1606 lines
No EOL
56 KiB
JSON
1606 lines
No EOL
56 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-10-26",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Duuzer back door Trojan targets South Korea to take over computers by Symantec",
|
|
"publish_timestamp": "1446586892",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1446586886",
|
|
"uuid": "5631394c-b9b4-483b-9480-26bc950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446066530",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56313962-0aec-45d5-a7bf-0e8f950d210b",
|
|
"value": "http://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567786",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6a-f4a0-4fa4-815e-0f6f950d210b",
|
|
"value": "1205c4bd5d02782cc4e66dfa3fef749c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567787",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6b-d258-4d60-ad83-0f6f950d210b",
|
|
"value": "92d618db54690c6ae193f07a31d92098"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567787",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6b-a1c8-464d-8939-0f6f950d210b",
|
|
"value": "3e6be312a28b2633c8849d3e95e487b5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567787",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6b-aa08-4764-9f83-0f6f950d210b",
|
|
"value": "41a6d7c944bd84329bd31bb07f83150a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567788",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6c-eda8-413c-bd20-0f6f950d210b",
|
|
"value": "7343f81a0e42ebf283415da7b3da253f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567788",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6c-4c7c-4a8e-a668-0f6f950d210b",
|
|
"value": "73471f41319468ab207b8d5b33b0b4be"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567789",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6d-1b84-45c2-b4b2-0f6f950d210b",
|
|
"value": "84a3f8941bb4bf15ba28090f8bc0faec"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567789",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6d-a4a4-4840-adf5-0f6f950d210b",
|
|
"value": "b04fabf3a7a710aafe5bc2d899c0fc2b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567789",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6d-2054-44a6-a211-0f6f950d210b",
|
|
"value": "e04792e8e0959e66499bfacb2a76802b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567790",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6e-dea0-437c-bb5b-0f6f950d210b",
|
|
"value": "3a963e1de08c9920c1dfe923bd4594ff"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567790",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6e-b288-44e6-bfb7-0f6f950d210b",
|
|
"value": "51b3e2c7a8ad29f296365972c8452621"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567790",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6e-3a68-4341-b2d6-0f6f950d210b",
|
|
"value": "5f05a8f1e545457dbd42fe1329f79452"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567791",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6f-a9e8-4d68-819a-0f6f950d210b",
|
|
"value": "91e5a64826f75f74a5ae123abdf7cef5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567791",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df6f-9364-4c5a-b830-0f6f950d210b",
|
|
"value": "9749a4b538022e2602945523192964ad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567792",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df70-8800-48fc-b31a-0f6f950d210b",
|
|
"value": "9ca7ec51a98c2b16fd7d9a985877a4ba"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567792",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df70-bc38-4c10-8fbd-0f6f950d210b",
|
|
"value": "bb6cbebd4ffd642d437afc605c32eca0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567792",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df70-2698-4187-b8f3-0f6f950d210b",
|
|
"value": "fb4caaaf1ac1df378d05111d810a833e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567793",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df71-b06c-4085-8c69-0f6f950d210b",
|
|
"value": "4b2d221deb0c8042780376cb565532f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567793",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df71-73e4-4e34-8a6a-0f6f950d210b",
|
|
"value": "cd7a72be9c16c2ece1140bc461d6226d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567794",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df72-8d2c-447f-811a-0f6f950d210b",
|
|
"value": "f032712aa20da98a1bbad7ae5d998767"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567794",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df72-1764-4b38-9f5d-0f6f950d210b",
|
|
"value": "f940a21971820a2fcf8433c28be1e967"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567794",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df72-ac3c-431f-9082-0f6f950d210b",
|
|
"value": "71cdcc903f94f56c758121d0b442690f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567795",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df73-3430-46ed-97c5-0f6f950d210b",
|
|
"value": "0f844300318446a70c022f9487475490"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567795",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df73-841c-4535-8c8c-0f6f950d210b",
|
|
"value": "fd5a7e54cfdd3b3f32b44d8fdd845e62d6b86c0ddb550c544d659588d06ceaee"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567795",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df73-b148-41e9-a6d5-0f6f950d210b",
|
|
"value": "89b25f9a454240a3f52de9bf6f9a829d2b4af04a7d9e9f4136f920f7e372909b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567796",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df74-371c-4d8c-820d-0f6f950d210b",
|
|
"value": "a01bd92c02c9ef7c4785d8bf61ecff734e990b255bba8e22d4513f35f370fd14"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567796",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df74-0a50-453d-a7c9-0f6f950d210b",
|
|
"value": "c327de2239034b6f6978884b33582ce97761bcc224239c955f62feebd01e5946"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567797",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df75-ba94-46a5-bac1-0f6f950d210b",
|
|
"value": "c7024cf43d285ec9671e8dc1eae87281a6ee6f28e92d69d94474efc2521f03ed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567797",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df75-6fc0-4ef1-bc25-0f6f950d210b",
|
|
"value": "5a69bce8196b048f8b98f48c8f4950c8b059c43577e35d4af5f26c624140377c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567797",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df75-d42c-44ef-8a45-0f6f950d210b",
|
|
"value": "477ca3e7353938f75032d04e232eb2c298f06f95328bca1a34fce1d8c9d12023"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567798",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df76-6904-42e2-8627-0f6f950d210b",
|
|
"value": "d57d772eefa6086b5c249efff01189cf4869c2b73007af63affc353474eaafcb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567798",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df76-5984-4998-904b-0f6f950d210b",
|
|
"value": "4efeea9eeae3d668897206eeccb1444d542ea537ca5c2787f13dd5dadd0e6aaa"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567799",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df77-6534-4c27-85d1-0f6f950d210b",
|
|
"value": "a0a6d0e3af6e76264db1e0d4a4ad5745fff15eb2790938718b2c0988b9415b2b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567799",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df77-dea0-463a-b49b-0f6f950d210b",
|
|
"value": "5b28c86d7e581e52328942b35ece0d0875585fbb4e29378666d1af5be7f56b46"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567799",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df77-1dec-4b64-9a9b-0f6f950d210b",
|
|
"value": "47181c973a8a69740b710a420ea8f6bf82ce8a613134a8b080b64ce26bb5db93"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567800",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df78-36f0-4457-a7fc-0f6f950d210b",
|
|
"value": "fb6d81f4165b41febc739358aeba0fe15048e1d445296e8df9104875be30f9a7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567800",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df78-eaa4-40b6-b85c-0f6f950d210b",
|
|
"value": "4a6aba1c182dd8304bac91cc9e1fc39291d78044995f559c1d3bce05afd19982"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567800",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df78-2958-477b-bb59-0f6f950d210b",
|
|
"value": "7099093177094ea5cc3380b42c2556ed6e8dd06a2f537fa6dd275e5cc1df9c9a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567801",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df79-f40c-49bd-8b75-0f6f950d210b",
|
|
"value": "90d8643e7e52f095ed59ed739167421e45958984c4c9186c4a025e2fd2be668b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567801",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df79-348c-4225-83e6-0f6f950d210b",
|
|
"value": "66df7660ddae300b1fcf1098b698868dd6f52db5fcf679fc37a396d28613e66b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567802",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df7a-7224-46c0-ab74-0f6f950d210b",
|
|
"value": "37f652e2060066a1c2c317195573a334416f5a9b9933cfb1ece55bea8048d80f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567802",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df7a-f97c-4b79-a0e6-0f6f950d210b",
|
|
"value": "6b71465e59eb1e266d47efeaecc256a186d3e08f570bffcfd5ac55e635c67c2a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567802",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df7a-b328-4e2f-8c14-0f6f950d210b",
|
|
"value": "d2e03115ef1525f82d70fc691f0360e318ade176a3789cf36969630d9af6901a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567803",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df7b-6610-4077-b55d-0f6f950d210b",
|
|
"value": "912905ec9d839ca8dfd6771ff5c17aec3516f9ad159a9d627b81261055095fbf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567803",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df7b-b6a0-4ab9-9691-0f6f950d210b",
|
|
"value": "4cf3a7e17dc4628725dd34b8e98238ed0a2df2dc83189db98d85a38f73706fa5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567822",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df8e-d668-4bce-9d8c-0297950d210b",
|
|
"value": "1c532fad2c60636654d4c778cfe10408"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567822",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df8e-5c68-41bd-a066-0297950d210b",
|
|
"value": "1db2dced6dfa04ed75b246ff2784046a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567822",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df8e-acac-4575-8e62-0297950d210b",
|
|
"value": "3844ec6ec70347913bd1156f8cd159b8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567823",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df8f-a2f4-4feb-8f1f-0297950d210b",
|
|
"value": "40878869de3fc5f23e14bc3f76541263"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567823",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df8f-4018-452d-b100-0297950d210b",
|
|
"value": "95a5f91931723a65dcd4a3937546da34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567823",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df8f-2c54-4541-a49e-0297950d210b",
|
|
"value": "99d9f156c73bd69d5df1a1fe1b08c544"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567824",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df90-45bc-47dd-9364-0297950d210b",
|
|
"value": "a1ad82988af5d5b2c4003c42a81dda17"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567824",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df90-93a0-4871-8374-0297950d210b",
|
|
"value": "ca4c2009bf7ff17d556cc095a4ce06dd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567825",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638df91-3608-4a03-9d01-0297950d210b",
|
|
"value": "f273d1283364625f986050bdf7dec8bb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567825",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df91-98b0-4b15-86a9-0297950d210b",
|
|
"value": "c029ae20c314d7a0a2618f38ced03bac99e2ff78a85fe8c8f8de8555a8d153ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567825",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df91-93a8-4d2a-af41-0297950d210b",
|
|
"value": "1da344e5e55bef4307e257edd6f1e14835bdae17538a74afa5fc12c276666112"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567826",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df92-1368-4c9b-bd1f-0297950d210b",
|
|
"value": "9c3e13e93f68970f2844fb8f1f87506f4aa6e87918449e75a63c1126a240c70e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567826",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df92-20c4-4191-a4e8-0297950d210b",
|
|
"value": "230c2727e26467e16b5cf3ca37ecb8436ee5df41bfc4cd04062396642f9de352"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567827",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df93-7658-478d-95d9-0297950d210b",
|
|
"value": "d558bb63ed9f613d51badd8fea7e8ea5921a9e31925cd163ec0412e0d999df58"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567827",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df93-4590-48e1-a917-0297950d210b",
|
|
"value": "cbb174815739c679f694e16484a65aa087019272f94bcbf086a92817b4e4154b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567827",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df93-0438-4b67-b2fc-0297950d210b",
|
|
"value": "61f46b86741c95336cdac3f07f42b7df3e84695968534be193e98ea76d1070d1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567828",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df94-1da8-4926-bc29-0297950d210b",
|
|
"value": "1dea57b33a48c79743481371a19e17f68ae768a26abc352f21560308698c786f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567828",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638df94-d294-4de6-a07d-0297950d210b",
|
|
"value": "8df658cba8f8cf0e2b85007f57d79286eec6309e7a0955dd48bcd15c583a9650"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567862",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb6-417c-472e-814c-2069950d210b",
|
|
"value": "fd59af723b7a4044ab41f1b2a33350d6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567863",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb7-4b1c-4625-b8ee-2069950d210b",
|
|
"value": "4613f51087f01715bf9132c704aea2c2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567863",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb7-5644-409e-bc67-2069950d210b",
|
|
"value": "074dc6c0fa12cadbc016b8b5b5b7b7c5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567864",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb8-dddc-4a51-8a58-2069950d210b",
|
|
"value": "27a3498690d6e86f45229acd2ebc0510"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567864",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb8-ffb8-4754-8800-2069950d210b",
|
|
"value": "7a83c6cd46984a84c40d77e9acff28bc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567865",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb9-3870-4807-bbab-2069950d210b",
|
|
"value": "1d8f0e2375f6bc1e045fa2f25cd4f7e0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567865",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5638dfb9-61d0-443e-8b15-2069950d210b",
|
|
"value": "304cea78b53d8baaa2748c7b0bce5dd0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfba-874c-4d86-a91b-2069950d210b",
|
|
"value": "9a179e1ca07c1f16c4c1c4ee517322d390cbab34b5d123a876b38d08da1face4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfba-0d30-46da-9a8d-2069950d210b",
|
|
"value": "a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567866",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfba-9968-4a3b-9406-2069950d210b",
|
|
"value": "7650d8c0874aa7d1f2a5a7d255112976e9f38ffad8b7cdda76d0baa8f4729203"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfbb-84ac-48c8-b64c-2069950d210b",
|
|
"value": "5b10cfb236d56a0f3ddaa5e9463ebf307b1d2e0624b0f1c6ece19213804b6826"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfbb-3668-4445-8c28-2069950d210b",
|
|
"value": "0622481f1c1e246289014e9fe3497e69f06ed8b3a327eda86e4442a46790dd2e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567867",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfbb-33c0-4b31-aac4-2069950d210b",
|
|
"value": "4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446567868",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5638dfbc-5058-406d-b35e-2069950d210b",
|
|
"value": "cbf5f579ff16206b17f039c2dc0fa35704ec01ede4ba18ecb1fc2c7b8217e54f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: cbf5f579ff16206b17f039c2dc0fa35704ec01ede4ba18ecb1fc2c7b8217e54f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586832",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d0-aed4-4bb9-9c99-418d950d210b",
|
|
"value": "562d81f7cf19d903518cdc184485c03a139554f9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586832",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d0-6920-4f61-8ec3-4934950d210b",
|
|
"value": "https://www.virustotal.com/file/cbf5f579ff16206b17f039c2dc0fa35704ec01ede4ba18ecb1fc2c7b8217e54f/analysis/1445963197/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: 4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586833",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d1-5504-45a9-9c5b-45a8950d210b",
|
|
"value": "ac6860bf7f0278566ef7a78146f874db4fc3a0cc"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586833",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d1-4818-42b7-abc5-4ed4950d210b",
|
|
"value": "https://www.virustotal.com/file/4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e/analysis/1446307387/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: 0622481f1c1e246289014e9fe3497e69f06ed8b3a327eda86e4442a46790dd2e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586833",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d1-b8a4-47db-aaee-4a5d950d210b",
|
|
"value": "091c28f026410ef983c0089228a2f74514da4373"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586834",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d2-3314-4468-b8e2-41f3950d210b",
|
|
"value": "https://www.virustotal.com/file/0622481f1c1e246289014e9fe3497e69f06ed8b3a327eda86e4442a46790dd2e/analysis/1445889292/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: 5b10cfb236d56a0f3ddaa5e9463ebf307b1d2e0624b0f1c6ece19213804b6826",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586834",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d2-47b4-4388-8f66-45a8950d210b",
|
|
"value": "72e1b04a22eb6f4228c558b5840908fbcfd80d60"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586835",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d3-dff0-489a-b36a-4437950d210b",
|
|
"value": "https://www.virustotal.com/file/5b10cfb236d56a0f3ddaa5e9463ebf307b1d2e0624b0f1c6ece19213804b6826/analysis/1445889291/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: 7650d8c0874aa7d1f2a5a7d255112976e9f38ffad8b7cdda76d0baa8f4729203",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586835",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d3-361c-46b7-81c6-421b950d210b",
|
|
"value": "bde95f35a5acf34019fdb2f3c72dbe6c8619a84a"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586835",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d3-40cc-44a0-9775-42d0950d210b",
|
|
"value": "https://www.virustotal.com/file/7650d8c0874aa7d1f2a5a7d255112976e9f38ffad8b7cdda76d0baa8f4729203/analysis/1382671575/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586836",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d4-eecc-4976-a58d-46d8950d210b",
|
|
"value": "6b1ddf0e63e04146d68cd33b0e18e668b29035c4"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586836",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d4-5614-4868-9200-46e1950d210b",
|
|
"value": "https://www.virustotal.com/file/a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717/analysis/1432926119/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Joanap - Xchecked via VT: 9a179e1ca07c1f16c4c1c4ee517322d390cbab34b5d123a876b38d08da1face4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586837",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d5-f344-4264-a152-455f950d210b",
|
|
"value": "f58eed5e4f1d9b9423a7dcc817173ce1b76e6b8d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586837",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d5-2978-4c8e-bc91-4352950d210b",
|
|
"value": "https://www.virustotal.com/file/9a179e1ca07c1f16c4c1c4ee517322d390cbab34b5d123a876b38d08da1face4/analysis/1446104926/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: 8df658cba8f8cf0e2b85007f57d79286eec6309e7a0955dd48bcd15c583a9650",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586837",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d5-b480-4506-865b-4d11950d210b",
|
|
"value": "0e0280a842fe88f586205a419b07d37f1fe97aca"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586838",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d6-024c-44f7-b4d8-4c3b950d210b",
|
|
"value": "https://www.virustotal.com/file/8df658cba8f8cf0e2b85007f57d79286eec6309e7a0955dd48bcd15c583a9650/analysis/1446394059/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: 1dea57b33a48c79743481371a19e17f68ae768a26abc352f21560308698c786f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586838",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d6-107c-4ee1-b044-486e950d210b",
|
|
"value": "9ef1d38da520e5faf4632db85e5dc194c1603a84"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586839",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d7-5758-4088-b15e-491e950d210b",
|
|
"value": "https://www.virustotal.com/file/1dea57b33a48c79743481371a19e17f68ae768a26abc352f21560308698c786f/analysis/1446446537/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: 61f46b86741c95336cdac3f07f42b7df3e84695968534be193e98ea76d1070d1",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586839",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d7-9d10-4b76-b620-493d950d210b",
|
|
"value": "37619b31e2a905cd42cc22b24d42ef1312d0b388"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586839",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d7-2034-47b6-ad52-490d950d210b",
|
|
"value": "https://www.virustotal.com/file/61f46b86741c95336cdac3f07f42b7df3e84695968534be193e98ea76d1070d1/analysis/1445966609/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: cbb174815739c679f694e16484a65aa087019272f94bcbf086a92817b4e4154b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586840",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d8-b80c-4822-9a79-4bac950d210b",
|
|
"value": "b64aa69025713ce541ab2fed892e3a2338cf9605"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586840",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d8-1d60-4dfa-85be-4293950d210b",
|
|
"value": "https://www.virustotal.com/file/cbb174815739c679f694e16484a65aa087019272f94bcbf086a92817b4e4154b/analysis/1446104890/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: d558bb63ed9f613d51badd8fea7e8ea5921a9e31925cd163ec0412e0d999df58",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586840",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d8-f5d4-4ba7-8cec-4ec5950d210b",
|
|
"value": "22b0a0aa2ec4ae8f0bd7cab2260eedbc7dd48abf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586841",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929d9-da64-4f33-8ab7-4156950d210b",
|
|
"value": "https://www.virustotal.com/file/d558bb63ed9f613d51badd8fea7e8ea5921a9e31925cd163ec0412e0d999df58/analysis/1446200025/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: 230c2727e26467e16b5cf3ca37ecb8436ee5df41bfc4cd04062396642f9de352",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586841",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929d9-9ed4-43b9-943d-423f950d210b",
|
|
"value": "3f6166e37b3916f23ab47a11bb0c9d0ce5d62fa0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586842",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929da-6fc0-4a7a-8144-4b43950d210b",
|
|
"value": "https://www.virustotal.com/file/230c2727e26467e16b5cf3ca37ecb8436ee5df41bfc4cd04062396642f9de352/analysis/1445889287/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: 9c3e13e93f68970f2844fb8f1f87506f4aa6e87918449e75a63c1126a240c70e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586842",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929da-3220-4ed0-beb0-4833950d210b",
|
|
"value": "7cabfdff38ffc906ad4d19c354d90129a3e90d13"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586842",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929da-1e14-4abb-8b39-449b950d210b",
|
|
"value": "https://www.virustotal.com/file/9c3e13e93f68970f2844fb8f1f87506f4aa6e87918449e75a63c1126a240c70e/analysis/1446387179/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: 1da344e5e55bef4307e257edd6f1e14835bdae17538a74afa5fc12c276666112",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586843",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929db-635c-4a19-9c35-4ffe950d210b",
|
|
"value": "c135daa9bfa3c58d2ea652b5d9f43028470c1535"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586843",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929db-1b1c-4d8b-a6ce-46cc950d210b",
|
|
"value": "https://www.virustotal.com/file/1da344e5e55bef4307e257edd6f1e14835bdae17538a74afa5fc12c276666112/analysis/1446307358/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "W32.Brambul - Xchecked via VT: c029ae20c314d7a0a2618f38ced03bac99e2ff78a85fe8c8f8de8555a8d153ab",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586844",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929dc-e380-450d-b5fa-4461950d210b",
|
|
"value": "2f90d95c1fff33332a475e569e3941d8602f9ed6"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586844",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929dc-cb44-4ab9-a785-4357950d210b",
|
|
"value": "https://www.virustotal.com/file/c029ae20c314d7a0a2618f38ced03bac99e2ff78a85fe8c8f8de8555a8d153ab/analysis/1445994622/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 4cf3a7e17dc4628725dd34b8e98238ed0a2df2dc83189db98d85a38f73706fa5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586844",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929dc-c544-4b1b-a390-4210950d210b",
|
|
"value": "a69eb5dd202d2c28e5fbf800e14015e2dc975dc9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586845",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929dd-18dc-47c6-b350-41a1950d210b",
|
|
"value": "https://www.virustotal.com/file/4cf3a7e17dc4628725dd34b8e98238ed0a2df2dc83189db98d85a38f73706fa5/analysis/1446235560/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 6b71465e59eb1e266d47efeaecc256a186d3e08f570bffcfd5ac55e635c67c2a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586845",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929dd-5b98-4a65-be9c-45b2950d210b",
|
|
"value": "93c7d05fcb406050eca5c47cee273a390e21d3bb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586846",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929de-9db0-4324-8ed3-4f37950d210b",
|
|
"value": "https://www.virustotal.com/file/6b71465e59eb1e266d47efeaecc256a186d3e08f570bffcfd5ac55e635c67c2a/analysis/1446505448/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 37f652e2060066a1c2c317195573a334416f5a9b9933cfb1ece55bea8048d80f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586846",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929de-96f0-45d8-94d0-4db8950d210b",
|
|
"value": "c7bebe4820cd1d6a78577e041e06a3b72f77d087"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586846",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929de-f784-4593-8f71-412a950d210b",
|
|
"value": "https://www.virustotal.com/file/37f652e2060066a1c2c317195573a334416f5a9b9933cfb1ece55bea8048d80f/analysis/1446475802/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 66df7660ddae300b1fcf1098b698868dd6f52db5fcf679fc37a396d28613e66b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586847",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929df-0144-489a-a39a-43ab950d210b",
|
|
"value": "78956d5a8706edb3246a3c726f7b6373e7380bc8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586847",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929df-e01c-4916-b533-4648950d210b",
|
|
"value": "https://www.virustotal.com/file/66df7660ddae300b1fcf1098b698868dd6f52db5fcf679fc37a396d28613e66b/analysis/1446232997/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 90d8643e7e52f095ed59ed739167421e45958984c4c9186c4a025e2fd2be668b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586848",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e0-df88-4759-bffb-466d950d210b",
|
|
"value": "0e2aefe8c044f67925de4b46755acf92f4f8a6e2"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586848",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e0-f5c4-4344-9059-482c950d210b",
|
|
"value": "https://www.virustotal.com/file/90d8643e7e52f095ed59ed739167421e45958984c4c9186c4a025e2fd2be668b/analysis/1445915669/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 47181c973a8a69740b710a420ea8f6bf82ce8a613134a8b080b64ce26bb5db93",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586848",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e0-db74-4916-9ee2-4849950d210b",
|
|
"value": "80a09b2a3ef6831a1c50a6201c70c63880d17679"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586849",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e1-fe40-47ed-9a54-424d950d210b",
|
|
"value": "https://www.virustotal.com/file/47181c973a8a69740b710a420ea8f6bf82ce8a613134a8b080b64ce26bb5db93/analysis/1446020034/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 5b28c86d7e581e52328942b35ece0d0875585fbb4e29378666d1af5be7f56b46",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586849",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e1-e014-4214-89d9-4487950d210b",
|
|
"value": "7519e1bcebf9ede8dfad9751e587f50c24b7b32c"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586850",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e2-e3e8-487e-9de2-47a7950d210b",
|
|
"value": "https://www.virustotal.com/file/5b28c86d7e581e52328942b35ece0d0875585fbb4e29378666d1af5be7f56b46/analysis/1446018719/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 4efeea9eeae3d668897206eeccb1444d542ea537ca5c2787f13dd5dadd0e6aaa",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586850",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e2-5cbc-417a-ab48-4f2c950d210b",
|
|
"value": "e18282e8d979e06fec57c3f046ef313ee0ea8644"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586850",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e2-18ec-412f-86e2-405b950d210b",
|
|
"value": "https://www.virustotal.com/file/4efeea9eeae3d668897206eeccb1444d542ea537ca5c2787f13dd5dadd0e6aaa/analysis/1446104878/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: d57d772eefa6086b5c249efff01189cf4869c2b73007af63affc353474eaafcb",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586851",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e3-9a0c-4ff2-9a16-4117950d210b",
|
|
"value": "9d2b41fdd4fbde219ba9bfed2ab7d3eaebddc099"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586851",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e3-dc88-4f54-86b9-4cc7950d210b",
|
|
"value": "https://www.virustotal.com/file/d57d772eefa6086b5c249efff01189cf4869c2b73007af63affc353474eaafcb/analysis/1445915673/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 477ca3e7353938f75032d04e232eb2c298f06f95328bca1a34fce1d8c9d12023",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586851",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e3-f038-4ebd-823f-4b44950d210b",
|
|
"value": "4b593297256da05324c42d86be7ace5c46eab9ba"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586852",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e4-3cb4-44d6-b911-453a950d210b",
|
|
"value": "https://www.virustotal.com/file/477ca3e7353938f75032d04e232eb2c298f06f95328bca1a34fce1d8c9d12023/analysis/1445915682/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 5a69bce8196b048f8b98f48c8f4950c8b059c43577e35d4af5f26c624140377c",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586852",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e4-f4b4-473c-a9c4-44bb950d210b",
|
|
"value": "723fd525cc3691585c251145f8076ea3f43fd963"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586853",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e5-c378-4ac9-8f6a-4b28950d210b",
|
|
"value": "https://www.virustotal.com/file/5a69bce8196b048f8b98f48c8f4950c8b059c43577e35d4af5f26c624140377c/analysis/1446235329/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: c7024cf43d285ec9671e8dc1eae87281a6ee6f28e92d69d94474efc2521f03ed",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586853",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e5-1298-47e2-9055-4a86950d210b",
|
|
"value": "e931ead7b9bdce553f14527e4c6b54d97d27f7d6"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586853",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e5-3044-4380-b47a-41f1950d210b",
|
|
"value": "https://www.virustotal.com/file/c7024cf43d285ec9671e8dc1eae87281a6ee6f28e92d69d94474efc2521f03ed/analysis/1446234437/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: a01bd92c02c9ef7c4785d8bf61ecff734e990b255bba8e22d4513f35f370fd14",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586854",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e6-0f1c-4b61-9533-4fdc950d210b",
|
|
"value": "a3c943ff5abd486a046cc5934b9b6a923f5d8ce8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586854",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e6-50b0-4774-8523-4f7b950d210b",
|
|
"value": "https://www.virustotal.com/file/a01bd92c02c9ef7c4785d8bf61ecff734e990b255bba8e22d4513f35f370fd14/analysis/1445889272/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 89b25f9a454240a3f52de9bf6f9a829d2b4af04a7d9e9f4136f920f7e372909b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586855",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e7-363c-4dc2-a2c1-4186950d210b",
|
|
"value": "e67dc656d664f3b292366195a2be277a472a365e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586855",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e7-0fb4-4f34-9ad2-49b5950d210b",
|
|
"value": "https://www.virustotal.com/file/89b25f9a454240a3f52de9bf6f9a829d2b4af04a7d9e9f4136f920f7e372909b/analysis/1446482834/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: fd5a7e54cfdd3b3f32b44d8fdd845e62d6b86c0ddb550c544d659588d06ceaee",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586855",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e7-738c-4731-a770-468b950d210b",
|
|
"value": "b737d645192f9c5d03a14b3ee7f0ed0532735fcb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586856",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e8-069c-4645-9d41-4482950d210b",
|
|
"value": "https://www.virustotal.com/file/fd5a7e54cfdd3b3f32b44d8fdd845e62d6b86c0ddb550c544d659588d06ceaee/analysis/1446441784/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 3e6be312a28b2633c8849d3e95e487b5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586856",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "563929e8-b558-4d2b-94c9-4e24950d210b",
|
|
"value": "d589043a6f460855445e35154c5a0ff9dbc8ee9e159ae880e38ca00ea2b9a94f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Backdoor.Duuzer - Xchecked via VT: 3e6be312a28b2633c8849d3e95e487b5",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586857",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "563929e9-2b94-4a83-b9df-4264950d210b",
|
|
"value": "7da4dbff52c260849a19bd91abd0d573640e7dd9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1446586857",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "563929e9-3088-439e-9dd3-4ef3950d210b",
|
|
"value": "https://www.virustotal.com/file/d589043a6f460855445e35154c5a0ff9dbc8ee9e159ae880e38ca00ea2b9a94f/analysis/1445915696/"
|
|
}
|
|
]
|
|
}
|
|
} |