misp-circl-feed/feeds/circl/misp/5c066106-263c-4b85-9387-4d3f950d210f.json

1597 lines
936 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2018-11-27",
"extends_uuid": "5c065ec5-6ab0-4cc1-a032-bf18950d210f",
"info": "MAR-10166283.r1.v1 (SamSam ransomware)",
"publish_timestamp": "1544005280",
"published": true,
"threat_level_id": "3",
"timestamp": "1544005267",
"uuid": "5c066106-263c-4b85-9387-4d3f950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:malpedia=\"SamSam\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:ransomware=\"Samas-Samsam\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921926",
"to_ids": false,
"type": "mutex",
"uuid": "01ac1fec-a06f-404f-aa99-f9b406aa02ee",
"value": "!IECompat!Mutex"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921927",
"to_ids": false,
"type": "mutex",
"uuid": "45842d35-5c7f-4e0c-9ef5-6eee797d6360",
"value": "!PrivacIE!SharedMem!Mutex"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921927",
"to_ids": false,
"type": "mutex",
"uuid": "0b59335d-7ace-4391-b5af-c7b62357f7cf",
"value": "IsoScope_a44_IESQMMUTEX_2628_27"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921928",
"to_ids": false,
"type": "mutex",
"uuid": "efcfaeb6-9680-4b3e-9044-90ac70803ad5",
"value": "IsoScope_a44_IESQMMUTEX_2628_274"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921928",
"to_ids": false,
"type": "mutex",
"uuid": "43216016-e16c-4036-aff5-cfad3a408f4e",
"value": "Local\\ZonesCacheCounterMutex"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921929",
"to_ids": false,
"type": "mutex",
"uuid": "7d433e27-4113-4693-a172-7608e37aab06",
"value": "Local\\ZonesLockedCacheCounterMutex"
},
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAGSCAIAAACwnyjEAAEAAElEQVR4nOz9d5gc13kmjp7KqatznJwxmEEGCBCBAEmAIEiQYoQYlNZaUl55vbbsn73X9pXD8/hauut1UKJlKlFZzIQYAJBEzjlOwACTU0/nUF256pz7xwFGI5DQmrYlcnX7ffiAPTPV1adOVZ/3fOn9CISQbdsIIZZldV0nCILnecdxQBVVfARg0tdeEAgAAEgECQBIBAgACQRIgPDvAQKAgAABm+IIBCgECBcA/CcCAAK4JIAkcIlrp6IQIBAgASDg9WOuAxEAAAB/+cd/N2j4Pue8AeScCzToX7y+4U/XZuD6u/CPzuzP/zaYFD37evbSfun86NpkkAgAABh406UAEdeuCBG/OJVF0ggASAAEgAsAAhAAQABIAEABSCPAQEhDQEAAEAIIOAzzwS6giip+DSBc1yVJEgDgui5FUfjfD3tUVVRxHeiGn+F7XvzSQYhgCPwLOOfXBAAkQARwr/9Ezb5p7vnfl/P+Y0T4nvHPOef7/ckhfukzyblDuOF4NOeIfzOsm/9p9rPmsu/7fCL45TkhfukveIbx3Ls33gFIA0ABSCAAEAAIAQAAVSXCKj58EAghAIBt26dOnaqpqVFVlaIoy7II4j+4AFRRxX8CvOa1F9j+QASABEQEwGaHSwIArv0IAIAEAIgmASAhoBAgESAQfgtwCQDJa+RJAkBctwhvwA1G23/QHAQAUOiXTvveE95g/Fm/PKZfYRFiuB9whLMXDd/zRmwCzv76+sDg3JHMxaw5COa8oF0am4N42hEBIXHt2OvWPCQAINA109Mh6PecuIoqftOgNU0jCOLq1asvvfTS6tWrHcehKAohxHHchz22KqoAAR2vp78gQpcALnmN2Fzi+l/BtRe8/Us8d40IwS/OAH6ZCD8okXxQzPLcr+bU2cPmujpv8ILeQJkYH3T8BPq3mpCYF13yl/YGN5iJ770ozrlGbAgASMLr9wUCcO1fAMDc/QaBqkRYxYcPWhRFAADHcZZl1dXVBQIBmqaxj/TDHlsVVQDWBeA6yc0SIbY2IEHC6z+C64uyx4TgOtXNxdwlG7MgBnw/Xngfr+BvCrPENndcNxDh3L9+UCKk3/eCb+LBBQA41PtENm82PwQCgj0b1IUAzG5BIKZDfLNc4hpHgjnEWUUVHyJo0zQBAJqmaZoGIRQEQdd113Wr+TJVfBRQYK4vxIgEeL1G114DADAjzPXy2bbzvjkp7/UxYrw32eQGO+yG1x/UWXrD8e+lkP/jCd93GP/2t994vPs+RDg7geiXfwQAOOT7p/jcEEf8xcAc+4YJxIbgNTuehHCOTY8IAKzqhruKDx80y7LYESqKomVZruuWy2WKogRB+LDHVkUVwGKurcokIq75MxFJEICCgEAkjjPhPwHsCCUJ4hfRRHD9vQDhTFEAyLnrPvFLlte1hXv2d8Schf4XB32w8cNftvDe592/nFB6A00R6MbMlBu58IOOh0LvZdNruTvXQ61gThYoMecD5maZXkvIJa6b18S1kTs0cS2t95rzGeIzkNfeSyECEgTA/wECVHMRqvgogIYQIoQIgmBZ1nEchmE4jpMkCVuKVVTx4YJxELiWW4EIACgIKIhIBCgEKIhwIQSJALZbSATKAoIAECRwiDkpKjhpBQKcUDrLlLOpi7847pf+P+fVe//0bwO8XrCB5rz/uqn0ixOi6z/eYID9iszNf9+AHPBLbDqXdyGaE4u9PnhskMNf/qhrLIhmDXRAXv+lSbmz0VkK4f3Ktfdcm+1rzAgIHNxFH3RGq6jiPx8khBAAwDAMhJBhGE3TSJKssmAVHxEEXdpnUX6blg3Ely2fS4UoljNcWrUigiQDkjIc3gU8IHhAQN3gAEUhQAKCYRiSoW0AXYAohiYIgqZpraJyNEMRZLlcBiSBCAI6LgkI13aQCyVJoknSMgxspsy1nGZL5Yib4Gbjx7tMksSGKkIuJBCgSZIiCORCWfKQgLBtWxRFgiBs2xYEwXEcCCHP86qqMgyj6zpN0zd8ELqOm33uzcbpkMAmkE0gB0AHQAcgFyEIAKApkqYQAWzXdREEFAkpwoauwPHIhdBxGIpiaQYh5DgOQsh1XYQQBIAgCIQQhBBCCCAqOQaQOMgzKrR15FoU0JBjAtclgTsna5dEgETXiiyrqOJDB/3erzH+TXWnVsVHAaJJOA6ubaUs5FKWCyEA0AEkmM7OMAwDaIBYkiRJ3TTkmExatmU5NnAhYiBHExQFEIIQkq7L8hxLUBRBusiVZRmQpGkaPkEyTVNgWFVVy7ZDEIRP9pqmSVHU+3od8cbxvcDFuO8Fgg6EEOGqBYQoAAiEoOPi75iqKDZ0CYIwDIMgCEmSVKWCiRk6LsewJEmyLDv3GzrXjgTgBpP2/wyHAgQgCPQLfzK21TRNY3kOAAABAgRBUSQJAOG6lWJJEARAkoZpuggyHMdx3LUcAoIgAAER9kYDEhAAAIIhDdcELkQMAUgSIpJmeIHjtIp6fWNBXjMWr8/oBxp/FVX8OkCTJDnLef/H7W0VVfyGASF0HIegSIphIHRU5FAAWByQfF6jUkaSoBm6Q+g0w5SdiochGyqUACiSoU2KNAGAEBLYKCMIlqAIAABClmXxsmRcMwYhsh2v7EW2AwFACAkcX8wXJEn6QHkov4ogISIQAghQBEkBQECEEKJpimMZRVNplqFZRjN0gqJwtrbP5yuXy9hD49oOAOAaMWOWAgBct8P+HfPpApcgCJIABCZCnLyJkMCzCEGSoliWdwAybQsRgGUogQQcoBACDiAIQFIEASByHAevGwghgBBCgCQIgABBEALFuJaDEKJJ0nEczdIIRJq2RREkSQCAyLmyNeA/o1Kziir+46Ax7c26WWa5sGoRVvFRgMaQJiQYimBYQgOEBQHJIZeg83oe8gQgNIO2HOAIEk37AgXTqC2bjMiRPItIYDiWAx2WpmmaphzHtR3SRRQEjmVTrmu5NsfzSHNIF0HTBrbr8/sqlYqtGzRJgus1iBizL8ibZKfc7PtCESQkrsnC0YCgCAIQCCFo6YbX56MJkgQEQ137GhqazhAEz7I6RTmOQ9O067o0STnQRQjN5QwIACAIcHNhmZttZyFAJLr23muF7RABiFiK0g0dEQ4riQghVzMQSYiyLDO0phkWclmWJTnGcl3LNiGEJEsCACCEJABojsNWtFwIEM0wJEmbyOZ4GhLAtl1AkQiRxHWnKInIaxJx71eeUUUVv2HQBEFg//4sEYKbf6urqOI3DI2lTETQNKJJZJEIUoBhCAQQCUiOoXRTC3gE3YCOUvKFw5aueRm/BUFFNy0bQgawDE1RFA7OGabOsyxOB7Ndx7AtySMwCDIMpxXLuq6F/AHSRXpF9cleB7rgF2Vw19gPgusm1HtwM9eoDSGB0HVdU4QQohBACAAXItthacZ2HMswOIZFBNAMgyQpVVVJknRdF29JGYahEJxbzvQfoQ4CAVzgTiBEQEBBQEJEIIA0UyRphJBVViEBJJolaQoYtqU4DE0xNAsBAW2XpABFkIAEBALQhRBC4loCKIAAIRdKqu0CxPCkCWzkOILXQwlcqVwBAEACkADAOUX9ZHWZqeKjARoAMBvrxnRYZcEqPjpwAEIUDUjCtR3gQomhGRuYqhYRBSNbCdNkVJA0wzU004uMUNnxev2Wa5mORrqI5miCZR3H0TTNgyjHtP1ev2vboiBUgENA0nJsVzcl2UNCxLMctB2e41RNIxGAjjtXkgbM0s8H/HJA6FIEicNy0HEBQgQiaJKMBkPlSsXjkyuqqmia5PNajs1QlCRImUwmEokYhuHaNgTANM3ZuCBB/EKdBe9Z4U2EL25mETIUCSAiISIhTsEFNCBoRDA0LYqi4zglpQxIQhI8CICiUmYIyuORSYoq6hXVsmiOBTQNXXuuA4kkSQAI4LoIoSYxpKkV5FAa4TqaCgkKIWRoOi9LOGOURCSeWKq6zFTxkcEvESGag5vtcKuo4jcJwoUcQbGAQpZJWciHSMq0ClPZmekkqmjL58/Xz48RlUpjezsYnh
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921929",
"to_ids": false,
"type": "attachment",
"uuid": "5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"value": "Figure 1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921930",
"to_ids": false,
"type": "url",
"uuid": "cc591345-cc1f-4b60-ab71-cb45c398ba7d",
"value": "jcmi5n4c3mvgtyt5.onion"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543921930",
"to_ids": false,
"type": "url",
"uuid": "13479b70-b600-4fc6-b1da-eb567e08285f",
"value": "http://jcmi5n4c3mvgtyt5.onion/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Object describing the original file used to import data in MISP.",
"meta-category": "file",
"name": "original-imported-file",
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
"template_version": "2",
"timestamp": "1543921931",
"uuid": "94fdc615-b38e-4568-82de-7035d661e81c",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveFZvY2Ficz0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIiB4bWxuczpBcnRpZmFjdE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FydGlmYWN0T2JqZWN0LTIiIHhtbG5zOkZpbGVPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNGaWxlT2JqZWN0LTIiIHhtbG5zOk11dGV4T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjTXV0ZXhPYmplY3QtMiIgeG1sbnM6VVJJT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIiIHhtbG5zOldpbkV4ZWN1dGFibGVGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRXhlY3V0YWJsZUZpbGVPYmplY3QtMiIgeG1sbnM6V2luRmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkZpbGVPYmplY3QtMiIgeG1sbnM6bWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIiB4bWxuczp0bHBNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEiIHhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIgeG1sbnM6bWFlY0J1bmRsZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IiB4bWxuczptYWVjUGFja2FnZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLXBhY2thZ2UtMiIgeG1sbnM6bWFlY1ZvY2Ficz0iaHR0cDovL21hZWMubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOmluY2lkZW50PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4LW1hZWM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9leHRlbnNpb25zL01hbHdhcmUjTUFFQzQuMS0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi8iIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iICBodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvbW1vbi8yLjEvY3lib3hfY29tbW9uLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMi4xL2N5Ym94X2NvcmUueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FydGlmYWN0T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9BcnRpZmFjdC8yLjEvQXJ0aWZhY3RfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9NdXRleC8yLjEvTXV0ZXhfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1VSSU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvVVJJLzIuMS9VUklfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkV4ZWN1dGFibGVGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRXhlY3V0YWJsZV9GaWxlLzIuMS9XaW5fRXhlY3V0YWJsZV9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5GaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRmlsZS8yLjEvV2luX0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGF0YV9tYXJraW5nLzEuMS4xL2RhdGFfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90bHAvMS4xLjEvdGxwX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGVybXNfb2ZfdXNlLzEuMC4xL3Rlcm1zX29mX3VzZV9tYXJraW5nLnhzZCAgaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9sYW5ndWFnZS92ZXJzaW9uNC4xL21hZWNfYn
"deleted": false,
"disable_correlation": false,
"object_relation": "imported-sample",
"timestamp": "1543921931",
"to_ids": false,
"type": "attachment",
"uuid": "ce1896dc-ef47-433a-a758-d1bb3c0b6e6f",
"value": "MAR-10166283.r1.v1.stix.xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "format",
"timestamp": "1543921931",
"to_ids": false,
"type": "text",
"uuid": "32ef76bd-4567-49c6-8191-d5905d290f6b",
"value": "STIX 1.1.1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921931",
"uuid": "7d67e1af-621d-46c1-ae2d-8e82b7795081",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921931",
"to_ids": true,
"type": "md5",
"uuid": "55bdd943-11a7-44c7-b205-6ed0915599d3",
"value": "9202651c295369eb01cc7a10cd59adff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921932",
"to_ids": true,
"type": "sha1",
"uuid": "4334d6da-3f0b-499a-8185-7866fc6dd950",
"value": "ff2f511009b2813af9d12c6103206828560869db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921932",
"to_ids": true,
"type": "sha256",
"uuid": "25b7abc4-09fb-45b5-85ce-8b55baf3a95d",
"value": "594b9b42a2d7ae71ef08795fca19d027135d86e82bc0d354d18bfd766ec2424c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921933",
"uuid": "6558bca6-f000-4d75-9387-73a0c563d259",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921933",
"to_ids": true,
"type": "md5",
"uuid": "08844d15-2c73-4fd1-ac52-32891f711dc6",
"value": "1afc39b101a64c61b763fdf07fde1d55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921933",
"to_ids": true,
"type": "sha1",
"uuid": "226743b5-906b-4363-9b69-24b545567103",
"value": "89fe55d2669e6c995b9a0d9ed5d5aa404d20713b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921934",
"to_ids": true,
"type": "sha256",
"uuid": "5a75c022-f39f-46b7-9a7c-865fffb5b741",
"value": "427091e1888c2bf1f2e11a1010b3ab6c8634eda4ddc34d37202d401fbaa8989d"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921934",
"uuid": "58d8c50e-98eb-4dd0-ad20-a8016c61a1e0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921934",
"to_ids": true,
"type": "md5",
"uuid": "1be180b9-69ba-4dab-8fe6-46faf11b0164",
"value": "5b168ad87a0de81c443656cc144df29a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921935",
"to_ids": true,
"type": "sha1",
"uuid": "babb779e-c29a-4233-9018-bd163dd73739",
"value": "c3cf36abda1463dbe81dc7a7283c6a089c922071"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921935",
"to_ids": true,
"type": "sha256",
"uuid": "8f16af9d-2d3c-4f68-8c0c-9436da998622",
"value": "2b06d2abc87f51aa7b8451da16270003ceba57184b0dd5f244670873409c75b9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921936",
"uuid": "cd3a3681-483c-4703-9183-5eadf686e7ce",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921936",
"to_ids": true,
"type": "md5",
"uuid": "829451c8-03c9-4eb0-9df6-8338ca1898d5",
"value": "62e21431e87e8a21cf06319da7438f11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921936",
"to_ids": true,
"type": "sha1",
"uuid": "8f813f42-857e-4dd2-b862-1cd5682ece56",
"value": "a4708853f4a7e4e242a236a433e9b5e8593f1090"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921937",
"to_ids": true,
"type": "sha256",
"uuid": "938afab9-c501-4d8f-a537-5227aca7951c",
"value": "bc53f513df363dd999ac855b53831b3b31ac5516a4bf8f324489710cf06955f0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921937",
"uuid": "7e3ec1d9-6683-4c0c-8c22-6a23e389e481",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921937",
"to_ids": true,
"type": "md5",
"uuid": "2d188537-7a37-4cc5-bee1-3f9557e547f5",
"value": "f702153b68628eff973abb2912af0d22"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921938",
"to_ids": true,
"type": "sha1",
"uuid": "734813d3-2abd-4a60-b314-a2aba29b63fe",
"value": "138c3aae51e67db0c4134affae428fe91c0d1686"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921938",
"to_ids": true,
"type": "sha256",
"uuid": "108377a6-f03b-4067-88ba-63aee180e38e",
"value": "da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921939",
"uuid": "419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"referenced_uuid": "073fe05f-3c0b-41a9-9cdb-206bf91314cf",
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921955",
"uuid": "5c066123-7e04-464c-8e5c-4ca7950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921939",
"to_ids": false,
"type": "md5",
"uuid": "93b406bc-fa91-4b25-97ec-de744ae2096e",
"value": "9202651c295369eb01cc7a10cd59adff"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921939",
"to_ids": false,
"type": "sha1",
"uuid": "06b304c2-19f4-498e-96ef-c9b0e8907b92",
"value": "ff2f511009b2813af9d12c6103206828560869db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921939",
"to_ids": false,
"type": "sha256",
"uuid": "424c9873-faa4-4c79-a855-5f233f6600b8",
"value": "594b9b42a2d7ae71ef08795fca19d027135d86e82bc0d354d18bfd766ec2424c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1543921940",
"to_ids": false,
"type": "sha512",
"uuid": "98d85b2a-dfda-4d58-94db-e6cff91baf89",
"value": "547efea0c2407d1e2949e84fe107820a1efaab2eaddeaf60ceb8f23b53d635b7c86ceadb1e19c07432e51a3609d02f12aca99cb5e23b5d324febb67994f83a9c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1543921940",
"to_ids": false,
"type": "ssdeep",
"uuid": "fdf76eb4-1977-41e9-b492-acfb4bd79946",
"value": "6144:gXNGATWMK0AlJgQpQXFvr0Cn8wyrQ4EeGiEb53fSEnetKA:gjDoWiUFe+NPSEnQH"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1543921941",
"to_ids": false,
"type": "filename",
"uuid": "48711543-ec7f-489d-b899-0c58829da94e",
"value": "ss2.stubbin"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1543921941",
"to_ids": false,
"type": "mime-type",
"uuid": "e031a65d-6709-4eac-b207-c1217b85468e",
"value": "data"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921941",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a5d72eca-2df1-49c7-86ce-56730703374c",
"value": "278032"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921941",
"to_ids": false,
"type": "float",
"uuid": "71a3fa24-8912-4833-98db-68153b5e3a30",
"value": "7.99919"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921941",
"uuid": "073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"ObjectReference": [
{
"comment": "",
"object_uuid": "073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"referenced_uuid": "419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
2023-04-21 13:25:09 +00:00
"relationship_type": "contained-within",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921955",
"uuid": "5c066123-4590-4e31-9f3a-4149950d210f"
},
{
"comment": "",
"object_uuid": "073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"referenced_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
2023-04-21 13:25:09 +00:00
"relationship_type": "downloaded",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921955",
"uuid": "5c066123-59d0-4140-83e6-4c27950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921941",
"to_ids": false,
"type": "md5",
"uuid": "c12f63fc-8f50-467c-950a-21d4345a5626",
"value": "1afc39b101a64c61b763fdf07fde1d55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921941",
"to_ids": false,
"type": "sha1",
"uuid": "20060422-d0a4-484b-be6c-dc997c82ec02",
"value": "89fe55d2669e6c995b9a0d9ed5d5aa404d20713b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921942",
"to_ids": false,
"type": "sha256",
"uuid": "f5a41863-0e72-462e-bfae-eb5ede162b80",
"value": "427091e1888c2bf1f2e11a1010b3ab6c8634eda4ddc34d37202d401fbaa8989d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1543921942",
"to_ids": false,
"type": "sha512",
"uuid": "a3b49080-8183-40a9-9748-0f392aea3aa5",
"value": "35b066679ce733b0de20b79cb7570570164eb695307cbb96173bd7c4485b62a42e5b67caab8b9373e45b9cd9abe72ab0eb78960256420144b9f609c3734320f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1543921943",
"to_ids": false,
"type": "ssdeep",
"uuid": "ca54aa94-c8f3-445d-b14a-53d89d1cdbde",
"value": "1536:VLDPjQejqUjWMuX/28KIGsA/Nu4vlIXa5CjZwEclPcx6KtCNvmuxOfgQBAMyOk3t:V3Mexh8KIXAV9vOX6mz6ylgr"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1543921943",
"to_ids": false,
"type": "filename",
"uuid": "5e0ac803-fc90-4985-a5d4-8f8146b571ba",
"value": "ss2.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1543921943",
"to_ids": false,
"type": "mime-type",
"uuid": "900c4b0c-db02-4a33-9cdb-6567dfd9b543",
"value": "PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921943",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "73ccd43a-e141-44e7-86b3-653982a301cd",
"value": "278016"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921943",
"to_ids": false,
"type": "float",
"uuid": "62adc408-444a-42d1-bfa4-6422c5825a53",
"value": "4.757791"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921943",
"uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "01ac1fec-a06f-404f-aa99-f9b406aa02ee",
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-c9e0-4615-b16b-4444950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "7d433e27-4113-4693-a172-7608e37aab06",
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-1fd4-487f-9404-4bee950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "45842d35-5c7f-4e0c-9ef5-6eee797d6360",
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-5044-41a5-b9bf-41f2950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "0b59335d-7ace-4391-b5af-c7b62357f7cf",
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-91d0-449f-9526-4cb0950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "43216016-e16c-4036-aff5-cfad3a408f4e",
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-4e94-4fbe-aeb7-4afe950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "efcfaeb6-9680-4b3e-9044-90ac70803ad5",
2023-04-21 13:25:09 +00:00
"relationship_type": "created",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-922c-45b7-8ff1-48c8950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "073fe05f-3c0b-41a9-9cdb-206bf91314cf",
2023-04-21 13:25:09 +00:00
"relationship_type": "downloaded-by",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-d150-40a1-88ad-45e7950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "5e1d1941-44ba-4802-89bb-a4ae12a91c82",
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-ce90-4022-a261-4a78950d210f"
},
{
"comment": "",
"object_uuid": "ebb5a994-7d19-493f-96a1-93d61ceec288",
"referenced_uuid": "cc591345-cc1f-4b60-ab71-cb45c398ba7d",
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-effc-4405-a04a-48d3950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921943",
"to_ids": false,
"type": "md5",
"uuid": "6d146a0e-4dcf-452b-a0fc-f93310a09f4d",
"value": "074e52525d5ec2b2af8675477180b5f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921944",
"to_ids": false,
"type": "sha1",
"uuid": "766cd598-108d-4586-82f5-198c5248bb78",
"value": "631e5f4b9a3ba6855dd93dbdccb416337560491d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921944",
"to_ids": false,
"type": "sha256",
"uuid": "16326594-3ef4-4daf-b7cd-68939be0acc8",
"value": "a660cc6155b307c0957c4c6ea119a295a852d28097196d85f00f5517944a3dcb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1543921945",
"to_ids": false,
"type": "sha512",
"uuid": "12eaf826-61b5-4d60-a886-97a2681b7f7f",
"value": "16d5cab293ffe44a8bfe247fc8f60167741d4a44cb12542b378cf26b689abcff95065ab44e4725b2ab3e85295925faa695bce1159d06211c1bf971d437398414"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1543921945",
"to_ids": false,
"type": "ssdeep",
"uuid": "ffde2311-2fec-4d95-8a8b-de8a5042a6fc",
"value": "96:2RPS2X4/vpRMdu4JW4Qy06pZu42yNSSa/kZLCXWQJxZEzQx:GulKuwscsR5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1543921945",
"to_ids": false,
"type": "filename",
"uuid": "a7a275c9-f872-4075-ae8c-1d2a8a823371",
"value": "SORRY-FOR-FILES.html"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1543921945",
"to_ids": false,
"type": "mime-type",
"uuid": "5357310f-a6fe-4ba9-a758-1daf45c4059a",
"value": "HTML document, ASCII text, with very long lines, with no line terminators"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921945",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e821e99-3b1e-4dbd-a702-896201b71237",
"value": "3547"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921946",
"to_ids": false,
"type": "float",
"uuid": "a7cc2e57-01cd-4cd6-b2f9-69ce19f5e9de",
"value": "4.871033"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921946",
"uuid": "ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"referenced_uuid": "685afd26-9fcd-47ae-9bb8-837497b2de58",
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-8514-4b71-bd06-4f82950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921946",
"to_ids": false,
"type": "md5",
"uuid": "a1eecd5e-6ebf-41ec-b96a-25012c1f625f",
"value": "5b168ad87a0de81c443656cc144df29a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921946",
"to_ids": false,
"type": "sha1",
"uuid": "0d8f8577-bbd1-45a9-80b1-acb78dcdd075",
"value": "c3cf36abda1463dbe81dc7a7283c6a089c922071"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921946",
"to_ids": false,
"type": "sha256",
"uuid": "d02a85b2-6656-4af3-89c0-310d1ec08293",
"value": "2b06d2abc87f51aa7b8451da16270003ceba57184b0dd5f244670873409c75b9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1543921947",
"to_ids": false,
"type": "sha512",
"uuid": "1a73c2b2-b106-4e5e-bfa3-6f94e25013fe",
"value": "853eec13cba76de73361f1fb1e18d11ce3c1b9496f5e093d3050283643f569b659a5931b2092d8302cc8cfbfb69e4a6241461eed4c8931879818c4280af025cf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1543921947",
"to_ids": false,
"type": "ssdeep",
"uuid": "9d828dd0-4bea-4f75-901e-33aba1ac152d",
"value": "1536:YM84wQNIdSpfYy1wDcCxqwDcCxqwDcCxqwDcCxqwDcCxqwDcCxWAAPtR8XKvfOxx:R2dHD3DD3DD3DD3DD3DD3v"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1543921948",
"to_ids": false,
"type": "filename",
"uuid": "60af3179-e24b-4dc1-8a1a-0e90e9f9e9e5",
"value": "winnetuse.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1543921948",
"to_ids": false,
"type": "mime-type",
"uuid": "01abbd9a-d9fa-4dc2-ad33-0355519b8818",
"value": "PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921948",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "b5697a51-8e5b-4ded-88ad-01521ad8db22",
"value": "239104"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921948",
"to_ids": false,
"type": "float",
"uuid": "71d18e66-5b5b-4e62-996f-834e195f1f24",
"value": "5.041215"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921948",
"uuid": "685afd26-9fcd-47ae-9bb8-837497b2de58",
"ObjectReference": [
{
"comment": "",
"object_uuid": "685afd26-9fcd-47ae-9bb8-837497b2de58",
"referenced_uuid": "ba87eeb3-df09-4d10-812e-1256c3f2c50d",
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
2023-12-14 14:30:15 +00:00
"timestamp": "1543921956",
"uuid": "5c066124-bf68-4840-91f2-4e44950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921948",
"to_ids": false,
"type": "md5",
"uuid": "7c06ac38-41e0-46e1-bb97-7200ed7ead4e",
"value": "62e21431e87e8a21cf06319da7438f11"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921948",
"to_ids": false,
"type": "sha1",
"uuid": "e4d74b24-8ba3-453b-af9f-d75061367f13",
"value": "a4708853f4a7e4e242a236a433e9b5e8593f1090"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921949",
"to_ids": false,
"type": "sha256",
"uuid": "8360e310-80a7-4f7f-ab98-38c4acfb24ae",
"value": "bc53f513df363dd999ac855b53831b3b31ac5516a4bf8f324489710cf06955f0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1543921949",
"to_ids": false,
"type": "sha512",
"uuid": "092bbe31-00d7-4f11-b5dc-6e698379cdaa",
"value": "f2f60c6eb6d96c025a34eb58e175866e15a806f9ec805793676cc60ede00dbfd55b9ade816c6148235e4fc34c4c412d91ae873d324032f1dbd17b09a7a539233"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1543921950",
"to_ids": false,
"type": "ssdeep",
"uuid": "6ca4b636-66c6-4484-a631-d16217098efa",
"value": "6:JF1ZzANc4PgXsoFDVlAVyXHI+CIwZALICLA9X/1y/W:L1Jsc4PSJFDyyXo+Bb0L/1gW"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1543921950",
"to_ids": false,
"type": "filename",
"uuid": "f165d52d-a0ad-4af0-a724-bd16f69e2df0",
"value": "g04inst.bat"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1543921950",
"to_ids": false,
"type": "mime-type",
"uuid": "325f7341-446b-48e9-91ea-ab3f0b42077d",
"value": "ASCII text, with CRLF line terminators"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921950",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "2c355266-96b3-41a5-8aec-3de746ba9373",
"value": "267"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921950",
"to_ids": false,
"type": "float",
"uuid": "03add8c7-32b2-42aa-96e5-12549ebd4029",
"value": "4.884702"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1543921950",
"uuid": "dad20043-8913-4afa-92ba-cff12283824f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921950",
"to_ids": false,
"type": "float",
"uuid": "d9fe6e44-cc30-40db-bfbf-469837c22e18",
"value": "2.535489"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921950",
"to_ids": true,
"type": "md5",
"uuid": "8437bc0e-9ae7-441e-a654-2cfd7835cb01",
"value": "b85b73ffa6d2bc4679ee6ece174a93b1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921951",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1462f817-eb71-4f26-9dfc-8af55b8cf4db",
"value": "512"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1543921951",
"uuid": "ae01c9b0-1419-4a83-8c70-97790c4ce4a0",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921951",
"to_ids": true,
"type": "md5",
"uuid": "4e08fd07-3346-482f-ad85-37264e2c0613",
"value": "12fe3b15c663fe9ed9480c352f9bded3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921951",
"to_ids": false,
"type": "float",
"uuid": "5802bcb3-8618-4d14-afd4-c9478936504b",
"value": "5.048626"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1543921951",
"to_ids": false,
"type": "text",
"uuid": "e950da47-13af-486f-a114-c0a1580e730d",
"value": ".text"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921951",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "1090c057-514e-45c4-90e7-b743a6ba2294",
"value": "3072"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1543921951",
"uuid": "20483bab-be45-4f17-83b2-a3446b94d0dd",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921951",
"to_ids": true,
"type": "md5",
"uuid": "e6c370db-3b6e-4c18-bbf2-1d7bb2a10624",
"value": "9cf5eb0ba3d939001e41a98351a45be5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921952",
"to_ids": false,
"type": "float",
"uuid": "9940add1-16de-415a-a7ad-158744fda3e2",
"value": "2.577418"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1543921952",
"to_ids": false,
"type": "text",
"uuid": "85fd7bfa-8278-44dc-b2b3-559f1355ede4",
"value": ".rsrc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921952",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "f78790b9-8dee-4a34-b293-5fbb2b0d8ede",
"value": "1536"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a section of a Portable Executable",
"meta-category": "file",
"name": "pe-section",
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
"template_version": "2",
"timestamp": "1543921952",
"uuid": "240c0f80-fcda-4ba8-9035-777a892b73c8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921952",
"to_ids": true,
"type": "md5",
"uuid": "90469d8a-fa11-418a-ba44-81f1fdaea539",
"value": "8ef9498de2781e9f674c2727ab3546c6"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921952",
"to_ids": false,
"type": "float",
"uuid": "2f4129dd-0f3e-49f5-a7f4-55d1a19934d0",
"value": "0.081539"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "name",
"timestamp": "1543921952",
"to_ids": false,
"type": "text",
"uuid": "f9dff019-aaf7-4f00-bff6-b0dfec0e1b97",
"value": ".reloc"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921952",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "33d2bc49-b754-46cd-9f46-47510190f4b0",
"value": "512"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing a Portable Executable",
"meta-category": "file",
"name": "pe",
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"template_version": "3",
"timestamp": "1543921952",
"uuid": "34754e49-8e1e-4b82-a538-68c778a544f7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "34754e49-8e1e-4b82-a538-68c778a544f7",
"referenced_uuid": "dad20043-8913-4afa-92ba-cff12283824f",
"relationship_type": "header-of",
"timestamp": "1543921956",
"uuid": "5c066124-6f0c-4303-858f-4e3a950d210f"
},
{
"comment": "",
"object_uuid": "34754e49-8e1e-4b82-a538-68c778a544f7",
"referenced_uuid": "ae01c9b0-1419-4a83-8c70-97790c4ce4a0",
"relationship_type": "included-in",
"timestamp": "1543921956",
"uuid": "5c066124-f92c-4657-ab88-4559950d210f"
},
{
"comment": "",
"object_uuid": "34754e49-8e1e-4b82-a538-68c778a544f7",
"referenced_uuid": "20483bab-be45-4f17-83b2-a3446b94d0dd",
"relationship_type": "included-in",
"timestamp": "1543921957",
"uuid": "5c066125-cf5c-40e3-b5ad-497a950d210f"
},
{
"comment": "",
"object_uuid": "34754e49-8e1e-4b82-a538-68c778a544f7",
"referenced_uuid": "240c0f80-fcda-4ba8-9035-777a892b73c8",
"relationship_type": "included-in",
"timestamp": "1543921957",
"uuid": "5c066125-c97c-4e3b-bf4c-450c950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "internal-filename",
"timestamp": "1543921953",
"to_ids": true,
"type": "filename",
"uuid": "02839290-ae92-45be-a13f-9a091c7f9879",
"value": "sdgasfse.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "original-filename",
"timestamp": "1543921953",
"to_ids": true,
"type": "filename",
"uuid": "dc81117d-8baf-4c64-be72-82424b06c9cc",
"value": "sdgasfse.dll"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "number-sections",
"timestamp": "1543921953",
"to_ids": false,
"type": "counter",
"uuid": "1658d5c3-bf4e-4619-9dfb-c007c47e7619",
"value": "4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1543921953",
"uuid": "54ff7ca3-3736-4067-8eff-8ac9cbc938a1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "54ff7ca3-3736-4067-8eff-8ac9cbc938a1",
"referenced_uuid": "34754e49-8e1e-4b82-a538-68c778a544f7",
"relationship_type": "included-in",
"timestamp": "1543921957",
"uuid": "5c066125-fd0c-4e26-9cdf-46ec950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1543921953",
"to_ids": false,
"type": "md5",
"uuid": "cb16f0ae-c01f-4e01-868d-18ded343e392",
"value": "f702153b68628eff973abb2912af0d22"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1543921953",
"to_ids": false,
"type": "sha1",
"uuid": "49d5b6ca-67c2-41d8-9eb4-64b30b86617b",
"value": "138c3aae51e67db0c4134affae428fe91c0d1686"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1543921954",
"to_ids": false,
"type": "sha256",
"uuid": "1db0f157-bd30-4fc0-8c5b-43a739d72f77",
"value": "da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1543921954",
"to_ids": false,
"type": "sha512",
"uuid": "1979e3e3-b2d1-4f1f-a898-e639d0b8fa31",
"value": "7b5c3a6dcc30225874b70e9aa5df803d7796322e5c6654b0ace265b95b0134035384e113112a7a17b09e24dbceb71a22867424cfc1c660ec2ebb605583980dcd"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1543921954",
"to_ids": false,
"type": "ssdeep",
"uuid": "82effc3c-dc4d-4b0a-8bb1-f9889ada309e",
"value": "48:6/mWW45Rekl3tpEE4ln0LT8wVMM4W8i02+KU4AeyuNew0cxdn5Mla5GQ6bwN8ah:gBv3Z8we5i0/4Ae+2gMrG"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1543921955",
"to_ids": false,
"type": "filename",
"uuid": "18489847-3545-4dfb-bcb4-23e14901a00c",
"value": "sdgasfse.dll"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1543921955",
"to_ids": false,
"type": "mime-type",
"uuid": "5229d352-e86f-4280-9260-0aac58c7d30b",
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1543921955",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "0ef6f7b9-6a61-4a2d-a5a7-5d5112030b3f",
"value": "5632"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1543921955",
"to_ids": false,
"type": "float",
"uuid": "a6813ab8-4cc6-4cf8-99d2-09e4c4f1c5d1",
"value": "3.968484"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}