2582 lines
2.8 MiB
JSON
2582 lines
2.8 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2018-12-28",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Shamoon potential samples",
|
||
|
"publish_timestamp": "1622019237",
|
||
|
"published": true,
|
||
|
"threat_level_id": "2",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d759-4fec-4f21-a9ed-59b90a00020f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:tool=\"Shamoon\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:malpedia=\"DistTrack\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-malware=\"Shamoon\""
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983863",
|
||
|
"uuid": "6d2ea6cd-3988-4e21-93c7-d790cfe95bce",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a34dfda9-349a-4179-b8f4-7c843907ab69",
|
||
|
"value": ".text"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "84168bdc-0492-468e-91d4-edea671774a7",
|
||
|
"value": "227328"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a7ad194d-2b27-4842-9e3d-9c195ae42626",
|
||
|
"value": "6.1008939139977"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "162ac6db-5f2c-4a33-b572-726eb0cfe1e1",
|
||
|
"value": "0e05445913d343ef7ef8af7fff6caf2e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6a28f965-d233-49ed-b0fe-be3099f33f92",
|
||
|
"value": "7e39a897146b73b023c687b531c90c0b952e84d4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "254fd4c6-f389-451d-b9b7-52d0d37e57d4",
|
||
|
"value": "a0afde35dc33c0c03922626b0d699efa15764c9c063e4337cb236bce12e46803"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "848fd7db-6e9e-41c2-8d98-df441f8665e1",
|
||
|
"value": "3aef50c5906bc3ccbff9a1eeb8b560dd6d6e48500713a9ec5c3164534b37f3ca0f7b88c4495a793b6d255d8daa9b6d0faf3610ceb8e792a9e0e4f4086e4d75e7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "84c7ded6-917f-48d5-8581-2416ecebb37a",
|
||
|
"value": "3072:Iz8uJGk1itXEAgB7XcxTULy44T+H3ry2skQG5W4IiR838:QjJGkUt0bB7XcZ44T+H3r9skh5W4I2R"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983863",
|
||
|
"uuid": "86d676f1-4d5a-4f58-8799-f879669fafde",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "8c595994-289c-4420-b94e-993ec49b7caa",
|
||
|
"value": ".rdata"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f046161c-4c3d-4ad1-a7be-a1192c07ff19",
|
||
|
"value": "42496"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "1d1c362d-d053-4dfc-847c-85eb8a6c35a4",
|
||
|
"value": "4.6716861974421"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "e917647c-07bd-4429-bbc6-e7f6991ebcc2",
|
||
|
"value": "dc8978bbd3faf0f5bfbef34960349ed0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "283f6c30-6918-42e3-994b-f537af3594bc",
|
||
|
"value": "f85dfb0c5bf736b34c1466d210a76ded4aa6ba2c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b3043bf1-03ab-476d-bd2b-bba4993d8bb4",
|
||
|
"value": "434db3256589cc1a4b06121d07e944e5562fd90240cd3ed09842a029df2dd8c1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "bffcc72d-89f2-4190-b8e8-3bc1889f6568",
|
||
|
"value": "32e420c153acfdad372445924fe394370bfe1e57605f38636440d12147d23ef7ce4f0a6e50ecbf10d056fe5ef645d1ce2e108c1259b1212aa46764599e462c18"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "b6f9a181-1827-43ba-b02e-b91ea50ae363",
|
||
|
"value": "768:IkUFGXakD2DX6+bf+GxsJLk/+keLxtRMm3btcSNk6wb7ts42zgg:IUMDXB7+Gxsli+kobEfyZ"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983863",
|
||
|
"uuid": "55ee131c-0227-4651-84e6-595e84411fa3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "1c619cc5-b70a-4674-b0c5-6a5869a82179",
|
||
|
"value": ".data"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "9414cc34-5647-4999-8ba6-a4869bd013a9",
|
||
|
"value": "168448"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "d455578a-a933-4ab7-9ff2-a3a3e17de125",
|
||
|
"value": "0.88156694374417"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "72829a15-6aa2-419b-9dfb-e830c6324963",
|
||
|
"value": "0187542b3d3206b1b8150429cf4d46f2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6f674c31-d9a2-4ecf-bcaa-ab7c69f853c1",
|
||
|
"value": "0fdd336b35c42877e465aaa7244706819967392b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a76fe5e0-411a-432d-9f39-bdc532328bf0",
|
||
|
"value": "40ee86720b3f7c2b790361245d4b9671dd9b8c655c565a486c70388a90d002ae"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "ab9db1da-3f04-4e9a-b0d1-f7780712eb7b",
|
||
|
"value": "1357c6f55a578f61d526f6705198c0e658dcb5c4532944cf7c6cbd26cb6134c8f3ae7431e471a762b6d88c04cea090a48119da33a03fea0c34fd9cd927e292e7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "91b141d3-e4ae-45d9-82af-71f665b75a68",
|
||
|
"value": "384:bm2kfRpZDJZmLRUuk6c49ZFp+Q5PvMpyWUaApcx:bqTPmyOcgNLkKs"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983863",
|
||
|
"uuid": "35b8f3d2-dc7c-4981-8831-d5f833664eae",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "3f05b433-7111-43ff-b305-d5cc43a2b9e5",
|
||
|
"value": ".pdata"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "f26a30f9-1dae-4c0d-b566-ce472b62af0f",
|
||
|
"value": "13312"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "a8861fd9-3ed5-41d5-af85-431a7ffa14fc",
|
||
|
"value": "5.5097110428088"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "dbcf30f4-d24d-494f-877c-4234d9dc5a1f",
|
||
|
"value": "0662a28e65e22519d99668ac8c612770"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "e3af291f-557a-4dc6-9424-9bd1a2cf76d5",
|
||
|
"value": "4c9bd3026cdbdd8465f2f9b4fc7efdda8a01492e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "2540ce18-8e83-4a2b-aa43-4091ad781965",
|
||
|
"value": "479b42dcc05eccb1bd9b278dc3f71a03d0a15b0eec6863baf2843c8b910de1ee"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "83d79ce6-d474-4489-8fb3-a9c226b539b6",
|
||
|
"value": "b68487b1ae3855c5ac2276b200e89b6d37ace9fc12b412aefb4b4aa845587a347d655ae324c9b497758b4135d0ff57be64e2a409c08be7541af17d1d60fb41f4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "52d622b5-46ce-412e-9445-33441a5e1e35",
|
||
|
"value": "384:AGRZqhwRmmOTZ83vaBrbOOuKLo5u3S+jp+G3W5:5R4h2m/TZiarTu6S+jp+sm"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983863",
|
||
|
"uuid": "74c8d687-0ade-4e05-ad5d-b00e851e62fa",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "735b2433-2a6e-4163-983d-d4b2736da6c7",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "bd879bcf-90ad-4531-89a0-b1bbd21dd5a2",
|
||
|
"value": "178176"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "508eaf0b-8c61-4e60-864e-1696efa923ee",
|
||
|
"value": "7.9615599049273"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "9279aabe-4c02-4565-bedd-5028ff469dbf",
|
||
|
"value": "50d7fbee853a4e85c8774541baed7450"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983863",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "06802101-82ff-4f01-afad-9d7229a60584",
|
||
|
"value": "0bf92ada61fec0bdfe0c225ab918a390cd5cd96e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "f30c604f-f9b1-4674-af6a-9ffe223ea349",
|
||
|
"value": "9d1987fc565c410cd9e62c0d549824ed574a3f12ba6a7fd55fd29c3846c8d194"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "cd7e356f-9f75-402c-8a7f-bd69179d329b",
|
||
|
"value": "8213ed90c7395fb7667060812f319dffdeecdd8b9a15df320d0cd9f2ce46977003716be4abd5c7e1d995978bf6e3a32c5cfa2c44da88cef13de7938d92c83254"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "420945b5-6880-42ff-a3c8-d642c14c004a",
|
||
|
"value": "3072:vPkI7w2dWn9+xQdhh4/xc1M31WH0THsOCVBz9amqWAl/l6hxrgQpTLEM9:vsItWn9EQdhKLP3OxImqtextp/Ei"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983864",
|
||
|
"uuid": "14220d97-dcbc-4c77-9a07-dfb2fd365b9d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a233eb41-3db4-47fe-a9e0-651c6feed212",
|
||
|
"value": ".reloc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "594ab256-ba20-4f51-b861-50047b296ff5",
|
||
|
"value": "3072"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "dfe03f78-6fb6-4d64-a66a-90270f603f53",
|
||
|
"value": "3.5959273270587"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "964a7716-0648-4698-8d11-27a4126a9b9e",
|
||
|
"value": "c38d6b4dd72f6c203b9b6e6f7b600c95"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "e19ae793-3c4a-453a-b39a-49c21689b204",
|
||
|
"value": "0664d776696abe79a6c1847a2678c89d7d52e643"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "245257fa-c390-42c5-9d49-0629dedade4a",
|
||
|
"value": "34ec2817a0ba5a3761e0d5c570e14a712babf9e5589e8e5865d9f8ddc033a05e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "7b3337a9-0cf9-4d3a-8420-634dd8104793",
|
||
|
"value": "fded8ac76d489b9311f56aa38571c356bb2b14af2335b5c2738cedb77d58f3ac5f70d99ad1ba68d8133037ba450d41981085da6a6328dbf9109371add2890ac0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "7cedc476-8221-4825-8ac3-7770d2331514",
|
||
|
"value": "12:vqAG/n4n/oJFM3EMUH8FMsSFng9HoAIgo+hK1vveQggQHHHHHoAIgoAI+lKs0gXE:uM3EMUH8+heFuvvgRKs0q7/UklsJ"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1545983864",
|
||
|
"uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"referenced_uuid": "6d2ea6cd-3988-4e21-93c7-d790cfe95bce",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-c93c-435a-8dc7-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"referenced_uuid": "86d676f1-4d5a-4f58-8799-f879669fafde",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-b080-4432-9c70-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"referenced_uuid": "55ee131c-0227-4651-84e6-595e84411fa3",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-f1c8-447b-a8f3-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 3 of PE",
|
||
|
"object_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"referenced_uuid": "35b8f3d2-dc7c-4981-8831-d5f833664eae",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-1348-4251-8194-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 4 of PE",
|
||
|
"object_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"referenced_uuid": "74c8d687-0ade-4e05-ad5d-b00e851e62fa",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-b154-40da-805d-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 5 of PE",
|
||
|
"object_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"referenced_uuid": "14220d97-dcbc-4c77-9a07-dfb2fd365b9d",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-c424-446e-a33c-59ba0a00020f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "57a5eff0-feeb-4c5a-ad52-d2185308a71c",
|
||
|
"value": "exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5d1e1483-7fb4-4584-8f70-6a0f78003795",
|
||
|
"value": "5368844388"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "a14983e0-bd11-4da0-b4c6-abb06fd66979",
|
||
|
"value": "2011-07-15T16:10:08"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "bab86c0d-ed69-4e18-913b-19e8c57149ef",
|
||
|
"value": "PC-Doctor"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "467a4272-372b-43ba-8dcf-a9e405fa367b",
|
||
|
"value": "PC-Doctor"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-description",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "654a3062-e595-48db-836f-1e05f34bd419",
|
||
|
"value": "PC-Doctor Hardware Diagnostic Tools Update"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4ccf3e63-1cd8-44f8-b7b9-b36d608fc2a9",
|
||
|
"value": "1.0.0.0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "49e68d67-0d77-407a-80f5-6b1f5fe3c24b",
|
||
|
"value": "000004E4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-name",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c0aafc54-a4a4-4080-8cd7-4c0eb2de8d7b",
|
||
|
"value": "PC-Doctor"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "74549d93-b807-4fd8-9bea-50b1fa222031",
|
||
|
"value": "6.0.5205.31"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "company-name",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "32cc9200-2ff8-4b3a-ac4e-397619532371",
|
||
|
"value": "Hewlett-Packard Development Company, L.P."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "legal-copyright",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "59394f6f-482f-4957-b391-e9bb4f826175",
|
||
|
"value": "Copyright \u00c2\u00a9 2009 Hewlett-Packard Development Company, L.P."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "75317cbf-e16b-4de1-b4ed-5bed20e7022e",
|
||
|
"value": "6"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "15",
|
||
|
"timestamp": "1545983865",
|
||
|
"uuid": "c091d73a-f69f-49ed-91b4-bccf41318fc1",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "c091d73a-f69f-49ed-91b4-bccf41318fc1",
|
||
|
"referenced_uuid": "781698cc-3b82-4775-9b6e-a9b5752e16ef",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d778-dd28-42c1-98dc-59ba0a00020f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "b9984f5d-b01b-4f06-a48d-0438f1179a4a",
|
||
|
"value": "gfxprc_X64.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "34040f24-fbc4-45ce-93bb-d2eeb49245ef",
|
||
|
"value": "639544"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "0ec290ba-986a-4272-840d-e4396027b657",
|
||
|
"value": "5.8820764880033"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5ee0c16c-e9b0-41cd-bff0-4e6a4a30acad",
|
||
|
"value": "d0c3852e376423247ae45c24592880b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "af8a8acf-d4ea-4df6-85fe-70085fa5c198",
|
||
|
"value": "7335b8bdc62f35e2579ba18b91dc6227c586ef75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "dd316f9a-ef79-451b-b242-e09ad504d154",
|
||
|
"value": "f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "fff49093-4a62-4078-9d4d-628b75f1c635",
|
||
|
"value": "6445a1840b8da37fa4104158177148bbe3924924fb5506311ef6482717b04df4604de265afb0ce1b78b1884de40fa12ace735131734a7f0e643a0846a235ceae"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "b55be764-413a-4932-be48-cccd1096ce44",
|
||
|
"value": "PE32+ executable (console) x86-64, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983864",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "40853deb-fe0c-42ee-ab69-42d2b1be0d00",
|
||
|
"value": "6144:hjJGkUt0bB7XcZ44T+H3r9skh5W4I2YF/sqLVu2sItWn9EQdhKLP3OxImqtextpM:hckUtGBYYWv/D4bn9EQMGxYWtJ"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "1d433c6a-3ff0-4099-9285-f26dc57988ed",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "30ac3be3-d59b-4cbb-beba-ba0c7d315548",
|
||
|
"value": "92160"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "91eadc8b-3481-43b6-9cc5-eea1d046ad56",
|
||
|
"value": "7.9976290331568"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "98b6802a-b551-46ae-bfa7-a478fc2ae529",
|
||
|
"value": "0df19b2f4a86d4deff0d9d1408238808"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "6ed412e6-e69d-48fd-94ee-fb110ac99155",
|
||
|
"value": "7dbbf319c0cbb7d598859caae37bdca71a510cc9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a89c3ddd-f900-4df8-82a6-e48854883950",
|
||
|
"value": "c83c72127dabeae4a2c020b348fa722e6b458f9f42fe1056d2890f45b8f388a7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "17363175-bdc4-4b9b-a05b-faffe031902e",
|
||
|
"value": "92fb2a3f70ffd15ce4a4ecd244458ebbf7d4760c5a149f898e4439c93e3cf240c6d991e33082d612e05f11678f4ca144b12411d55f66ace0fb5ce97bb77cc476"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "ca8d58cd-8382-4cb9-a6e4-3f139c265f54",
|
||
|
"value": "1536:JCLlRNzYX9gJXNwDcmBmzHb0q+GPlhmtTVpwhEnrtOqiUzP/aRN/lD5PPmL:JgN8IXCDpBmc6PEnwhOZOqPzncDtm"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "45bbb02f-ab78-4ba1-819d-a3347369d155",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "fab3a50b-f934-41d9-b326-c760d61bd4fa",
|
||
|
"value": "13312"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "049db129-e1bb-443a-ae58-253a854f3337",
|
||
|
"value": "7.9456438323275"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "dce691f4-ed1b-4b50-b04d-01c46a8d62e1",
|
||
|
"value": "e4abb06763d8b59b2acd6958e35757e0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "e37e3586-2647-4cb0-abac-a7d7d7c7fdba",
|
||
|
"value": "ca09c0c8a2440bf06295e930bab7f1f8cbb60faa"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "8e3148d5-da37-4914-8e65-32c73cbfcd0a",
|
||
|
"value": "88e0b04681abbe603f4f4e160e972b8172baf7e87e055e5b27b15cd13ae0722d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "07652f70-1946-4873-909e-0d58096bfb30",
|
||
|
"value": "2adecfb2eabd9d91aeed0be5fdeaebc9dc0af5ab2de034be8ac0e4b48442a5cb85a589674cfff6354981b53b6ce1d9d29ed4863aa6dfc9cfa90f653ecaf5ea55"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "a41972e8-b67b-46ec-a49f-5d6c58e20314",
|
||
|
"value": "384:WUh4A2lHA8lRg0IdIjQE6O0Kcte/5FUS/0Bkx3qpydLhXW:T4lHpqtdKQENh+580Bkxa"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "2cac037c-bb77-4353-ad9c-e17a172cd779",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7274e566-d4cd-4e42-a495-18162198e054",
|
||
|
"value": "11264"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "da383770-4732-4d9f-8ba4-a456dee19709",
|
||
|
"value": "7.9415040964491"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "cfc15a95-0e80-4acf-8eca-2497640ede93",
|
||
|
"value": "b5916eed7f9fc8eef435f6930435391e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "1be86d2e-1979-416a-8d62-b3e3c1c511b3",
|
||
|
"value": "3df10439fc781d94dd09587dba7f4b6ecbb95ea0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "9c557939-3f17-4ad2-86b5-71068f4565c9",
|
||
|
"value": "6063e5ec0f84f451f5baaeed515818df9b36f02f38608f128ba9c15dac340dd9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "6095d436-fa7c-449b-beb1-b5b1518a3915",
|
||
|
"value": "4729c85c03958b286289c3ccd49fbadb8335ffdd133ab091077917c3d80db05f1b3f7217737502efcd2be2d70824b1607f9f6a7f10157a631d0197b472804243"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "87241bd9-3619-42d1-ba9d-ff3d021f4465",
|
||
|
"value": "192:m1NaO3dPdfbn49IOIZ2ivbkvG1nZ/URcFqXJwVSPNfZBs5:m2IPdsS/MivgvCZ8RcAXJwIPtHy"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "a84f8547-af96-40af-8821-230616c09f53",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "c8341732-8cc8-4f4d-a13d-efa2b9d30ead",
|
||
|
"value": "7680"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "2cb46601-cdb1-44a2-921d-7845817a194f",
|
||
|
"value": "7.8320185946322"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "aadd90f6-ff3a-4778-8ec4-cd248fcdc8a5",
|
||
|
"value": "37b2435a5411df97ec7a28433f267359"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "7870ecd0-a250-4c0d-b76d-ef622d375aa0",
|
||
|
"value": "6a77b8e957bcb877ba637104ed304a9e45cc4943"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "e217e261-9397-4e4f-b494-f2d17182cec5",
|
||
|
"value": "ee53e1bd592495987619f9366eb65f97aa5908721b65dcb33b82a5857c5bd01a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3417cef5-2c09-4cb5-b886-bb410c2f119a",
|
||
|
"value": "1d2ff5cfce297f456e8e4c464246c5dac6c959d70fa50b40cb2c65b7daee569576897ee259a89bb5801ea4223f95e22fc4be167e059f59bdda623be9db7bf074"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "55898f1d-df42-4eb3-bbff-aa04ce325a7d",
|
||
|
"value": "192:Y/zvRxuxKyfCs4ATLeoBYSA86+g1yTz1KkMbtNzM58fl:gvRyDtTL0jN1yfQXbHS8"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "c10d11c3-4b8c-47ba-8bcf-59fe5cdd43ad",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "a79fb449-266f-403c-a03c-bf367a56d97f",
|
||
|
"value": "177664"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "18f0897e-2a39-4e13-993e-db4cd75deca1",
|
||
|
"value": "7.9989145284078"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "82c1c4c4-0e33-49e7-b697-8894eaad6344",
|
||
|
"value": "265ea2f012973e1d1d61a2a3b076257a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "4a67da00-a140-4817-b94a-4bc614935f36",
|
||
|
"value": "dc31ae1d8cb037aa186feaf0ca51a58ac28607b3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "ac3826b4-15eb-4e20-829b-d685c0ab2d8a",
|
||
|
"value": "656447600a622143ed38cb8f4eb37e0e4c05b7feb1287b80b06153c4336494e5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e29c8665-0b41-46c8-b329-84104e383c65",
|
||
|
"value": "f2f50fcad565b70fcdb8ff90cecb52e33c5082a1512ef1ae37c21e9eb9c8f9ce3244cae70eff99b9196fc0542d62fbe2d804f609839077c357d0e93bbeed353b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "cc552ba9-bef3-4d02-b00d-2db88bdc151f",
|
||
|
"value": "3072:Ht/z1bfLOtbUtRuC066GgbFNL+5reOWHxYfCrPaZEvYoTWOUJwwMoNJH3u3J2qFr:HtNfwbUtRuCr6zjAnWH2fKbYoTOwJ2qJ"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "aaa2916d-ce88-42de-b4d6-71244c10d7e7",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "7d134479-f575-4cd1-a81e-669bc0424893",
|
||
|
"value": "1536"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "e950946c-cf9c-4eb9-bd08-26948b08ebbc",
|
||
|
"value": "7.8485683932965"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f295771b-bf2a-418b-a366-486445e6cb56",
|
||
|
"value": "247b6cf36ce0933afa9245b77c824fcd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "22e8029d-bdce-444a-b8fc-5e45dcf46c7e",
|
||
|
"value": "bbfcca07ac95f5180093ace4e08578d68f8b4adb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "081c5173-c5c8-43ae-9b71-e57c22586152",
|
||
|
"value": "9377716dd6c82bea0481dc2c7cc4b95db53fd7cac46e9bb124efc9614a273d56"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "9f176ab6-2002-4a73-8142-a350a4e17d8e",
|
||
|
"value": "a138e7f213e1f407a45798c1729ac29a1f9a9016015245b39c2bbfbe1c30e04b56ceddd76dbc30f475b82611359b4201ef474fb2e2aeb30d10607dea598ef535"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "34eb84bd-95df-4fde-b708-aa8d8c514ba9",
|
||
|
"value": "24:4Ax28T++ItP48LR9WuuYMIT/FhJSjX9Y9DkW4gDelksrS5Jgibd7KS3GagJ:V28T++IW8t9Wfwdm9U5ClksrCt5PDgJ"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983866",
|
||
|
"uuid": "305a29ce-eade-4735-acc2-1c44304f781a",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "name",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a01effba-b5d7-4c03-976d-5f4e232247f0",
|
||
|
"value": ".rsrc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "1798bd0f-70a4-439f-b1a6-b17f3260eb46",
|
||
|
"value": "2048"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983866",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "982a30b4-1279-493b-acdf-c59a7a9b0beb",
|
||
|
"value": "3.6116064980795"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f9c9d8c7-493b-45ba-a0b5-2424e39f204c",
|
||
|
"value": "deef08361c6418703700a26d487c6923"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "4e0cdee3-50a7-4fa2-ac99-279f3615a7aa",
|
||
|
"value": "0fc03aa527f31489f2d7a9d6bdf548c738842b00"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "b3c3b15e-f092-4438-9423-a2747b9eb967",
|
||
|
"value": "c98dc270e01c2bebfb3986787f686824f6a50c4fc567bd29ddc6ac29f6e8d1f1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3b68cae4-9b2e-43ba-bbee-c2a88adace0b",
|
||
|
"value": "4cde259a1851d8b920154edf27c7c6be9ab7d36051bce33a5798ca25445e2ec36c1481c62769ba86eaa0dda7d9fce7a300fd174f9c23230b432bb033f2a09501"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "5ece4e7d-e7a2-49c8-be4b-8999219dc1a1",
|
||
|
"value": "48:G0XB1vlDacmj9GZFCufNfInFC/cTTqgCS:G0XLvtmEUuFQnULgC"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983867",
|
||
|
"uuid": "8eaec159-c57a-4010-93a6-580ffa89ba71",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "a6522915-89a3-47ab-a0d1-c3bc8359d50e",
|
||
|
"value": "245248"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "bc1d6325-1952-4f46-b388-0565fda420fe",
|
||
|
"value": "7.999104414694"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "c4b38c1c-e64e-4d57-891d-029613ef699f",
|
||
|
"value": "a89543a93cc6103f08eed75483238d18"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "66b65ad8-5f98-4462-aab5-e47a7d4563bb",
|
||
|
"value": "4527506910921f4b168236078a1a3f788bb62069"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "0cc5cdf5-fb6d-440c-b08f-ab8ea95ed25d",
|
||
|
"value": "6f8cf2d401feb2025f8ed0353638ac4e99de94b60fa5b5d4036faf5060c5d73d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "3075f13a-a4a6-429e-ac27-e18716aa10f5",
|
||
|
"value": "b8f96b1d006c1a137907ca2143ba48577fc72b97217fbd02615f4c34b6df3a47c2ddf1c86c78e950feb2dc8c6c43dcb397ff3c201d49de5ef2106ee3ad1654b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "3dc54be8-f6e2-460e-b17d-1891cefac070",
|
||
|
"value": "6144:L2F2mSt6wU+Y0PuvZVOGIh97gtmQVJCqklJhvmlLmMzeabg:Lnu+Y0mvLOcfrChJhvmliMI"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a section of a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe-section",
|
||
|
"template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545983867",
|
||
|
"uuid": "ef11870a-41f0-4f64-a83e-84fbc2eca7b0",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5ea6b5fe-3362-4bf3-b103-8f429d8e3480",
|
||
|
"value": "1243136"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "ce82b1b7-7715-4f5e-a3b4-32116f01fd4e",
|
||
|
"value": "7.9712731055236"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "1d3447b3-1be1-4785-b142-9cb0d7eb4116",
|
||
|
"value": "38a76cd6572c66a48f91f9dd5297d6d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "7b77e373-212c-4b3d-9599-2a0dc184c71a",
|
||
|
"value": "1472ed40a3f3d548df68cfcc36047f0fa6520f99"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "863288a6-281b-45e1-b416-2e20ca8ab393",
|
||
|
"value": "b956242f4fcb8c4ce895aeb80ba9ac943c5dcaf385d9d80524d1e5f3702b2b26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "e5ed984a-21a2-46c2-9cf2-3c0308ad1bcd",
|
||
|
"value": "4a8bf5392dfe3b37b6f578748553d935965dd531b461bddf7dae358bdfe149c525487da69a0e18bd88e4af2c7dcadf3c6909fbc4bbb0ec4e906c9a05536db143"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "86e75b52-bed7-485a-9715-c1cd755b8675",
|
||
|
"value": "24576:RkioKFvekj7fU2A+XTqHElLZW7RwDyEkZXxU2YFDIH+pPKyFXkvCL:RPdpes78CqH0LZtfoiFDIH+pPKo+CL"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Object describing a Portable Executable",
|
||
|
"meta-category": "file",
|
||
|
"name": "pe",
|
||
|
"template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
||
|
"template_version": "3",
|
||
|
"timestamp": "1545983868",
|
||
|
"uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "Section 0 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "1d433c6a-3ff0-4099-9285-f26dc57988ed",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d77b-2e0c-4ea4-9938-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 1 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "45bbb02f-ab78-4ba1-819d-a3347369d155",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d77b-dfec-4885-87ef-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 2 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "2cac037c-bb77-4353-ad9c-e17a172cd779",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d77b-b03c-4b5b-a525-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 3 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "a84f8547-af96-40af-8821-230616c09f53",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849939",
|
||
|
"uuid": "5c25d77b-3b14-4acf-b26a-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 4 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "c10d11c3-4b8c-47ba-8bcf-59fe5cdd43ad",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25d77b-e148-4da3-ab41-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 5 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "aaa2916d-ce88-42de-b4d6-71244c10d7e7",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25d77b-e308-4fe6-84ba-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 6 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "305a29ce-eade-4735-acc2-1c44304f781a",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25d77c-828c-41e9-88a1-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 7 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "8eaec159-c57a-4010-93a6-580ffa89ba71",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25d77c-a948-415c-91b0-59ba0a00020f"
|
||
|
},
|
||
|
{
|
||
|
"comment": "Section 8 of PE",
|
||
|
"object_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"referenced_uuid": "ef11870a-41f0-4f64-a83e-84fbc2eca7b0",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25d77c-af50-4d84-9f47-59ba0a00020f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "304708f4-7710-4393-985b-111187ec0fc9",
|
||
|
"value": "exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ef5ff857-ff25-4fef-855b-65f4e91f8cc2",
|
||
|
"value": "5375569524"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "compilation-timestamp",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "571aea13-3fc6-4e7c-a5d2-7b33000578ab",
|
||
|
"value": "2011-07-15T16:10:08"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "original-filename",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "8932bee6-f81c-4260-911c-5774b3355451",
|
||
|
"value": "Baidu PC Faster"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "internal-filename",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "dfa08dd8-050c-40a8-ae87-154faf3e03c2",
|
||
|
"value": "Baidu PC Faster"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-description",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "17078bf4-6b57-480c-abe3-56cf5e659362",
|
||
|
"value": "Baidu WiFi Hotspot Setup"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "file-version",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "fc750f71-90aa-4ea6-b53b-3f786b1bf5e2",
|
||
|
"value": "1.5.4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "lang-id",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "2288ef36-2be7-432d-ba8b-1866731d9f37",
|
||
|
"value": "000004E4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "product-version",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "99e0f0b8-0f33-434a-940e-3134ccba4b43",
|
||
|
"value": "1.5.4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "company-name",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "90a944d1-c17e-41fc-8409-76ff7b8b894c",
|
||
|
"value": "Baidu, Inc."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "legal-copyright",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a81a7d53-ffbe-4247-aa0c-c76576b639fa",
|
||
|
"value": "Copyright (C) 2015 Baidu, Inc. All rights reserved."
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "number-sections",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "counter",
|
||
|
"uuid": "d9780108-1255-4ba7-b30d-af9723038e0a",
|
||
|
"value": "9"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "15",
|
||
|
"timestamp": "1545983868",
|
||
|
"uuid": "c188cacc-e4d8-4726-83e9-45037f456abd",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "PE indicators",
|
||
|
"object_uuid": "c188cacc-e4d8-4726-83e9-45037f456abd",
|
||
|
"referenced_uuid": "a2270d1a-5324-48c5-a2f2-0d9656e54127",
|
||
|
"relationship_type": "included-in",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25d77c-e5e4-4b86-a1b9-59ba0a00020f"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "2277360c-22de-431e-94eb-7e33ac1ab361",
|
||
|
"value": "gfxprc_X64_pro.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "d57bc182-21cb-43b5-8f03-ac70c73d6143",
|
||
|
"value": "1800560"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "entropy",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "float",
|
||
|
"uuid": "68f985e1-e33f-4d51-90a4-3bdadb5b50fa",
|
||
|
"value": "7.9846060599154"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "f8c2da98-c27a-4bec-8892-464c3d0e937b",
|
||
|
"value": "5711ac3dd15b019f558ec29e68d13ca9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "c7be84ea-09de-4321-ad69-77f38e118ba4",
|
||
|
"value": "b18b92a25078aa5f23a9987fd9038440b58b9566"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "a7a62a82-1e4c-4976-93b7-034612349cba",
|
||
|
"value": "c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha512",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "sha512",
|
||
|
"uuid": "b4180835-5543-40aa-8fd0-924337e73e10",
|
||
|
"value": "b87ccfe6d3209d4d52046529ecb4e8f96762db0bf8dd57954103da71499c7abd77289e22e8163dccfe13cc2f0edeacab30661ad5de4434508a930e2809cf72db"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "mimetype",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": false,
|
||
|
"type": "mime-type",
|
||
|
"uuid": "c40afea9-359d-4ca0-b0de-944cfdeb7b4a",
|
||
|
"value": "PE32+ executable (console) x86-64, for MS Windows"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ssdeep",
|
||
|
"timestamp": "1545983867",
|
||
|
"to_ids": true,
|
||
|
"type": "ssdeep",
|
||
|
"uuid": "7b19e3a9-cf45-4fe1-99b9-10aefee850fd",
|
||
|
"value": "49152:t5ZrCJlfgRPdpes78CqH0LZtfoiFDIH+pPKo+CL:t5VKep9mUVtQiFDIeoo+CL"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "15",
|
||
|
"timestamp": "1545984600",
|
||
|
"uuid": "5c25d9a9-8268-48c3-a22a-4a5a950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5c25d9a9-8268-48c3-a22a-4a5a950d210f",
|
||
|
"referenced_uuid": "6e07ffc3-1402-4bf4-a5b3-c12be1a92752",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25da5b-425c-4546-ad87-404502de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAONAnE18KPw4ycYEADjCCQAgABwAZDBjMzg1MmUzNzY0MjMyNDdhZTQ1YzI0NTkyODgwYjZVVAkAA6nZJVyp2SVcdXgLAAEEIQAAAAQhAAAAW6Mw3ymRd7hyxSxb+7ECnRvN4wEwa1xDJ2s7KBdmm5EH7V7h5EDATs1aPA1VtYrmolYajSI/Oj6w5QQyEPEpUiVxv9kmZkhx24VT4OI2IOBe8UfcDAllmQXARK1gmt/HVSQxfP1rcrpXdH2Jr/YmdFam/jdIVWrX8FIRJefIm3XeltPRUaJ0sLEfoZx2ZBLDuIGC2V5GSvv2CaOg3rs7J7fjdzlXyWHGUnKNGUaK1cUU9aJZDUEw4t2GimSQw0BROT+h+WMSuv8VAJA3fgufILkPvSN+PwWgaWAsqK37cY6OhHde+flPXHf1rTGzDIDFVplMsD0RXz7Pds8HBlnIQR0KpXTpnaZjP9rgGUl0jKFuaOTHP3mZsSAKVI4YS9oRjaf/Nl6jnY0sZgsYtldT2ojks/nzmgliD+oyX2flUpK17i3qsV973sncjbFSpkYuaqKmiXEEqnOteJ3m9Xvu5hlPz2j9EeU/LS9empg/eJoxOCkJZHNFza3R1wlxcz5z8o1u4m0WvcIIG1EeqmL16y5bLbpdDGgq6V3eGweIvz6L0tiheYG2IdGhV7WKQ5tuieK4mipeEThkypylwUBcX440wLOF50Xygzc71N1y+K2BnWgAw+1KCHM8GGHzIOssOkN6MOeQ89bAUNdeZZMyW4m8pmrlq37PcXqOEl6i+MGTf+e9+bOH5W6AXjDVW/n/fSkXu7/iCIro6VKnRsHFJm7N1Z3TwAkVpFdTIEx6/cp5r9GoQxJ9eCJKJu80h0uD1aBrn4RMTmX+niwmfmenhYHRyF2WdnZaFnDSqOMQ3xx0vv6D7+J0xIi52MTBdOppdlp5kDnCIRLlSe8nfz05k+atfDXMN1lEZN28q80j8PJTqdKQ1UtMyBxv/VfwrbMoKOshcuAlBrJuagrl9z6ZOQN3I12jXO1jLmxkWivu0Duw1Vpr7jnOKF8lpEsdjPVCCH7E9NxeFgBqhBNAPsFvruum8OJbrrKZmN7iAn7grYN70zWoJIwCuCXYndP+fwMz21W/y/Nr8dOoALTEtWHqIwElQtneZJnbfgeFmn9ksHMAebuW9EmRU0BxiIpNOBcUVfcRYDup5Q1dMkPXQoZEhTcYQ63OLT6ZLaXSl116UoX4YO8iSzQ6a+YnZSQCLKQIMXiW//Xu4ZB6us0TMNTOBTEMeDnFueLc4NALAKYyWasQZ2Coma3z/yB9r27tPqX2Bnemxyl2hWn7HGVCTrop8KA4CKK0I7Dy8s5YyCGvzKJlEzFfeFb02hK1YLlRhGoNAWPHHAZ8hntFyfmrzICXAZ30bgwEu1dPKylTgJtEhrVwsYyBMBLXSb5ZqnPOBR57n7E5kUHMcvrwVMW75EISoYFAIsxTRuZ6dxptEba7wX5oUn+zlhD3vujIdrnkCPnOFItUkNBiU35FixniUQwrloI2MCriNqdI3QfopBZPVU7wQkLCZwpsZ1V+iX+TYG5D7BtrEASQvrHrc1gJgyGNnauZUEHbzJ/QyXrfh1uHeb+4DrVEhw/kOU2ZiV8eEc2y0Q1FXCCaJA/afz9Wyyh6erFm8YkUE30tEwzdBh9MLreirKiL0ciClaJH8NTl4m8TNEEj68twvhPimCNB8IjGlCwsLfuVNXXgbFPFp9P8bFdflAxme5uZDA7G1Jnx936n62EehnvzeMfjekRnWtyH/cj6PFA+2/Cuk0FueWbebWZh+zx29UOnVgw6keBwmE75Ozrlw1XbHMtZOhGrihWbsXZFd1CZbFWxwX/hROdp1KIwAASFKYTBkiZtDEBoRaTarTBAxwppRBHtAqmY6cDqsG4+Avq0o79B8w8gtNmuHtpxOWIYLJal28CA7eKiqldK30BK7s7Qt2PBPtgCXlSFWEDqnHaQw17EsVWN/85M4qzw4euExZOmlNBlshP06wPwfNXgigqK/4qOCulcISlnTRRvTJ4WTc21aHN29+ESvzd2/5XIj2SpktIL4DiIbJvv/rweAhH/3Ygf025Yrjx+wP1I4bOO+xNNZMXF+jW13UnvisD7ZWe+FpcyQD9cQRkk4x5JJzw8GEqupcSs04UEKm1R92FYzFZD6+92KR5LGVkMQwotw3BsY4R7RtWIbQLazGMmPSlOzlCfWuZ2FtiSvxWms0efWdgxHBou5sn4LD8eJE9nu4fSe35v/y8zWQCrS33Sq/bXbu7ULCNeqCmTVJKFr0cwWnAsi76AbCmG8OgZH9rm9FJUze02ltP9MMtwR+cYknAlQtF5UaxVqYZZFg3pyMu0pRwOUKYDQwjGDEsBCg9ppj9QNByN7o32FbcivQ4BM57pLWcQCTn20Rde91TjFHUcsOygXODs3wI7KGHBXtbSHWd87JkxNvNNn2THuZo8E1+M773Ysek2ubmf5ySHT46iYCvtwAIC7PQcQnf0sFa3t/pX52lROaj4pC7o67k+VSxEu+6IJJf43yY7lwIGVxTJAE4Zs5NqUIC8oQgIPkQlIRCOu4UTU+hVeqBh3oCBejDpx9ZqDb3y0hQfKuF9Wl0AfJ8VkDu6hZcoaw0S78cewOCPMdoZ5xO+aekQ5LqocbOgRgfy7KZ2OUMYb00pP+K4WooOwbZLaAR2ogAZOvuYBw3w9nxiV16xS7fU2CFq1U4mirzhO5piC2bUKzVxmc19rQ0Fej8Br59I7uMluliC+xFN32XZinAbNBzCNGfhBLrq+Fo/lVfFuL1qFrOfZMLrFjBKr1Uu42QwMuep/7Yt9aPQsgqM7k00SzrMqS2iJFRHX8HQ7N6H4ozYteR9/ebEqGfJsA3rAGohbzncsx2cMaDBtYCu4XFhVogD3jTADleBi7vbVxYxyEQgSC2Kpgk/cI6sJUC+yCcMkjXF6mPQEFhMYBdZYNLX0oRuJJQ8vMUxkp8akpRnfdTAp9O79i8hEsNHFWTVW2tQAul+rInN+4LGMnEYyyYmGNPSZ9uStFxi4J2DHwSyOHrt5NZB0qHV0NyoviG4jWV+Nh2wbGdxs6+nEjG5TCzib1hS76Q7ggJmZSLuTXlGvvwXGa7Q79/Df+DnYXhluFe2OzwmduhST4D4bU2eb2XqAf40lKs3n5XtRgUSDY9rDof8wKA1CFrn/vV1omXzopm6CU1rKaSnKRYJUd4ZuEnZDDUit7sznwEu5Hc/s/8IT3xhw3+Ttqxh1WECbWxEG3BYJJhnZVpSnOSA5+ruv4CVm0mjLqIctoGrd3iroT+I5VPt831BKet7TfWsvik0NXZNk81a+eNFs9XNBUHWYRGkilK/kPd0QC5Chapc8aM5tRoNhn9Wr3PBYRF1WZtae3qkIA8yh6P1XVczuZvttukKJq5e5qvu8RXTxSrL9pl+iNq2t0Dq1fCvt5Eg4o9eQFcr/E09pVlxmPMTJYVCT/3ANxQw5eDrweNT1kaz1JnrhZrINrj2pTINu9c+0LSazVBlYnDP+3rCmsWuYxTr2ACd12ov1h5IiHMfNNbp5utK5QyBU35eTucVHSY16bZMLrXqS0OsYClRl1oJiX8jMWO9yF1JdTMM8hLS/r0dR8oGOJ/V1xAOg3gNzTlb5lYJUdlviGCw9nxHsEPYq8WFkdz0LNgioDHXvY/KtqfQWEhdXVco7Wlbi7RTwJwJF8GwTXP27kUi+XrKlf8La2ez2SSq+UmuQGQjvY64VRisE2Id5acoBjNyfyNSILQOhR25p8YFudxTFv7/itVuzH5hOna74IeR/TIoyHThHiegwCCQhRuJzC+FYntNCFaU0qCfJjfQ4O4M4ZWt4U5hoT2mmvGmKgM80qEjcVMS2UekdF3hWhJKyIIV7vFhRllA1aocw4NzkS7WLXCm82nWxWkCkn5EfAUgzwqw0msed5aTkvlH+iZFc5FE72gzKdKnfjf+mWQJPPGoTAxayVXtndZxvo7tybRgUGGmmXkJgMmPTAEr8SeXZL/OkidXaJJ9SQ5fVQngCiaEqNw/m+
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1545984425",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5c25d9a9-bac4-4a43-a806-4d94950d210f",
|
||
|
"value": "gfxprc_X64.exe|d0c3852e376423247ae45c24592880b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1545984426",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5c25d9aa-f850-4fb2-857c-43e5950d210f",
|
||
|
"value": "gfxprc_X64.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545984426",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c25d9aa-4488-4ab1-ac69-4aee950d210f",
|
||
|
"value": "d0c3852e376423247ae45c24592880b6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545984427",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5c25d9ab-b6f0-474d-86da-43cc950d210f",
|
||
|
"value": "7335b8bdc62f35e2579ba18b91dc6227c586ef75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545984427",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5c25d9ab-561c-4b12-bc8d-4df5950d210f",
|
||
|
"value": "f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545984428",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5c25d9ac-b6f8-489d-8e5c-47d6950d210f",
|
||
|
"value": "639544"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "15",
|
||
|
"timestamp": "1545984601",
|
||
|
"uuid": "5c25d9ad-5d0c-4e7d-b44a-4364950d210f",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "5c25d9ad-5d0c-4e7d-b44a-4364950d210f",
|
||
|
"referenced_uuid": "56a5559a-9b13-4b0a-a4df-82aef6ecd4f1",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1621849940",
|
||
|
"uuid": "5c25da5b-48b0-4270-aa65-46b902de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQACQAIAOVAnE2ZL4rYbjobAHB5GwAgABwANTcxMWFjM2RkMTViMDE5ZjU1OGVjMjllNjhkMTNjYTlVVAkAA63ZJVyt2SVcdXgLAAEEIQAAAAQhAAAAVx1+Wu9d1+BE1F/eWPMHqF9I9C4iF/ArBgG74ozPcQvQC5qzIo0drVt9K7FTT1b6lw8l9I0v2TFutMXdp6CjYKJLMv2bqeQfaI7UuLoR8+kNqglLHeSSHBxFDqoGa6yE92osvsWVwr1PD+uiGS8OTdaK12uVMpJE7B3WMyXDti8OIR1nZh1yF0lCUjE3IDswfzCOuX/T5NO4p5QnZp34a509lZ2OrVUgfbOokhbbhQd6twr08s5K4SwYjIa1gl+8pF5H6b4GIl/chr05qb9HBszjFsbjq448yW4ukpuezY+iBbeS3jIpbg9nxfXkXUi4f7WhfPwYut3TyJsNV4bU62VQIZv41jT63W1NgAhCoPGfRetv4MOnNInFqoZAu/UnLiRLBNje/L40mofc2Jl4S0iKJUBK4ZZzIlsT7HngLpUPI0DcVUsCDwfLWzYyCD59CKJcqYv1F/KVmX9YdVWqme3WtpYG5wjf0srVFGq+lshXhthVwOTWfTTRBkDVxtSxlcZyrazvwJf4RgLaEqpYVyZmNECZFs4YmcOkKZ7LcOg5g2CjyuLv/9qvA21ANX0am88yTrEc41IGuqVZTr6yLhSf3eRpKfLSwPRLiyX2N6oz7XCmDqobVno6JWJlnlai3MJCPgT7MiL5PR7BiMLENtg7vRtLN509/AozglG10BcL4jmJn33ByVr2v3iBtOK2SzORV3J3njmDPbfpLKsLqHGC17Uo6nv0Dt+DwGJtrEfyEnA/LGPHwpVNpz5dEq5TkIEld+zlwy9PhyUTFjbn4EaRpOCjZEVka034IUkdRtcqXrKs41PslU6RG1f/wZB1PH+Bkm12UdSJV8mhxE/BitE6/gOrLhy9Y57DAjZNVeFF8SUPg+dYT4NhdrrTGMDSv73zE2ewU8DwsK4/5O36GzJAlSBSQPNmLTd2Ex0qxmbfc9QgG7d8hUIbgbiJBsovissEZA93gfkNJBJDDpxCrgqZUq4S3KHAcVHq2JMkVFuJ7dxJUblFi4eQbwVTCMQjVYCOtQLQxyOmwTXYotE4RY/+OBXO3TKGsmjXW07a1bWgcPfGemyyRXuTS5JAIEExRoMPvTKe82/GSKqRhAIp/8W48Hdks4XLr1Ls9VR9k8ByBGiCZ9DojVN4Hgh/7n4M6yjzuD5ZVTeseDRhwAwVlZK5pMmmT6togyqn+Gyf8XeRcrZjJelAPm3RVoFqpRMI1nz0IkbjrtbyxURX8Cjx4NprNy1c06szsxNiUD8e5HD9qzrrnVh7jZ477F5yrY9vJidKdKF/4XEq1nludZ7VxPzR5CdZWI8kSHe39azqpUbPLEo1JIIU/JeGwY9fjUv/auRBofwNwF5Lvwe+z/FethWNfzEfUaQS9IVbmpEd/UxGq5xFdHWn/8ErdT1XittTPkuYsCYTOKAjcLucx8zjFcjWbWxKeCYfGMwt2daePH79b0xcGgUI4ViUOwPEpKY55zv5N1Me0muymYmoNvvrHI93GrjEOhFkjyNqq2dBcXqB4PEmSIdrxTijUWs+5bDkTQWFDZ/fjdXxDGCtrqsrRdGFOrMp4k2Y6UOgj/vT4lF0fDnsi5qgwZ4t+nj/QVYG1kkwwZoqBi3SepWtTAfb474iSpZiIi6dq9Z+KYgsX2NE1XLbzN3JZY0fidC1/T2pq4ivqb9w69QUJJcTZ66BLR3SHyzOY0DZfpa7yevM4nE3p7zCtlFth20HzbgB7CxFZDsIkqttmcpb2NjJfbZJ7ggPZB+j6WlnLQd/5lgkNZlF2Z+keKkfLsZM5/c1+K/1g6Q5wN/KvtoCanJyoHsTzvZwRe38jT3UmPL7qkKUOr+HzRUwyhXYmHCpg5VYeJPh3O1BrzmhYAQpicdpGR+FrY31Hd3am83aRgjfPAF/cFVK4Iie7GVeOFj4PK714TWpW0GUdjNqhBHM+wu0THfnfAdYuz9DxHbLwFKOV428eST95ha0A6dwUrcnJ9iyy6ERRJgFWrG8R76Ir56OdtHJAa1qKzYh1qXZ9IDbZ56mGrN1MifZnoVV0zlduga0InZhthqgcUEqobkAfYExqdgqJveMB8isDk8kWO4+BbHS1Ti1M17QKhvstB1gn6QzvcykCw51y8bfSC5fDykMVd6bqFMpuZvx7Vdgs+3C3myi2SFJ2q8Q9RY3NZOZ6ag7bZQAem7/SdhV6O51BGubKXZEy3eM7Ho+nqbmh5j/8R5+3Ms5ghu726ZlMdj1T5m7tjy1wfl2H5UIJ+wVw5EbkXwq0LX8MaoN/mNoGQ6TLUAHIqMQUhCu1YgVLGt4fiqeGTIk//c0xZBfIJN88ZrjNP4d1/ky/7ulinEw3+dOSPKDi6VysZZ3Eq5jsbLdAsaHesMOKdC1tc68XIOEbB27yG6wqKRYpOFcjgcoJpNVT2oZApUtXg714p5i2c1wTvV4vr9slzksE3tGDRTy7G7VF3F/ykWYOAom/ltukEa8O4+EAqRSSypiDz/XheBKOiRVeKdaMvDDUM6R3echQtlT4VhEIwaghUhmwfVMVtHoVchYo79DxhUz7pyjsUn7Zk0R4kXJceKmSxGbb0k2tT4dxVD/W9LeXY/O/W2rnxbuki14xTKVlqhUEhqASa65RRCbfOAPO2FvaP9TR3W6GQyv0/WaHHy1hvEk7TYI97BJ+N6HFCGN9X48SVelzvFVVBCXZ3INMwKXrbVN3Gn0IBT1SAdEDs/mspK1lhFbUQKb8ycM95d5SIpoaR2fUk2T1JJA6nBpGp/bsuIp2+eVnWx6j6OwUksV0p2znWM2n/Zndu7ulsYs+XMPrvJIiTHTU9zi7ggCNJfHqxF4E2aMNzVvekPuiv8simTwKrqmib2WvGuJkVqh5+P9BLwX9XfCwD4YIssqLgjc5LQ8OG0CgE1A4xwssx0w+lliIo9pxEW55MGqPcnS1e+hxXmY/ySZc+K8/4/tlek20aPbd75cmOoulogdEXSmfMcsY/pPHNEt9oOakG2tumX6vxxWqrEdAiFMt303WQuYu4Ux0hgaD6IjIvSqPJtGzoir+eUyHRfVtB6baqnin5TEJdCQCcV3953ll4KD8+cAdUQ9SwJ2wVEx8bpDNs7g7I/VMau7vSNnczQDXKAbx3wK3SszCbydRe+6UjgPm0bVAuqaxQl1/jB22r6hrETiVxFeuGPGD3QuIXTEIE8lFwWdky64Wh2e2oIuddxlJQBRmW+f4A9wD1d4cGlS8yuGh+/QzsNdRuO3V2aIgQQigTpXhMvjF918UfISw+OwI/r1/KXPPynZZcxXsMqlq8LV1/FtwLqKhR5NAhb9sm9HF2K0XiAxu+Wb3aEnI+RJVPGB/hvZ4Og0lOx9wNs0ZM2tWfmH1038ratEiS8F+xegCcntmxuJOS1Knlc7IVfR3YS9tq6RBjCAJ71PgvJorsjkTNhqBMmvXjO6kB02DK89b6fxKkP8UC4YUvnwli4MPkbPjuW4DHZkyBBauKOuR7B5ctbbE+OvR210ugOqchFG1rIp39+TF4xEt24CeRf/dC8RSCxdd7N15Jn7XgnJRXyZbYBi4VGVbuAHpA+RND71WYcxh4aNMWStj4bm2Nd2CfopRf4xRSnevmYmevires4FbATFPoEfc4ccPpXu60Iq62R2RktRHbl/xubkkboRDNgPFD0ov/MZ9Um/RBPMLZ0covsDFPvl6TnkWRsBXqEJ5hQSlFcgQx+6dPhUeWN77HvhJwPW4Aa9VP+8xEkSupwzpe625FpEm7Wf6nJvB6vKTUq2eqUjtox+8ZjuxE2pfs1lao25EUmWsRgTFPWv6Z18CFPMEMMp801pvbx7ys9msE3kV/TXan46LUYmA7mlSoplDfPEKiTMqvyq4Q+/qu8SPXCrvmzBBUlGfMp+r/RiX0l+D8QnF1xj7ipCwB9XyvO1F1NjMyEqt2TKP1Io4085ZTrhtUHMuTk7If8AjeVYmNd8zx
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "malware-sample",
|
||
|
"timestamp": "1545984429",
|
||
|
"to_ids": true,
|
||
|
"type": "malware-sample",
|
||
|
"uuid": "5c25d9ad-6120-4bf7-a18a-487d950d210f",
|
||
|
"value": "gfxprc_X64_pro.exe|5711ac3dd15b019f558ec29e68d13ca9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "filename",
|
||
|
"timestamp": "1545984430",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5c25d9ae-0c64-43b3-a3b0-4544950d210f",
|
||
|
"value": "gfxprc_X64_pro.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1545984430",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c25d9ae-2564-4d52-b512-4d55950d210f",
|
||
|
"value": "5711ac3dd15b019f558ec29e68d13ca9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1545984431",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5c25d9af-6b64-4ba6-b880-4ed1950d210f",
|
||
|
"value": "b18b92a25078aa5f23a9987fd9038440b58b9566"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1545984431",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5c25d9af-9278-48b0-8352-49e0950d210f",
|
||
|
"value": "c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"timestamp": "1545984432",
|
||
|
"to_ids": false,
|
||
|
"type": "size-in-bytes",
|
||
|
"uuid": "5c25d9b0-2c2c-46a6-a72b-4b35950d210f",
|
||
|
"value": "1800560"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545984601",
|
||
|
"uuid": "56a5559a-9b13-4b0a-a4df-82aef6ecd4f1",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1545984601",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "e8dacdf1-e25a-4f71-9655-bf1d31172fda",
|
||
|
"value": "2018-12-27T21:28:09"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1545984601",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "45c36174-6704-4cfb-b63f-8d9e23940331",
|
||
|
"value": "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545946089/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1545984602",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "c1dc306b-c1d5-4566-9952-c29f64f637ce",
|
||
|
"value": "28/69"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "2",
|
||
|
"timestamp": "1545984602",
|
||
|
"uuid": "6e07ffc3-1402-4bf4-a5b3-c12be1a92752",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1545984602",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "ba0949ef-5657-4508-97e4-6e07b6bb8866",
|
||
|
"value": "2018-12-28T02:53:45"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1545984602",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "7ddca53c-ab45-4472-8f8c-f152791a4132",
|
||
|
"value": "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545965625/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1545984603",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ac0b4a18-7885-4dba-91d8-9198d98b5c92",
|
||
|
"value": "37/69"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|