808 lines
No EOL
28 KiB
JSON
808 lines
No EOL
28 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-12-06",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads",
|
|
"publish_timestamp": "1481063579",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1481063464",
|
|
"uuid": "58473b79-10e4-4931-a187-472a950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063315",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "58473b93-8b04-4367-8a07-4e96950d210f",
|
|
"value": "http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063340",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "58473bac-080c-4b36-9f89-4b64950d210f",
|
|
"value": "Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities. Since at least the beginning of October, users might have encountered ads promoting applications calling themselves \u00e2\u20ac\u0153Browser Defence\u00e2\u20ac\u009d and \u00e2\u20ac\u0153Broxu\u00e2\u20ac\u009d using banners similar to the ones below:\r\nStegano2-y0vbp\r\nThese advertisement banners were stored on a remote domain with the URL hxxps://browser-defence.com and hxxps://broxu.com.\r\nWithout requiring any user interaction, the initial script reports information about the victim\u00e2\u20ac\u2122s machine to the attacker\u00e2\u20ac\u2122s remote server. Based on server-side logic, the target is then served either a clean image or its almost imperceptibly modified malicious evil twin.\r\nThe malicious version of the graphic has a script encoded in its alpha channel, which defines the transparency of each pixel. Since the modification is minor, the final picture\u00e2\u20ac\u2122s color tone is only slightly different to that of the clean version:"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063364",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc4-cc54-4b8e-adee-49f7950d210f",
|
|
"value": "http://conce.republicoftaste.com/urq5kb7mnimqz/3dyv72cqtwjbgf5e89hyqryq5zu60_os24kfs1j3u_i"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063364",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc4-8f78-4318-a42f-414a950d210f",
|
|
"value": "http://compe.quincephotographyvideo.com/kil5mrm1z0t-ytwgvx/g7fjx4_caz9"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063364",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc4-f444-4be4-969b-48cc950d210f",
|
|
"value": "http://ntion.atheist-tees.com/v2mit3j_fz0cx172oab_eys6940_rgloynan40mfqju6183a9a4kn/f"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063365",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc5-c4f4-4b3f-b2cf-4e8a950d210f",
|
|
"value": "http://entat.usedmachinetools.co/6yg1vl0q15zr6hn780pu43fwm5297itxgd19rh54-3juc2xz1t-oes5bh"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063365",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc5-143c-4060-818b-477f950d210f",
|
|
"value": "http://connt.modusinrebus.net/34v-87d0u3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063365",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc5-d588-4203-a1cb-4941950d210f",
|
|
"value": "http://ainab.photographyquincemiami.com/w2juxekry8h9votrvb3-k72wiogn2yq2f3it5d17/j9r"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063365",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc5-cae8-40c2-829d-48d1950d210f",
|
|
"value": "http://rated.republicoftaste.com/6t8os/lv-pne1_dshrmqgx-8zl8wd2v5h5m26m_w_zqwzq"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Stegano exploit kit landing pages",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063366",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "58473bc6-0ca4-4a6a-a992-4e01950d210f",
|
|
"value": "http://rence.backstageteeshirts.com/qen5sy/6hjyrw79zr2zokq1t4dpl276ta8h8-/3sf9jlfcu0v7daixie_do6zb843/z7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd7-06b4-45f9-8188-40bb950d210f",
|
|
"value": "badae04bff7afd890c3275e0434f174c6706c2c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd7-40e8-4c90-81ce-4fca950d210f",
|
|
"value": "6ef95acb8aa14d3ba8f1b3c147b7fb0a9da579a2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd7-07ac-4702-962c-47e4950d210f",
|
|
"value": "10840aeb8342a26dfc68e0e706b36ac2b5a0d5b2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd7-7d10-4042-a6ae-4b50950d210f",
|
|
"value": "093b25b04fe21185bfeeafd48f712942d3a3f0c6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063383",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd7-3cc8-40f6-9eef-41cc950d210f",
|
|
"value": "c680734af8670895f961c951a3629b5bc64efe8e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063384",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd8-54b4-4840-a28f-4056950d210f",
|
|
"value": "eedbbb65a441979974592343c6ca71c90cc2550f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063384",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd8-d8e8-4034-9839-48e1950d210f",
|
|
"value": "de288cade8ee3f13d44719796a5896d88d379a1e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063384",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd8-17dc-4e3e-b928-448a950d210f",
|
|
"value": "9488cdbb242be50df3d20b12f589af2e39080882"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063384",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd8-ac9c-41d1-9fb4-423d950d210f",
|
|
"value": "b664365fc8c0b93f6a992c44d11f44dd091426dd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063384",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd8-0ef0-4a76-85e6-49e8950d210f",
|
|
"value": "7557b5d987f0236ff838cd3af05663efa98ebc56"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063385",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd9-b554-4bd7-b197-4dd8950d210f",
|
|
"value": "24b7933a8a8f6ed50fbaf2a5021ef47ce614a46f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Flash files",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063385",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bd9-eaf0-4d10-a40c-4a99950d210f",
|
|
"value": "11ba8b354001900ed79c43ea858f1bc732961097"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063402",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bea-8fec-4e8a-95c7-472b950d210f",
|
|
"value": "67e26597cf1ff35e4b8300bf181c84015f9d1134"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063402",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bea-0990-42c5-bf0c-4f24950d210f",
|
|
"value": "cd46cee45f2fc982fba7c4d246d3a1d58d13ed4a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063403",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473beb-a7e4-41fa-a9e2-4c8a950d210f",
|
|
"value": "191ffa6eb2c33a56e750bffeffe169b0d9e4bbe4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063403",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473beb-54b8-4d3d-b644-477d950d210f",
|
|
"value": "4b2f4c20cc9294f103319938f37c99c0de7b4932"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063403",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473beb-bfd8-4644-b04f-46d7950d210f",
|
|
"value": "3fcea1afda9888400d8de5a232e4bf1e50d3380f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063403",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473beb-e4e8-4867-ad67-4015950d210f",
|
|
"value": "ca750f492691f4d31a31d8a638ce4a56af8690d0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063404",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bec-ece4-4d6d-a6cc-4b6f950d210f",
|
|
"value": "1374ee22d99ecfc6d68ade3ace833d4000e4705b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063404",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bec-ed18-4dd3-89a8-4a88950d210f",
|
|
"value": "6bf1a2b7e8ca44e63e1a801e25189dc0212d71b9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063404",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bec-3928-45d5-8513-4e97950d210f",
|
|
"value": "b84ab2d5ead12c257982386bc39f18532bf6939e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063404",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bec-8bf4-4264-9bca-4858950d210f",
|
|
"value": "476a0455044b9111bda42cdb7f4ea4e76aa7ab2d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063405",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bed-1e7c-4100-8d9d-4d08950d210f",
|
|
"value": "0c1ca7d9c7e4b26a433946a6495782630ef6fd18"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063405",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bed-720c-4693-8898-4341950d210f",
|
|
"value": "29b6dd92fbdf6070b171c38b1d3ca374f66e4b66"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063405",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bed-8070-4696-903c-4eef950d210f",
|
|
"value": "89da7e7a88f9b6cbbfaf7f229bfea8767220c831"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063405",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bed-aa70-40ef-81fe-4506950d210f",
|
|
"value": "cee32c8e45a59d3084d832a9e6500ae44f75f7b5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063406",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bee-9c28-4b3c-9098-4abf950d210f",
|
|
"value": "a152ab43bedcd8f6b7bfb67249c5599cf663d050"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063406",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bee-9524-43f0-b238-4608950d210f",
|
|
"value": "3ac722ac0d4764545a3e8a6df02059c8a164ca17"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063406",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bee-312c-4e1f-8051-4d76950d210f",
|
|
"value": "25e0474e4f8d7d3053278b45a9c24380275b4705"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063406",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bee-b968-4ac8-b21f-40f3950d210f",
|
|
"value": "35fb5f3c2957b4525a0330427397915aeefddd91"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063406",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bee-7cd8-413f-b003-457b950d210f",
|
|
"value": "19eee9745e25194dd573423c6db0f5af5d8cfe1d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063407",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bef-69c4-4068-9bcb-4dc2950d210f",
|
|
"value": "e88b2b7a08322738c74b29c4ca538741f85a0b7f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Stegano exploit kit landing page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063407",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473bef-1084-4b12-95d2-4017950d210f",
|
|
"value": "a388a2a241339489685cb4ad22eba9e04b72cd67"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063426",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c02-f168-48e0-bc0b-4aac950d210f",
|
|
"value": "55309eae2b826a1409357306125631fdf2513ac5"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063426",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c02-4368-4624-bda5-47b5950d210f",
|
|
"value": "67799f80cef4a82a07efb3698627d7ae7e6101ab"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063426",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c02-8780-4472-9144-4dbd950d210f",
|
|
"value": "09425b3b8bf71ba12b1b740a001240cd43378a6c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063427",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c03-cb64-4840-8a2e-4185950d210f",
|
|
"value": "4528736618bbb44a42388522481c1820d8494e37"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063427",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c03-97d0-4249-8535-4826950d210f",
|
|
"value": "fe841df1acd15e32b4ffc046205caafd21ed2ab2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063427",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c03-eb80-47b3-afe0-4d78950d210f",
|
|
"value": "7be0a9387f8528ec185acc6b9573233d167df71b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063427",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c03-2e78-4f70-b901-42f4950d210f",
|
|
"value": "a5bc07e8e223a0df3e7b45eefd69040486e47f27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063427",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c03-cf38-47bb-ba11-435f950d210f",
|
|
"value": "ec326ba5cd406f656c3b26d4a5319daa26d4d5fe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063428",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c04-66f4-4c3a-b2ef-45dc950d210f",
|
|
"value": "3f1a5f624e0e974caa4f290116ce7908d360e981"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063428",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c04-fa08-4f7b-8a22-4db0950d210f",
|
|
"value": "33f921c61d02e0758dcb0019c5f37a4d047c9ec7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063428",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c04-4fc4-4dc4-a1a8-4223950d210f",
|
|
"value": "2ff89048d39be75f327031f6d308ce1b5a512f73"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063428",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c04-f410-468a-9f9e-4b9f950d210f",
|
|
"value": "9a0d9ebc236df87788e4a3e16400eb8513743233"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063429",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c05-d584-4151-87c7-4ad7950d210f",
|
|
"value": "f36c283b89c9f1b21a4ad3e384f54b0c8e7d417a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063429",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c05-6540-4b58-bc4a-4df8950d210f",
|
|
"value": "17787879d550f11580c74da1ea36561a270e16f7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063429",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c05-50ec-4c65-9df1-404e950d210f",
|
|
"value": "9090db6731a8d49e8b2506087a261d857946a0eb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063429",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c05-496c-4855-b04b-462f950d210f",
|
|
"value": "45b3ee46ada9c842e65dcf235111ab81ef733f34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063429",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c05-329c-4019-889f-411d950d210f",
|
|
"value": "f56a878ca094d461bdf0e5e0ceced5b9903db6e0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063430",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c06-d9b0-40ff-9b8e-434a950d210f",
|
|
"value": "6c74a357b932cf27d5634fd88aa593aef3a77672"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063430",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c06-bff8-454c-b836-4ea8950d210f",
|
|
"value": "0c3c22b8aa461c7de4d68567eea4ae3cd8e4d845"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063430",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c06-99c8-498a-8d45-4fb1950d210f",
|
|
"value": "5a5a015c378159e6dc3d7978dad8d04711d997f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063430",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c06-c3d4-408c-bfc4-4456950d210f",
|
|
"value": "b2473b3658c13831c62a85d1634b035bc7ebd515"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063430",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c06-0694-4173-85fb-43a2950d210f",
|
|
"value": "9638e1897b748d120149b94d596cec6a5d547067"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063431",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c07-3904-49e1-863f-4057950d210f",
|
|
"value": "0195c8c7b687dd4cbf2578ad3cb13cd2807f25cb"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063431",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c07-bda8-49fd-a372-4c15950d210f",
|
|
"value": "fec222095abd62fc7635e2c7fa226903c849c25c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063431",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c07-23fc-4953-a696-4111950d210f",
|
|
"value": "0fcb2b3ed16672a94cd003b4b53181b568e35912"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "banner.png with stegano",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063431",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c07-a14c-414d-b35f-4682950d210f",
|
|
"value": "03483e4039839f0807d7bec08090179e62dbcc60"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Code from banner",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063445",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c15-d8f0-4c51-85ca-4e6f950d210f",
|
|
"value": "a57971193b2ffff1137e083bfacfd694905f1a94"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "countly.min.js",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1481063463",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58473c27-ae2c-40b7-98d6-4494950d210f",
|
|
"value": "24fa6490d207e06f22a67bc261c68f61b082acf8"
|
|
}
|
|
]
|
|
}
|
|
} |