYTRjMyIgY29uZGl0aW9uPSJjb250YWlucyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IlByb2Nlc3NJdGVtIiBzZWFyY2g9IlByb2Nlc3NJdGVtL2FyZ3VtZW50cyIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5zY29tbWEgc2N4cnQyLmluaTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iYTBiOTQzYzAtNDBlYi00MzY5LTg1OTktMjFkYjBhOGY3NGU1IiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjk1NzU4MUZCMzhBNEU3NkU4NEY2MEUyQkIxOUI5NDk5PC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSIxZjI1Nzk2ZC1iYmY5LTRmYWItYWYxNS0yZWVkOTg3ZDEzMjIiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+NzVEMTE4OTk2RjUxOTBFREFGQ0ExQjE5MDRBN0VFQTg8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9ImIzNWRjYzcwLTliMmYtNDU5Yi1hODM5LWQxOGRhY2RhM2U3ZiIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij45RjM3RTFFQTA4RTZBNEFFMDNFOUZFQkE2RDFGNjI1OTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iZTkyNjc2MGMtMzU1Ny00YjAwLThlNjMtOGI3NDEwNzM3ODE4IiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjMxNTJGMjFENzAxQTIzOTdFN0IyMjcxMUI4MDE5QjgyPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJiMGU0MmVlMC0wZTQ5LTQxZjgtOGY0Ny0wMTY0YzVkMTg1MzciIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+RUYyQTk3NTEyRkRCNDVDRDI2MDg5QUQyRkY2MUYxQ0M8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9ImZlYzg2YmFhLTJmNDMtNDg2Yy05ZTllLTcyOTQ5ZGQ3YmY0OSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL01kNXN1bSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij40MTkwNjQwMzIwNkVBNUM3RENEQkZBRTIzMEFERDlGQTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iNWQ1MDlhMzItNjRhMS00YTJlLWI5YjAtOTU3NTAyYjdjNjI2IiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJtZDUiPjg3NEY3QkNBQjcxRjQ3NDVFQTZDREEyRTJGQjVBNzhDPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJiY2IyMDhmMy0zODk3LTQzYTItOTMwOC04NzdhZThkOTk3MWYiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+N0M1MTQ3NEU2NTYwQzUxREZDODE1RDRBMjI3QkExQUE8L0NvbnRlbnQ+CiAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjA4OGE1OWQxLWQyNzMtNDMwNi1hZTdmLTFlNjhkY2ZmMjcwYSIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICA8Q29udGVudCB0eXBlPSJzdHJpbmciPnVwZGF0ZV9ub19waXBlLmV4ZTwvQ29udGVudD4KICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iMDJmMjE3MTktMzc4OS00YzM5LThjNzktZDg2NDkyMDdiMDZiIiBjb25kaXRpb249ImlzIj4KICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vUEVJbmZvL1ZlcnNpb25JbmZvTGlzdC9WZXJzaW9uSW5mb0l0ZW0vT3JpZ2luYWxGaWxlbmFtZSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5QYWNrYWdpbmdNb2R1bGUuZXhlPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJjMzA1NjI2OC00ZTYxLTRiNWUtODc2Mi1lYmZhN2IyOTAxNzkiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9GaWxlTmFtZSIgdHlwZT0ibWlyIi8+CiAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5zY3hydDIuaW5pPC9Db250ZW50PgogICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDxJbmRpY2F0b3IgaWQ9IjRiOGU4YzA1LWE4ZjktNGFmZi05YjdiLWJkNzMwMWUxY2ZkNyIgb3BlcmF0b3I9IkFORCI+CiAgICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjMxN2RjOWQyLWJkOTItNGZiMS04N2IxLWNiNWExNThhNDgyOCIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vTWQ1c3VtIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9Im1kNSI+MUYzMzhCREQ5MkYwODgwM0EyQUM3MDIyQTM0RDk4RkQ8L0NvbnRlbnQ+CiAgICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSJlYzk2Yjg1MC0yMzhhLTRiMWEtYTQwZS03MTdiODg1MjIxOTEiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+aW5zdGFsbC5leGU8L0NvbnRlbnQ+CiAgICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8L0luZGljYXRvcj4KICAgICAgPEluZGljYXRvciBpZD0iN2ZmMzY5NTMtMzYzMi00MDUzLWFiNDgtZjliOTA1NjBmN2NlIiBvcGVyYXRvcj0iQU5EIj4KICAgICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iYzU0MjE4YzEtZmY1OS00NmY4LTlkMWQtY2M4YmU3ZTBiMmNkIiBjb25kaXRpb249ImlzIj4KICAgICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9NZDVzdW0iIHR5cGU9Im1pciIvPgogICAgICAgICAgPENvbnRlbnQgdHlwZT0ibWQ1Ij43QTBDMTAxN0U2QjVCQjVEQzc3NkIzQjg4M0ExRDBFMDwvQ29udGVudD4KICAgICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgICAgPEluZGljYXRvckl0ZW0gaWQ9IjE5NjRlMGE2LTgwNTAtNGVkNi04ZGYyLTk4MzI1YzYyYzY4MCIgY29uZGl0aW9uPSJpcyI+CiAgICAgICAgICA8Q29udGV4dCBkb2N1bWVudD0iRmlsZUl0ZW0iIHNlYXJjaD0iRmlsZUl0ZW0vRmlsZU5hbWUiIHR5cGU9Im1pciIvPgogICAgICAgICAgPENvbnRlbnQgdHlwZT0ic3RyaW5nIj5hdWRpb2RnLmV4ZTwvQ29udGVudD4KICAgICAgICA8L0luZGljYXRvckl0ZW0+CiAgICAgIDwvSW5kaWNhdG9yPgogICAgICA8SW5kaWNhdG9yIGlkPSI4MjA4ZjgzMy0xN2Q5LTQ4NDQtOTZjZS02M2MxYzc5ZGI0YWIiIG9wZXJhdG9yPSJBTkQiPgogICAgICAgIDxJbmRpY2F0b3JJdGVtIGlkPSI3MzQwYjQ4Yy05ZTRlLTQzOTItYjMyZi0zZWZjMWU5ZmJlNTEiIGNvbmRpdGlvbj0iaXMiPgogICAgICAgICAgPENvbnRleHQgZG9jdW1lbnQ9IkZpbGVJdGVtIiBzZWFyY2g9IkZpbGVJdGVtL0ZpbGVOYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+c2NhZGEuZXhlPC9Db250ZW50PgogICAgICAgIDwvSW5kaWNhdG9ySXRlbT4KICAgICAgICA8SW5kaWNhdG9ySXRlbSBpZD0iN2UxMjUwNTEtZjBmMC00NWYwLWIxY2UtMDdiMTZiZWM5MmMyIiBjb25kaXRpb249ImlzIj4KICAgICAgICAgIDxDb250ZXh0IGRvY3VtZW50PSJGaWxlSXRlbSIgc2VhcmNoPSJGaWxlSXRlbS9QRUluZm8vSW1wb3J0ZWRNb2R1bGVzL01vZHVsZS9OYW1lIiB0eXBlPSJtaXIiLz4KICAgICAgICAgIDxDb250ZW50IHR5cGU9InN0cmluZyI+bXNjb3JlZS5kbGw8L0NvbnRlbnQ+CiAgICAgICAgPC9JbmRpY2F0b3JJdGVtPgogICAgICA8L0luZGljYXRvcj4KICAgIDwvSW5kaWNhdG9yPgogIDwvZGVmaW5pdGlvbj4KPC9pb2M+Cg==",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878272",
"to_ids": false,
"type": "attachment",
"uuid": "575044c0-2cac-42b2-8b05-48e4950d210f",
"value": "9cee306d-5441-4cd3-932d-f3119752634c.ioc"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878802",
"to_ids": true,
"type": "md5",
"uuid": "575046d2-9500-493e-b3e8-45e4950d210f",
"value": "eda021acaca81ae99e39eccda0163295"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878802",
"to_ids": true,
"type": "md5",
"uuid": "575046d2-e6a0-4bbe-b726-462f950d210f",
"value": "9b588adb1d0ae72ceb4051031fd1f1f3"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878803",
"to_ids": true,
"type": "md5",
"uuid": "575046d3-1964-41ad-a7c9-448d950d210f",
"value": "ec07a5ecb182960777007afe2c077a1d"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878803",
"to_ids": true,
"type": "md5",
"uuid": "575046d3-1a14-438d-8dae-491c950d210f",
"value": "026bc58300de02455937cef46405f065"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878803",
"to_ids": true,
"type": "md5",
"uuid": "575046d3-3c0c-4082-952c-47c0950d210f",
"value": "a79596bcca537fa3fa45037f4855fd00"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878907",
"to_ids": true,
"type": "md5",
"uuid": "5750473b-ebbc-44cc-b36c-448b950d210f",
"value": "957581fb38a4e76e84f60e2bb19b9499"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878908",
"to_ids": true,
"type": "md5",
"uuid": "5750473c-b534-4744-aeb2-4b9a950d210f",
"value": "75d118996f5190edafca1b1904a7eea8"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878908",
"to_ids": true,
"type": "md5",
"uuid": "5750473c-2580-4edd-9754-4aa3950d210f",
"value": "9f37e1ea08e6a4ae03e9feba6d1f6259"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878908",
"to_ids": true,
"type": "md5",
"uuid": "5750473c-4fe0-458b-ad9c-4609950d210f",
"value": "3152f21d701a2397e7b22711b8019b82"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878909",
"to_ids": true,
"type": "md5",
"uuid": "5750473d-1820-407b-bf40-4bc1950d210f",
"value": "ef2a97512fdb45cd26089ad2ff61f1cc"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878909",
"to_ids": true,
"type": "md5",
"uuid": "5750473d-d9d4-4360-a946-432e950d210f",
"value": "41906403206ea5c7dcdbfae230add9fa"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878909",
"to_ids": true,
"type": "md5",
"uuid": "5750473d-9d4c-4a1e-a22f-400d950d210f",
"value": "874f7bcab71f4745ea6cda2e2fb5a78c"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878910",
"to_ids": true,
"type": "md5",
"uuid": "5750473e-7ad8-4668-a8bb-47ec950d210f",
"value": "7c51474e6560c51dfc815d4a227ba1aa"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878910",
"to_ids": true,
"type": "md5",
"uuid": "5750473e-84e8-4e45-bacc-47e3950d210f",
"value": "1f338bdd92f08803a2ac7022a34d98fd"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878911",
"to_ids": true,
"type": "md5",
"uuid": "5750473f-5370-4378-8c25-4aee950d210f",
"value": "7a0c1017e6b5bb5dc776b3b883a1d0e0"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878972",
"to_ids": true,
"type": "sha256",
"uuid": "5750477c-f99c-4bec-b2db-4a4602de0b81",
"value": "83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878972",
"to_ids": true,
"type": "sha1",
"uuid": "5750477c-d628-4005-98d4-44bd02de0b81",
"value": "9efe39c0a6bff5dc18d3adf3b9522b5346cdbb9b"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878973",
"to_ids": false,
"type": "link",
"uuid": "5750477d-4560-4f9c-9ec9-4eb002de0b81",
"value": "https://www.virustotal.com/file/83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee/analysis/1463302803/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878973",
"to_ids": true,
"type": "sha256",
"uuid": "5750477d-3a90-4eaa-8115-4aa302de0b81",
"value": "750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878973",
"to_ids": true,
"type": "sha1",
"uuid": "5750477d-6c3c-4f7c-bb1e-404b02de0b81",
"value": "38ec222e82b538c8607485d4dd191b5b4eed4fdd"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878974",
"to_ids": false,
"type": "link",
"uuid": "5750477e-9020-4f82-b088-416e02de0b81",
"value": "https://www.virustotal.com/file/750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff/analysis/1464877732/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878974",
"to_ids": true,
"type": "sha256",
"uuid": "5750477e-57f8-49ad-9f54-4f0a02de0b81",
"value": "0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878975",
"to_ids": true,
"type": "sha1",
"uuid": "5750477f-bde8-4e9d-8a6c-4c7f02de0b81",
"value": "7e6cce889cda22b18defc6319d02b3b93e9e2474"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878975",
"to_ids": false,
"type": "link",
"uuid": "5750477f-e40c-402c-acba-429102de0b81",
"value": "https://www.virustotal.com/file/0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3/analysis/1464877708/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878976",
"to_ids": true,
"type": "sha256",
"uuid": "57504780-bfac-40e7-965a-487702de0b81",
"value": "386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878976",
"to_ids": true,
"type": "sha1",
"uuid": "57504780-80c8-4d82-9fcf-41cf02de0b81",
"value": "bcdac11106908c8c37f200c0e028b11c4a89adc9"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878976",
"to_ids": false,
"type": "link",
"uuid": "57504780-64a0-4a17-b875-4f2902de0b81",
"value": "https://www.virustotal.com/file/386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a/analysis/1464877705/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878977",
"to_ids": true,
"type": "sha256",
"uuid": "57504781-1110-4799-a73a-47e402de0b81",
"value": "882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878977",
"to_ids": true,
"type": "sha1",
"uuid": "57504781-ea48-4f48-9ff7-46dc02de0b81",
"value": "97594fe0ad83ae00f3888ff4722a3e00729a2e1b"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878977",
"to_ids": false,
"type": "link",
"uuid": "57504781-b830-4094-81bd-48cb02de0b81",
"value": "https://www.virustotal.com/file/882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a/analysis/1464877712/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878978",
"to_ids": true,
"type": "sha256",
"uuid": "57504782-6e6c-4ec3-a8f4-416f02de0b81",
"value": "a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878978",
"to_ids": true,
"type": "sha1",
"uuid": "57504782-5010-457e-9198-46e202de0b81",
"value": "8f28e619ae3301869089f4cd45558f2b13444714"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878978",
"to_ids": false,
"type": "link",
"uuid": "57504782-f5e0-4152-a3c7-4d0a02de0b81",
"value": "https://www.virustotal.com/file/a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27/analysis/1464871938/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878979",
"to_ids": true,
"type": "sha256",
"uuid": "57504783-f900-4e95-bdce-41b902de0b81",
"value": "2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878979",
"to_ids": true,
"type": "sha1",
"uuid": "57504783-dad0-4fb6-a60d-4aef02de0b81",
"value": "b99970e86ae3f412bda5f20a8318e70559c617f6"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878979",
"to_ids": false,
"type": "link",
"uuid": "57504783-1260-4771-aec3-4b3402de0b81",
"value": "https://www.virustotal.com/file/2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0/analysis/1464877725/"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878980",
"to_ids": true,
"type": "sha256",
"uuid": "57504784-1cfc-48d5-8fe8-464a02de0b81",
"value": "ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878980",
"to_ids": true,
"type": "sha1",
"uuid": "57504784-5e84-4419-9644-484002de0b81",
"value": "8fb1cafbb8ca65c1b8236a20079c40fb4ffbaa68"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499",
"deleted": false,
"disable_correlation": false,
"timestamp": "1464878980",
"to_ids": false,
"type": "link",
"uuid": "57504784-4cd4-4679-9f3c-4c8302de0b81",
"value": "https://www.virustotal.com/file/ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a/analysis/1464877728/"
}
]
}
}