misp-circl-feed/feeds/circl/misp/b6ae21ad-670a-4c81-a61f-78d76ae3bdfa.json

3774 lines
132 KiB
JSON
Raw Permalink Normal View History

2024-08-07 08:13:15 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-06-22",
"extends_uuid": "",
"info": "The Golden Tax Department and the Emergence of GoldenSpy Malware",
"publish_timestamp": "1702644777",
"published": true,
"threat_level_id": "4",
"timestamp": "1702644765",
"uuid": "b6ae21ad-670a-4c81-a61f-78d76ae3bdfa",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:country=\"china\"",
"relationship_type": "targets"
},
{
"colour": "#053a00",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1701956070",
"to_ids": true,
"type": "url",
"uuid": "525ac4e2-92ac-446a-8130-0dfbe5ac0ede",
"value": "http://upgrade.i-xinnuo.com"
},
{
"category": "Network activity",
"comment": "Ports used for svm.exe network traffic.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1702368310",
"to_ids": false,
"type": "port",
"uuid": "7cf786d3-1687-4276-a71e-03a00f8c527f",
"value": "9005"
},
{
"category": "Network activity",
"comment": "Ports used for svm.exe network traffic.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1702368312",
"to_ids": false,
"type": "port",
"uuid": "9870518f-225b-4215-b9c6-6ef8a6a250cb",
"value": "9006"
},
{
"category": "Network activity",
"comment": "Used by updater service to request a link to download svm.exe.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1702368318",
"to_ids": false,
"type": "port",
"uuid": "8768e6c6-c703-48a6-9001-77aba7921f96",
"value": "9002"
},
{
"category": "Network activity",
"comment": "While we didn\u2019t observe this directly in our analysis, there are indicators on public scan sites that svm is downloaded over this port in some circumstances.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1702368333",
"to_ids": false,
"type": "port",
"uuid": "e85e5781-0cb7-48fe-b710-26e2c3c6bca4",
"value": "8090"
},
{
"category": "Network activity",
"comment": "WebSocket established by Golden Tax software on installation.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1702368345",
"to_ids": false,
"type": "port",
"uuid": "865b179b-37d2-4c6d-b43a-8bcaba2ffb6c",
"value": "33666"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701175457",
"uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1701175457",
"to_ids": true,
"type": "hostname",
"uuid": "b6240cce-b919-46a5-915a-df81cb2394d1",
"value": "www.ningzhidata.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701175467",
"uuid": "b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1701175467",
"to_ids": true,
"type": "ip-dst",
"uuid": "1e296717-1997-4567-ae8a-413f8b34d274",
"value": "223.112.21.2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701175501",
"uuid": "69e13243-e7e0-4726-a10a-01fd046ded89",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1701175501",
"to_ids": true,
"type": "ip-dst",
"uuid": "3b25e3e0-b251-45a9-a796-269a757aca40",
"value": "42.56.76.93"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701175522",
"uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1701175522",
"to_ids": true,
"type": "domain",
"uuid": "23087444-d6ea-4081-ba69-5630d6a0bbc1",
"value": "ningzhidata.com"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701175536",
"uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1701175536",
"to_ids": true,
"type": "ip-dst",
"uuid": "5492931e-2970-4160-ac85-3dbeab7daa55",
"value": "49.232.156.177"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701176005",
"uuid": "99bd5142-86d7-44d9-a1b9-c214a5eb64f9",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1701176005",
"to_ids": true,
"type": "ip-dst",
"uuid": "00e2a2b2-e849-4045-8190-3d5fe7c427a0",
"value": "59.83.204.14"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701176013",
"uuid": "a1913402-5d6f-4fd1-b158-17c06372b82e",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1701176013",
"to_ids": true,
"type": "ip-dst",
"uuid": "c482e426-9089-408b-84b7-56b55bd07684",
"value": "124.152.41.85"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701336121",
"uuid": "a061ac22-6146-43e0-b80a-1242186ce324",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701336121",
"to_ids": true,
"type": "sha256",
"uuid": "acf3480a-ee44-48ae-a815-b61cf3aecec9",
"value": "534da7cf722968de28eceff23e2924e180bf2c59f3852fb58a4653f8a54fa69a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701336121",
"to_ids": false,
"type": "datetime",
"uuid": "70019c8e-4106-4ec9-9670-884db0db8ffe",
"value": "2020-03-27T02:53:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701337033",
"uuid": "30195ad0-624f-4596-9d38-f297186985f4",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701337033",
"to_ids": true,
"type": "sha256",
"uuid": "7454969f-900d-44fc-80dc-696af758b9f6",
"value": "6366f009e4c0303d7f5ba0bb6a529039618ff8715972713c3b6645d1aef3d4c1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701337033",
"to_ids": false,
"type": "datetime",
"uuid": "bf4c2269-e79f-4cbd-9676-8e1e340b64c2",
"value": "2020-03-27T03:10:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701337054",
"uuid": "e1b6ab63-47f0-4397-9ec5-d4db06cc1b0f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701337054",
"to_ids": true,
"type": "sha256",
"uuid": "9ab7086d-77d7-4374-952b-b698e0da912e",
"value": "68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701337054",
"to_ids": false,
"type": "datetime",
"uuid": "59843260-1898-49a5-a4dd-fcfdd43e1f58",
"value": "2020-03-27T02:53:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701337100",
"uuid": "2e14ffc4-b52c-462c-b75c-5769dd873b3c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701337100",
"to_ids": true,
"type": "sha256",
"uuid": "3c4ccb03-a5a7-490e-93b6-6feed84892f5",
"value": "323d0cf9ac1c750761f66482154dbd3144dae7336c955a4576cb4cce6438a6ba"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701337100",
"to_ids": true,
"type": "filename",
"uuid": "4b35c168-c6b3-461c-83f0-b49a4312ce33",
"value": "dgb.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701337100",
"to_ids": true,
"type": "filename",
"uuid": "1e902319-894d-472e-a235-4a68c2cbd72f",
"value": "dga.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701337100",
"to_ids": false,
"type": "datetime",
"uuid": "3b535d9f-2285-4fda-8083-06917dec05b5",
"value": "2020-03-27T03:05:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701337149",
"uuid": "91755780-edb5-4184-a85a-8038b21037a9",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701337149",
"to_ids": true,
"type": "sha256",
"uuid": "46df89be-1cac-4864-9624-2a118227e8e5",
"value": "67316d574d0e05549bf314b4764842e2b598f2ffae1ac82123b3dd592f605751"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701337149",
"to_ids": true,
"type": "filename",
"uuid": "8eed7318-c174-4068-8bdb-b7e506be30b5",
"value": "svm.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701337149",
"to_ids": true,
"type": "filename",
"uuid": "7e2e3562-2f75-4ba5-ac84-3e74f74ee0f0",
"value": "svmm.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701337149",
"to_ids": false,
"type": "datetime",
"uuid": "a2b98308-2097-4c20-ac69-353178a3d4f7",
"value": "2020-03-27T03:06:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701337184",
"uuid": "d42c7cfa-02c3-417a-8fda-d78beedcb5be",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701337184",
"to_ids": true,
"type": "sha256",
"uuid": "18a208c9-3665-4b22-9b49-454372a2b145",
"value": "a8169c566bf4566c6c4ba98ce7f9ecf143ae6c21dc0d7b15779c936e1ff60269"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701337184",
"to_ids": true,
"type": "filename",
"uuid": "b6d585a5-737b-4c34-b82a-fd86aed6ccf3",
"value": "svm.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701337184",
"to_ids": true,
"type": "filename",
"uuid": "eaef9aa2-799a-4d86-b827-cce9539d39d7",
"value": "svmm.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701337184",
"to_ids": false,
"type": "datetime",
"uuid": "d7d9625d-85e8-483b-94a9-070083c9252f",
"value": "2020-04-07T08:44:00+00:00"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701781786",
"uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701781759",
"uuid": "4dd56758-dc01-469f-b3d2-c2c8dd87ab09"
},
{
"comment": "",
"object_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701781771",
"uuid": "2d1eeda0-3e67-4ed9-861f-7f9e3ab4f6e4"
},
{
"comment": "",
"object_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701781786",
"uuid": "a5987acb-3d5c-4295-988d-02b95ccf616b"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351844",
"to_ids": true,
"type": "sha256",
"uuid": "cb85d9e2-b7c5-4857-a630-dfa511e61b8a",
"value": "20932b2151de5f0dc5c1159fbc1d2d004f069bb04d32d66dc7fa5b7b9eac1aa7"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351844",
"to_ids": false,
"type": "datetime",
"uuid": "dd395ba4-83f2-4993-9b63-ec1566a2dae8",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351844",
"to_ids": true,
"type": "filename",
"uuid": "143ebe6d-921f-4d7e-94c0-6160521db92e",
"value": "svminstall.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351844",
"uuid": "9a2b3b20-3490-4963-8e55-8a78269c262c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351844",
"to_ids": true,
"type": "sha256",
"uuid": "bb64e435-bc11-404f-8ae4-e16ae31fa027",
"value": "2878ad6d386bc3fd9f0625195a3a60fc5056ff7ff24e57cf466e54af07d0217e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351844",
"to_ids": false,
"type": "datetime",
"uuid": "287d3fcd-0d39-4ff2-9089-eda4f8f5fc31",
"value": "2020-03-27T03:05:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351844",
"to_ids": true,
"type": "filename",
"uuid": "fd9e1953-0fb4-481e-a49a-37d5a2ab6642",
"value": "0750e344e12de0b653de4e7d600d00c2.virus"
}
]
},
{
"comment": "Zip archive containing malicious code",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701779855",
"uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701779838",
"uuid": "e4735913-6296-467a-ac58-c57fc0147e95"
},
{
"comment": "",
"object_uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7",
"referenced_uuid": "b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"relationship_type": "communicates-with",
"timestamp": "1701779855",
"uuid": "ca2b3730-8f85-492a-a245-3cbfd1736f01"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351844",
"to_ids": true,
"type": "sha256",
"uuid": "0d697e6a-3ef0-47b7-b89f-7508ff2ae028",
"value": "2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "7609179e-4227-4071-a4dd-53dd972ef8d6",
"value": "2020-05-07T22:21:26+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "743af76d-37b7-486d-a370-f370a0b04daa",
"value": "svminstall.exe.zip"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701779405",
"uuid": "f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701779359",
"uuid": "61a6fba4-27fa-4588-874d-ecaffae7a7e6"
},
{
"comment": "",
"object_uuid": "f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701779376",
"uuid": "97f1afd1-056a-4ce9-ac2f-4e057a0d0f26"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "c3146102-8afd-429f-b80d-a3cbc626394f",
"value": "39b914c8064becf3df1df39b0517bda05371e90b8b5fe15aad275faac634876f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "d4167751-a030-478e-b0f4-de8687848582",
"value": "2020-03-27T03:12:24+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "a3ad7f24-a517-4b51-9a31-3760a5b372bd",
"value": "usv.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351845",
"uuid": "2c00384b-57eb-4d4a-8261-7b29f2fd8f11",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "8def6418-52d8-40b7-abd5-84e6b20ee92f",
"value": "3b63900e56a7eccee43d42a77fcb6d7834943f5236adae063abe32111f35152d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "888ba1c9-937b-44be-87de-ccc4cc54bfbf",
"value": "2020-03-27T03:10:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "33ed128b-7e43-44b6-8657-e0aebbce1b3e",
"value": "71f7e61c2686b4bc1d67745e859b3ca1.virus"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701772341",
"uuid": "87ce2eff-30a0-4fee-9641-186684286abd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "87ce2eff-30a0-4fee-9641-186684286abd",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701695925",
"uuid": "6310d7ab-4399-4fcc-86e9-ab77d8c75474"
},
{
"comment": "",
"object_uuid": "87ce2eff-30a0-4fee-9641-186684286abd",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701695948",
"uuid": "70a8f6e3-1cd8-4491-90ef-2bc58eb5cd89"
},
{
"comment": "",
"object_uuid": "87ce2eff-30a0-4fee-9641-186684286abd",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701695970",
"uuid": "c21e71d9-1f85-418b-883a-136e5fb102f7"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "83b416bf-87ab-4179-a230-0acfa0ebe0d6",
"value": "41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "98fd85ac-620e-41d7-bfcd-8d12e52df60b",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "81626b6a-d60b-43c7-b3e8-61264d0e5da0",
"value": "SVMV1.0-20200310.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701772300",
"uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795",
"ObjectReference": [
{
"comment": "",
"object_uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701683309",
"uuid": "0a2b98ba-d19d-4792-b23d-d3faa656b87c"
},
{
"comment": "",
"object_uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701683325",
"uuid": "b42d905f-1fe7-4ffc-b5db-8c1945dfed28"
},
{
"comment": "",
"object_uuid": "3b6f337e-e0ae-4da5-880c-089bd8222795",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701683337",
"uuid": "880b20d1-02c0-4307-842b-c64aedc13398"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "3e8a0a8e-c132-4901-97eb-f63ec25ad76c",
"value": "4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "b3f7cfb0-2b81-491c-86a3-ce9e673148a9",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "4ff4b1cc-1db9-43ff-9510-be9fc0dc0c1d",
"value": "IDG-MINZONGV1.0-20200310.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351845",
"uuid": "67afd357-6025-414b-951f-8d5fd7c2393c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "d8eb3b98-1763-449b-b205-2cb7c8575de7",
"value": "5246fc50cce0b3492939a169082eebfde63c9ebc312267eef6d1bb47b44c44aa"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "30af6f0a-e0b4-4cfd-af1b-8ca33199b5b3",
"value": "2020-03-27T03:05:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "18317cb3-4585-4b3c-a093-d21c24f7249a",
"value": "392b5b60444fa9e27c1de9d977ec9248.virus"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351845",
"uuid": "a0cb4750-bc13-48ad-b4c7-0e088f5fe571",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "8e6edeed-2430-49a5-8870-6bc63942c798",
"value": "55429a6085d50782be52bb2150cfabecfdaa4eb843350399c3cf88a9ab9fa4c1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "393c3632-ed35-446c-89e8-4292cc975105",
"value": "2020-03-27T03:11:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "a9192972-5559-4218-8e1e-4c57f85f10a8",
"value": "idgclient.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351845",
"uuid": "56181b68-145d-4240-bdc9-ab7b8bcba590",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "dcd402e1-8f70-474c-a9b3-fd9969853070",
"value": "561f89c566af35a90ae19285177cedaae3a0cbd7c8d415c57766e7988503c686"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "62d7a050-f27b-4ee4-a583-dfd6d069dceb",
"value": "2020-03-27T02:53:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "d6939dcb-ec1b-4139-aaaf-e1049320385e",
"value": "dga.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701779489",
"uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6",
"ObjectReference": [
{
"comment": "",
"object_uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701779462",
"uuid": "2f86a1cd-c806-4c1f-8cbf-8796b11da2dd"
},
{
"comment": "",
"object_uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701779476",
"uuid": "18226565-e646-4184-9d62-d2548c7e1d91"
},
{
"comment": "",
"object_uuid": "66621b84-e9d8-4f2f-849a-51e535149fe6",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701779489",
"uuid": "6c5d9039-fcb1-4313-88ff-a36dde8cea88"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "c6cfad5e-ccd2-4306-9464-19fbed8f488a",
"value": "77ee7b0a10f3c0ab08c1b1f88ceb0dd979e9c2fee17ac5fd14c9ce27002f6078"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "e1aab480-d409-490f-ba3d-22547614b562",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "bfb87406-2809-4814-b84c-b16228bdf0ed",
"value": "IDG-FEILONGV1.0-20200310.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351845",
"uuid": "55b1382d-9f32-4276-89fe-2e7266944439",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "7c479d93-69ff-4591-8d79-e5a7af2a3bf2",
"value": "7bf45c75dca3362331d5a9a116bf9c7a52e1352905a5dee66f0cf123acc461b2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "41568571-6cfb-43c3-beff-8f627426d355",
"value": "2020-03-27T03:17:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "7046d5fe-4eb7-487f-9320-638882549ef3",
"value": "svm.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351845",
"uuid": "3320cfa3-936e-41ef-9c53-d63c110b20c5",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "860d0fb8-6698-480d-8280-5f6df804b1f3",
"value": "817887f4e977443cb446579f080ae848a2235b79f8c174e7201cebf62e9ccd94"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "a8b75ef9-36a6-4cf8-8657-c49bd62656a7",
"value": "2020-03-27T03:01:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "7f00adba-ad40-4598-ad2d-4c651c605f18",
"value": "idgclient.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701780491",
"uuid": "4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701780471",
"uuid": "a23c15b6-0518-47d4-af1e-01d235a4b757"
},
{
"comment": "",
"object_uuid": "4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701780491",
"uuid": "ef54cdd4-6923-4e0b-80dc-a6c0be06d88b"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351845",
"to_ids": true,
"type": "sha256",
"uuid": "90f1ad4d-0a03-4b42-9dbb-7b84ca6f669e",
"value": "853ef8130b50e9fce5f7575afc04374de0232fa5fe6b7b4d97fda7bf17ec58c9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351845",
"to_ids": false,
"type": "datetime",
"uuid": "3b418bbf-f284-42b1-a422-94737a0eb81b",
"value": "2020-03-27T03:06:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351845",
"to_ids": true,
"type": "filename",
"uuid": "5f91d557-393c-41ba-ae44-5d446dfb972b",
"value": "usv.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "bf153833-d88e-4154-8d50-4ac02ad8296a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "cd86d4fb-6890-48fe-9989-79be016b1272",
"value": "862115c6d8d6e6addeb408c45ac0a7f8a25126d5ccca6d9356143a7a683c009d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "b5adaa40-23e9-4550-bcbe-2c095f1d1e00",
"value": "2020-03-23T13:05:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "47ed09a0-1382-44c1-8b9c-178a9711b19e",
"value": "7bc6b5c6da04a231f5fa011944ce5a31.virus"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "55c42baa-eda4-4bcd-b58f-0d4ae5e46465",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "3666d326-2435-4d36-9f7a-0ee42a96512f",
"value": "8b0e1be70409238e7577429df3eaa84a6b12f36d9dbb6e47607f7fc354ddb961"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "2be8faff-0e5a-4f7b-b145-1bdd4753f7be",
"value": "2020-03-27T02:51:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "d5fb374d-d7d3-41a5-8d9d-1acb652ea580",
"value": "svm.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701780722",
"uuid": "f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701780707",
"uuid": "228b2f57-ef73-46c1-8317-8fc2beb5214c"
},
{
"comment": "",
"object_uuid": "f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701780722",
"uuid": "30de924c-b419-4efe-800f-0844ab23015c"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "48cf7367-37e5-4cf0-be62-dcee674b1b54",
"value": "98b5320e7464fc69b12eb626b6336604efcbf6502adc38c77f6db41666da9dd1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "6e7f6921-2c84-4751-94b3-260db39172d9",
"value": "2020-03-27T02:24:01+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "9b88db93-ee0d-438b-8273-f32dfbccd20d",
"value": "usv.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "fc241f3d-1a7a-4f8f-a5b9-2e14e74252aa",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "d04e73af-c526-4fea-8c42-fdf2a3e42952",
"value": "a44e6b87dc1165c4c6839554dd412e98fade0a7e7c6341b9d44c0ee0dd034160"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "207d9032-72c2-4b85-8623-af4980a053b7",
"value": "2020-03-27T03:10:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "6d44197b-f5e7-44d9-8c72-28c8d943b49a",
"value": "cce1df224e63ff1aab5f74e2fb1559e3.virus"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701781998",
"uuid": "91004b93-92fb-46cb-a690-ee49d550fd87",
"ObjectReference": [
{
"comment": "",
"object_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701781969",
"uuid": "3c58757c-6b43-41e4-9880-269dd47bf86d"
},
{
"comment": "",
"object_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701781983",
"uuid": "df6a6314-b7e3-42b3-936e-224c01052e34"
},
{
"comment": "",
"object_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701781998",
"uuid": "b8b44eec-43a8-476f-99a0-16bae3a50cb1"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "79ae4416-5859-4465-aa26-e89ae4a2d797",
"value": "a6e9d6c145668c4fc6e6dbd3d1fe4bc394211d9c09d31c12730ceddf3e5056be"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "e619c215-e39e-4e1d-b8f4-8c267591c242",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "ba47135e-c151-4726-be5e-79fc2cd2584d",
"value": "svminstall.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "5c497b29-bca4-4702-ae5e-a8df8e26165b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "21dec5ab-febf-4e93-8757-5f3ffc3f6791",
"value": "af120f411c2c1f3ec52516006a25c734a5a0e4952c3eb942ad99858420c9135e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "e795ae6c-cf3f-4bf3-a0de-9242e930b4fe",
"value": "2020-04-07T08:44:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "15a4fe97-b0e1-4160-9d6e-63424830fe2f",
"value": "svm.exe"
}
]
},
{
"comment": "Zip archive containing malicious code",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701772360",
"uuid": "288d3f46-333a-400f-b20d-8e742292776a",
"ObjectReference": [
{
"comment": "",
"object_uuid": "288d3f46-333a-400f-b20d-8e742292776a",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701772232",
"uuid": "9902a564-d740-455b-b589-f3658191d6f2"
},
{
"comment": "",
"object_uuid": "288d3f46-333a-400f-b20d-8e742292776a",
"referenced_uuid": "b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"relationship_type": "communicates-with",
"timestamp": "1701772245",
"uuid": "919d95af-e47d-4e12-9caa-a3adf2961cfe"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "2126ab1f-1a93-467d-bdf6-69144383041d",
"value": "afcc4ccc4ac0f1eaded6fc2ea704f4e9650942fc317728150676de3af19fb72d"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "fee05b81-b606-4900-8e94-3cd09260631d",
"value": "2020-05-14T01:29:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "79dff4e4-38db-4727-a1e5-a8a8cde5d214",
"value": "svminstall.exe.zip"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701780912",
"uuid": "47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"ObjectReference": [
{
"comment": "",
"object_uuid": "47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701780877",
"uuid": "45ef2306-107b-46cf-8c37-2073928a5d69"
},
{
"comment": "",
"object_uuid": "47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701780912",
"uuid": "d9bba08b-296b-47cb-b955-d84fd5006c02"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "c4185519-125d-4ff8-9def-0fd3f528c2fa",
"value": "afe2bcd5cb2de6349329c42631bfbbdba46d672f6dc515a5bee63cb4265e49f8"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "0bcba0d9-c83f-41c2-8521-1a0c35d6280a",
"value": "2020-03-27T03:17:53+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "240b38ba-3d2d-40d6-b536-c33e5e921d2e",
"value": "usv.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701782204",
"uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701782174",
"uuid": "40d0cd48-2977-4c03-97e6-3f62f3658171"
},
{
"comment": "",
"object_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701782190",
"uuid": "f13885a4-9f33-4f94-b4fb-a15de3dbc3b5"
},
{
"comment": "",
"object_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701782204",
"uuid": "235825d4-f562-41cf-9fb7-6d0de8ed06e7"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "af8521cd-6946-40d5-a0c7-a17ebef098de",
"value": "b67913449618756dcc815a242a270257cce4d5ae71911bb6716bdecc2f1c0c7f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "e32ce9d0-1d14-46bd-8cc2-b97737418a41",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "e08f4e0d-64f0-4d35-b23b-fd12ad73fefe",
"value": "svminstall.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "ef75e372-c372-416a-bc51-c54fd64cc47c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "a8795d72-a104-430a-add7-e75bd1c92226",
"value": "b6982fe4ab882cfdcba091c6617b9d279a9bcfd3e28a76d5fb2c0cdfc0c23064"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "f6a5ffd1-205e-4525-b5d6-4fcabd85955e",
"value": "2020-03-27T03:17:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "32ebb985-629d-4668-9f9a-8d774db8db70",
"value": "126599da0c79ce196c960d0ba28aacda.virus"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "a2571d1b-5251-49d6-a06a-6b2cd55c33fe",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "f6e96782-7783-45ee-8ad6-19ef40ccf830",
"value": "c12e099fb5e825be513c75cff8b4f064b9d4ea8435bab254d69e126b74959372"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "43abe258-945c-4717-8393-7a4bdd495e6f",
"value": "2020-03-27T03:10:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "8df26508-de86-4dae-859d-8b424c6f42fa",
"value": "dga.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351846",
"uuid": "0c820525-3995-48df-b0f7-29543d3bb91e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351846",
"to_ids": true,
"type": "sha256",
"uuid": "15e55845-1d5b-4807-b538-784bd99a5e4c",
"value": "c4fc73dbfc0d61a0a60239971225321b882af5923babf26c324726b80db612a2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351846",
"to_ids": false,
"type": "datetime",
"uuid": "1ec05e5b-94d8-4ee1-908a-8fed831bcc16",
"value": "2020-03-27T03:06:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351846",
"to_ids": true,
"type": "filename",
"uuid": "f9b83223-a152-4bbe-95c1-f42381832e50",
"value": "idgclient.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701772332",
"uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701695828",
"uuid": "63f8f124-b3da-4876-96d7-720a29935aa5"
},
{
"comment": "",
"object_uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701695839",
"uuid": "93731785-e54f-4791-921e-b43abb3dd054"
},
{
"comment": "",
"object_uuid": "864dad3f-719f-4dba-8c9f-92f673fa87b7",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701695853",
"uuid": "9dd6469e-4ab0-450d-98f5-8e8f10a35545"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "7fb3290e-f6bb-41c6-8a3d-93cbd7ce4cb0",
"value": "c5c5e59bb18bad1427714d0007b676e658d8e08faf5a0632ed88912f5816d525"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "cb6ab398-dd78-46c9-98aa-18ccbddc7c76",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "1f07ac17-7e50-442f-a9e8-387030371db3",
"value": "IDG-NJCKV1.0-20200320.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351847",
"uuid": "d6f1a0e7-5a66-48a0-a6ed-597558d2b5f3",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "c8944763-7e06-4155-927d-bf12b7a38833",
"value": "c9d1ec32df1b134aa809bc8b3ad475b690347294693f6c5b65ab1df94fa4d1fd"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "c03e959c-6513-42b0-8aef-232ef12248e7",
"value": "2020-03-23T13:05:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "6cbe44ac-5c08-4f79-b066-40cca92cc3dd",
"value": "433F8727.vsc_svm.exe_archive_level0_1_NSIS.unc"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351847",
"uuid": "47df59a7-8382-486b-8de2-2745eaad8bcb",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "dafac7cd-ce07-470f-8659-c89f9a013924",
"value": "ce3d64f8ad4dcbbf5324e05c81a716c5d2493e149edafbc5cb73c01836bea5f2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "6e79e72b-961f-49dd-8b09-0ca96e2ce53e",
"value": "2020-03-27T03:10:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "ec9cf7be-8c97-405a-a119-657a96995007",
"value": "8497a9301e74d3611c2df3e3c0ea24f4.virus"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351847",
"uuid": "eb8e2be7-0f90-4150-a98b-b00ea054991a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "88c9b21d-67c7-41c9-818b-fc91e1943a34",
"value": "d41081969a212dec0ca623d848fb51907d8cdb1cb7bd86e1354e3041052858fb"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "35bac5ad-97e6-4dca-b7c3-65858b2fc65c",
"value": "2020-03-27T03:11:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "a2569f52-359e-4010-952d-23f5260c1e25",
"value": "svm.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351847",
"uuid": "d1f42381-a3f9-43ac-bd4a-0af2049dc70d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "9af6830d-1d5a-41ff-80c6-c851ea3d6468",
"value": "e0e7b4f6878483bdc8c3e01d4daa11c71e61385e85a6eaa2be8fec04d250b74e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "cfedac1b-8f3d-489d-b5a3-48c971c3437a",
"value": "2020-03-27T03:16:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "3ad0d286-bfcc-465d-a99a-7d1618566d93",
"value": "dga.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351847",
"uuid": "57a4955c-6c61-494c-9c18-b6b144cfcfae",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "e85a01d3-573a-417b-a6d5-9bd56799df84",
"value": "e8118cb2941c0421a2f6942919f8541b5fab348e2334102eab8654d2c4bff8ed"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "a46e740b-3140-4926-954a-76c3b5632cf4",
"value": "2020-03-27T03:16:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "58c664f6-285b-4181-9f75-15b6b856a5ad",
"value": "idgclient.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701783705",
"uuid": "56678941-6891-43a3-9b44-372c1dc4acc5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "56678941-6891-43a3-9b44-372c1dc4acc5",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701783680",
"uuid": "2ffc8423-1f34-4fcb-99dd-b1768c74b4ab"
},
{
"comment": "",
"object_uuid": "56678941-6891-43a3-9b44-372c1dc4acc5",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701783693",
"uuid": "4d441395-cf98-46e5-ac26-adf923ba9210"
},
{
"comment": "",
"object_uuid": "56678941-6891-43a3-9b44-372c1dc4acc5",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701783705",
"uuid": "13d2feb1-04eb-4e7a-8ed9-c329ba4a8674"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "447dff07-b09c-4099-9b1e-b739fa8445be",
"value": "f21623311a947d8a9f2dd05c098f45c3ef12be3cbf79fb49659e5bfc1588cdfe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "d72fa4dd-9771-4459-b1e8-66436d38b5cc",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "21b204a0-5eda-4512-8f79-0b717f2e3ae3",
"value": "IDG-NINGZHIV1.0-20200310.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701351847",
"uuid": "354eb109-0414-4137-bc65-273dead6fd36",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "fa210fdf-9aea-4b5c-93b2-193272cb4c58",
"value": "f89e898ea40e10901c0c9f9100f269a227323ace1f7248293bfd57982dea1a67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "af1be9a9-f292-4f01-8e99-4055c870f739",
"value": "2020-03-23T13:05:00+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "507d9347-d56c-4852-8b12-dec20f764433",
"value": "svm.exe"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701781389",
"uuid": "a0c09246-2a75-4b64-998b-2ce88008946b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "a0c09246-2a75-4b64-998b-2ce88008946b",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701781362",
"uuid": "ed4f9816-37cf-4f68-98d4-5c2e81a2dd5c"
},
{
"comment": "",
"object_uuid": "a0c09246-2a75-4b64-998b-2ce88008946b",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701781374",
"uuid": "1efe061f-0de3-4032-84c7-1f1a27ef2404"
},
{
"comment": "",
"object_uuid": "a0c09246-2a75-4b64-998b-2ce88008946b",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701781389",
"uuid": "a966737b-8c85-4840-906d-618ee2c809a7"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701351847",
"to_ids": true,
"type": "sha256",
"uuid": "96f60b0a-5999-46c4-a4e2-f3c448222ce4",
"value": "ffbeaa5947fc467fce27c765a4e8dc08e45c8ca13e583f5271b19e944e0cb8e3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701351847",
"to_ids": false,
"type": "datetime",
"uuid": "212e1c59-1280-4fd8-bef7-e1fe99db26f7",
"value": "2016-12-19T15:41:22+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701351847",
"to_ids": true,
"type": "filename",
"uuid": "7159358e-28d9-47b8-9683-6caa1301f137",
"value": "svm.exe"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1701354292",
"uuid": "81f03e90-ce30-4ba2-b79c-a142e06c1323",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "hostname",
"timestamp": "1701354292",
"to_ids": true,
"type": "hostname",
"uuid": "0e22a412-4595-418e-a81a-b4af5eb153c1",
"value": "download.ningzhidata.com"
}
]
},
{
"comment": "Remote Access Trojan",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1701772278",
"uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"ObjectReference": [
{
"comment": "",
"object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"referenced_uuid": "c2cb668d-ecf5-4b02-8945-809e70013f93",
"relationship_type": "communicates-with",
"timestamp": "1701356041",
"uuid": "672eabdb-ca5e-43bf-8e35-598481406046"
},
{
"comment": "",
"object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"referenced_uuid": "d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"relationship_type": "communicates-with",
"timestamp": "1701356061",
"uuid": "f909e796-591c-435e-8ca0-a6337e8db11d"
},
{
"comment": "",
"object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"referenced_uuid": "83c0441c-7262-46b2-b3e0-242171581ba0",
"relationship_type": "communicates-with",
"timestamp": "1701356240",
"uuid": "d68db6f1-a0be-4786-9a4b-cc08ff0a4fe7"
},
{
"comment": "",
"object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"referenced_uuid": "69e13243-e7e0-4726-a10a-01fd046ded89",
"relationship_type": "communicates-with",
"timestamp": "1701356253",
"uuid": "925e0320-0928-48da-9dda-b0df20982ed8"
},
{
"comment": "",
"object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"referenced_uuid": "a1913402-5d6f-4fd1-b158-17c06372b82e",
"relationship_type": "communicates-with",
"timestamp": "1701356268",
"uuid": "4417b617-d4a9-44ed-ac3f-808b12b7e9e9"
},
{
"comment": "",
"object_uuid": "68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"referenced_uuid": "99bd5142-86d7-44d9-a1b9-c214a5eb64f9",
"relationship_type": "communicates-with",
"timestamp": "1701356298",
"uuid": "db8718e4-2baf-4530-821c-ef4d7885a7bf"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1701772278",
"to_ids": true,
"type": "sha256",
"uuid": "4c121fa5-58b0-4a91-9d31-4a05effe4184",
"value": "3b8761d2e19bc5185f55cc2f575bbe54a45a52fc1c8650a60f1bd13e01e24655"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1701772278",
"to_ids": true,
"type": "filename",
"uuid": "07db895f-cfd8-4f42-bc0d-f0b74bc19121",
"value": "svm.exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "compilation-timestamp",
"timestamp": "1701772278",
"to_ids": false,
"type": "datetime",
"uuid": "0f8a0847-3449-435f-a97d-ae5735dc311b",
"value": "2016-12-19T15:41:22+00:00"
}
]
},
{
"comment": "Installs the tax invoice gatherer, running as a service",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702459840",
"uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"ObjectReference": [
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "8a96e601-a86d-498e-9ea0-6d9052443f2d",
"relationship_type": "drops",
"timestamp": "1702374555",
"uuid": "a4bf2f28-5557-4d72-87e2-d305d485e412"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "51b9a083-6bb7-453e-a3d1-70137283f004",
"relationship_type": "drops",
"timestamp": "1702374571",
"uuid": "aa3d85f6-da36-4964-aa79-0f0ec3e37b4c"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "1ec351fd-aba4-44ce-abfc-ae24e2007297",
"relationship_type": "drops",
"timestamp": "1702374587",
"uuid": "89ffeeac-3888-4b51-ad2b-5731f1a17100"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "29908be1-f56d-4e97-9892-8830c9d29241",
"relationship_type": "drops",
"timestamp": "1702374599",
"uuid": "c65de691-e347-4179-b3e8-e83f136810fb"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "f36ce21a-4c59-4731-9929-1af4ff97f21f",
"relationship_type": "drops",
"timestamp": "1702374610",
"uuid": "f773112f-e16f-4a86-9f32-3e1dd187d467"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "8e56f0cf-4efb-4ce4-9de0-61467c133f58",
"relationship_type": "drops",
"timestamp": "1702374623",
"uuid": "f7871b84-c0f7-4d4c-9db3-f7882b8e31d5"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "858c9869-c1a4-46a1-9075-cd11ead979ef",
"relationship_type": "drops",
"timestamp": "1702374635",
"uuid": "056b4266-e4e7-4510-9f48-69e55f093388"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"relationship_type": "drops",
"timestamp": "1702374647",
"uuid": "1e66343d-4a9a-4b03-8ac7-814ea96a0a66"
},
{
"comment": "",
"object_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"referenced_uuid": "e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"relationship_type": "drops",
"timestamp": "1702374660",
"uuid": "22eb1481-2cfc-4e0e-af9f-6aab89ea2ae1"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701955313",
"to_ids": true,
"type": "md5",
"uuid": "525caba0-00cd-4543-b271-bda7e6d03205",
"value": "39393db9ff05b587ef42ae6340f03a85"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701955313",
"to_ids": true,
"type": "filename",
"uuid": "5c8fc242-e776-4e7c-a439-2b742bf50642",
"value": "XYRZSetup.exe"
}
]
},
{
"comment": "Installs the plugin manager \u2013 plugin.exe and mplugin.exe and also downloads the backdoor installer svminstall.exe",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702459998",
"uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"ObjectReference": [
{
"comment": "",
"object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"referenced_uuid": "0ce35428-7b9f-4966-b5c9-915a963a2025",
"relationship_type": "downloads",
"timestamp": "1702459954",
"uuid": "8c007932-f749-441c-b490-f09f012c2ddf"
},
{
"comment": "",
"object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"referenced_uuid": "64ca88c1-8b48-43e5-b094-77cc69d934e7",
"relationship_type": "downloads",
"timestamp": "1702459969",
"uuid": "a006134e-28a8-4062-8551-54b71efc3e8c"
},
{
"comment": "",
"object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"referenced_uuid": "91004b93-92fb-46cb-a690-ee49d550fd87",
"relationship_type": "downloads",
"timestamp": "1702459978",
"uuid": "f063bae9-1615-486d-b71d-fe3aadc4b704"
},
{
"comment": "",
"object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"referenced_uuid": "288d3f46-333a-400f-b20d-8e742292776a",
"relationship_type": "downloads",
"timestamp": "1702459989",
"uuid": "899dfb0b-6df7-47d8-ad3d-8160f9cde86f"
},
{
"comment": "",
"object_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"referenced_uuid": "4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"relationship_type": "downloads",
"timestamp": "1702459998",
"uuid": "86ffa4e3-3af0-41b5-b860-819aabb5b6a4"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701955326",
"to_ids": true,
"type": "md5",
"uuid": "5cc5d97a-19f0-4482-82b2-f5a1d78f5526",
"value": "84ff122838c0da5ab5ddcaa8f45f7011"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701955326",
"to_ids": true,
"type": "filename",
"uuid": "d5ac3faa-7fd1-4f20-819f-45c04b017aa6",
"value": "PluginSetup.exe"
}
]
},
{
"comment": "PKCS11 Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032268",
"uuid": "8a96e601-a86d-498e-9ea0-6d9052443f2d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701960161",
"to_ids": true,
"type": "filename",
"uuid": "fccbab0d-86e4-4230-ab58-6e5804c36612",
"value": "libp11.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701960161",
"to_ids": true,
"type": "md5",
"uuid": "8271dd17-c7e2-45a0-b226-df9831c6ee1f",
"value": "7b8d8a81b32209a80fb974cf89697116"
}
]
},
{
"comment": "Configuration file",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032278",
"uuid": "51b9a083-6bb7-453e-a3d1-70137283f004",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701960260",
"to_ids": true,
"type": "filename",
"uuid": "67cf16a1-3e7b-4a9e-8652-64a771a36205",
"value": "serverjsp.ini"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701960260",
"to_ids": true,
"type": "md5",
"uuid": "43232dda-8dee-4fba-b3b6-c68132282e09",
"value": "2d9427f26131249333c60139d0995f88"
}
]
},
{
"comment": "SQLite Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032581",
"uuid": "29908be1-f56d-4e97-9892-8830c9d29241",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701960933",
"to_ids": true,
"type": "filename",
"uuid": "1b001ef9-621d-41bb-ad5a-5c31bb7cb0c9",
"value": "sqlite3.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701960933",
"to_ids": true,
"type": "md5",
"uuid": "f8193bcc-4fd7-422a-b978-63cdd3ac22f8",
"value": "7593a2422d0ea17fac214af4a1efa194"
}
]
},
{
"comment": "SSL Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032607",
"uuid": "1ec351fd-aba4-44ce-abfc-ae24e2007297",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701961484",
"to_ids": true,
"type": "filename",
"uuid": "a5c3601a-f59d-4f7a-8944-1752f6894dc3",
"value": "SSLeay32.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701961484",
"to_ids": true,
"type": "md5",
"uuid": "a2e9c262-4a34-43d2-a7c2-3a8f026e2393",
"value": "3cb5a5dc5701c2961742bdb05a43c6d0"
}
]
},
{
"comment": "Program uninstaller",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032617",
"uuid": "f36ce21a-4c59-4731-9929-1af4ff97f21f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701961510",
"to_ids": true,
"type": "filename",
"uuid": "e16b4a52-0e6e-40ec-9e38-7b254d1ec319",
"value": "uninst.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701961510",
"to_ids": true,
"type": "md5",
"uuid": "333e2487-9b4b-43e5-914e-0bc403eada39",
"value": "8d5692af55e44e471a27a0fc401ac6ba"
}
]
},
{
"comment": "Tax Invoice Gatherer and Uploaded",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032659",
"uuid": "8e56f0cf-4efb-4ce4-9de0-61467c133f58",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701961629",
"to_ids": true,
"type": "filename",
"uuid": "1fffbe3f-9b7e-4cfa-9822-2221fb27166c",
"value": "xyrzsvc.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701961629",
"to_ids": true,
"type": "md5",
"uuid": "9ad7beb6-a1bf-448b-b5fb-f3b458b921ec",
"value": "52a64ae155ef5ec37966e787ab1678a2"
}
]
},
{
"comment": "SQLite schema",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032673",
"uuid": "858c9869-c1a4-46a1-9075-cd11ead979ef",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701961648",
"to_ids": true,
"type": "filename",
"uuid": "793df5ee-9c4a-43be-a7d6-2f83cb0b5956",
"value": "Aisino.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701961648",
"to_ids": true,
"type": "md5",
"uuid": "ac10d7ae-f5e7-4441-bbc5-655ea76e6a9c",
"value": "cf9933a40f9a348b412da0953a7de6f3"
}
]
},
{
"comment": "Public Key Cryptography Standard",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032715",
"uuid": "3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701961663",
"to_ids": true,
"type": "filename",
"uuid": "b10b7315-1af6-4b00-8346-2b5cc50de426",
"value": "CTptkcs.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701961663",
"to_ids": true,
"type": "md5",
"uuid": "609c5de6-c8da-41d8-a0d3-32aa32c38b91",
"value": "696721fb92e109010b03304fda0c960f"
}
]
},
{
"comment": "Tax Card Code Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702032737",
"uuid": "e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1701961683",
"to_ids": true,
"type": "filename",
"uuid": "4eed8359-4fda-496f-95e3-ccd69ad29d3f",
"value": "JsDevInfoDll.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1701961683",
"to_ids": true,
"type": "md5",
"uuid": "11ce20f2-e365-4a13-aef6-1c8f0d9f33f3",
"value": "7c348eac40b9dbf6bd52db2985abee42"
}
]
},
{
"comment": "is a setup file that installs the electronic signing application. The program and component files are installed under the folder %ProgramFiles%\\Signtool",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702378389",
"uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "8bd144dd-eea0-448e-87c0-67a556c36700",
"relationship_type": "drops",
"timestamp": "1702377692",
"uuid": "0653800a-24e5-4704-83c0-c755d1804d2e"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"relationship_type": "drops",
"timestamp": "1702377708",
"uuid": "8699ae4b-fa4d-4e3a-98a6-089070c1d3f8"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"relationship_type": "drops",
"timestamp": "1702377724",
"uuid": "3f2326b0-2395-4243-9f05-929bed5a5c2f"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "3f3839ec-a575-4603-a292-fab98e7c6038",
"relationship_type": "drops",
"timestamp": "1702377786",
"uuid": "edfcd314-fcc5-4281-a64f-f1ac2b7c95ed"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "3f3839ec-a575-4603-a292-fab98e7c6038",
"relationship_type": "drops",
"timestamp": "1702377798",
"uuid": "b99b86fb-a8b7-4546-aa30-c5ecc89b80e5"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "657df46a-50d1-4010-b30a-a7f64574e0d9",
"relationship_type": "drops",
"timestamp": "1702377832",
"uuid": "abc51a47-d8d4-4ded-92bc-4de71264d098"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "8a96e601-a86d-498e-9ea0-6d9052443f2d",
"relationship_type": "drops",
"timestamp": "1702377936",
"uuid": "1fe70cf3-b8dd-4521-9c3a-02fc5e1cdb38"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f",
"relationship_type": "drops",
"timestamp": "1702378362",
"uuid": "245facce-6a82-410d-9df7-b702a1651f43"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "98843b28-2cbc-4195-aced-0460e2b8d8b6",
"relationship_type": "drops",
"timestamp": "1702378374",
"uuid": "83562088-355a-4a4f-8d2b-b6f9abc56ede"
},
{
"comment": "",
"object_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"referenced_uuid": "1ec351fd-aba4-44ce-abfc-ae24e2007297",
"relationship_type": "drops",
"timestamp": "1702378389",
"uuid": "9fa3b055-4260-4b2e-acff-7fb936084f4f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702028988",
"to_ids": true,
"type": "filename",
"uuid": "fb8c05b8-381a-4f2e-9a0f-afabb53d5080",
"value": "SignToolSetup.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702028988",
"to_ids": true,
"type": "md5",
"uuid": "0d90d859-8bb2-4924-8a4e-602ca581c520",
"value": "04f100f771ed8dd238fdf41a0f85977a"
}
]
},
{
"comment": "HELP file",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702041261",
"uuid": "8bd144dd-eea0-448e-87c0-67a556c36700",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702041261",
"to_ids": true,
"type": "filename",
"uuid": "9daf4692-392a-4a73-ba44-422159e9d34c",
"value": "help.pdf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702041261",
"to_ids": true,
"type": "md5",
"uuid": "6fda01ba-b000-4b6f-b895-de96b3e55b90",
"value": "b94c7fc5528f5e233a9900991c7757ca"
}
]
},
{
"comment": "CURL Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702041694",
"uuid": "3f3839ec-a575-4603-a292-fab98e7c6038",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702041694",
"to_ids": true,
"type": "filename",
"uuid": "719a07f3-5b89-4b49-a88a-eb6681a7d63d",
"value": "libcurl.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702041694",
"to_ids": true,
"type": "md5",
"uuid": "d0eed729-1889-4a8b-bc3f-cc6787ef5253",
"value": "b672963bb8fc75b7c122082b5e567058"
}
]
},
{
"comment": "OpenSSL Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702041864",
"uuid": "657df46a-50d1-4010-b30a-a7f64574e0d9",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702041864",
"to_ids": true,
"type": "filename",
"uuid": "5c04bc76-daf6-46ef-affb-239810a5549c",
"value": "libeay32.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702041864",
"to_ids": true,
"type": "md5",
"uuid": "213768c4-d4b9-455d-a397-53b6ab1f0da6",
"value": "0852402f8f75c9a75a74114af75f34c5"
}
]
},
{
"comment": "QR Generator Library",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702043949",
"uuid": "fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702043949",
"to_ids": true,
"type": "filename",
"uuid": "8a67c9a5-4991-43e8-b15c-64c32c973f70",
"value": "QRGenerator.dll"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702043949",
"to_ids": true,
"type": "md5",
"uuid": "6012a0ed-df7b-4878-bf3c-8d7839899b6c",
"value": "f8246f3e4391c50c53c2417b9fea3a33"
}
]
},
{
"comment": "Electronic contract signing tool and document file uploader",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702044766",
"uuid": "98843b28-2cbc-4195-aced-0460e2b8d8b6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702044766",
"to_ids": true,
"type": "md5",
"uuid": "31356075-3123-487c-b5c5-b13b0ffd06bb",
"value": "05b0e15a989182e97e6068344840406f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702044766",
"to_ids": true,
"type": "filename",
"uuid": "ac1c0642-6e2c-4b9a-95ee-e75111b6d41d",
"value": "SignTool.exe"
}
]
},
{
"comment": "this executable file monitors and makes sure that plugin.exe process is running. When plugin.exe is terminated, it will respawn it. It also checks tax software update from the host: http://upgrade.i-xinnuo[.]com",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702046483",
"uuid": "76062895-7556-47cf-9bb4-f02dd5d7ac09",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702046483",
"to_ids": true,
"type": "filename",
"uuid": "e6e44ff8-08fc-4d8c-bc38-f22c53993b43",
"value": "MPlugin.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702046483",
"to_ids": true,
"type": "md5",
"uuid": "a956392c-4fc5-47e9-9913-b27a0dc15367",
"value": "946945ee4555fc7f7aced80904fe802f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702376752",
"uuid": "4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"referenced_uuid": "cb1e3793-c635-4787-95ef-170010d073d5",
"relationship_type": "contains",
"timestamp": "1702371888",
"uuid": "13771532-68fe-40dc-b057-da56606c5a19"
},
{
"comment": "",
"object_uuid": "4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"referenced_uuid": "499f7525-508b-463d-8124-ba263c1727a5",
"relationship_type": "contains",
"timestamp": "1702376752",
"uuid": "df2ea6d8-a85c-4b32-8d6f-8bf1cf2d419b"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702371802",
"to_ids": true,
"type": "md5",
"uuid": "979ab01e-afda-45f3-8837-96baf32be05d",
"value": "85223e82337f409697b951207a2d91e6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702372059",
"uuid": "cb1e3793-c635-4787-95ef-170010d073d5",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cb1e3793-c635-4787-95ef-170010d073d5",
"referenced_uuid": "56518dcb-1ead-4b1e-95ba-c07253f392a2",
"relationship_type": "contains",
"timestamp": "1702372037",
"uuid": "9a843252-41fc-4265-8e5e-6a917f66a404"
},
{
"comment": "",
"object_uuid": "cb1e3793-c635-4787-95ef-170010d073d5",
"referenced_uuid": "734c8381-f0a4-4eaf-80c6-ef93743c0445",
"relationship_type": "contains",
"timestamp": "1702372059",
"uuid": "a73adc97-50a8-4f5f-a647-29bfbd3fe438"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702371871",
"to_ids": true,
"type": "md5",
"uuid": "13797f8b-9882-407f-a61a-195d47cbd4c8",
"value": "8ecc9a53cc99bde757df9e718fd3af17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702371872",
"to_ids": true,
"type": "filename",
"uuid": "257cff4b-eaa9-446c-8443-947a0731d925",
"value": "PluginManagerSetup.exe"
}
]
},
{
"comment": "This is the main plugin manager program. A thread is created to get instructions from the execute commands from the remote host http://upgrade.i-xinnuo[.]com mainly for managing tax",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1702477655",
"uuid": "f0f1cf7c-3ca1-4fb3-9dd3-f25340b7f3b8",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1702477655",
"to_ids": true,
"type": "filename",
"uuid": "40bec949-5d0c-4b76-9748-d9053daa1e97",
"value": "plugin.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1702477655",
"to_ids": true,
"type": "md5",
"uuid": "bf581ac1-b744-4f1c-a6f1-2db4b75fdbdf",
"value": "134d9ffc9c65366e690c2a4852ec6835"
}
]
}
]
}
}