2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2019-04-22",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT - Nueva campa\u00c3\u00b1a del grupo ruso TA505 dirigida a Chile y Argentina. #ServHelper",
|
|
|
|
"publish_timestamp": "1555920571",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1555920412",
|
|
|
|
"uuid": "5cbd7391-72f0-4905-a438-428102de0b81",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "misp-galaxy:threat-actor=\"TA505\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0071c3",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0087e8",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#00223b",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919777",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd73a2-b97c-4e99-b1fc-4a5402de0b81",
|
|
|
|
"value": "https://medium.com/@1ZRR4H/nueva-campa%C3%B1a-del-grupo-ruso-ta505-dirigida-a-chile-y-argentina-servhelper-1dc3bfbff0c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-69a8-4d14-baf1-499402de0b81",
|
|
|
|
"value": "canyoning-austria.at/dashost"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-3b2c-4cf8-92f1-4f7802de0b81",
|
|
|
|
"value": "profan.es/dashost"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-b9b0-4164-bc9a-4bf802de0b81",
|
|
|
|
"value": "kerrison.com/dashost"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-5134-4712-a2d6-480102de0b81",
|
|
|
|
"value": "globe-trotterltd.com/dashost"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-454c-4592-95e6-46dc02de0b81",
|
|
|
|
"value": "195.123.227.20/dashost"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-1da8-4680-b28e-4e1002de0b81",
|
|
|
|
"value": "http://houusha33.icu/jquery/jquery.php"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-8a98-49b2-8a25-4ea202de0b81",
|
|
|
|
"value": "http://joisff333.icu/jquery/jquery.php"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "5cbd73c0-d208-4a04-b984-4c4602de0b81",
|
|
|
|
"value": "http://91.201.67.96/cyf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5cbd73c0-5028-425f-86c7-478e02de0b81",
|
|
|
|
"value": "66.232.130.161"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919808",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "5cbd73c0-00ac-41d6-9513-4d4102de0b81",
|
|
|
|
"value": "195.123.227.79"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-3aac-471f-bd19-4ab602de0b81",
|
|
|
|
"value": "%WINDIR%\\Installer\\MSI3DA2.tmp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-ce0c-438a-942b-4ee902de0b81",
|
|
|
|
"value": "64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-d580-4456-a5ca-475202de0b81",
|
|
|
|
"value": "%WINDIR%\\Installer\\MSI419D.tmp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-6fb8-4055-9ba6-474602de0b81",
|
|
|
|
"value": "7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-de54-442c-a322-4f7e02de0b81",
|
|
|
|
"value": "%TEMP%\\nsu4228.tmp\\ns4229.tmp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-6fe8-4c75-b4a6-45e802de0b81",
|
|
|
|
"value": "79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-1bd8-4bf5-b02c-4cb502de0b81",
|
|
|
|
"value": "%TEMP%\\nsu4228.tmp\\nsExec.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-af2c-4136-8e4d-409c02de0b81",
|
|
|
|
"value": "b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-47f8-4911-b957-4e2602de0b81",
|
|
|
|
"value": "%TEMP%\\repotaj.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-5c18-468d-ab34-498102de0b81",
|
|
|
|
"value": "fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-6a5c-4822-8777-4a0a02de0b81",
|
|
|
|
"value": "%WINDIR%\\Installer\\MSI777D.tmp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-bcfc-4824-a499-425302de0b81",
|
|
|
|
"value": "75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73dd-4390-4a98-9a65-492302de0b81",
|
|
|
|
"value": "%WINDIR%\\Installer\\MSI7D8B.tmp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73dd-fb5c-49ed-af22-41a602de0b81",
|
|
|
|
"value": "843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73de-e6dc-4dcd-83fd-456102de0b81",
|
|
|
|
"value": "%TEMP%\\nsl7E55.tmp\\nsExec.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73de-1ba8-426f-b998-48e002de0b81",
|
|
|
|
"value": "%TEMP%\\pegas.dll"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5cbd73de-7c74-450a-8290-494802de0b81",
|
|
|
|
"value": "9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "5cbd73de-ce04-4fc5-9616-435302de0b81",
|
|
|
|
"value": "%TEMP%\\nsl7E55.tmp\\ns7E66.tmp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920412",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd7456-69a4-4301-97d6-446e02de0b81",
|
|
|
|
"value": "https://app.any.run/tasks/804f1ace-cd13-48b6-8b9a-87a983cfce5a",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#005795",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"automatic-analysis\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920412",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd7456-1df0-46c1-88c0-49dd02de0b81",
|
|
|
|
"value": "https://app.any.run/tasks/1546da9a-d3b0-4e2d-a1e7-90c58b54b134",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#005795",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"automatic-analysis\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920412",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd7456-c4f4-4727-9bf2-468902de0b81",
|
|
|
|
"value": "https://app.any.run/tasks/5d68c43e-15b2-48c0-bcbe-2a60f3112639",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#005795",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"automatic-analysis\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920381",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd747a-c9dc-4ae2-9b67-4add02de0b81",
|
|
|
|
"value": "https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00223b",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920382",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd747a-8040-41b7-b544-463102de0b81",
|
|
|
|
"value": "https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00223b",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920381",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd747a-ed34-4317-b5f9-429e02de0b81",
|
|
|
|
"value": "https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00223b",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1555920382",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5cbd747a-45d8-4b70-82c1-415802de0b81",
|
|
|
|
"value": "https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/",
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#00223b",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Object": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "867e47bb-adf7-4381-8be6-79dbf5b5e71f",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "867e47bb-adf7-4381-8be6-79dbf5b5e71f",
|
|
|
|
"referenced_uuid": "b0f25fa4-e9f8-4d03-b5f8-12232b08aeec",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "5cbd742b-444c-4576-96c4-448302de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "696d127e-c5ac-4ab1-a992-4b195695b815",
|
|
|
|
"value": "e2347a65b30ccc5b2c4230daaeefb897"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "09d7b67a-cc27-4c47-8966-602176654a16",
|
|
|
|
"value": "64c7047898371e81bfc58b8fda6da7892a92108d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "9f060858-1d40-40c6-8480-dafe3d08b690",
|
|
|
|
"value": "79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "b0f25fa4-e9f8-4d03-b5f8-12232b08aeec",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "2872b77c-20e0-45c0-b8fb-449e42a8cbc4",
|
|
|
|
"value": "2019-04-20T08:04:42"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "a9d51e83-3cf6-4cb5-b0bb-68a7f55d6a1a",
|
|
|
|
"value": "https://www.virustotal.com/file/79fd3041ab85e378839d2e3cf155fc91a2d541304d209f5d1d57ac7d791190ec/analysis/1555747482/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "a2840024-acc7-4c8a-84ff-2032ad1920b7",
|
|
|
|
"value": "2/71"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "c3404a75-0222-4173-a99c-60c536dc87d7",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "c3404a75-0222-4173-a99c-60c536dc87d7",
|
|
|
|
"referenced_uuid": "764657dd-1a00-429d-895f-7c1f6c74eb9d",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "5cbd742b-5e1c-445a-a544-41dd02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "5ee3d127-cc55-4ba8-afd1-8351c49f55a3",
|
|
|
|
"value": "1f49d8af9be9e915d54b2441c4a79adf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "1cda3d3c-fca9-4f88-aa0f-36a4163d0f72",
|
|
|
|
"value": "1ee4f809c693e31f34bc6d8153664a6dc2c3e499"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "8eecab72-a675-4729-b5df-74697c6ee080",
|
|
|
|
"value": "b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "764657dd-1a00-429d-895f-7c1f6c74eb9d",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "9478771f-ebde-47ad-947f-6653868b43c7",
|
|
|
|
"value": "2019-04-16T07:40:38"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "5e7f9759-3199-4c01-ab49-772bfc783dc7",
|
|
|
|
"value": "https://www.virustotal.com/file/b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782/analysis/1555400438/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "77aa48f9-ee53-4b88-bfd4-2cff08cb987b",
|
|
|
|
"value": "0/69"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "e4348e28-8e87-413d-8e10-f163befd21f8",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "e4348e28-8e87-413d-8e10-f163befd21f8",
|
|
|
|
"referenced_uuid": "8dc3390e-0e31-4519-861b-46753f4a7724",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919916",
|
|
|
|
"uuid": "5cbd742c-bfe4-4797-8810-427902de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "fce219cb-b014-45e1-a4ac-f997ffcfae2e",
|
|
|
|
"value": "4a8198fca604a78dd210803aebd5cbba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "80632ed0-b83a-430d-831c-b91689bf9a4b",
|
|
|
|
"value": "06f232210e507f09f01155e7d0cb5389b8a31042"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "68a38504-6d11-412b-8f74-06c790a4c6f6",
|
|
|
|
"value": "9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "8dc3390e-0e31-4519-861b-46753f4a7724",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "296b39c0-8c18-48de-951a-875ebd5df7c9",
|
|
|
|
"value": "2019-04-19T13:34:35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "a8e091a7-599d-4c76-984e-68c366c8ecb6",
|
|
|
|
"value": "https://www.virustotal.com/file/9dc1381816b8b18aead256bdc05486171968abbc6ff01766088fbfe7badd194e/analysis/1555680875/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919838",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "ff153d9d-15f1-4e2f-8821-ea5f6d40212e",
|
|
|
|
"value": "39/71"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "65feef59-f0fd-4662-817d-27c02ac07886",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "65feef59-f0fd-4662-817d-27c02ac07886",
|
|
|
|
"referenced_uuid": "54adb423-5c15-424e-bc70-e6467f11fa55",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919916",
|
|
|
|
"uuid": "5cbd742c-1a3c-4eb7-82b7-42d402de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "cd818222-1dcc-49c0-9d34-9a1b98cf17d2",
|
|
|
|
"value": "a8024347a2bb59bd5cfbde2311f16a20"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "f7f3eb04-7c07-447b-a095-08a7c0ad5b4f",
|
|
|
|
"value": "8ab7dd5b6583f2ff847a970deb591a34a230fa81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "5898c044-0c42-42fd-b77e-efe9e06022de",
|
|
|
|
"value": "64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919914",
|
|
|
|
"uuid": "54adb423-5c15-424e-bc70-e6467f11fa55",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "4b216a59-481f-4845-af8f-3138132c3eee",
|
|
|
|
"value": "2019-04-22T00:20:43"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "1ad96739-a571-4915-a14c-1a140c5a29de",
|
|
|
|
"value": "https://www.virustotal.com/file/64d48cde2de91849a414a86ad342a157288e7f6e58d7e58de1d077b9737e6dd8/analysis/1555892443/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "9c5cae44-8305-4195-88cb-f11ac62651e4",
|
|
|
|
"value": "28/54"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "effbb231-e3e3-46a3-8749-115ffc451f75",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "effbb231-e3e3-46a3-8749-115ffc451f75",
|
|
|
|
"referenced_uuid": "cfc10358-f02b-4f0b-83d4-92776013927b",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919916",
|
|
|
|
"uuid": "5cbd742c-c574-4b76-a5ed-45da02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "2547da14-7ef8-4e17-960a-f85bd3fd53d8",
|
|
|
|
"value": "4ca90e372982c864b8eae6d95161a213"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "afd8829d-65bc-4a13-b24c-933ef9d0ee5f",
|
|
|
|
"value": "ad35fa0b3799562931b4bfa3abd057214b8721ff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "7c52306d-313d-471f-9276-ad923c9cabe3",
|
|
|
|
"value": "843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "cfc10358-f02b-4f0b-83d4-92776013927b",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "d9399e02-1c95-4d3c-a3f9-aff3d110e29b",
|
|
|
|
"value": "2019-04-22T04:38:01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "dc01f50c-1875-4765-bf0c-6b67b07bae6a",
|
|
|
|
"value": "https://www.virustotal.com/file/843578299d9e60e52f781ca487aa83f5df4c5f4ca71d3a941a8ea249476c5c3c/analysis/1555907881/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "b128e9ae-2522-447a-bc5d-9038e98e83de",
|
|
|
|
"value": "41/67"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "1eed6e2d-c5e6-4150-8ccd-d3bc96796553",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "1eed6e2d-c5e6-4150-8ccd-d3bc96796553",
|
|
|
|
"referenced_uuid": "3c563bb6-6ef9-4565-b392-ee9f00d5ff07",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919916",
|
|
|
|
"uuid": "5cbd742c-6680-44fd-b9ba-4dc002de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "9e60bc01-a027-4e3e-8f11-fa960a875bf2",
|
|
|
|
"value": "2f05a4a116a3b152c2a5eabf048f43e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "5f847e0a-d450-4657-a829-e33e5ecb81aa",
|
|
|
|
"value": "d18ef08bf13de20442613a899c4cd07b96d27f8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "3df27d78-09e7-44ad-b5cd-c4c691a5bee2",
|
|
|
|
"value": "fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "3c563bb6-6ef9-4565-b392-ee9f00d5ff07",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "d58e5a6b-3da3-4ccb-a166-473ca9de5928",
|
|
|
|
"value": "2019-04-21T04:19:37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "fd8b3cb3-390f-45c1-9336-f0907da82030",
|
|
|
|
"value": "https://www.virustotal.com/file/fd2516f5a8dd9eaddac65f4bd8ae4ed6cba9e115ebe88c3f6d2f5e2cdd5e20a6/analysis/1555820377/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "653716ec-3a07-4e78-8df5-300768b2ca6f",
|
|
|
|
"value": "32/65"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "301a91c9-b7e0-4a0c-9294-c4c998ef4833",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "301a91c9-b7e0-4a0c-9294-c4c998ef4833",
|
|
|
|
"referenced_uuid": "c6c7b545-e03a-4539-8f5c-214bf4702bdf",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919916",
|
|
|
|
"uuid": "5cbd742c-3c6c-4495-a42a-455d02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "24a4266f-b963-4c4c-908a-12df72adb4a4",
|
|
|
|
"value": "329d3e86fb9fca6a656742c6aa8ee13e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "0694e903-6c52-4f82-88c0-aef0bf673c4d",
|
|
|
|
"value": "6c76baa8f4f45f5d68b00f88847d42b99fd896e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "dd481045-dd5c-4090-b856-6f833937b76f",
|
|
|
|
"value": "7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "c6c7b545-e03a-4539-8f5c-214bf4702bdf",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "8e3a6c60-4adf-4a24-a9a5-849ea01b718a",
|
|
|
|
"value": "2019-04-21T03:35:28"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "4b6b23d6-7a81-40de-ae0a-d3beda6b01b8",
|
|
|
|
"value": "https://www.virustotal.com/file/7b2c826503c671dfcb7f28c7631a27538cd984e1ca5c76ab932fbd37afe4ce50/analysis/1555817728/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "bcec37f0-fe53-4db7-b109-04b9c34f1ccc",
|
|
|
|
"value": "37/68"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"name": "file",
|
|
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"template_version": "15",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "b4a8764f-f7fc-4571-9b2b-bc9f3283ca04",
|
|
|
|
"ObjectReference": [
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"object_uuid": "b4a8764f-f7fc-4571-9b2b-bc9f3283ca04",
|
|
|
|
"referenced_uuid": "7ff4854a-c7d8-4af1-8173-0cdf26b50991",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-12-14 14:30:15 +00:00
|
|
|
"timestamp": "1555919916",
|
|
|
|
"uuid": "5cbd742c-767c-41a8-888a-44bd02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "md5",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "d83d8c14-551b-42fc-ba82-231858238083",
|
|
|
|
"value": "2c0b36a448fe7131cfb4fbc1a960da2b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "9bc8e074-5d40-4aeb-a81b-d98549db3eaf",
|
|
|
|
"value": "a99e98129f380b8e60f7005b21db2b79edd66dc4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "ad0e7d7b-6cec-4b75-9e2a-7d19522a6fab",
|
|
|
|
"value": "75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"description": "VirusTotal report",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "virustotal-report",
|
|
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
|
|
"template_version": "2",
|
|
|
|
"timestamp": "1555919915",
|
|
|
|
"uuid": "7ff4854a-c7d8-4af1-8173-0cdf26b50991",
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "datetime",
|
|
|
|
"uuid": "b80e6745-fd52-427a-a191-2b39e1bd91bc",
|
|
|
|
"value": "2019-04-15T15:05:01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "87f84fda-1348-4d28-9f69-7bc895c36a71",
|
|
|
|
"value": "https://www.virustotal.com/file/75708412609376b75e821d0d200ba6aec495b80629c7293d0bd1c9484c0f1c36/analysis/1555340701/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"timestamp": "1555919837",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "7be490c9-16be-4efd-84ca-cedde0d3165f",
|
|
|
|
"value": "28/60"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|