adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/ea44bf19-332c-4dd8-8149-cd64a020c460.json

1068 lines
164 KiB
JSON
Raw Permalink Normal View History

chg: [feeds] updated
2024-08-07 08:13:15 +00:00
{
"Event": {
"analysis": "1",
"date": "2024-04-24",
"extends_uuid": "",
"info": "OSINT - Potential abuse by Lazarus group using LinkedIn to spread malware",
"publish_timestamp": "1713946684",
"published": true,
"threat_level_id": "1",
"timestamp": "1713946660",
"uuid": "ea44bf19-332c-4dd8-8149-cd64a020c460",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#13eb00",
"local": false,
"name": "misp-galaxy:threat-actor=\"Lazarus Group\"",
"relationship_type": "attributed-to"
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0022d6",
"local": false,
"name": "estimative-language:confidence-in-analytic-judgment=\"low\"",
"relationship_type": ""
},
{
"colour": "#0a8200",
"local": false,
"name": "misp-galaxy:rat=\"NukeSped\"",
"relationship_type": "uses"
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"Employment\"",
"relationship_type": "targets"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Twitter post (tweet).",
"meta-category": "misc",
"name": "twitter-post",
"template_uuid": "d1214031-ce1b-4a35-bd33-644c707bda2e",
"template_version": "5",
"timestamp": "1713946610",
"uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "bbdc449d-f104-4ee0-b5e0-49f22bc8ae77",
"relationship_type": "references",
"timestamp": "1713945331",
"uuid": "55a584a5-dbef-48a3-b5f9-9b37c8ed2eea"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "e8ce3ab9-ca6c-435a-8ffd-e530bbe2b586",
"relationship_type": "references",
"timestamp": "1713945345",
"uuid": "6d2c6c0b-54f3-4304-9b1e-129035b378a4"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "ccb4f586-8d20-44c9-8409-7f9bf82ab1f3",
"relationship_type": "references",
"timestamp": "1713945358",
"uuid": "8e82d8b6-42b3-41a1-b4be-367b3e764f40"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "fcd9e347-7ff2-4396-a87f-b560b1e4d9c6",
"relationship_type": "references",
"timestamp": "1713945373",
"uuid": "d2fb7401-7cd0-4121-a8e9-bc89df931903"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "ae7750cc-6d46-4aa4-854b-faa653a7ffc6",
"relationship_type": "references",
"timestamp": "1713946377",
"uuid": "1fa71317-775f-403e-8e0d-e591ea2ace30"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "4e694833-a507-490c-801e-4a1d046c6bb6",
"relationship_type": "references",
"timestamp": "1713946397",
"uuid": "9492bf77-99fe-4bbb-8673-955949001a35"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "0a261f97-18ef-48b1-8413-41cdb23af57e",
"relationship_type": "references",
"timestamp": "1713946410",
"uuid": "59547c9b-5544-48b4-94a3-f4c37ba0d70d"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "0d697be1-5bb2-4165-832a-de7ec5ec6c3b",
"relationship_type": "references",
"timestamp": "1713946427",
"uuid": "fe6393af-82c6-4e3d-bc1f-0807d6027412"
},
{
"comment": "",
"object_uuid": "95dac5ff-29e9-4fbb-b1fa-a804d3c4691e",
"referenced_uuid": "0f888db2-f528-4be7-b773-30746f468564",
"relationship_type": "references",
"timestamp": "1713946446",
"uuid": "1183cced-dcd8-4a01-8f9b-3d0b2072dd22"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1713946610",
"to_ids": false,
"type": "text",
"uuid": "e35bb345-cc62-48fc-af66-a7a8cf634a28",
"value": "#Lazarus #APT \r\n\r\nThe Lazarus group appears to be currently reaching out to targets via LinkedIn and spreading malware\r\n\r\nhttps://stackoverflow.com/questions/78328188/scam-js-code-does-this-script-install-anything-malicious-locally-if-i-ran-it-wi\r\n\r\nIOC : \r\nhttps://pastebin.com/2pz1iQFm"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1713946610",
"to_ids": false,
"type": "link",
"uuid": "8ce28ce4-8339-447d-9d92-a7e2bc410127",
"value": "https://twitter.com/asdasd13asbz/status/1782951380568936481"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1713946610",
"to_ids": false,
"type": "text",
"uuid": "7b2a2276-ec54-400a-a44f-2d518daf1f9a",
"value": "asdasd13asbz"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "embedded-safe-link",
"timestamp": "1713946610",
"to_ids": false,
"type": "link",
"uuid": "1b609691-69fe-4f86-a1ad-c77dc2707e74",
"value": "https://stackoverflow.com/questions/78328188/scam-js-code-does-this-script-install-anything-malicious-locally-if-i-ran-it-wi"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "user-id",
"timestamp": "1713946610",
"to_ids": false,
"type": "text",
"uuid": "32ca742e-630e-4d05-81eb-7f5bb9e1db85",
"value": "asdasd13asbz"
},
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAABIUAAAJXCAIAAACCCHPkAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7L1psx3VlS16f4DLEe9+rfsi6gfUhxf3W5mqKKrBhG1ssLFxgzu4hpIuNhSNm6J1AwYhDFg0xti0MpaFDYUFGDAWvehMp0MjJFlCQhLSUQNCAgkJIb+ROTLnnnutlXn22f05OUaM2FrNXHPNNTN35hrKvff5H3/N8crKv7AgCIIgCIIgCIIgDAfSY4IgCIIgCIIgCKOB9JggCIIgCIIgDBVXPzT5sctX/t33lv/tt18QkQdkAzkpstMwSI8JgiAIgiAIwpCwbvt70B6BIBFJZAb5KTLVGEiPCYIgCIIgCMKQIDFWT+SnyFRjID0mCIIgCIIgCMPA1Q9NBvJDjNm0Dy5KjwmCIAiCIAjCMKCHY52waY/IpMcEQRAEQRAEYRjQD3h0QmSpyFczID0mCIIgCIIgCMNAIDzEKhb5agakx4S/7njzzS999fiPH/nZ1X9ZUzQJ3WJaydy7d+/Z5/3w8E8c9eTTfy6axhvbt+848f+e/Jljjl372rqiafAYyaRdIHnocWQPOfSwM757Fo510TTTMK0lzJSD1V8gM8gPsuTfyCjjrY03+HQPfdcDh4zkqkeL+Fzte5BwWHPRfn3DhtO+c+Y///vHMOOCq35WtM4K1C98CMC803pf3Hrbf+MozL/0p0V9nBCoDrGKRb6agQHqsb3vvffAgw+ffOq38RbCuwL8t8OP+PLXv3Hzrxbt37+/MJqBqNlw79q1+/Y7lpww91tYKZeMtR93wty7/nBvYdEZ4Oe++5fGqbvksgWbt2wpjPqHoekxXh8DMkU/u/a6latWf3DwYGE6YzGtZMIGlkjCeN4zYnC7A+JQFk2Dx0gm7QLSY8BMOVj9BTITb/rxpkZLF9fVrgcOGclVjxbxudr3IGsu2ssef5K3/iOO+twXvnzc5VdcXXREGNo9t4+oWfhwMN33hfTYLGCRr2ZgUHpsxasrP3PMsXgzxOzwvj62SF5JDx48+Oiyx00+Bez8ivD+++//7vY7qvyAg7jzjVaPeUKYTbz0cmE93njxpZd/PO+SO5bcVdRLTCuZ77z77lnn/vCTn/n88y/MjM9JT27ddsKcb371+BNfW7e+aJo+Dhw48ORTT3/3zHP//MyzRVMt+jLplNi9ezfeet876zwcwaJpmkge+niDOLaoOqWntYThHKxxQ3LTv+yJJz/2yc9cePFPpnvoux44ZCRXPVrE52rfg6y6aKP95FO//U//evitv7t9yv9YHNo9t4+oWnjVdaPvSL4vaq7b0mOzgEW+moGB6LH1r2+gGDvplNNfevkVPg3DFQpvmIcfeWzBVT8b89tMPZJXUlyh/u3wI3AtPu+HF7y2bh1kFRrxunXbtrv+cO8vr7+JZvXA9e78Cy9G3uAH15dnn3vBEoWuV1a8iisLGtnSRwzt3pC8PtrS+D+LeH3ksWXQt0X3uAIBI9r4IcBMvNEOGX3fIfUFOF44ajh28X29QyQPfbxBHFtUndIzaAmjwnie0oPGGK46PleHFuTa19Z98tPHfO6LX+3kMyyz6TZRdd0YDmqu29Jjs4BFvpqBgeixq3/+S7wNTvvOmdhqF02zCPGVFILz7O//CEu+5LIFVGJdAAMvv+JqOIHnJ596epiCZGj3hvrr4+Tk1pNOPo0ZWLlqddE6rpAe6xrjuXmtua93iOShjzeIYwvpsa4xnqf0oDGGq47P1aEFOa0LyGy6TUiPdYFAdYhVLPLVDPRfj+19773vnHnOCN+fg0Z8JX3rrZ1fOe6EHq/4Dzz48D/96+GHH/Hpp//c0Ye4+oih3RumvD5Obt329W/Mgc25Pzh/3759RetYQnqsa4zn5rXmvt4hkoc+3iCOLaTHusZ4ntKDxhiuOj5XhxbktC4gs+k2IT3WBQLVIVaxyFczMEA9dvXPf1k0dYAtk5NX/uzazx/7NWgSjD3iqM9dctmCrdu2sffgwYOvb9iw4KqfmcHhnzjqnO+fv3HTJhoQ/sr77rt7rrvx5iOP/gKqeP3VosXc339w8OAjjy077oS58PPP//6xk0/7zssrXuXwDhFfSU2P/eHeP7Jluti1a/eJ//dkeLjpV7+e1pMxGL+2bt2P512CjGE4+NkvfuXa626ouiUgLb+97b+P/do3uPwT5nxz2eNP7tixo+regKQtuesPtAeRtz898FCglCAgP/6po5F5rKJoqkAn18eHH3kME8XBTHelsH/xpZf/84zv8mOQOAeSxjgfEL+Z4fVbp56BgUV3BB59BuBp9wMaMH5/EsLz2d//EU5j+iGq9gr+MKEXS774J5dXrdSjw4E4UgtvWfTV40/k74Dx3WQ/iGeHCcm59777j/78l1Hlb4X51dEY8IcVC8QymUzMfvmCq7Zt304zAKMwFl0B/f4pRv2kPNB4I3MtuEQ89Mij8fc3ajJDVzHRzrGYopPrTzLOeINYhQ5n8ecM356wRxXLP+07Z/oT7NnnXviXj36i6gNUPBbofXXlKoQNDwHRyPz4JfjjixMbpzcSS4fElEkIPPzu9juS//PCCzUuUDyseLMvuvV3uLngiKNqh6YKPkv+bYjXad0LujgoRVPtoa9/A9YM5I0S2YABiNMYN8oNG9uCAXhw7Qh6VHWhiiukec6urr+8IQ7AI7lq4v33339s2RO4lvJAY5k4lPG9w0B7+wkr2uONfODAARoEPw+GY4H38p133xN8ICVOXRAkAjjznB+geuPNt9DAA4cb+azqJeJVJy8gwVsgQPJtkoSfbvfu3T+98mdIKfJj31zANunGhbfYuYRe3M7iM3m6F8wYwcK5BFQDJs86AlmFwY9+fLEdVmLd+tfxxvz0MV/asGFj0ZQDFy5coOwKFhzcKa/bNUvGZbPqVBwOAtXRC09etH7HO+9fdv+WoH2YRAy73/vg10/tCNp7Z5GvZmAgn1f81a9/g5Meb7BXOpA6eKvc9Yd77Sp8zJe+BvJtY9c73kLM4AtfPs5u5/6DbXa9uPue+3gngCXuWGgBL7/ialzT+ZlANNosMHvyqacLFx0gvpLi4nLhxT+Bq69/Y84bm7v5/cPnl09g54Tl4MJUNHUA3Ip+cf2N3CVwsdg6s4rw4udsuNhRN4JHffaLTCPsr77mFyjH9wZ+NR/GTDuGcOxZ5/7QfxKVOyTYTPndNrs+FvUUIA5xo4WZF7fTXSnsr7jqGhogbDvWnznmWL9G/4U9OGRCULULeoydO3eeesb3vviV43jG4kRCGUQjumBgpwe2F8gePVu0VWesnerAmrWvwSEa/UrjoxOjw4HPPPvcJz/zeZhVrZqHCXIFAoZhgzxqyW2EHVb+vFhwtvicv7Zu/Qlzv2UzwobZg8zGe5M2MWomRZC337EEM+JwwI/t1a665lp/y6/PDC4X6GUjg2dUaOdwmMEYw9lr8QdHMxlnsIeoQYez2Dmz9MGH8E5EwZ/hyICdS7vfeYcfAH7goUfY4sEE4sKFd1z9KW1LuH/pg7BhDu26+p0zz/FXg/okJD3EP2Btb0wQ9giGxpgLugUFO1er0K97wXQPin8jVx36Kd+AyYG4UUJ+0JLB+LDRBYPCtFp0Acmu7P/U8mUy23zzJod7JFcNbN++gyceiPTa4QPRjt7CrgRaTjn9u7G9zwDvMmbACEEcRC/J4tTFQeLtgCoiwRuELQbefQ4/4tMrXl1ZNEWIHSYvILjQ1fykTfJtkoRNh/c7/6eb5Oz0gyrPJczLdzFOCVyN6YGY1gUziWDhU94KY7z8yorDPv4p5Oatt9oMcK+HBzC4UuHNiNjO/v6P+BsEwcGd8rpds2QwOHOGjEB11BBCa/+BgzVSpxM9RiecGoW+iDc4wbyYPWjvLxlzQzAQPYbLK65GOONx6mNLV///EPfedz/eKrh83Pq7221PhgKqUCmsrn1tHa4XuLrZ/+Ls3r372/91NqbAfqL1X2jl9eLTx3xp3iWX8T9uMeS++5fCPwQP3ti4HK
"deleted": false,
"disable_correlation": false,
"object_relation": "media",
"timestamp": "1713946610",
"to_ids": false,
"type": "attachment",
"uuid": "fe1cbfd9-09e4-428b-8609-7b81400a6ee0",
"value": "GL5Qx1MboAAZwsk.png"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "embedded-safe-link",
"timestamp": "1713946611",
"to_ids": false,
"type": "link",
"uuid": "1bc07857-8aec-4007-b69a-881e1036f86a",
"value": "https://pastebin.com/2pz1iQFm"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946660",
"uuid": "4e694833-a507-490c-801e-4a1d046c6bb6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946660",
"to_ids": false,
"type": "filename",
"uuid": "0f38cb16-3613-4d32-a13a-7735f5352238",
"value": "Archive.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942731",
"to_ids": true,
"type": "md5",
"uuid": "f872de60-27bb-4886-8a4c-a78905d19639",
"value": "7a5a694ac7d4068f580be624ece44f4f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946657",
"uuid": "0a261f97-18ef-48b1-8413-41cdb23af57e",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946657",
"to_ids": false,
"type": "filename",
"uuid": "84c3212f-b715-4615-b789-6ee6f3d8a94c",
"value": "E.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942823",
"to_ids": true,
"type": "md5",
"uuid": "0ac4d7bf-235d-42df-87d7-7631bde17374",
"value": "aad9dcd3a2045dafea47eef776ec5b8a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713942841",
"uuid": "e8ce3ab9-ca6c-435a-8ffd-e530bbe2b586",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713942841",
"to_ids": true,
"type": "filename",
"uuid": "37e78164-9e23-457d-8d99-82f33fec68a2",
"value": "cryptoPriceMonitoringSite-main.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942841",
"to_ids": true,
"type": "md5",
"uuid": "419c7649-dd7e-44d5-9a43-14b4eb5ae5c3",
"value": "53ec27df858d3d133808ec338df29fc6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946654",
"uuid": "0d697be1-5bb2-4165-832a-de7ec5ec6c3b",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946654",
"to_ids": false,
"type": "filename",
"uuid": "8d4d1ef7-4163-47ec-bb35-b4f7d59449be",
"value": "dev_now_gold.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942858",
"to_ids": true,
"type": "md5",
"uuid": "1b9122d2-8183-4451-a35e-e8e209b27437",
"value": "e6d09c7ad340d10109e6781bfb05a319"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713942874",
"uuid": "0f888db2-f528-4be7-b773-30746f468564",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713942874",
"to_ids": true,
"type": "filename",
"uuid": "4920e992-429d-4033-90a9-eddb4d6352a2",
"value": "purchased-casino-template-master.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942874",
"to_ids": true,
"type": "md5",
"uuid": "97b3aa9c-2b10-4909-9639-91f09521b3f5",
"value": "f1b78698b108fbf5bfcbb6d7f3bbad76"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946646",
"uuid": "ccb4f586-8d20-44c9-8409-7f9bf82ab1f3",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946646",
"to_ids": false,
"type": "filename",
"uuid": "981ac497-7aa9-432e-92f7-7815a64f3b58",
"value": "server.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942891",
"to_ids": true,
"type": "md5",
"uuid": "b1375fa5-4dbf-44c9-a8f6-820c14f32228",
"value": "fa174cdd22080f11e13844c1e3326cd2"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946643",
"uuid": "bbdc449d-f104-4ee0-b5e0-49f22bc8ae77",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946643",
"to_ids": false,
"type": "filename",
"uuid": "8fc84472-98c7-4d6d-90fe-5b25f2d97376",
"value": "test_interview.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942911",
"to_ids": true,
"type": "md5",
"uuid": "32601758-3039-4500-bf71-29edc4a73585",
"value": "97868b884fc9d01c0cb1f3fa4d80b09f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946639",
"uuid": "fcd9e347-7ff2-4396-a87f-b560b1e4d9c6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946639",
"to_ids": false,
"type": "filename",
"uuid": "e91efd45-7939-4aef-bc09-cc8f37fe9851",
"value": "test-project.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942931",
"to_ids": true,
"type": "md5",
"uuid": "5ff9fb01-6555-4748-9dfe-bf69c21e6ca6",
"value": "d3a85f6ccf117fb1cdb506094edddd22"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713946635",
"uuid": "ae7750cc-6d46-4aa4-854b-faa653a7ffc6",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1713946635",
"to_ids": false,
"type": "filename",
"uuid": "bbeee080-7f94-40a2-9147-ca619d92447c",
"value": "test-task.zip"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942946",
"to_ids": true,
"type": "md5",
"uuid": "b13cbab9-7a14-4975-b675-10d78191731c",
"value": "46b2cfef633e6e531928a9c606b40b16"
}
]
},
{
"comment": "7a5a694ac7d4068f580be624ece44f4f: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1713942965",
"uuid": "c4d5fb0e-ed0d-46b1-8c9f-43141bf5f080",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1713942965",
"to_ids": false,
"type": "link",
"uuid": "085b382d-634d-4ddb-aa13-67ae7a0020b3",
"value": "https://www.virustotal.com/gui/file/c09271054916807f78795a7440c6223d05c6dd543b97fd3a32aa44b1e8dc658e"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1713942966",
"to_ids": false,
"type": "text",
"uuid": "02d189ab-bebd-4db1-8a33-e188891d1da2",
"value": "5/63"
}
]
},
{
"comment": "7a5a694ac7d4068f580be624ece44f4f: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713942966",
"uuid": "d804ff70-5868-4d8a-a9f9-445b372d928d",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942966",
"to_ids": true,
"type": "md5",
"uuid": "cf6a9a8b-5b36-48df-a112-f83e6df50824",
"value": "7a5a694ac7d4068f580be624ece44f4f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1713942966",
"to_ids": true,
"type": "sha1",
"uuid": "b159a8bb-1cde-4a48-a389-fdee9148f278",
"value": "3e52250148123c5105ce251899cf6ba696657daf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1713942966",
"to_ids": true,
"type": "sha256",
"uuid": "d6bc4f7e-9ffd-49cf-bef0-f2bdfea3693a",
"value": "c09271054916807f78795a7440c6223d05c6dd543b97fd3a32aa44b1e8dc658e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1713942966",
"to_ids": true,
"type": "tlsh",
"uuid": "2fef392b-f9e2-45df-9314-5bfb231bf464",
"value": "t181a21a7d862c1d56eb425279db828b4c92c7480253d7298ff794a80c9b6f1c4eb3f687"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "vhash",
"timestamp": "1713942966",
"to_ids": true,
"type": "vhash",
"uuid": "6984443e-af39-45d4-a229-f09fe58e466a",
"value": "8ea2b911231296d0b157663c9925747a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1713942966",
"to_ids": true,
"type": "ssdeep",
"uuid": "cbd2d7af-8b30-438c-b42e-c3fed3c7e9f5",
"value": "384:DlV7q4PW1bzAhWoiqy6F2Axnyrk/YnW2xXsju46qXAEVsbYIGiXsrJ9ZjadxNtTf:GfbzAhWoiq1Ffsn462hi8rPxWL"
}
]
},
{
"comment": "aad9dcd3a2045dafea47eef776ec5b8a: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1713942998",
"uuid": "8a453d92-de5f-46f3-951b-7dbd33aeea36",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1713942998",
"to_ids": false,
"type": "link",
"uuid": "4bd2066f-86ad-4ddf-9f65-c64c217839c1",
"value": "https://www.virustotal.com/gui/file/1e959131e5964fc47b468bd5b920221a418b660898a692215ee996452d0b741a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1713942998",
"to_ids": false,
"type": "text",
"uuid": "c9dfa03f-8f3e-4123-8fae-14df1f2fefc6",
"value": "5/63"
}
]
},
{
"comment": "aad9dcd3a2045dafea47eef776ec5b8a: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713942998",
"uuid": "c0ad189d-c3a5-448d-8e12-0edcf29357eb",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713942998",
"to_ids": true,
"type": "md5",
"uuid": "a192f7e7-f10a-4b7d-a145-a7f3f352176d",
"value": "aad9dcd3a2045dafea47eef776ec5b8a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1713942998",
"to_ids": true,
"type": "sha1",
"uuid": "f1b73b44-4ac4-4a8d-a778-9f7c4d1de439",
"value": "b69740225bf9c370ade85120fabff3e0a06ec747"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1713942998",
"to_ids": true,
"type": "sha256",
"uuid": "87928620-88c4-4817-ba67-47c31d8c1f08",
"value": "1e959131e5964fc47b468bd5b920221a418b660898a692215ee996452d0b741a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1713942998",
"to_ids": true,
"type": "tlsh",
"uuid": "e447450f-4400-47cd-ad69-ff7b770690ca",
"value": "t1ebc633e9d60afd13cfb330fd15232197d62b403a04d93a0e6ae7275849a7e716b481b7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "vhash",
"timestamp": "1713942998",
"to_ids": true,
"type": "vhash",
"uuid": "7f5ebc8e-ac48-42c7-ba40-cf98843d8ef6",
"value": "368ee962ab7ee47e59e1451977b49a53"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1713942998",
"to_ids": true,
"type": "ssdeep",
"uuid": "9f3cb1e1-cf6d-43fb-9a3c-df807c62f022",
"value": "196608:/TiGy2glm8hpEs6nfk3VXPsI7wSAcGqO2glnHXLN++37gD8MumWhIIIDizJBbEQ:+XXxhL2sF/siwSAcq2gZ35++LpMumWKA"
}
]
},
{
"comment": "d3a85f6ccf117fb1cdb506094edddd22: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1713943096",
"uuid": "2fb6dad2-122d-4845-ab45-ce5b76ae3038",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1713943096",
"to_ids": false,
"type": "link",
"uuid": "a2f13666-190c-43a5-b7f9-4bccd10573ed",
"value": "https://www.virustotal.com/gui/file/5cc1493357886c767354f152b940d63991f07a5010f22a46e8a514a08fbe3b18"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1713943096",
"to_ids": false,
"type": "text",
"uuid": "65f2ce24-7453-4cdd-b787-7a9c77b1b3f9",
"value": "14/62"
}
]
},
{
"comment": "d3a85f6ccf117fb1cdb506094edddd22: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713943096",
"uuid": "b0301e3d-0788-4959-b7d1-128510c2f015",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713943096",
"to_ids": true,
"type": "md5",
"uuid": "257cd28d-41c3-4ef5-837f-d68e3633b76f",
"value": "d3a85f6ccf117fb1cdb506094edddd22"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1713943096",
"to_ids": true,
"type": "sha1",
"uuid": "06161be4-83e4-411c-8927-e0cc790dbe02",
"value": "9be879834f1b2e19adfc342657a70be2da5fb27e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1713943096",
"to_ids": true,
"type": "sha256",
"uuid": "393ffb6d-8b28-479f-976e-04883f931e73",
"value": "5cc1493357886c767354f152b940d63991f07a5010f22a46e8a514a08fbe3b18"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1713943096",
"to_ids": true,
"type": "tlsh",
"uuid": "533c8f21-3f7e-47ef-af6f-302f4878fade",
"value": "t19192e10892fa3a12e6a9ea3ceeaa7a77dfc4c76013219b371c155f40bd614731786748"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "vhash",
"timestamp": "1713943096",
"to_ids": true,
"type": "vhash",
"uuid": "2a5cdff7-9da1-40a7-a8d7-6f37e7df34a2",
"value": "44a94cf9b723ba33e3c34a03cbf30a77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1713943096",
"to_ids": true,
"type": "ssdeep",
"uuid": "12a88019-c072-4311-9163-b4fafe19fd7c",
"value": "384:i/3WEvsdCWlcn8IKO/XE6nvmjFAHl9/xsazRDtQYBrpP:6UCW50XQWFVx9zRhzr1"
}
]
},
{
"comment": "46b2cfef633e6e531928a9c606b40b16: Enriched via the virustotal module",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1713943119",
"uuid": "52c29329-199a-41ff-84b1-edc3b91e98ac",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1713943119",
"to_ids": false,
"type": "link",
"uuid": "14b96d22-9e65-4bbc-abc1-aae00d71544c",
"value": "https://www.virustotal.com/gui/file/f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1713943119",
"to_ids": false,
"type": "text",
"uuid": "7b7cc868-a164-43b6-a756-9a2fd2f08425",
"value": "7/63"
}
]
},
{
"comment": "46b2cfef633e6e531928a9c606b40b16: Enriched via the virustotal module",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1713943119",
"uuid": "c5aec8df-8d20-494d-be8b-8844cb015d8a",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1713943119",
"to_ids": true,
"type": "md5",
"uuid": "d8d7a642-9528-49eb-9f5d-b19d7be1f989",
"value": "46b2cfef633e6e531928a9c606b40b16"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1713943119",
"to_ids": true,
"type": "sha1",
"uuid": "a8bd9c00-7b4f-496e-b8dc-1a839ae5ab14",
"value": "9cacbe18dca9df61f8adffd856193519d45425b2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1713943119",
"to_ids": true,
"type": "sha256",
"uuid": "02601449-ea07-47c0-b1a4-9a73e3a0a496",
"value": "f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "tlsh",
"timestamp": "1713943119",
"to_ids": true,
"type": "tlsh",
"uuid": "333ce76f-82ac-4d31-9c9e-fdfe5c8e1ad0",
"value": "t157c41251e02b4921e74fb73e68c54b79f1a8c75941b8fa1716d3e0d2c80a9ea0e53e0f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "vhash",
"timestamp": "1713943119",
"to_ids": true,
"type": "vhash",
"uuid": "edb7b941-35e4-4bf4-8a1d-a2d89e451d74",
"value": "a3db384a0b424982d7ba1e63c5ce7c17"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1713943119",
"to_ids": true,
"type": "ssdeep",
"uuid": "9adb85f1-16b0-4cea-9ec6-6720bd433b34",
"value": "12288:WPG0mF7+lXnIxgscWkYfdiDUZzCdbq8N8Eu:R5F7eXnLscWkkPybq8Nju"
}
]
}
]
}
}
Reference in a new issue Copy permalink