adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/19b55cd3-2c7f-4bb5-805c-308b412958b0.json

1514 lines
256 KiB
JSON
Raw Permalink Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2022-08-19",
"extends_uuid": "",
"info": "Brazil malspam pushes Astaroth (Guildma) malware",
"publish_timestamp": "1661767563",
"published": true,
"threat_level_id": "1",
"timestamp": "1661430902",
"uuid": "19b55cd3-2c7f-4bb5-805c-308b412958b0",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#1f2325",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:malpedia=\"Astaroth\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-malware=\"Astaroth - S0373\"",
"relationship_type": ""
},
{
"colour": "#c581b3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:rat=\"Guildma\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Link from email",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661411907",
"to_ids": true,
"type": "url",
"uuid": "0da40295-0f8f-47df-8d0c-9d532e983683",
"value": "http://w7oaer.infocloudgruposolucaoecia.link/P05dWVqI0WghlU4/UeWgmk3mU3p8yeyxkUgI8Um1R1/65837/gruposolucaoeciainfocloud"
},
{
"category": "Network activity",
"comment": "URL to legitimate website generated from iframe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661412192",
"to_ids": true,
"type": "url",
"uuid": "691be0a1-895e-419c-a04d-86ba3c13bbd5",
"value": "http://www.intangiblesearch.it/search/home_page.php?db_name=%3Cscript%20src=%22https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js%22%3E%3C/script%3E%3Cscript%20type=%22text/javascript%22%20src=%22hxxp://w7oaer.infocloudgruposolucaoecia.link/P05dWVqI0WghlU4/UeWgmk3mU3p8yeyxkUgI8Um1R1/65837/gruposolucaoeciainfocloudAvDk.T036%22%3E%3C/script%3E?"
},
{
"category": "Network activity",
"comment": "Traffic to initial malicious domain that provides zip archive download:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661412192",
"to_ids": true,
"type": "url",
"uuid": "f3f893fc-a551-4e28-b854-ab569b2c65e4",
"value": "http://w7oaer.infocloudgruposolucaoecia.link/P05dWVqI0WghlU4/UeWgmk3mU3p8yeyxkUgI8Um1R1/65837/gruposolucaoeciainfocloudAvDk.T036"
},
{
"category": "Network activity",
"comment": "Traffic to initial malicious domain that provides zip archive download:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661412192",
"to_ids": true,
"type": "url",
"uuid": "ee62be81-f12a-4483-8607-7466e33413fe",
"value": "http://w7oaer.infocloudgruposolucaoecia.link//inc.php?/gruposolucaoeciainfocloud"
},
{
"category": "Network activity",
"comment": "Traffic to initial malicious domain that provides zip archive download:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661412192",
"to_ids": true,
"type": "url",
"uuid": "c2c89f4e-c684-40ad-b4a6-54298fe99aa4",
"value": "http://w7oaer.infocloudgruposolucaoecia.link/YBZJPTBQV/482NJ8NS74J9/N6D6WW/gruposolucaoeciainfocloud_097.88933.61414z64y64"
},
{
"category": "External analysis",
"comment": "Screenshot of the malicious email with link to download a malicious zip archive.",
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcgSlBFRyB2NjIpLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcUGBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgo/8AAEQgEsAUkAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9Q+GXw58GX/w98OXd74Y0ie5msIXklktVLOxUZJOOtdN/wAKt8Cf9Clon/gIn+FTfCP/AJJh4W/7B0P/AKAK60nigDjP+FXeBf8AoUtE/wDARP8ACl/4Vd4F/wChR0T/AMBE/wAKk8SeONN0hZEhdbm4Q4KIeAfc1z9r8Y9Be4EV1FcQ9i+NwBrojha0480Yuxg8TSUuRy1Nz/hV3gT/AKFLRP8AwET/AAo/4Vd4F/6FHRP/AAET/Cuj0fVbLWLRbnTbiOeE90PSr9c7TTszZO+qON/4Vb4E/wChR0T/AMBE/wAKP+FW+BP+hR0T/wABE/wrsqKBnG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4Bp/hR/wq3wJ/wBCjon/AICJ/hXZUUAcb/wq3wJ/0KOif+Aif4Uf8Kt8Cf8AQo6J/wCAif4V2VFAHG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKWif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBCjon/AICJ/hXZUUAcb/wq3wJ/0KOif+Aif4Uf8Kt8Cf8AQo6J/wCAif4V2VFAHG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBCjon/AICJ/hXZUUAcb/wq3wJ/0KOif+Aif4Uf8Kt8Cf8AQo6J/wCAif4V2VFAHG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBClon/AIBp/hXZUUAcb/wq3wJ/0KWif+Aaf4Uf8Kt8Cf8AQpaJ/wCAaf4V2VFAHG/8Kt8Cf9Clon/gGn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBCjon/AICJ/hXZZooA4z/hVvgX/oUtE/8AANP8KP8AhV3gX/oUtE/8A0/wrs6KAOM/4Vd4F/6FLRP/AADT/Cj/AIVd4F/6FLRP/ANP8K7OigDjP+FXeBf+hS0T/wAA0/wo/wCFXeBf+hS0T/wDT/CuzooA43/hVvgT/oUdE/8AARP8KP8AhVvgT/oUdE/8BE/wrsqKAON/4Vb4E/6FHRP/AAET/Ck/4Vd4F/6FLRP/AADT/CuzooA4z/hV3gX/AKFLRP8AwDT/AAo/4Vd4F/6FLRP/AADT/CuzooA4z/hV3gX/AKFLRP8AwDT/AApf+FW+Bf8AoUtE/wDANP8ACuyooA43/hVvgT/oUdE/8BE/wo/4Vd4E/wChR0T/AMBE/wAK7KigDjf+FXeBf+hR0T/wET/Cj/hV3gT/AKFHRP8AwET/AArsqKAON/4Vb4E/6FHRP/ARP8KP+FW+BP8AoUdE/wDARP8ACuyooA43/hVvgT/oUdE/8BE/wpP+FW+Bf+hS0T/wDT/CuzooA43/AIVd4F/6FHRP/ARP8KP+FW+BP+hR0T/wET/CuyooA43/AIVb4E/6FHRP/ARP8KP+FW+BP+hR0T/wET/CuyooA4z/AIVd4F/6FLRP/ANP8KP+FXeBf+hS0T/wDT/CuzooA4z/AIVd4F/6FLRP/ANP8KX/AIVb4E/6FHRP/ARP8K7KigDjf+FW+BP+hR0T/wABE/wpP+FW+Bf+hS0T/wAA0/wrs6KAON/4Vb4E/wChR0T/AMBE/wAKT/hV3gX/AKFLRP8AwDT/AArs6KAOM/4Vd4F/6FLRP/ANP8KX/hVvgT/oUtE/8A0/wrsqKAON/wCFW+BP+hR0T/wET/Cj/hV3gT/oUdE/8BE/wrsqKAON/wCFXeBP+hR0T/wET/Cj/hV3gT/oUdE/8BE/wrsqM0Acb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gIn+FH/CrvAv/AEKOif8AgIn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq3wL/ANCjon/gGn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gIn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/
"deleted": false,
"disable_correlation": false,
"timestamp": "1661430718",
"to_ids": false,
"type": "attachment",
"uuid": "c8b27262-595e-43a2-852d-ef865c640198",
"value": "2022-08-19-ISC-diary-image-01.jpg"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1661411110",
"uuid": "c2a30035-48ae-40f5-86f6-124413506cb7",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1661411110",
"to_ids": false,
"type": "link",
"uuid": "d43c3904-7b68-47cb-8e70-822df291fa49",
"value": "https://isc.sans.edu/diary/rss/28962"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1661411110",
"to_ids": false,
"type": "text",
"uuid": "942ecdc3-13a1-44fb-af08-2eb47a2a4e18",
"value": "Dairy"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1661411191",
"uuid": "064047ba-5588-4b86-8de6-0995582dc8a0",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1661411191",
"to_ids": false,
"type": "link",
"uuid": "9d0fdc3e-65a6-43e9-a371-eb3b29e72c42",
"value": "https://otx.alienvault.com/pulse/6303804723bccc7e3caad737"
}
]
},
{
"comment": "initial malicious domain",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1661412119",
"uuid": "84344391-a4b4-43be-9035-5097dfabfbd7",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1661412119",
"to_ids": true,
"type": "domain",
"uuid": "b53ca9d9-6cb5-4c9f-b488-4d098019619b",
"value": "w7oaer.infocloudgruposolucaoecia.link"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661412119",
"to_ids": true,
"type": "ip-dst",
"uuid": "3698f920-a1f7-4ad0-b5e8-313c241feb8c",
"value": "172.67.217.95"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "port",
"timestamp": "1661412119",
"to_ids": false,
"type": "port",
"uuid": "9d5d987d-46e3-4f5a-be63-f6ce8fdf758d",
"value": "80"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661413952",
"uuid": "fd2a4aed-7106-4690-a4a7-409591d0f6aa",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661413952",
"to_ids": true,
"type": "hostname",
"uuid": "e92ca467-f89a-45cf-a7b0-9e0005a72413",
"value": "ahaaer.pfktaacgojiozfehwkkimhkbkm.cfd"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661413952",
"to_ids": true,
"type": "ip-dst",
"uuid": "3b18f72a-5121-4fbe-ab8b-9f80011f26cf",
"value": "172.67.212.174"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661413952",
"to_ids": false,
"type": "http-method",
"uuid": "5cd20ab5-98b4-42c1-8d9f-f442d5e72a3a",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661413952",
"to_ids": true,
"type": "url",
"uuid": "c27ef813-b10e-4c98-a748-c66d66e80f1f",
"value": "/?1/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661414107",
"uuid": "a8f32a60-264e-41f7-afbb-8389eeb20508",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661414107",
"to_ids": true,
"type": "hostname",
"uuid": "70fcb061-f435-45d2-abde-5c2c5917478e",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661414107",
"to_ids": true,
"type": "ip-dst",
"uuid": "7ebeac84-c5cb-42f6-857f-7e1603321f86",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661414107",
"to_ids": false,
"type": "http-method",
"uuid": "6b9d4246-6a72-4d1b-afce-0e649327d1aa",
"value": "HEAD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661414107",
"to_ids": true,
"type": "url",
"uuid": "f40834ef-696e-4c4c-ab7d-7d57ca19e72e",
"value": "/?59792746413628799"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661414269",
"uuid": "12b17044-0396-41a2-90d8-99c0a9d72800",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661414269",
"to_ids": true,
"type": "hostname",
"uuid": "e59253d8-73d3-44a4-8035-947406c20b85",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661414269",
"to_ids": true,
"type": "ip-dst",
"uuid": "866b4b71-8021-4e27-880b-287ee8c0093e",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661414269",
"to_ids": false,
"type": "http-method",
"uuid": "550ec130-f46b-4bbe-9d59-943aba92a3c1",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661414269",
"to_ids": true,
"type": "url",
"uuid": "a3789c57-f0d8-4657-96de-e08411ee3ae5",
"value": "/?59792746413628799"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661414404",
"uuid": "9e37ae47-066a-419e-bf01-767ce62eec2a",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661414404",
"to_ids": true,
"type": "hostname",
"uuid": "393100ba-f3aa-4d5a-b218-c1ca2a823af7",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661414404",
"to_ids": true,
"type": "ip-dst",
"uuid": "bba58b6c-9fbb-4093-9a86-10e630e5a81c",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661414404",
"to_ids": false,
"type": "http-method",
"uuid": "e12865ff-406a-4f83-b252-f4e5eb2b5e41",
"value": "HEAD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661414404",
"to_ids": true,
"type": "url",
"uuid": "74675e8c-fb54-4afb-a729-9f78ffd1f1ea",
"value": "/?33954141807632999"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661414409",
"uuid": "341f6945-6d2e-4371-85d8-fdb865724cf3",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661414409",
"to_ids": true,
"type": "hostname",
"uuid": "80dcabf5-e831-4184-b6cd-41b51d0a4649",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661414409",
"to_ids": true,
"type": "ip-dst",
"uuid": "fe388edf-7445-4048-a92e-f82ec44060d6",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661414409",
"to_ids": false,
"type": "http-method",
"uuid": "ffc96a8e-5e84-46e7-96b8-c2a3476f076d",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661414409",
"to_ids": true,
"type": "url",
"uuid": "fbada831-4532-40b1-af88-f3aef572729f",
"value": "/?33954141807632999"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661414967",
"uuid": "763161ce-dd82-4b8f-ba22-d36bd98bc131",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661414967",
"to_ids": true,
"type": "hostname",
"uuid": "6aa4a684-2f0a-419f-bf83-31156a089108",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661414967",
"to_ids": true,
"type": "ip-dst",
"uuid": "3aa529fa-c227-4f94-b4d9-ccff8bed7f08",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661414967",
"to_ids": false,
"type": "http-method",
"uuid": "97445c9f-df5c-4cd0-a3e6-d7b4e1c18320",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661414967",
"to_ids": true,
"type": "url",
"uuid": "f49bd650-3a51-4fea-9d75-34739c1f393d",
"value": "/?71576927405639060"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661414971",
"uuid": "ed6b4e81-0f6a-486d-90cc-263516bde2b1",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661414971",
"to_ids": true,
"type": "hostname",
"uuid": "c2e08f03-ef9f-4bd2-ab6c-f59c0125852f",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661414971",
"to_ids": true,
"type": "ip-dst",
"uuid": "7bfdfe8e-e08d-4791-bb00-3ca55dd52143",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661414971",
"to_ids": false,
"type": "http-method",
"uuid": "ae5cd46d-b2aa-400a-b446-0f80f6861e57",
"value": "HEAD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661414971",
"to_ids": true,
"type": "url",
"uuid": "8efdf02e-ea74-48ba-9c5f-7f3b73e2b253",
"value": "/?71576927405639060"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661415144",
"uuid": "d5b5e0be-8ba1-4971-9b02-b989f0ffda1b",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661415144",
"to_ids": true,
"type": "hostname",
"uuid": "d17d290e-a2f5-4843-b64c-212a70be2a60",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661415144",
"to_ids": true,
"type": "ip-dst",
"uuid": "af26393b-578b-40ee-bc2b-7ca3fcba78a0",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661415144",
"to_ids": false,
"type": "http-method",
"uuid": "432fbbad-ff36-41a9-a72d-53a5dec8e9cf",
"value": "HEAD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661415144",
"to_ids": true,
"type": "url",
"uuid": "1f1468ac-9241-47a5-8149-801052e166c1",
"value": "/?59784568396678051"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661415149",
"uuid": "da91ab76-e168-4747-87c9-81f5e686d33f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661415149",
"to_ids": true,
"type": "hostname",
"uuid": "81890e81-a733-4646-90ae-5a3d4e5340eb",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661415149",
"to_ids": true,
"type": "ip-dst",
"uuid": "30fade39-76cb-4ef8-b87e-c93c6fb23d39",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661415149",
"to_ids": false,
"type": "http-method",
"uuid": "c81ebdf2-9c45-4886-8109-2f327ce51f5b",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661415149",
"to_ids": true,
"type": "url",
"uuid": "76dc5659-7345-4a38-8c0c-80f3a915fe13",
"value": "/?59784568396678051"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661415266",
"uuid": "0ee28202-8cc1-4e77-bc13-c213883f2e46",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661415266",
"to_ids": true,
"type": "hostname",
"uuid": "1c850788-ea48-44f0-8cd4-dc93fd9908ce",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661415267",
"to_ids": true,
"type": "ip-dst",
"uuid": "86210556-d3a2-49f8-97d5-c90b627af568",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661415267",
"to_ids": false,
"type": "http-method",
"uuid": "e5b28dbf-c8db-4a44-b66d-300d8f45c95d",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661415267",
"to_ids": true,
"type": "url",
"uuid": "e64eb5b1-a278-4554-a846-8d5fb5a37176",
"value": "/?40018133101693668"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661415271",
"uuid": "cda082db-9efd-41c0-9836-64395fe5300c",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661415271",
"to_ids": true,
"type": "hostname",
"uuid": "9f6de75d-f57e-45ee-b902-bbcb37769e9e",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661415271",
"to_ids": true,
"type": "ip-dst",
"uuid": "fc98b197-50d0-4d1c-a80d-fd1aed9d0f78",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661415271",
"to_ids": false,
"type": "http-method",
"uuid": "15802ec5-2189-443b-86cf-6570ced75860",
"value": "HEAD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661415271",
"to_ids": true,
"type": "url",
"uuid": "1c39436e-0d7c-48c4-901b-bac51e2de23e",
"value": "/?40018133101693668"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661415381",
"uuid": "76598496-4b19-4a76-9b2a-91e206eec5d3",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661415381",
"to_ids": true,
"type": "hostname",
"uuid": "fb25abb0-b625-4a80-a762-5743bcf6f56e",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661415381",
"to_ids": true,
"type": "ip-dst",
"uuid": "ae5aba26-213f-4dcb-b06e-3a83ff8b1e19",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661415381",
"to_ids": false,
"type": "http-method",
"uuid": "b49df3d4-d31d-4b28-9ddb-d7484785c11b",
"value": "HEAD"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661415381",
"to_ids": true,
"type": "url",
"uuid": "c7f806e6-7816-4977-b958-97ceffad0694",
"value": "/?33450285101613952"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661415386",
"uuid": "6f82506a-1b4e-4161-a0ea-a76a8989f6c5",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661415386",
"to_ids": true,
"type": "hostname",
"uuid": "cdf01799-d134-428b-ba12-e35635d053f4",
"value": "cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661415386",
"to_ids": true,
"type": "ip-dst",
"uuid": "a45a2942-4254-4b6c-b71d-0d058808ac88",
"value": "104.21.11.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661415386",
"to_ids": false,
"type": "http-method",
"uuid": "42b98bba-1220-4698-b3f1-46760a711995",
"value": "GET"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661415386",
"to_ids": true,
"type": "url",
"uuid": "1120d8c7-a01f-422e-9358-8929fb3159d4",
"value": "/?33450285101613952"
}
]
},
{
"comment": "Data exfiltration through HTTP POST request",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661417294",
"uuid": "c3ef89ed-bfa9-4cd9-9ab0-a68c59bac805",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661417294",
"to_ids": true,
"type": "hostname",
"uuid": "65a3cb60-0854-4f5e-8695-48d29de7a0ef",
"value": "hcu11m2mkk2.rouepcgomfhejergdahjcfcugarfcmoa.tk"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661417294",
"to_ids": true,
"type": "ip-dst",
"uuid": "48c15305-06fd-4b3d-bbe3-b105ab95b608",
"value": "104.21.25.34"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661417294",
"to_ids": false,
"type": "http-method",
"uuid": "44f50737-8540-4ba0-82e2-cff87c0bbc2d",
"value": "POST"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661417294",
"to_ids": true,
"type": "url",
"uuid": "7df2a3db-d442-4544-b595-23dd0f0186cd",
"value": "/"
}
]
},
{
"comment": "Data exfiltration through HTTP POST request",
"deleted": false,
"description": "A single HTTP request header",
"meta-category": "network",
"name": "http-request",
"template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b",
"template_version": "4",
"timestamp": "1661417333",
"uuid": "918d37c8-b620-4072-8b73-07cfe334fa3a",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1661417333",
"to_ids": true,
"type": "hostname",
"uuid": "7b894d0d-dd8f-4cc9-a03d-e68ded457d24",
"value": "j2vfrc7gddo.aeabihjpejprueuibdjmhfmdcpsfr.gq"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1661417333",
"to_ids": true,
"type": "ip-dst",
"uuid": "82e5c735-3b45-42f4-b8c1-dda1152cec86",
"value": "172.67.165.46"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "method",
"timestamp": "1661417333",
"to_ids": false,
"type": "http-method",
"uuid": "4f4e479a-1aeb-466c-b1a9-99afb28f36ac",
"value": "POST"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1661417333",
"to_ids": true,
"type": "url",
"uuid": "4c03cdd0-e310-423a-9827-c902e1bdd36c",
"value": "/"
}
]
},
{
"comment": "Example of downloaded zip archive",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1661421687",
"uuid": "21c80502-62f4-4c8e-855f-d8989df45ad8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "21c80502-62f4-4c8e-855f-d8989df45ad8",
"referenced_uuid": "93621a33-455e-402d-929a-75d3c1ce5cf5",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1661421661",
"uuid": "743a816a-b80f-4ca8-99af-653c0fa46049"
},
{
"comment": "",
"object_uuid": "21c80502-62f4-4c8e-855f-d8989df45ad8",
"referenced_uuid": "cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1661421687",
"uuid": "3dcf88c9-bcae-4d69-8e1a-0f14508033ef"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1661418074",
"to_ids": true,
"type": "sha256",
"uuid": "895ccc76-754d-4052-9259-93b7a04c64fc",
"value": "f254f9deeb61f0a53e021c6c0859ba4e745169322fe2fb91ad2875f5bf077300"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1661418074",
"to_ids": true,
"type": "filename",
"uuid": "ddfec5ac-e8cd-4604-884d-c2da6d349c6d",
"value": "gruposolucaoeciainfocloud_097.88933.61414.zip"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1661418074",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "64430982-deba-4885-9509-55bd108aefe0",
"value": "1091"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1661421648",
"uuid": "93621a33-455e-402d-929a-75d3c1ce5cf5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "93621a33-455e-402d-929a-75d3c1ce5cf5",
"referenced_uuid": "21c80502-62f4-4c8e-855f-d8989df45ad8",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "contained-within",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1661421648",
"uuid": "67c87c8c-5a71-46c1-82b7-5e5be3e8837d"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1661420743",
"to_ids": true,
"type": "sha256",
"uuid": "cbeff175-3b08-419e-881a-2c1167cc9879",
"value": "5ca1e9f0e79185dde9655376b8cecc29193ad3e933c7b93dc1a6ce2a60e63bba"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1661420743",
"to_ids": true,
"type": "filename",
"uuid": "ec216fba-b2e3-4263-b45a-3d168033b8e1",
"value": "gruposolucaoeciainfocloud_097.88933157.086456.45192.cmd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1661420743",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "8176d1ed-16f8-42fd-8221-2ce824b81a59",
"value": "338"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1661421630",
"uuid": "cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba",
"referenced_uuid": "21c80502-62f4-4c8e-855f-d8989df45ad8",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "contained-within",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1661421630",
"uuid": "07732bd1-419a-4839-963f-e0cb03dad773"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1661420780",
"to_ids": true,
"type": "sha256",
"uuid": "090bfd5d-5463-4e57-b1b3-05bb08d93065",
"value": "db136e87a5835e56d39c225e00b675727dc73a788f90882ad81a1500ac0a17d6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1661420780",
"to_ids": true,
"type": "filename",
"uuid": "8c274b55-d37d-49b7-a8c8-f838e68863cc",
"value": "gruposolucaoeciainfocloud_097.88933157.086456.45192.lNk"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1661420780",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e5f413d-f32e-4d07-b358-01ba7444c063",
"value": "1341"
}
]
},
{
"comment": "Command from Windows shortcut in Windows Startup folder on the infected Windows host",
"deleted": false,
"description": "LNK object describing a Windows LNK binary file (aka Windows shortcut)",
"meta-category": "file",
"name": "lnk",
"template_uuid": "ad13533e-1853-4da0-a111-33a7ce7e6c09",
"template_version": "1",
"timestamp": "1661430381",
"uuid": "aa63b00b-a7b2-4fda-9384-09ba97a9cd1c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "lnk-command-line-arguments",
"timestamp": "1661430350",
"to_ids": false,
"type": "text",
"uuid": "ae85c254-10d8-4ee9-96bb-aa1e353824dd",
"value": "%WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -windowstyle hidden -Command C:\\W45784602214\\Asus.CertificateValidation.2022.1728.641.AutoIt3.exe C:\\W45784602214\\Asus.CertificateValidation.2022.1728.641.AutoIt3.log"
}
]
},
{
"comment": "Windows EXE for AutoIt v3, not inherently malicious",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1661430606",
"uuid": "8a53113d-2c57-4bfc-a001-1de27e002e50",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1661430606",
"to_ids": true,
"type": "sha256",
"uuid": "ac5a9a11-3ece-4a23-a276-7ac383739d57",
"value": "237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1661430606",
"to_ids": true,
"type": "filename",
"uuid": "472fc711-755c-4975-8280-fca4af90e056",
"value": "Asus.CertificateValidation.2022.1728.641.AutoIt3.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1661430606",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a06e23ea-4c20-4499-9fc6-1e88b5615968",
"value": "893608"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1661430606",
"to_ids": false,
"type": "text",
"uuid": "be2a6275-3b54-436e-96f3-31895093614c",
"value": "C:\\W45784602214\\Asus.CertificateValidation.2022.1728.641.AutoIt3.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1661430606",
"to_ids": false,
"type": "text",
"uuid": "be33daf8-62c0-414a-9843-a336f3b89463",
"value": "C:\\W45784602214\\"
}
]
},
{
"comment": "Malicious data binary, AutoIt v3 compiled script run by above Windows EXE for AutoIt v3",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1661430671",
"uuid": "9356c0e4-d1c3-42d9-a50b-c3ad66045487",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1661430671",
"to_ids": true,
"type": "sha256",
"uuid": "faf53e5c-8eea-4f7f-8159-ec82aa4bfc19",
"value": "e31658734d3e0de1d2764636d1b8726f0f8319b0e50b87e5949ec162ae1c0050"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1661430671",
"to_ids": true,
"type": "filename",
"uuid": "19f64fdf-cd76-4c75-ba86-1375975f8afc",
"value": "Asus.CertificateValidation.2022.1728.641.AutoIt3.log"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1661430671",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "84c19244-e479-4e1b-b6cb-2964fd3b44ff",
"value": "246116"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "fullpath",
"timestamp": "1661430671",
"to_ids": false,
"type": "text",
"uuid": "145093af-07a4-47b7-8133-be5b24a29223",
"value": "C:\\W45784602214\\Asus.CertificateValidation.2022.1728.641.AutoIt3.log"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "path",
"timestamp": "1661430671",
"to_ids": false,
"type": "text",
"uuid": "a3e1a34a-84c1-4313-b18e-27ca9cf3ea3f",
"value": "C:\\W45784602214\\"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink