2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2018-11-27",
|
|
|
|
"extends_uuid": "5c065ec5-6ab0-4cc1-a032-bf18950d210f",
|
|
|
|
"info": "MAR-10219351.r1.v2 (SamSam ransomware)",
|
|
|
|
"publish_timestamp": "1544005104",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1544005098",
|
|
|
|
"uuid": "5c0661f7-77a0-4ec9-bdcf-d447950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "misp-galaxy:malpedia=\"SamSam\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "misp-galaxy:ransomware=\"Samas-Samsam\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1543922167",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "mutex",
|
|
|
|
"uuid": "9c22cd87-034c-4f13-b5b6-0b11ce921c19",
|
|
|
|
"value": "Global\\\u00e5\u2020\u00b0\u00c7\u00a3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing the original file used to import data in MISP.",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "original-imported-file",
|
|
|
|
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922167",
|
|
|
|
"uuid": "0b3ce6aa-7d13-4598-89df-292867dc711b",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveFZvY2Ficz0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIiB4bWxuczpGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIiB4bWxuczpNdXRleE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIiIHhtbG5zOldpbkV4ZWN1dGFibGVGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRXhlY3V0YWJsZUZpbGVPYmplY3QtMiIgeG1sbnM6V2luRmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkZpbGVPYmplY3QtMiIgeG1sbnM6bWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIiB4bWxuczp0bHBNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEiIHhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIgeG1sbnM6bWFlY0J1bmRsZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IiB4bWxuczptYWVjUGFja2FnZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLXBhY2thZ2UtMiIgeG1sbnM6bWFlY1ZvY2Ficz0iaHR0cDovL21hZWMubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOmluY2lkZW50PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4LW1hZWM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9leHRlbnNpb25zL01hbHdhcmUjTUFFQzQuMS0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi8iIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iICBodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvbW1vbi8yLjEvY3lib3hfY29tbW9uLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMi4xL2N5Ym94X2NvcmUueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9NdXRleC8yLjEvTXV0ZXhfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkV4ZWN1dGFibGVGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRXhlY3V0YWJsZV9GaWxlLzIuMS9XaW5fRXhlY3V0YWJsZV9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5GaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRmlsZS8yLjEvV2luX0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGF0YV9tYXJraW5nLzEuMS4xL2RhdGFfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90bHAvMS4xLjEvdGxwX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGVybXNfb2ZfdXNlLzEuMC4xL3Rlcm1zX29mX3VzZV9tYXJraW5nLnhzZCAgaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9sYW5ndWFnZS92ZXJzaW9uNC4xL21hZWNfYnVuZGxlX3NjaGVtYS54c2QgIGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9YTUxTY2hlbWEvbWFlYy1wYWNrYWdlLTIgaHR0cDovL21hZWMubWl0cmUub3JnL2xhbmd1YWdlL3ZlcnNpb240LjEvbWFlY19wYWNrYWdlX3NjaGVtYS54c2QgIGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9sYW5ndWFnZS92ZXJzaW9uNC4xL21hZWNfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2luY2lkZW50LzEuMS4xL2luY2lkZW50LnhzZCAgaHR0cDovL3N0aXgubW
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "imported-sample",
|
|
|
|
"timestamp": "1543922167",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "attachment",
|
|
|
|
"uuid": "95aeb609-955a-4d6d-a5a2-9f2ae2e99756",
|
|
|
|
"value": "MAR-10219351.r1.v2.stix.xml"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "format",
|
|
|
|
"timestamp": "1543922168",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "7aa3cc6a-0875-46ef-b9b1-ab72e318b8d9",
|
|
|
|
"value": "STIX 1.1.1"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1543922168",
|
|
|
|
"uuid": "2e42e17e-129e-4a50-8b85-e25017e4a200",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922168",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "8a5de25f-1d57-4c0f-a339-1272e72c02d9",
|
|
|
|
"value": "222d7fde37ae344824a97087d473cdcd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1543922168",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "34412382-5a69-4afe-9eec-f607db182fa7",
|
|
|
|
"value": "90205a2761ed7ac3b188230786ec2bebd30effba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1543922169",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "09f5afef-c21b-4118-8e3e-cad533587fa8",
|
|
|
|
"value": "5d65ebdde1aef8f23114f95454287e7410965288f144d880ece2a2b8c3128645"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1543922169",
|
|
|
|
"uuid": "51613051-81c4-4d8f-b654-9128d8855103",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922170",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "b082bd0d-bc8d-4be3-87e3-656b7a360394",
|
|
|
|
"value": "fe3ae84a8defc809e734bbd0736f82de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1543922170",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "491fea7d-a680-4c7b-af45-04066255a7dd",
|
|
|
|
"value": "04a2ea4c78f78d628800c0a5cb9547a0c0b14378"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1543922170",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "06f5962d-a49f-44ca-a5e1-221cf7204736",
|
|
|
|
"value": "d8d919d884b86e4d5977598bc9d637ed53e21d5964629d0427077e08ddbcba68"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922171",
|
|
|
|
"uuid": "b9f6c4b6-1431-4e3d-915a-2dc447d81df0",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922171",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "2a4e7fb4-85c8-4da3-bb1d-be93062d9444",
|
|
|
|
"value": "2.723403"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922171",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "bf4fd2d9-7ad0-4172-b4fa-12a0be895bc5",
|
|
|
|
"value": "5e1317af9956be12deebdea49aae14f5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922171",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "3dc62ee6-e861-4b05-8425-4d79c832f431",
|
|
|
|
"value": "512"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922171",
|
|
|
|
"uuid": "affa0461-629a-4426-bb76-4fa931bae09d",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922171",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "24b62f15-8d15-46e0-b1b0-92ea7e962a5c",
|
|
|
|
"value": "124120a6b861fdfff756e19a77a53e05"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922172",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "cf77c83f-9f13-47d8-98a9-361b15d1c38f",
|
|
|
|
"value": "4.695157"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "name",
|
|
|
|
"timestamp": "1543922172",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "7110ab48-dbd9-474c-a87f-5739d545da02",
|
|
|
|
"value": ".text"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922172",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "2775bd54-4637-4b2b-932e-b0573f245d89",
|
|
|
|
"value": "1020928"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922172",
|
|
|
|
"uuid": "a214b755-106e-4570-ac46-183981271166",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922172",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "34dd915c-7730-49ad-9623-a70be5b872be",
|
|
|
|
"value": "8a2d72fec9d2535440e0f83b59253f2b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922172",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "a35e6550-5ef3-4341-85c5-24d80395c9e7",
|
|
|
|
"value": "3.7223"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "name",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5708c09d-9b70-47e4-a405-00e1d08936c2",
|
|
|
|
"value": ".rsrc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "88a73596-5316-4d58-b275-12a8a9874310",
|
|
|
|
"value": "2560"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"uuid": "32245044-b56d-462f-923f-2aab9aec023a",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "e4c6abb2-d277-4c70-9a8d-47414a1e985a",
|
|
|
|
"value": "b227291feae10a83e762c2bc9d959a7f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "06cedfde-5502-45cf-b575-b3cd0f28c0eb",
|
|
|
|
"value": "0.10191"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "name",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "411ead27-c48b-460c-b9a1-b2226737fff6",
|
|
|
|
"value": ".reloc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "066a0728-c3a0-49b4-8860-e47df4427ddd",
|
|
|
|
"value": "512"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe",
|
|
|
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
|
|
|
"template_version": "3",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"uuid": "8168c6de-3598-40b0-af61-205f042834f9",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "8168c6de-3598-40b0-af61-205f042834f9",
|
|
|
|
"referenced_uuid": "b9f6c4b6-1431-4e3d-915a-2dc447d81df0",
|
|
|
|
"relationship_type": "header-of",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"uuid": "5c066204-f5dc-469e-aab3-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "8168c6de-3598-40b0-af61-205f042834f9",
|
|
|
|
"referenced_uuid": "affa0461-629a-4426-bb76-4fa931bae09d",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"uuid": "5c066205-9188-4a28-aee7-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "8168c6de-3598-40b0-af61-205f042834f9",
|
|
|
|
"referenced_uuid": "a214b755-106e-4570-ac46-183981271166",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-81ec-489a-bac3-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "8168c6de-3598-40b0-af61-205f042834f9",
|
|
|
|
"referenced_uuid": "32245044-b56d-462f-923f-2aab9aec023a",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-a05c-4a15-89be-d447950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "internal-filename",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "184eb52c-9324-4487-ba03-1bc61f012540",
|
|
|
|
"value": "prelecturedexe.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "original-filename",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "88b8c906-5e9f-4325-95da-4f8b4d136312",
|
|
|
|
"value": "prelecturedexe.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "number-sections",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "counter",
|
|
|
|
"uuid": "8ef77131-2579-431b-b20b-f79ef32d01eb",
|
|
|
|
"value": "4"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"uuid": "cf57100b-06e3-462b-baf1-71d4b0096983",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "cf57100b-06e3-462b-baf1-71d4b0096983",
|
|
|
|
"referenced_uuid": "8168c6de-3598-40b0-af61-205f042834f9",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-19d4-46ed-8bce-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "cf57100b-06e3-462b-baf1-71d4b0096983",
|
|
|
|
"referenced_uuid": "bb019b83-bcaa-4353-bf2e-ea2425d398de",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "related-to",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-4590-4f1b-bf12-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "cf57100b-06e3-462b-baf1-71d4b0096983",
|
|
|
|
"referenced_uuid": "9c22cd87-034c-4f13-b5b6-0b11ce921c19",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "created",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-2eb4-45e8-a9b9-d447950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922173",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "1d3dd9db-fa9a-4947-9af0-5262598ff12c",
|
|
|
|
"value": "222d7fde37ae344824a97087d473cdcd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1543922174",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "073eaf56-66d9-4d8c-8a2b-9058f1d9d207",
|
|
|
|
"value": "90205a2761ed7ac3b188230786ec2bebd30effba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1543922174",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "c86677a4-5944-404a-8d84-5205a43ea72e",
|
|
|
|
"value": "5d65ebdde1aef8f23114f95454287e7410965288f144d880ece2a2b8c3128645"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"timestamp": "1543922175",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha512",
|
|
|
|
"uuid": "d9c0b108-5000-4c0e-b6ad-410b75a31e4f",
|
|
|
|
"value": "177f25c2e454b5366719a5536e25dbf16ab5cb01b1886b18ea1477671651191cbf663cf1754990c618be1d7c36bf523aaac8528d94a1d49583213dc8a0dee98a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"timestamp": "1543922175",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ssdeep",
|
|
|
|
"uuid": "9c0daa3e-a29c-4917-9890-2f51f39ed5e4",
|
|
|
|
"value": "24576:PLvqxk7+y/4NmWPWKrbE6qqE56Hglx8zudJhTyGwcKe:+"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "d800f0e8-df12-42f9-87a4-fad55b5bceb0",
|
|
|
|
"value": "prelecturedexe.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "5a0f4e35-e82b-431a-9e3f-ca2049f3b121",
|
|
|
|
"value": "4.695794"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "45ab5474-58ae-47c2-81ca-6953eb6e84e6",
|
|
|
|
"value": "1024512"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "mimetype",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "mime-type",
|
|
|
|
"uuid": "3c07d39e-92e9-4964-9a89-107aff1bae64",
|
|
|
|
"value": "PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"uuid": "b0883323-1009-4304-b5b4-f6a365e3132a",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "9a3d2c33-5c76-45ef-b309-dae961c68a32",
|
|
|
|
"value": "2.714618"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "7f387429-26ea-40d6-9124-beca9ee4b6f1",
|
|
|
|
"value": "397b763d106b2f347c5a563922273551"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "d7709bd9-4aa8-466f-823c-2673253d311b",
|
|
|
|
"value": "512"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"uuid": "b7245318-b001-4969-a858-0bd38e20c62c",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922176",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "906b0979-b91f-4433-ba66-7e9b92d2b506",
|
|
|
|
"value": "ad25e96cae2016331129ec4643535822"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "e8bc8828-c00b-44b9-b825-dc15597fbe99",
|
|
|
|
"value": "4.650477"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "name",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "72c24a3d-bad4-4886-b1be-8b960c2bd91c",
|
|
|
|
"value": ".text"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "d54b329c-62d7-4857-8201-6c1cdf5d80de",
|
|
|
|
"value": "406528"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"uuid": "9510431d-6748-44fb-be9d-08dfb6db091a",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "aaf5c367-0af5-493f-b9b7-d36d0498a30f",
|
|
|
|
"value": "01784b876d14b1384491318f8fce07d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "4f38040b-ac33-4c44-9e3e-93fe954ea37f",
|
|
|
|
"value": "2.987471"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "name",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5b289d10-b74d-49bb-9b44-ff9ae4ee490d",
|
|
|
|
"value": ".rsrc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "cf253008-502f-4c44-84a8-52abe0239bf9",
|
|
|
|
"value": "2048"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe-section",
|
|
|
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"uuid": "1dd02ead-249e-41ed-a5c6-dd1ba5848048",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922177",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "76ff1b4c-b0c7-48f4-aa55-395a8787cad5",
|
|
|
|
"value": "816849886aa28e56db0cd065fae38897"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "8c68e2ea-cae1-4a9d-b6eb-84b8d9e7c99b",
|
|
|
|
"value": "0.10191"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "name",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "807b2427-d842-4e1a-a6bf-f1e895e07ece",
|
|
|
|
"value": ".reloc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "139dd827-4041-4680-b235-669a782ce34b",
|
|
|
|
"value": "512"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "Object describing a Portable Executable",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "pe",
|
|
|
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
|
|
|
"template_version": "3",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"uuid": "df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
|
|
|
|
"referenced_uuid": "b0883323-1009-4304-b5b4-f6a365e3132a",
|
|
|
|
"relationship_type": "header-of",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-c924-4285-bb89-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
|
|
|
|
"referenced_uuid": "b7245318-b001-4969-a858-0bd38e20c62c",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-d8c0-40c8-82ab-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
|
|
|
|
"referenced_uuid": "9510431d-6748-44fb-be9d-08dfb6db091a",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-a09c-4aec-8fba-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
|
|
|
|
"referenced_uuid": "1dd02ead-249e-41ed-a5c6-dd1ba5848048",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-1758-4dea-ab2d-d447950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "internal-filename",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "7fbed432-1aba-4f8d-8df9-b50ae6081945",
|
|
|
|
"value": "proteusdlll.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "original-filename",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "9b964521-e436-49dd-81b4-351eb9f3edf9",
|
|
|
|
"value": "proteusdlll.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "number-sections",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "counter",
|
|
|
|
"uuid": "d1741703-98e9-408c-b43d-00f5e26184ef",
|
|
|
|
"value": "4"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"uuid": "bb019b83-bcaa-4353-bf2e-ea2425d398de",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "bb019b83-bcaa-4353-bf2e-ea2425d398de",
|
|
|
|
"referenced_uuid": "df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
|
|
|
|
"relationship_type": "included-in",
|
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-c804-4cd7-a306-d447950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "bb019b83-bcaa-4353-bf2e-ea2425d398de",
|
|
|
|
"referenced_uuid": "cf57100b-06e3-462b-baf1-71d4b0096983",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "related-to",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1543922181",
|
|
|
|
"uuid": "5c066205-ae5c-4126-91c8-d447950d210f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1543922178",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "4e742a0b-58a7-41d0-b3e3-339ce7ec78da",
|
|
|
|
"value": "fe3ae84a8defc809e734bbd0736f82de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1543922179",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "68f5df90-e316-4977-9e3e-30542f539fda",
|
|
|
|
"value": "04a2ea4c78f78d628800c0a5cb9547a0c0b14378"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1543922179",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "bdcf6838-af76-4993-943b-d22c27cc80cc",
|
|
|
|
"value": "d8d919d884b86e4d5977598bc9d637ed53e21d5964629d0427077e08ddbcba68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"timestamp": "1543922179",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "sha512",
|
|
|
|
"uuid": "f60f5a76-7079-4b85-b3df-0cb8163dae8d",
|
|
|
|
"value": "9cb6ddb8a0b9329fe08fcf8a02d45c43222432d6e145f55deacb019f772970513d3ddfa589a002c0abf190fa8712d41e08aab51836685aed9bf30d118ea00a5e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ssdeep",
|
|
|
|
"uuid": "74bf76d4-aed6-4efe-8e4a-0e5cc3c3fab4",
|
|
|
|
"value": "3072:Sa6J+OIazQ94ZPaqa7YHmIZwUSToQemTIC6:A+OIa094ZPRakH/+USE"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "filename",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "000ae8b0-c900-426b-9a36-0d1a4a95bee2",
|
|
|
|
"value": "proteusdlll.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "float",
|
|
|
|
"uuid": "d623d90b-d126-4285-b92c-80914246f675",
|
|
|
|
"value": "4.645654"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"uuid": "3b4ef859-c51b-4ecf-b6fe-4502f0f852b0",
|
|
|
|
"value": "409600"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "mimetype",
|
|
|
|
"timestamp": "1543922180",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "mime-type",
|
|
|
|
"uuid": "8311b420-dcdf-406d-ac78-499ca4a3228a",
|
|
|
|
"value": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|